Lmst

@battlemesh @vortex @cypherhippie and another, non-tangible thing that's kept artifically scarce, but which is still important to community networks imo: Access to standardization, like at the #IEEE. The #IETF for the internet is awesome and exemplary in their organization and openess. But to propose and vote for changes to the #WLAN or #WiFi standards you need to be a member of the IEEE or WiFi alliance. So you basically have to buy your voting power their for a lot of money.

The IETF working group that I co-chair, PQUIP, had its first RFC published today. RFC 9794, "Terminology for Post-Quantum Traditional Hybrid Schemes", lists and describes terms used in post-quantum cryptography that are specific to the hybrid schemes that have become the focus for much of the PQC development work.

In short hybrid schemes are those that fully mix both post-quantum and traditional asymmetric algorithms. There are a lot of ways to mix them (some better than others), and thus there are a lot of properties that different mixtures have. The result is a lot of potentially confusing vocabulary full of similar-looking four-word chains. This document lays out all the differences so that other groups (other IETF working groups, other standards development organizations, governments making standards, ...) can be precise about what schemes they are adopting and why.

Congrats to the WG and the RFC authors!

https://datatracker.ietf.org/doc/rfc9794/

#ietf #rfc #pqc
(not using hashtag-hybrid because this ain't about cars, and certainly not using hashtag-crypto because bleaugh)

At a security conference, someone referenced an obsolete RFC... what fun it was to show them an official "IETF Protocol Police" badge. (OK, it's the AD's... but still... fun to whip out).

#ietf #standards #security #police

Photo of a badge that looks like an official US police badge labled as "IETF Protocol Police"

L'#IETF vient de créer un groupe de travail nommé PROCON mais qui n'est pas destiné à soutenir les crétins. https://datatracker.ietf.org/group/procon/

Sandoche Balakrichenan explique les concepts d'identité sur l'Internet (adresse IP, nom de domaine, etc) et sa normalisation (et le multipartieprenantisme https://www.bortzmeyer.org/multipartieprenantisme.html).

#NetGouv #IETF

heise+ | Gemeinnütziges Web: Nonprofit-Organisationen als Gestalter der digitalen Welt

Wir geben einen Überblick über gemeinnützige Institutionen, die maßgeblich an der Entwicklung und inhaltlichen Gestaltung des Webs beteiligt sind.

https://www.heise.de/hintergrund/Gemeinnuetziges-Web-Nonprofit-Organisationen-als-Gestalter-der-digitalen-Welt-10341287.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#ApacheSoftwareFoundation #FreeSoftwareFoundation #IANA #ICANN #IETF #Internet #IT #LinuxFoundation #Mozilla #WC #Wikimedia #news

#CENTR Now, #RPP,, the [mostly for domain names] provisioning protocol which wants to replace #EPP.

An #IETF working group is designing it. The goal: REST architecture, and stuff that even a Javascript developer know (HTTPS and JSON).

@paulehoffman @jpmens @winfried CLI access to #ietf #rfc: you made my day!

New blog article on "Post-quantum cryptography in #OpenPGP":

https://openpgp.foo/posts/2025-05-pqc/

#PQC #IETF

Abrasive Working Practices:
‘IETF working groups are characterized by frank exchanges and robust conversations. […] #Confrontation is a test, a way to guarantee high-quality contributions.’

Dr. Corinne Cath @C__CS https://criticalinfralab.net/wp-content/uploads/2023/06/LoudMen-CorinneCath-CriticalInfraLab.pdf

#standardization #norms #networkPolitics #standards #excellence #internet #internetGovernance #anthropology #sociology #tech #neutrality #STS #techCulture #engineering #ethics #masculinity #reputation #workPlace #workCulture #workCollectives #collectives #IETF

CBOR Tag for JSON Number Strings

https://justatheory.com/2025/05/cbor-json-number-string/

#golang #cbor #ietf #iana

IETF organized a "PQC Dialogue with
Government Stakeholders" meeting. This post by John Preuß Mattsson is very informative:

https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/5_WPq6mFi68

Abstract:
- EU: Transition for ”Harvest now, decrypt later” should be done by the end of 2030 and in general, the whole transition by the end of 2035. Not legally binding but might become law in the future.
- US, CA, UK, all agree on a timeline targeting around 2035 for mass adoption of quantum-resistant requirements.
- Heated discussion on the topic of "pure" vs "hybrid" schemes. BSI recommend hybrids for everything except for hash-based signatures.
- Very strong agreement that PQC is the priority. BSI says QKD is not mature and even long-term the only possible use case would be defense-in-depth in niche application. UK NCSC and NIST does not endorse QKD. Sweden says that QKD will never be useful.
- Discussion about paywalled standards. EU and US courts have decided that access to standards referenced by law is a human right.

#pqc #quantum #cryptography #nist #bsi #eu #ietf #nsa

Question #francophonie du jour pour ceux qui suivent (de près ou de loin) les travaux de l’#IETF. Quand il s’agit de se référer à un document de type #RFC, vous dites :

Cc. @ietf @bortzmeyer

"QUIC, or the battle that never was: A case of infrastructuring control over Internet traffic"

Standardization of an Internet protocol by the #IETF, seen from social sciences.

#QUIC

https://journals.sagepub.com/doi/10.1177/14614448251336438

Les protocoles Internet plutôt applicatifs transportent souvent du texte qui sera montré aux utilisateurices (HTTP est l'exemple typique).
Les protocoles Internet plutôt d'infrastructure (BGP, DNS, NTP) ne transportent typiquement jamais de texte destiné aux utilisateurices. (Je vous laisse chercher une ou deux exceptions.)
Faut-il changer cela ? (Grosse discussion à l'#IETF.)

#IETF
In Internet-Draft draft-ietf-dnsop-structured-dns-error-15, I am mentioned twice in the acknowledgments.
This is because I noticed two missing commas and reported them.

@jens I think it's really sad for an organization like #IETF to still cling to in-person meetings.

I'd be more understanding it they were like EuroNCAP or OSHA, NTSB or other orgs that have to deal with physical safety and may include testing as part of their meetings with certified professionals assessing everything to quickly allow decisions.

I mean none of the folks at IETF's meetings are "#TechIlliterates" and it's not as if group videocalling and screensharing is something absurdly expensive nor that these meetings require actual privacy as per sensitivity of their nature.

Aslo with the current regime in place the USA is a "can't enter" for more people than ever before, as neither ESTA nor a Visa guarantees one is being let in.