Let's Encrypt, EDNS ECS, GSAN, OB, BT, 5G, SPAM

  • Let's Encrypt Root is now trusted by all major root programs. Which is totally awesome! This will also make TLS (SSL) negotiation faster, because the certificate chain is shorter and there's need for less certificates to be downloaded, verified and processed in general. Sure, that's marginal per connection. But it all sums up.
  • Lot's of discussions with colleagues, what is important and why. Saying that something is important, without being able to tell exactly why, is kind of weak approach. In that kind of world, suddenly everything easily becomes a top priority. Because there's no way to know what is said to be "important" and what's actually important.
  • EDNS Client Subnet (ECS). Helping DNS servers to provide as IP addresses for service which are located near the client. It also helps in providing load balancing. Currently the extension is used by OpenDNS and Goole Public DNS. See: RFC 7871. After checking, it seems that Cloudflare DNS doesn't support it currently. After quick check, sites like google.com return totally different service locations based on DNS server being used for sites, with multiple addresses, like goole.com. Of course this doesn't affect sites which further utilize multihoming and anycast IP addresses. Meaning that the site probably got exactly same IP address, regardless users location.
  • Switch Global Satellite Access Network (GSAN). Yet another world wide satellite Internet connectivity provider. Yet global is in quotes, because it doesn't actually provide pole service. Current satellite configuration only consists geostationary satellites. Extraterrestial security statement made me smile. Note: Also the Starlink doesn't cover poles.
  • OpenBazaar launched their own web store which allows search & hosting of other web stores. Awesome.
  • Breaking the Bluetooth Pairing. Horrible security implications. Unfortunately it wasn't unexpected that protocols like Bluetooth are more or less broken and it's only question of time when the really bad stuff pops up.
  • Fixed Coordinate Invalid Curve Attack / CVE-2018-5383. This is great work. And it's not unexpected that many protocols are more or less broken. Yet based on the post, it's easy to conclude that Bluetooth is totally broken. I hope no security feature is based on Bluetooth security alone. So classic: "Do not perform public key validation". It's basically same as checking that signature is present, but not cryptographically validating it. Which is a classic XKCD joke.
  • Finland launched 5G bandwidth auction for 3,5 GHz (3410 - 3800 MHz) range. Progress is happening. It's funny that some operators have been selling 5G ready stuff for quite a while. Even if there's no way to use 5G anywhere in Finland at this point.
  • Finnish Government / Public Sector systems were under serious network attack, which completely took the systems down for several hours. Including national authentication system and so on. Affecting services of: Police, tax authorities, social security, health information, etc systems. Well, DDoS is nothing compared to some APT threats which could take systems down for extended periods by causing extensive corruption and destroying key systems. Triggering restore from backup, which still could be affected if backups are on "too high level" and so on. It would be actual nightmare.
  • Google spam filtration - Very nice post. It goes directly to the point and I can almost fully agree. Spam blocking and email deliverability is a problem, which I've reported so many times. Another problem is that many people confuse spam with stuff they've actually subscribed. Well, if they've subscribed it, it's not spam by definition. I think delivering messages to spam folder is better, because it still allows users to pick messages from spam folder. If the emails are rejected or blackholed straightaway like Outlook often does, it's even worse. There's no way for the user to receive the messages, without filling all kinds of non-deliverability reports, which believe me, I've filled way too many times.
  • Suomispam is BL / DBL site for blocking domains / IP-addresses which send spam in Finnish language.

2020-01-05