Search Results: IETF

As the Internet of Things (IoT) and constrained devices proliferate, the need for a compact and efficient data format becomes critical. CBOR (Concise Binary Object Representation) has emerged as the go-to standard, offering a binary alternative to JSON that is both space-saving and fast to parse.

Microsoft has introduced Signing Transparency, a preview cloud service that logs every code signature in a tamper-evident, publicly auditable ledger to thwart supply chain attacks beyond traditional code signing. Powered by confidential computing and SCITT standards, it delivers cryptographic receipts for independent verification, ensuring even compromised keys leave indelible traces. This Zero Trust innovation promises enhanced accountability for developers and enterprises alike.

A new IETF informational RFC argues that while standards bodies like the IETF cannot fully prevent Internet centralization driven by non-technical forces, they can design protocols to enable decentralized operation. The document dissects the risks and benefits of centralization across protocols and services, offering concrete recommendations for engineers to foster interoperability and user choice. As Big Tech dominance grows, this guidance could shape the future of open Internet architecture.

Email remains the backbone of digital communication, yet its security protocols, rooted in the 1970s, struggle against modern threats like spoofing and interception. This article explores the current patchwork of encryption and authentication measures, their vulnerabilities, and emerging standards that could either fortify SMTP or render it obsolete. As passkeys and quantum threats loom, developers and security experts must weigh incremental fixes against a radical redesign.

Ben Werdmuller's FediForum keynote delivers a stark warning: centralized social platforms are complicit in rising authoritarianism. He argues the open, federated social web, built with encryption and focused on concrete community needs, offers a vital refuge for vulnerable groups and a foundation for resistance. Werdmuller provides developers a crucial three-question framework to build tools that matter.

As the tech industry races to deploy post-quantum cryptography (PQC) against future quantum attacks, a high-stakes standards war is raging in the IETF. The NSA and GCHQ are advocating for 'pure' PQC encryption in TLS 1.3, stripping away the proven safety net of traditional elliptic-curve cryptography (ECC)—despite breaches like SIKE proving hybrid ECC+PQC is critical. This article exposes how regulatory pressure and flawed consensus threaten to normalize reckless security practices.