Internet Technologies

We provide resources that are easy to understand and quickly actionable by the professionals responsible for the implementation of new technologies and standards.

We aim to bridge the gap between the IETF standards process and final adoption of those standards by the global operations community.

For more than 7 years, we had been providing real-world deployment information for key Internet technologies as a part of the Deploy360 Programme. However, the programme was sunset in 2019. Currently, our Measuring the Internet project focuses on Enabling technologies and our MANRS project on improving the security and resilience of the Internet’s global routing system.

IPv6

IPv6 is the next generation Internet Protocol (IP) address standard intended to eventually replace IPv4, the protocol most Internet services use today. Every computer, mobile phone, and any other device connected to the Internet needs a numerical IP address in order to communicate with other devices. The original IP address scheme, called IPv4, is running out of numbers.

Our Pulse platform presents measurements of IPv6 adoption to raise awareness of the different levels of IPv6 adoption in different countries and networks around the globe, and to encourage greater adoption of this important enabling technology.

A graphic of locks with a key in it

Transport Layer Security (TLS)

To make the Internet more secure, Transport Layer Security (TLS), the successor to Secure Sockets Layer (SSL), needs to be widely deployed by all kinds of applications across the Internet. People are generally familiar with TLS from the “https” and lock icons seen in web browsers, but TLS can be used in so many other applications.

The latest version, TLS 1.3, provides enhanced security and fewer ways for attackers to find new flaws. TLS 1.3 has also been shown to improve performance, with secure connections taking less time to be established. This helps to demonstrate that optimizations can be made without compromising on security. Improving the security of Internet applications of all kinds is imperative for a healthy and growing Internet.

Our Pulse platform curates data on worldwide adoption of TLS 1.3.

DNS Security Extensions (DNSSEC)

Few technologies are more critical to the operation of the Internet than the Domain Name System (DNS). DNS Security (DNSSEC) is designed to authenticate DNS response data. It verifies responses to ensure a DNS server’s response is what the zone administrator intended. It does not address all threats (nothing does), but it provides a building block for providing additional data security, and not just within the DNS but also within the applications and services that are built on it.

Our Pulse platform presents indicators of DNSSEC adoption by the registries for country-code domain names (ccTLDs) and a measurement of the use of DNSSEC validation by Internet hosts globally.

HTTP/3

Hypertext Transfer Protocol (HTTP) is a fundamental part of the World Wide Web. In addition to powering the web, HTTP is increasingly used to transfer data between Internet-connected devices of all kinds. The latest version of HTTP (HTTP/3) marks quite a radical departure from the past by adopting a completely new transport protocol (QUIC).

The ability for the Internet to embrace HTTP/3 indicates the Internet’s capacity to keep evolving and supporting new applications. As the Internet has matured, deploying new protocols to improve performance and/or security can be difficult. The introduction of a new transport protocol for something as popular and important as HTTP is a real test of the capacity of today’s Internet to continue to support growth and innovation. 

Our Pulse platform curates data on worldwide adoption of HTTP/3.

Domain Name System (DNS) Privacy

The  Domain Name System (DNS) was originally developed without any kind of considerations for user privacy and may therefore leak information about DNS queries and responses that can be correlated to specific network activity.

Almost every time we use an Internet application, it starts with a Domain Name System (DNS) transaction to map a human-friendly domain name into a set of IP addresses. DNS transactions can therefore be correlated to the applications we use, the web sites we visit, and sometimes even the people we communicate with. How can we mitigate the privacy implications of the DNS?

Anti-Spoofing

How do we help prevent the massive Distributed Denial-of-Service (DDoS) attacks we continue to see on the Internet? What can be done by network operators, enterprises, and others to help reduce DDoS attacks and other similar threats?

There are unfortunately no magic silver bullets, but one mechanism that can be implemented by network operators is the prevention of “spoofing” of IP addresses, what we call “anti-spoofing technologies.”

The MANRS initiative outlines Filtering as one of the concrete actions that networks should take to prevent traffic with spoofed source IP addresses.

Securing Border Gateway Protocol (BGP)

The Border Gateway Protocol (BGP) is the protocol used throughout the Internet to exchange routing information between networks. It is the language spoken by routers on the Internet to determine how packets can be sent from one router to another to reach their final destination. BGP has worked extremely well and continues to the be protocol that makes the Internet work.

The challenge with BGP is that the protocol does not directly include security mechanisms and is based largely on trust between network operators that they will secure their systems correctly and not send incorrect data. Mistakes happen, though, and problems could arise if malicious attackers were to try to affect the routing tables used by BGP.

We support the MANRS initiative that calls for simple, but concrete actions that will reduce the most common routing threats, including BGP hijacking.

Not sure where to begin?

No matter if you are a network operator, an enterprise or a campus network, a developer or a website owner or your company is a manufacturer of consumer electronic devices or your organization is a domain name registrar, we’ve got you covered! Get started with the set of pages tailored just for you.

Resources

News

Load More