The United States is under cyber-attack. An article in Time magazine titled "The Invasion of the Chinese Cyberspies" discusses a computer-network security official for Sandia National Laboratories who had been "tirelessly pursuing a group of suspected Chinese cyberspies all over the world." The article notes that the cyberespionage ring, known to US investigators as Titan Rain, has been "penetrating secure computer networks at the country's most sensitive military bases, defense contractors and aerospace companies." more
Responding to the .xxx intervention by the US Commerce Department, the Internet Governance Project has produced a "STATEMENT OPPOSING POLITICAL INTERVENTION IN THE INTERNET'S CORE TECHNICAL ADMINISTRATIVE FUNCTIONS." You can view the statement here and add your name as a signatory at the bottom. Over 60 people have endorsed it. The Statement claims that "The NTIA's recent intervention in the .xxx proceeding undermines assurances" that the U.S. government's special unilateral authority over ICANN "would never be used to shape policy but was only a means of protecting the stability of the organization and its processes." The NTIA's open acknowledgment of the influence of religious groups made the intervention particularly dangerous. more
Yesterday, the IESG, the group that approves RFCs for publication received an appeal from Julian Mehnle to not to publish the Sender-ID spec as an experimental RFC due to technical defects. IESG members' responses were sympathetic to his concerns, so I'd say that a Sender-ID RFC has hit a roadblock. The problem is simple: Although Sender-ID defines a new record type, called SPF 2.0, it also says that in the absence of a 2.0 record, it uses the older SPF1 record. Since SPF and Sender-ID can use the same records, if you publish an SPF record, you can't tell whether people are using it for SPF or Sender-ID. Ned Freed commented... more
I want to call your attention to a very important Internet free speech decision, perhaps the most significant of our domain name cases from the past several years. In Lamparello v. Falwell, the United States Court of Appeals for the Fourth Circuit held today that the use of the domain name www.fallwell.com for a web site devoted to denouncing the views of Rev. Jerry Falwell about homosexuality neither infringes Falwell's trademark in his name nor constitutes "cybersquatting." more
BioCryst Pharmaceuticals, Inc., of Birmingham, Alabama, challenged registration of domain name www.biocrystpharmaceuticals.com. Respondent used domain name to criticize the Complainant's business (BioCryst Pharmaceuticals, Inc. v. Kumar Patel, Case No. D2005-0674). Panelist Daniel Gervais denied relief, stating... more
Everyone is probably well aware of the Kashpureff-style DNS cache- poisoning exploit (I'll call this "classic cache poisoning"). For reference, see the original US-CERT advisory prompted by this exploit. Vendors patched their code to appropriately scrub (validate) responses so that caches could not be poisoned. For the next 7-8 years, we didn't hear much about cache poisoning. However, there was still a vulnerability lurking in the code, directly related to cache poisoning. ...On April 7, 2005, the SANS ISC (not to be confused with Internet Systems Consortium) posted an update detailing how Microsoft Windows DNS servers were still being poisoned, even though the "Secure cache against pollution" option was set. The SANS ISC found that Windows DNS servers using BIND4 and BIND8 servers as forwarders were being poisoned. But how could this be? more
Americans who worried about governments somehow "running" the Internet through the United Nations failed to see the Trojan Horses that were rolled into ICANN's structure in 1998: the Governmental "Advisory" Committee and the special US Government powers over ICANN. The attempt by the US Commerce Department to "recall" the delegation of .xxx to ICM Registry due to pressure from deluded right-wing groups in the US who think that it will add to pornography on the Internet is a major inflection point in the history of ICANN, and could represent the beginning of the end of its private sector/civil society based model of governance. more
Dot XXX is in for some interesting times, I fear. First the ICANN GAC chair Sharil Tarmizi is suggesting that more time be given for government and public policy feedback on .XXX. Objections certainly have started to come in from rather high places, such as from the US Department of Commerce. Personally speaking I'm inclined to be in favor of .XXX because it at least gives people in the adult entertainment industry their own online space and a stronger voice (gTLD)... more
What would duopoly providers of internet access really like to have? They'd really like to be paid for providing non-commodity services. They'd really like to be rewarded for running the network, top to bottom. "But that's not possible," you say. No provider can tell one packet from another. Providers can only block the ports used by applications they don't like, and that's a clumsy, unwinnable arms race. The applications can always switch to common and useful ports, and no provider wants to alienate its subscriber base. But what if providers could inspect the contents of packets, without using too much computational power, and discriminate among applications? "Naah," you say. "They can't possibly do that."... more
"Regime Change on the Internet? Internet Governance after WGIG" was the first public event held in the United States on July 28, 2005 to review the UN Working Group on Internet Governance (WGIG) report. Here are my notes from the event: "Markus Kummer, Executive Coordinator, UN Working Group on Internet Governance, reminded the audience that the mandate of the WGIG was specifically articulated by the first part of the WSIS - "To investigate and make proposals for action as appropriate". It was not for sweeping regime change as the conference title would suggest." more
MAAWG is the Messaging Anti-Abuse Working group. It was started by Openwave, a vendor that sells e-mail hardware and software to large ISPs and originally consisted only of Openwave customers, but has evolved into an active forum in which large ISPs and software vendors exchange notes on anti-spam and other anti-abuse activities. Members now include nearly every large ISP including AOL, Earthlink, Yahoo, Comcast and Verizon is a member, along with ESPs like Doubleclick, Bigfoot, and Checkfree, and vendors like Ciscom, Ironport, Messagelabs, Kelkea/Trend, and Habeas. They've also been quietly active in codifying best practices and working on some small but useful standards like a common abuse reporting format. more
There is an interesting note on the ITU Strategy and Policy Unit Newslog about Root Servers, Anycast, DNSSEC, WGIG and WSIS about a presentation to ICANN's GAC. (The GAC website appears to be offline or inaccessible today.) The interesting sentence is this: Lack of formal relationship with root server operators is a public policy issue relevant to Internet governance. It is stated that this is "wrong" and "not a way to solve the issues about who edits the [root] zone file." Let's look at that lack of a formal relationship... more
The resale of genuine products presents particular difficulties in domain name disputes, testing the application of fair use doctrine. Several domain name disputes involving the resale of event tickets illustrate the point. I served as a panelist in one such case The Orange Bowl Committee, Inc. v. Front and Center Tickets, Inc., D2004-0947 (WIPO 2005). The decision, which issued with a dissent, explored fair use in the domain name context and addressed several related ticket resale disputes. more
On June 30, 2005, the United States Department of Commerce National Telecommunications and Information Administrtation (NTIA) released the "US Statement of Principles on the Internet's Domain Name and Addressing System." The Internet Governance Project (IGP) has issued 7 points in response to the "Statement of Principles" showing the direction believed to be in the interests of the United States and the world. more
A recent decision by a federal court in Virginia illustrates some interesting legal issues that arise from the global nature of the domain name system. It also highlights a powerful mechanism under the Anticybersquatting Consumer Protection Act ("ACPA") by which a plaintiff can proceed with a legal action to recover a domain name without regard to the court's personal jurisdiction over the registrant. more
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byVerisign