Featured Blogs

Latest

Maybe the IETF Won’t Publish SPF and Sender-ID as Experimental RFCs After All

Yesterday, the IESG, the group that approves RFCs for publication received an appeal from Julian Mehnle to not to publish the Sender-ID spec as an experimental RFC due to technical defects. IESG members' responses were sympathetic to his concerns, so I'd say that a Sender-ID RFC has hit a roadblock. The problem is simple: Although Sender-ID defines a new record type, called SPF 2.0, it also says that in the absence of a 2.0 record, it uses the older SPF1 record. Since SPF and Sender-ID can use the same records, if you publish an SPF record, you can't tell whether people are using it for SPF or Sender-ID. Ned Freed commented... more

Jerry Falwell Critic Can Keep Domain Name, Appeals Court Says

I want to call your attention to a very important Internet free speech decision, perhaps the most significant of our domain name cases from the past several years. In Lamparello v. Falwell, the United States Court of Appeals for the Fourth Circuit held today that the use of the domain name www.fallwell.com for a web site devoted to denouncing the views of Rev. Jerry Falwell about homosexuality neither infringes Falwell's trademark in his name nor constitutes "cybersquatting." more

Criticism of Trademark Owner Deemed Legitimate Interest under ICANN UDRP

BioCryst Pharmaceuticals, Inc., of Birmingham, Alabama, challenged registration of domain name www.biocrystpharmaceuticals.com. Respondent used domain name to criticize the Complainant's business (BioCryst Pharmaceuticals, Inc. v. Kumar Patel, Case No. D2005-0674). Panelist Daniel Gervais denied relief, stating... more

So You Think You’re Safe from DNS Cache Poisoning?

Everyone is probably well aware of the Kashpureff-style DNS cache- poisoning exploit (I'll call this "classic cache poisoning"). For reference, see the original US-CERT advisory prompted by this exploit. Vendors patched their code to appropriately scrub (validate) responses so that caches could not be poisoned. For the next 7-8 years, we didn't hear much about cache poisoning. However, there was still a vulnerability lurking in the code, directly related to cache poisoning. ...On April 7, 2005, the SANS ISC (not to be confused with Internet Systems Consortium) posted an update detailing how Microsoft Windows DNS servers were still being poisoned, even though the "Secure cache against pollution" option was set. The SANS ISC found that Windows DNS servers using BIND4 and BIND8 servers as forwarders were being poisoned. But how could this be? more

.XXX Puzzle Pieces Start to Come Together: And the Picture is Ugly

Americans who worried about governments somehow "running" the Internet through the United Nations failed to see the Trojan Horses that were rolled into ICANN's structure in 1998: the Governmental "Advisory" Committee and the special US Government powers over ICANN. The attempt by the US Commerce Department to "recall" the delegation of .xxx to ICM Registry due to pressure from deluded right-wing groups in the US who think that it will add to pornography on the Internet is a major inflection point in the history of ICANN, and could represent the beginning of the end of its private sector/civil society based model of governance. more

Objections to .XXX, Attention in High Places

Dot XXX is in for some interesting times, I fear. First the ICANN GAC chair Sharil Tarmizi is suggesting that more time be given for government and public policy feedback on .XXX. Objections certainly have started to come in from rather high places, such as from the US Department of Commerce. Personally speaking I'm inclined to be in favor of .XXX because it at least gives people in the adult entertainment industry their own online space and a stronger voice (gTLD)... more

Monetizing the Internet

What would duopoly providers of internet access really like to have? They'd really like to be paid for providing non-commodity services. They'd really like to be rewarded for running the network, top to bottom. "But that's not possible," you say. No provider can tell one packet from another. Providers can only block the ports used by applications they don't like, and that's a clumsy, unwinnable arms race. The applications can always switch to common and useful ports, and no provider wants to alienate its subscriber base. But what if providers could inspect the contents of packets, without using too much computational power, and discriminate among applications? "Naah," you say. "They can't possibly do that."... more

Regime Change on the Internet: Conference Notes

"Regime Change on the Internet? Internet Governance after WGIG" was the first public event held in the United States on July 28, 2005 to review the UN Working Group on Internet Governance (WGIG) report. Here are my notes from the event: "Markus Kummer, Executive Coordinator, UN Working Group on Internet Governance, reminded the audience that the mandate of the WGIG was specifically articulated by the first part of the WSIS - "To investigate and make proposals for action as appropriate". It was not for sweeping regime change as the conference title would suggest." more

SPF Loses Mindshare

MAAWG is the Messaging Anti-Abuse Working group. It was started by Openwave, a vendor that sells e-mail hardware and software to large ISPs and originally consisted only of Openwave customers, but has evolved into an active forum in which large ISPs and software vendors exchange notes on anti-spam and other anti-abuse activities. Members now include nearly every large ISP including AOL, Earthlink, Yahoo, Comcast and Verizon is a member, along with ESPs like Doubleclick, Bigfoot, and Checkfree, and vendors like Ciscom, Ironport, Messagelabs, Kelkea/Trend, and Habeas. They've also been quietly active in codifying best practices and working on some small but useful standards like a common abuse reporting format. more

About Those Root Servers

There is an interesting note on the ITU Strategy and Policy Unit Newslog about Root Servers, Anycast, DNSSEC, WGIG and WSIS about a presentation to ICANN's GAC. (The GAC website appears to be offline or inaccessible today.) The interesting sentence is this: Lack of formal relationship with root server operators is a public policy issue relevant to Internet governance. It is stated that this is "wrong" and "not a way to solve the issues about who edits the [root] zone file." Let's look at that lack of a formal relationship... more

Orange Bowl ICANN UDRP Case Explores Fair Use

The resale of genuine products presents particular difficulties in domain name disputes, testing the application of fair use doctrine. Several domain name disputes involving the resale of event tickets illustrate the point. I served as a panelist in one such case The Orange Bowl Committee, Inc. v. Front and Center Tickets, Inc., D2004-0947 (WIPO 2005). The decision, which issued with a dissent, explored fair use in the domain name context and addressed several related ticket resale disputes. more

IGP on Future U.S. Role in Internet Governance

On June 30, 2005, the United States Department of Commerce National Telecommunications and Information Administrtation (NTIA) released the "US Statement of Principles on the Internet's Domain Name and Addressing System." The Internet Governance Project (IGP) has issued 7 points in response to the "Statement of Principles" showing the direction believed to be in the interests of the United States and the world. more

When the Defendant is a Domain Name: The Power of In Rem Proceedings Under the ACPA

A recent decision by a federal court in Virginia illustrates some interesting legal issues that arise from the global nature of the domain name system. It also highlights a powerful mechanism under the Anticybersquatting Consumer Protection Act ("ACPA") by which a plaintiff can proceed with a legal action to recover a domain name without regard to the court's personal jurisdiction over the registrant.  more

Mozilla Implements TLD Whitelist for Firefox in Response to IDN Homographs Spoofing

Mozilla Foundation has announced changes to Firefox concerning Internationalized Domain Names (IDN) to deal with homograph spoofing attacks. According to the organization, "Mozilla Foundation products now only display IDNs in a whitelist of TLDs, which have policies stating what characters are permitted, and procedures for making sure that no homographic domains are registered to two different entities." Following is a statement explaining the current status of the Mozilla changes to Firefox regarding IDN... more

Abusive Anti-Anti-Spam Scheme a Dreadful Strategy

A new company called Blue Security purports to have an innovative approach to getting rid of spam. I don't think much of it. As I said to an Associated Press reporter: "It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail. "Deliberate attacks against people's Web sites are illegal." more

Topics

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Latest Blogs

Recently Discussed

Most Discussed – Last 30 Days

Most Viewed – Last 30 Days