Dan York

Just a guy in Vermont trying to connect all the dots...

Author's posts

Apr 27

Watch Live on Friday, 29 April – Kathy Brown At G7 ICT Multi-Stakeholder Conference

On Friday, April 29, you can watch leaders of the technical community, business and civil society address the G7 ICT Ministers at:

The Multi-Stakeholders Conference begins at 9:00 am Japan Standard Time (UTC+9), which is:

  • midnight UTC
  • 2:00 am Central European Time
  • 8:00 pm, Thursday, April 28, Eastern Daylight Time

Internet Society President and CEO Kathy Brown will speak as part of a panel starting at 10:45 am JST. The panel topic is “Sharing common thoughts about Internet governance and cybersecurity“. The other panelists are senior executives from Hitachi, NTT and BT Security. Kathy has published her thoughts about what she will say in the session.

The full agenda for the Multi-Stakeholder Conference is available on the G7 event site.

In preparation for the session, we encourage you to read:

During the event you can also follow our tweets on @ISOCPolicy .

The post Watch Live on Friday, 29 April – Kathy Brown At G7 ICT Multi-Stakeholder Conference appeared first on Internet Society.

Apr 22

Facebook Messenger Launches Group Conference Calls (Audio-only)

Continuing their efforts to be THE communication platform you use, the Messenger team at Facebook rolled out "group calling" this week within the Messenger app on iOS and Android. The new feature was announced by David Marcus, head of the FB Messenger team. Right now this is audio-only (i.e. not group video) and per media reports is limited to 50 participants.

I had to go to the AppStore and upgrade the Messenger app on my iPhone to the latest version, but once I did, I suddenly had a phone icon in the upper right corner of a group chat:

FB groupcalls 1

Tapping that phone icon brought me to a screen where I could choose which of the group members I wanted to bring into the group call:

FB groupcalls 2

After tapping "Call" in the lower right, Messenger launched the call and gave me feedback about who it was connecting, etc:

FB groupcalls 3

It then connected those who were available and four of us were in a group conference call:

FB groupcalls 4

As you can see in the screen captures, I had the standard buttons to mute my microphone and to activate the speakerphone.

AUDIO QUALITY - The audio quality was quite good. I couldn't find any technical info about what they are doing "under the hood" but one of the folks on the call understood that it was WebRTC-based, which would then imply the use of the excellent Opus audio codec. We experienced a couple of audio hiccups but nothing outside the normal VoIP experience and nothing that really detracted from the call. It certainly sounded like a rich, wideband-audio connection.

We didn't stay on the call for long as I didn't want to take their time (or my own), but exiting the call was simple and brought us right back into the group chat to continue our communication.

MOBILE-ONLY - One concern noted by a couple of folks was that the incoming audio call only rang on their tablet or phone, i.e. the iOS or Android app. It did not ring inside of Facebook in a desktop web browser or in the Messenger.com website.

Beyond that, though, it seemed a very straightforward and positive experience.

Now, Facebook Messenger is not the first to do this, of course. Skype has had group audio and video calls for years. As Venturebeat noted, in March of last year Line launched group calling for up to 200 people and WeChat added group audio and video calls in September.

Still, this is Facebook Messenger, with its 900 million users, providing yet another reason to NOT use traditional audio conferencing solutions.

I would suspect, too, that video conferencing can't be too far off, either, given that Facebook Messenger currently does let you do 1:1 video calls - and also that competitors offer group video calls.

It continues to be an absolutely fascinating time to watch the severe disruption of traditional telecommunications... and this move by Facebook is yet another example of how the ways we are communicating are changing.

What do you think? Will you use the group calling within Facebook Messenger?

Apr 20

Asia-Pacific Job Opening: Join Internet Society Deploy360 Programme to Promote IPv6, DNSSEC, More (Featured Blog)

Do you live in the Asia-Pacific region and are interested in accelerating the deployment of key technologies such as IPv6, DNSSEC, TLS or secure routing mechanisms? If so, my Internet Society colleagues involved with the Deploy360 Programme are seeking a "Technical Engagement Manager" based somewhere in the AP region. Find out more information about the position, the requirements and the process for applying. More...

Apr 11

Facebook Takes On Snapchat With Launch of "Messenger Codes" To Easily Connect Users

On the eve of Facebook's major "F8 Developer Conference" happening April 12-13, the company has launched a clear attack on Snapchat's "Snapcode" method of connecting users with their new "Messenger Codes". If you go into the newest version of Facebook Messenger on iOS (which is the only platform I have to test right at this moment) and click on the gear icon in the lower right labeled "Settings", you now see a brand new profile screen:

Facebook messenger code settings

There are two things to note here:

  1. The circular shaped code around my profile image; and
  2. The new short URL of m.me/dyork which brings me to a web version of Facebook Messenger. (More on that in a different post.)

The circular code clearly reminded me of Snapchat's "Snapcode", where mine is:

Snapcode dyork

And sure enough, when I clicked on the "People" icon at the bottom of the Messenger app, the first option on the top is "Scan Code":

Facebook messenger scan code

Since I had learned about these codes via a tweet from Chris Messina, I pointed my phone at my laptop screen where his Messenger Code was visible:

Fb messenger messina

As I got closer to the code, the Messenger app automagically recognized the code and put me into a message window with Chris:

Fb messenger messina success

I didn't chat with him as I didn't have a reason to do so and I don't recall us actually meeting. But I could ... it was this easy to get connected.

In a similar way to Snapchat, from the "Scan Code" window there is a symbol in the lower left corner that lets you access your phone's photos. So if you receive a Messenger Code via some other method (such as Twitter where people are already posting their codes using the #F8 hashtag) and save that image to your photos, you can access it from the "Scan Code" page and connect with the person.

From that same "Scan Code" page you can also tap "My Code" to see your code. Here's mine:

Fb my code

I can now share that Messenger Code out through the icon in the upper right and get it out into other social services (as I did on Twitter), or via text message, email, DropBox or anything else.

(Amusingly, while I could share the image out to Snapchat, the image is shared as square and since Snapchat uses full vertical images it cropped the image... meaning that the full Messenger Code would not be displayed and presumably would not work.)

So What?

At this point you may be saying "so what?" and wondering what value this really brings.

As I wrote about last year, messaging is all about "the directory dilemma", i.e.

People will only USE a communication application if the people they want to talk to are using the application.

It's all about having the most massive directory of users and growing that directory.

As Snapchat has demonstrated, the use of these "user codes" takes away the friction of figuring out how to connect with someone.

Over the past months a number of people I know have changed their Twitter and Facebook profile images to be their Snapcode. All I need to do, then, is point Snapchat on my phone toward their image and... ta da.. I can send them a connection request. No worry trying to look up their name... or figure out which of the many "Dan Yorks" I am if they are trying to connect to me.

Simple. Easy.

In many ways it's the proprietary version of QR codes... although focused on connecting two users rather than (as is often the case with a QR code) sending you to a web page or other site.

I expect we'll start seeing people change their Twitter profile photos to include their Facebook Messenger Code.

If people do, Facebook can steal the messaging from that rival platform. If you advertise your Messenger Code as the profile on another service, you are effectively saying "I prefer to get Facebook Messenger messages".

Take away the friction of connecting and let users advertise how to connect on your messaging platform.

If I were the organizer of an event, and I wanted to use FB Messenger as my primary messaging app, I could very easily see adding my Messenger Code to the event website, or even to printed flyers that might hang in a local coffee shop, library, gym, school or wherever...

Simple. Easy.

What About Brands? Facebook Pages?

I could see a huge benefit to brands to be able to publish these Messenger Codes, particularly with the expectation of "chat bots" being unveiled at F8 this week.

Again, from Facebook's point of view, this would keep the messaging within Facebook's walled garden, and continue to keep Facebook having the biggest directory of active users.

Tonight I couldn't discover anything similar in the Pages app or any other place. But you would think it would be coming... we'll have to stay tuned to F8 coverage this week to find out more.

What About Messaging Spam?

But if you publish your Messenger Code everywhere, what about spam?

Another good question... and since I published my Messenger Code on Twitter, perhaps I'll find out the answer over the next day or so! :-)

Perhaps Facebook will filter them all into the "Message Requests" that was very hard to find. I don't know! I have to think they will do something to ensure Messenger doesn't descend into the spam pit as email has.

How Else Can Messenger Codes Be Used?

We'll have to see what they tell us at the "F8 Developer Conference" this week... stay tuned!

What do you think about these Messenger Codes? Do you think it will help in connecting you with people? Will your promote your code? Or do you think it is all a waste of time? Let me know in the comments or on social media...

Mar 31

DNS-OARC 24 Streaming Live March 31 / April 1 from Buenos Aires

OARC 24

Today and tomorrow you have a great opportunity to listen to some of the newest research into the Domain Name System (DNS) operations and security through the live video stream of the 24th meeting of the DNS Operations Analysis and Research Center (DNS-OARC). You can watch live at:

https://www.youtube.com/c/DnsoarcNetPlus/live

and view the past recordings on the DNS-OARC YouTube channel.  The DNS-OARC 24 agenda covers a wide range of topics related to the overall operations of DNS.  Some of the sessions that Deploy360 readers may find of interest include:

  • Thursday, March 31
    • How we are developing a next generation DNS API for applications
    • State of the “DNS privacy” project: running code
    • QNAME minimisation in Unbound (DNS privacy)
  • Friday, April 1
    • Knot DNS Resolver
    • Threshold-Cryptography Distributed HSM
    • Review and analysis of attack traffic against A-root and J-root on November 30 and December 1, 2015
    • ECDSA – Reviewed
    • Rolling the Root Key
    • Algorithm roll-over experiences
    • Panel: DNSSEC algorithm flexibility

The last four sessions that I highlighted in bold all fit into the larger work of moving to use newer elliptic curve cryptographic algorithms within DNSSEC that I wrote about recently.  As I mentioned in that article, I’ll be moderating this final panel tomorrow afternoon.

I would encourage people to tune in and watch the sessions.  Do visit the DNS-OARC 24 timetable to find out the times when different sessions will be happening. All times are in Argentina time (ART) which is UTC-3.

And if you want to get started with DNSSEC yourself, please visit our Start here page to begin.

Image credit: a photo of the DNS-OARC 24 room I took this morning.

 

Mar 30

TDYR 298 – Heading To Buenos Aires for #IETF95 and more…

I am heading to Buenos Aires, Argentina, for the 95th meeting of the Internet Engineering Task Force (IETF) and several other meetings. In this episode I talk about what I will be doing there.

Mar 29

The Path Toward Increasing the Security of DNSSEC with Elliptic Curve Cryptography (Featured Blog)

How do we make DNSSEC even more secure through the use of elliptic curve cryptography? What are the advantages of algorithms based on elliptic curves? And what steps need to happen to make this a reality? What challenges lie in the way? Over the past few months we've been discussing these questions within the community of people implementing DNSSEC, with an aim of increasing both the security and performance of DNSSEC. More...

Mar 29

The Path Toward Increasing The Security of DNSSEC with Elliptic Curve Cryptography (Featured Blog)

More...

Mar 28

The Next Steps Toward Increasing The Security of DNSSEC with Elliptic Curve Cryptography

How do we make DNSSEC even more secure through the use of elliptic curve cryptography?  What are the advantages of algorithms based on elliptic curves?  And what steps need to happen to make this a reality?  What challenges lie in the way?

Over the past few months we’ve been discussing these questions within the community of people implementing DNSSEC, with an aim of increasing both the security and performance of DNSSEC.  Ondřej Surý of CZ.NIC Labs has been leading the way both with writing Internet drafts (draft-ietf-curdle-dnskey-ed25519 and draft-ietf-curdle-dnskey-ed448) and also in helping to organize sessions at various events.

Here’s a brief view of where that discussion has and will be taking place:

  • 9 March 2016 – a panel session at ICANN 55 DNSSEC Workshop in Marrakech, Morocco- (see below)
  • 1 April 2016 – a panel session at DNS-OARC in Buenos Aires
  • 5 April 2016 – a discussion of the drafts in the CURDLE Working Group at IETF 95
  • 6/8 April 2016 – a discussion of another draft in the DNSOP Working Group to reduce usage of older DNSSEC crypto algorithms
  • 23-27 May 2016 – a panel session at RIPE 72 in Copenhagen, Denmark
  • 27 June 2016 – a proposed panel session at the ICANN 56 DNSSEC Workshop in Helsinki, Finland

Let me provide a quick overview of what happened at ICANN 55 and then explain a new Internet draft that came out of that experience.

ICANN 55 DNSSEC Workshop

At ICANN 55 in Marrakech, we had a panel that I moderated where we presented several different viewpoints about how we go about implementing new DNSSEC algorithms and what are the challenges.  I started out with a presentation where I outlined some of the challenges in this set of slides:

I was then followed by four panelists (links are to the slide decks three of the four panelists had):

Geoff started out giving an overview of what APNIC’s research had found in the support of a current elliptic curve algorithm (ECDSA) in DNS resolvers (remembering that there are two sides to DNSSEC).  Jim Galvin then provided a view of DNSSEC algorithms from a registry perspective.  Olafur reported on the experience CloudFlare had rolling out ECDSA support and Ondřej wrapped up the session explaining the two new elliptic curve algorithms proposed for DNSSEC.  There were a good number of questions asked and it was a healthy discussion.

Our Internet Draft on new deploying DNSSEC algorithms

After that ICANN 55 session, I went back and wrote up a summary of what we learned out of that discussion and then incorporate further input from Ondřej, Ólafur and Paul Wouters and turned that into a new Internet-draft:

draft-york-dnsop-deploying-dnssec-crypto-algs

As I said in the abstract:

As new cryptographic algorithms are developed for use in DNSSEC signing and validation, this document captures the steps needed for new algorithms to be deployed and enter general usage. The intent is to ensure a common understanding of the typical deployment process and potentially identify opportunities for improvement of operations.

We are looking forward to further discussion – and welcome any and all feedback on the document.

The DNS-OARC panel on Friday, April 1

Which leads to a mention of the next discussion happening on this Friday, April 1, at the DNS-OARC 24th meeting happening in Buenos Aires right before IETF 95.  The very last session from 1700-1745 ART (UTC-3) will be on “DNSSEC algorithm flexibility” .  I’ll be moderating the panel again and the focus this time will be on software implementations and what needs to be done there to support more encryption algorithms.  Ondřej will be part of the panel along with Paul Wouters (Red Hat), Evan Hunt (ISC / BIND) and several others.

I’m told their will be a live stream of the DNS-OARC session and it should be accessible from the DNS-OARC Google+ page. I’ll update this post once I have an exact URL.

Our goal with all of this work is to lay out a solid path forward to bringing strong elliptic curve algorithms to DNSSEC – and then making that plan a reality.  The end goal is an even more secure DNSSEC infrastructure that brings about an even more trusted DNS.

We’d welcome your comments and assistance with this – please do send us comments on the Internet Draft (email addresses at the end) or comment here or on social media about any of this.  We need many different people helping move this forward!

P.S. If you are not yet using DNSSEC, please visit our Start Here page to begin!

Mar 28

Rough Guide to IETF 95: DNSSEC, DPRIVE, DANE and DNS Security

The most passionate discussions involving "DNS security" at IETF 95 in Buenos Aires may possibly take place not in the "traditional" DNS-related Working Groups, but rather over in the Using TLS in Applications (UTA) Working Group on Monday, April 4, 2016, at 14:00 ART where what looks like a vigorous discussion is shaping up about how to protect and secure email communication. Yes, email!

Dan York