Post-Quantum Cryptography

It may be useful to start this article by defining what I am talking about. No, “Post-Quantum Cryptography” is not about using the next generation of computer processors that may come after quantum computing, whatever that may be, to perform cryptography. It’s not even about “Quantum Cryptography”, which is all…


Bytes from IETF 120 – A Few Routing Topics

There was, as usual, a lot of work in the area of Inter-Domain Routing at IETF 120. There is the long-standing Inter-Domain Routing (IDR) working group, looking at the specification o0f the BGP protocol and its refinements for particular deployment scenarios such as 5G networks, or certain service quality assurance,…


Calling Time on DNSSEC?

There have been quite a few Internet technologies which have not been enthusiastically adopted from the outset. In many cases the technology has been quietly discarded in favour of the next innovation, but in some cases the technology just refuses to go away and sits in a protracted state of…


KeyTrap!

The National Research Center for Applied Cybersecurity ATHENE has uncovered a critical flaw in the design of DNSSEC, the Security Extensions of DNS (Domain Name System). DNS is one of the fundamental building blocks of the Internet. The design flaw has devastating consequences for essentially all DNSSEC-validating DNS implementations and…


Models of Trust for the RPKI

This is a report on a feasibility study looking at an alternative trust anchor structure for the Resource Public Key Infrastructure (RPKI). Background In the early days of the Internet in the 1980’s when the Internet address plan used the Class A, B and C address structure, it appears that…


Notes from NANOG 89: Trust and Network Infrastructure

Trust is such a difficult concept in any context, and certainly computer networks are no exception. How can you be assured that your network infrastructure us running on authentic platforms, both hardware and software, and its operation has not been compromised in any way? The combination of complex supply chains…


IEPG at IETF 117

This is part of a personal commentary on the meetings at the July 2023 meeting of the Internet Engineering Task Force (IETF 117). If you want to know what was presented and the comments at the mic see the IETF 117 meeting archive. The IEPG meets for a couple of…


RIPE 86 Bites – Encryption and Active Network Management

RIPE held a community meeting in May in Rotterdam. There were a number of presentations that sparked my interest, but rather than write my impressions in a single lengthy note, I thought I would just take a couple of topics and use a shorter, and hopefully more readable bite-sized format.…


Hiding Behind Masques

It has been almost a decade since Edward Snowden exposed a program of mass surveillance by the US NSA, using the Internet for large scale data harvesting. The Internet had been profligate in the way in which various protocol scattered user data around with a somewhat cavalier disregard for privacy.…


To DNSSEC or Not?

The early days of the Internet were marked by a constant churn of technology. For example, routing protocols came and went in rapid succession, transmission technologies were in a state of constant flux, the devices we used to interact with the emerging digital environment were changing, and the applications we…