Just a guy in Vermont trying to connect all the dots...
Dan York
Author's posts
Feb 27
Main IETF Website Returns To Being DNSSEC Signed Via CloudFlare
Good news this week for DNSSEC and content-distribution-networks (CDNs)! Last year the Internet Engineering Task Force (IETF) decided to move the main IETF web site over to a CDN to speed up access to IETF web pages for people trying to reach them all over the world. While this sped up access to the IETF’s content, it unfortunately meant that the main IETF website had to lose its DNSSEC signature because the CDN vendor, CloudFlare, did not yet support DNSSEC. (I’d note that this was only the main IETF web site – other IETF web sites such as the datatracker and tools sites continued to be DNSSEC-signed.)
Those of us advocating for DNSSEC were naturally disappointed by this move last year, but we understood the need and also understood that CloudFlare was committed to bringing DNSSEC to their customers – and indeed we’ve been writing about CloudFlare’s journey towards DNSSEC.
So this week we were very pleased to see this announcement by IETF Chair Jari Arkko:
Some time ago we moved the static parts of the IETF web page to a CDN service. While this provided a significant improvements for page load times and retained our ability to serve the pages over IPv6, we were unable to provide DNSSEC for the web pages that were being served by the CDN.
Our CDN vendor, Cloudfare, however, has worked in the background to enable DNSSEC for their customers. They have now come back with a system that we have enabled for the IETF web pages. (Thank you Cloudfare, this was important!)
We plan to keep the new arrangement on at http://dnssec.ietf.org for a while before finally moving to this arrangement on http://www.ietf.org. Testing the new arrangement on dnssec.ietf.org would be appreciated!
Jari Arkko, IETF Chair
As noted, the main IETF website is NOT yet DNSSEC-signed at the regular “www.ietf.org” but is instead available with a DNSSEC signature at http://dnssec.ietf.org while everything is tested out.
Regardless, this is great news for DNSSEC, for the IETF … and also as a demonstration that CloudFlare’s implementation is obviously getting that much closer to being available!
Please do check out http://dnssec.ietf.org and give it any kind of DNSSEC-related tests that you can!
And if you haven’t gotten started with DNSSEC yet, please visit our Start Here page to find out how you can begin!
Feb 25
Verizon Wireless At 56% IPv6 In Latest World IPv6 Launch Measurements
Some amazing percentages of IPv6 deployment in the February 2015 World IPv6 Launch measurements. As I wrote about on the Deploy360 blog, Verizon Wireless now is showing 56% IPv6 deployment and T-Mobile USA just crossed over 50% IPv6.
If you read the notes on the bottom of the measurements page you can see that Google, Facebook, Akamai, LinkedIn and Yahoo! are all measuring the amount of the amount of IPv6 they are seeing to their sites and reporting that back to the World IPv6 Launch project.
The key point for application developers is that all those people on those networks will be able to natively connect over IPv6 – if your application works over IPv6.
And a reason for caring may be… speed!
If a network is deployed with IPv6 in the main network, as I understand T-Mobile USA has now done, then connections from IPv6 clients can do directly to IPv6 servers. But connections to legacy IPv4 services will need to go through a gateway. Gateways typically introduce some degree of latency / delay, even at a microscopic level.
If your application works with IPv6 then you won’t need to worry about any v6/v4 gateways with any potential delays.
The reality that these measurements show is that IPv6 is very real today – will your app work over IPv6?
P.S. the goal of this book is to help! 
Feb 25
Verizon Wireless At 56% IPv6 In Latest World IPv6 Launch Measurements
Some amazing percentages of IPv6 deployment in the February 2015 World IPv6 Launch measurements. As I wrote about on the Deploy360 blog, Verizon Wireless now is showing 56% IPv6 deployment and T-Mobile USA just crossed over 50% IPv6.
If you read the notes on the bottom of the measurements page you can see that Google, Facebook, Akamai, LinkedIn and Yahoo! are all measuring the amount of the amount of IPv6 they are seeing to their sites and reporting that back to the World IPv6 Launch project.
The key point for application developers is that all those people on those networks will be able to natively connect over IPv6 – if your application works over IPv6.
And a reason for caring may be… speed!
If a network is deployed with IPv6 in the main network, as I understand T-Mobile USA has now done, then connections from IPv6 clients can do directly to IPv6 servers. But connections to legacy IPv4 services will need to go through a gateway. Gateways typically introduce some degree of latency / delay, even at a microscopic level.
If your application works with IPv6 then you won’t need to worry about any v6/v4 gateways with any potential delays.
The reality that these measurements show is that IPv6 is very real today – will your app work over IPv6?
P.S. the goal of this book is to help! 🙂
Feb 25
Google Finally Kills Off GoogleTalk and XMPP (Jabber) Integration
GoogleTalk is dead, Jim!
By way of a comment to a post I wrote back in May 2013 about Google seeming to kill off XMPP/Jabber support in Google+ Hangouts (spoiler: They did!), I learned from a friend that the GoogleTalk API was officially deprecated as of February 23, 2015. I confirmed this by finding a Google+ post from Google's Mayur Kamat.
Now, this is not a surprise. Google has been clear that Hangouts was the replacement and also that Hangouts does not support XMPP:
Still, I'm sad to see the XMPP integration die off. It is just a continuation of the descent of messaging services into walled gardens ... a topic I've been writing about for many years.
UPDATE: Please see the post "No, it’s not the end of XMPP for Google Talk" on the XMPP Standards Foundation site. The XSF notes that XMPP is still used inside of Google and that XMPP federation can still occur with a third-part XMPP client. However, because Google does not support the secure use of XMPP via TLS, many public XMPP servers will not connect to its server. I join the XSF in wishing that Google would embrace secure messaging and better federation. However, given that their product direction is for Hangouts, which does NOT support XMPP, I'm skeptical that we'll ever see any better federation at this point.
On that note, it was really no surprise to see the media reports about Microsoft killing off Google and Facebook chat support in its Outlook.com service. Microsoft made this Google integration available back in May 2013, but today Microsoft really has no choice:
- Google has killed off XMPP integration with Hangouts.
- Facebook has killed off XMPP integration with their new v2.0 API.
And so Microsoft can only offer Outlook.com its own proprietary walled garden... Skype!
Goodbye GoogleTalk and... sadly... goodbye XMPP integration!
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- following me on Ello;
- subscribing to my email newsletter; or
- subscribing to the RSS feed
Feb 24
Today: Interop Radio – The Real Scoop on IPv6
Today seems to be the day for people to do webinars/podcasts on the topics we care about… in about 35 minutes at 3:00pm US Eastern, an episode of “Interop Radio” will focus on IPv6!
Hosted on BlogTalkRadio, this is the kind of show that anyone can call in to using the phone number listed on the episode page. From that page, the abstract is:
Everyone knows we’ve run out of network addresses. That’s old news. So why don’t we hear about the solutions any more? Is it a thoroughly solved problem or have we all just decided to ignore it until the problem goes away (or the Internet falls over and dies)?
In this episode of Interop Radio we’ll give you the answers and help you understand what those answers mean for your network. To do that we have an expert on board to talk about the technologies and practices that will make a difference for you and your organization.
Brandon Ross, Chief Network Architect and CEO at Network Utility Force, is a network architect and entrepreneur with years of experience building, operating and managing large scale service provider networks. He’s interested in helping telecommunications companies with the best network engineering team and network in the industry via scalable and stable architectures.
The episode records live in about 35 minutes – and then presumably will be available for later listening if you aren’t able to hear it live.
It’s great to see this kind of discussion happening out there – and with very real IPv6 deployment happening around the world, the time is NOW for you to be understanding how your networks and content can be available over IPv6!
We look forward to hearing this show and for seeing even more IPv6 deployment happen! If you want to get started with IPv6, please visit our Start Here page to find resources tailored to your role or type of organization!
Feb 24
T-Mobile USA Crosses 50% IPv6 Deployment, Verizon Wireless 65%, AT&T 38%
Great news for IPv6 deployment! Our colleague Mat Ford just wrote about the February 2015 World IPv6 Launch measurements and noted that T-Mobile USA crossed over the 50% IPv6 deployment mark!
They join fellow North American wireless carrier Verizon Wireless who has been in the “over 50% IPv6″ club for a while now and this month is right at the 65% mark (64.57% if you want to be precise):
Looking at the measurements for February 2015, you can see other great numbers: XS4ALL in the Netherlands is now at almost 60%, Telenet grew to 56%, Comcast is nearing 36%, AT&T has jumped to 38%, and Time Warner Cable continues on a nice trend line at 14%.
To better understand these measurements, you can scroll to the bottom of the measurements page and see more about how the partners contribute their data to the measurements project. Current partners include: Akamai, Facebook, Google, LinkedIn and Yahoo!
What these measurements show very clearly is that IPv6 deployment is happening right now – and if you haven’t been paying attention, you really need to be looking at what you can do to ensure your networks and content will work with the IPv6-enabled Internet. Please visit our Start Here page to find resources that will help you begin!
Feb 24
Ziff Davis Webinar Today: DNSSEC – Do You Need DNS Security Now?
Via Twitter today, I learned that technology journalist Sean Kerner will be speaking in a webinar about DNSSEC at 1:00pm US Eastern today (in about 65 minutes). If you are interested, more information can be found at:
http://www.eseminarslive.com/c/a/security/GeoTrust-021715/
I’ll be honest and say I don’t know what precisely will be covered in this session but back in the earlier days of DNSSEC deployment (~2010) Sean wrote a number of pieces on the topic and I’ve generally appreciated the coverage he gives to security topics. The abstract sounds useful:
Ever since the Kaminksy DNS security disclosure back in 2008 DNSsec (DNS Security extensions) have been hailed as the key tool in the fight to secure domains. Despite this recognition, few have actually implemented it. What should you do? How does SSL complement or compete with DNSsec to provide security for your domain?
We’ll have to see what he says.
If you are interested in deploying DNSSEC – or simply learning more about it – I would encourage you to visit our Start Here page where you can find DNSSEC resources tailored to your role or type of organization.
If you want to understand the current state of DNSSEC deployment, you may want to view our DNSSEC Deployment Maps or check out some of the different DNSSEC statistics sites that are out there.
And if you want to learn more about how DNSSEC can work with SSL/TLS, please do visit our information about the DANE protocol.
Let’s get the word out there and get more DNSSEC and DANE deployed!
Feb 23
FIR #796 – 2/23/15 – For Immediate Release
Quick News: Krispy Kreme's KKK Wednesday faux pas, results of 2015 online newsroom report, Facebook VR coming in a while, Dove's Twitter plans for the Oscars; Ragan promo; News That Fits: the rise of the content economy, Michael Netzley's Asia Report, Twitter's advice to be part of the conversation, Media Monitoring Minute from CustomScoop, listener comments, is Twitter a bust or a boon for brands?, Dan York's Tech Report, the past week on the FIR Podcast Network, Igloo Software promo, loyalty has killed marketing; Neville will report solo next week; music from The Subways; and more.
Feb 23
FIR #796 – 2/23/15 – For Immediate Release
Quick News: Krispy Kreme's KKK Wednesday faux pas, results of 2015 online newsroom report, Facebook VR coming in a while, Dove's Twitter plans for the Oscars; Ragan promo; News That Fits: the rise of the content economy, Michael Netzley's Asia Report, Twitter's advice to be part of the conversation, Media Monitoring Minute from CustomScoop, listener comments, is Twitter a bust or a boon for brands?, Dan York's Tech Report, the past week on the FIR Podcast Network, Igloo Software promo, loyalty has killed marketing; Neville will report solo next week; music from The Subways; and more.
