To those of us who have worked on crypto policy, the 1990s have become known as the Crypto Wars. The US government tried hard to control civilian use of cryptography. They tried to discourage academic research, restricted exports of cryptographic software, and -- most memorably -- pushed something called "escrowed encryption", a scheme wherein the government would have access to the short-term keys used to encrypt communications or stored files. more
What are the most pressing Internet governance issues in the next 2-5 years? What are the biggest priorities in terms of making the Internet more secure and trusted? What are the best ways to bring the next 3 billion people online? Those will all be topics of discussion at the "InterCommunity 2015" meeting taking place this week on July 7 and 8. The meeting will not take place at any one physical location... more
The following is the easyDNS response to ICANN's public comment period on GNSO Privacy & Proxy Services Accreditation Issues Working Group Initial Report. The public comment period is open until July 7, 2015. We strongly urge you to make your voice known by signing the petition over at Save Domain Privacy. I submit these comments as a CEO of an ICANN accredited registrar, a former director to CIRA and a lifelong anti spam contributor with an unblemished record of running a managed DNS provider that maintains zero tolerance for net abuse or cybercrime... more
ICANN comment periods on policy proposals don't normally garner much attention. In the case of the current comment period on proxy/privacy services, however, things are very different. To date several thousand comments have been filed, while the topic of the policy proposals has received media attention across hundreds of outlets. more
Ever since we first became involved in developing policies and strategies for countries relating to what are now known as national broadband networks, we have argued that those taking part in the strategic decision-making processes of designing these networks should look, not at what broadband can do now, but at what high-speed broadband can do to assist countries to create the best opportunities for future developments. more
Until the launch of the New gTLD Program, TLD launches were relatively straightforward. They generally consisted of a Sunrise Period, a Landrush Phase, and then General Availability. We would see the occasional Grandfather Phase or "Founders" program, but all in all, launches were pretty standard and straightforward. Things started to change with the launch of the new gTLD program. more
I previously provided a brief overview of how Verisign iDefense characterizes threat actors and their motivations through adversarial analysis. Not only do security professionals need to be aware of the kinds of actors they are up against, but they should also be aware of the tactical data fundamentals associated with cyber-attacks most commonly referred to as indicators of compromise (IOCs). Understanding the different types of tactical IOCs can allow for quick detection of a breach... more
The next Registration Operations Workshop will take place at the start of IETF 93 on Sunday, July 19th, 2015. The focus of this workshop is on the Registration Data Access Protocol, the successor of Whois. RDAP is a combined protocol for IP addresses and names registration data. Therefore, we are expecting both domain names and RIR communities to attend the workshop. more
We, domain name and Trademark professionals, think end-users know about domain names. The truth is that few of them have ever heard of what a domain name is and worth; very few have heard about new descriptive domain names so I asked a Club manager my questions... Representatives of a famous French sports club were there and I bumped into them to ask my question: "any plan to change to a .club domain name?" more
Where has DNSSEC been successful? What are some current statistics about DNSSEC deployment? What are examples of innovations that are happening with DNSSEC and DANE? All of these questions will be discussed at the DNSSEC Workshop at ICANN 53 in Buenos Aires happening on Wednesday, June 24, 2015, from 09:00 – 15:15 Argentina time (UTC-3). You can watch and listen to the session live. more
DNSSEC is a mechanism where clients can verify the authenticity of the answers they receive from servers. There are two sides here. The server must supply signed answers, and the client must verify the signatures on those answers. The validation/verification side is widely implemented, but there are very few signed zones... However, if no one signs their zones, those validating resolvers don't have many signatures to check. more
More than six hundred brands have applied for their own dotBrand (a new top level domain associated with a trademarked brand). These represent every segment of our economy: banks, tech companies, media, food, luxury goods, etc. Quite a few dotbrands have already gone live. The current application period is closed, but the next round will likely begin in 24 months or so. more
In the coming weeks another Regional Internet Registry will reach into its inventory of available IPv4 addresses to hand out and it will find that there is nothing left. This is by no means a surprise, and the depletion of IPv4 addresses in the Internet could be seen as one of the longest slow motion train wrecks in history. The IANA exhausted its remaining pool of unallocated IPv4 addresses over four years ago in early 2011, and since then we've seen the exhaustion of the address pools in the Asia Pacific region in April 2011, in the European and the Middle Eastern region in September 2012, in Latin America and the Caribbean in May 2014 and now it's ARIN's turn... more
RHEL6/Centos6 (and presumably RHEL7/Centos7) machines with the latest openssl packages now refuse SSL connections with DH keys shorter than 768 bits. Consider RHEL6 sendmail operating as a client, sending mail out to a target server. If the target server advertises STARTTLS, sendmail will try to negotiate a secure connection. This negotiation uses openssl, which will now refuse to connect to mail servers that have 512 bit DH keys. The maillog will contain entries with "reject=403 4.7.0 TLS handshake failed". more
The 30-day .BANK Sunrise Period just concluded this week and is notable for several reasons. The .BANK TLD is highly restricted to members of the banking industry. The .BANK Registry (which also has rights to .INSURANCE, launching this fall), was founded by 24 companies and organizations from the banking and insurance industries, The Registry's founders include industry leaders such as the American Banking Association, Citigroup, Dollar Bank, Independent Community Bankers of America, JPMorgan, Visa and Wells Fargo. more
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byDNIB.com
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byCSC
Sponsored byVerisign