Most of the time, mostly everywhere, most of the Internet appears to work just fine. Indeed, it seems to work just fine enough to the point that that when it goes wrong in a significant way then it seems to be fodder for headlines in the industry press.
In this article we compare RIPE Atlas deployment against user population estimates provided by APNIC to see which eyeball networks are missing out on RIPE Atlas probes.
At RIPE 70, Tim Bruijnzeels presented some statistics on the type of authentication people use to update the RIPE Database. There was one data point that particularly stood out for me: 76% of all updates via email are done using an MD5 password. I was stunned, because this way you are required to send your password in clear text over the Internet...
We’d like to enable gzip compression on all of RIPE Atlas' measurement API calls — but thanks to the BREACH vulnerability, doing so could mean that some enterprising individual with an obscene amount of time on their hands might be able read the contents of the responses. This means measurement results as well as metadata for measurements — including the small number of measurements not marked as “public”. We believe the drawbacks are negligible, but we’re looking for community support.
After a discussion with the community about HTTP measurements, we'll start implementing this as a publicly available measurement type.
For EuroDIG 2015, held in Sofia, Bulgaria on 3 and 4 June 2015, the RIPE NCC was pleased to be able to support the participation of Corinne Cath, who presented her work on human rights in the development of technical protocols at the recent RIPE 70 Cooperation Working Group session. Below is her impression of the conference.
In this post (originally published on the APNIC blog), Cengiz Alaettinoglou gives a brief overview and comparison of the IRR and SIDR security models and shares his thoughts about the chances for these models to succeed.
Some time ago, many people noticed rapid IPv6 deployment growth in Estonia (from 0% to 5% in 4 weeks). Tarko Tikan, from 3249/Elion/Estonian Telecom, explains the reason behind this.
Tony Smith from the APNIC gives an update on the DNS Root Zone Key-Signing and explains how the key-signing-key roll over will be done for the first time.
The Domain Name Service Look-aside Validation Service (DLV) was an idea which was useful in the transition from a non-signed DNSSEC root to the current globally visible DNSSEC trust anchor. Now a significant number of people in the wider Internet may be running (particularly) Linux distributions that out-of-the-box expect the DLV service to be running, and provide valid answers.