Featured Blogs

Latest

IDN Spoofing Solutions With Balance

Last week's tizzy about IDN (Internationalized Domain Name) spoofing was an interesting exercise in watching how people react to the unknown. The nearly-universal response to the problem that had been described in detail many years ago was "turn off IDNs" instead of "assume that the people who created IDNs knew about this, so let's do some research." The following is based on my thoughts this week. For those of you who are not familiar with my earlier work, I'm one of the authors of the IDN standards... more

Controlling Cyber Dissidents?

Blogging is not only a well-established element of pop culture, it has become a tremendously influential communications mechanism. As early as March 2002, an article in Wired discussed the blogging "revolution" and declared that blogging "could be to words what Napster was to music - except this time, it'll really work." more

NTIA Nixes Privacy Protection in Whois

Many registrars have gotten complacent about reforming the Whois-Privacy relationship. After all, they can sell additional privacy protection to their subscribers for an extra $5-10. Seems like a perfect "market oriented" interim solution, as the so-called "bottom up" policy development process of ICANN figures out how to provide tiered access. Not so fast. more

IDN and Homographs Spoofing

There is a published spoofing attack using homographs IDN. By using a Cyrillic SMALL LETTER A (U+430), Securnia is able to pretend to be http://www.paypal.com/. Actually this is well-documented in RFC 3490 under the Security Consideration: "To help prevent confusion between characters that are visually similar, it is suggested that implementations provide visual indications where a domain name contains multiple scripts. Such mechanisms can also be used to show when a name contains a mixture of simplified and traditional Chinese characters, or to distinguish zero and one from O and l..." more

A Postitive Look at DENIC’s .Net Bid

The outcome of the .Net rebid process will involve the security, stability and diversity of management of the Internet's critical infrastructure. As well, the rebid process introduces competitive forces that will flow through to users in the form of cost savings and improved service levels. DENIC has submitted a bid that is consistent with the goals and interests of the Internet community and is the only proponent that has done so. Let us consider the following factors and assess the alignment of the bids with the goals and interests for the Internet community. more

10 Things Google Could Do as a Domain Name Registrar

In the absence of any formal announcements, news of Google being accredited by ICANN as a domain name registrar, spread fast in the media today after it was first reported by Bret Fausett on Lextext -- see Google is a Registrar. The company has since mentioned that "Google became a domain name registrar to learn more about the Internet's domain name system," and that it has no plans to sell any domain names at the moment. However, speculations on what Google could do as an accredited registrar are far and wide. Here are ten, listed in no particular order... more

Looking at .Net Bids

ICANN is now seeking public comments regarding the .net bids. Unlike before, I am not going to offend one friend or another by siding with one proposal over another. They are all qualified and experienced registry operators. Instead, I will make some general observations. 1. None of the Revenue and Pricing Model (i.e. Section 4) about the bids are available to public... more

How to Stop Spam

I got a letter the other day from AOL postmaster Carl Hutzler, about how the Internet community could get rid of spam, if it really wanted to. With his permission, here are some excerpts. "Spam is a completely solvable problem. And it does not take finding every Richter, Jaynes, Bridger, etc to do it (although it certainly is part of the solution). In fact it does not take email identity technologies either (although these are certainly needed and part of the solution)." more

The .net Top Level Domain and Cross-Coupled Failures

The .net Top Level Domain (TLD) contains the names of the main group of DNS root servers as well as the names of the servers for several other large TLDs, such as .com, .org, .arpa and .mil. Most of the focus about the .net redelegation has concerned the quality of the registration systems. But that is a minor matter next to the quality of the name server operation.  more

Something’s Cooking at IETF with Email Authentication

A few months ago, Ted Hardie (AD of Applications for the IETF) informed the MARID WG in the closure announcement as follows: "Given the importance of the world-wide email and DNS systems, it is critical that IETF-sponsored experimental proposals likely to see broad deployment contain no mechanisms that would have deleterious effects on the overall system. The Area Directors intend, therefore, to request that the experimental proposals be reviewed by a focused technology directorate..." more

.NET Bid Contenders

Yesterday was the deadline for the submissions of responses to the .NET re-bid RFP. As of my last count, there are five companies that I am aware of that submitted proposals for the .NET rebid. Three of these were quite publicly announced, Afilias, Denic, and Verisign. The other two bidders are Multi-Stakeholder groups. Sentan and Core++. Sentan appears to be a Joint Venture between .jp and Neulevel, and Core++ is ISC, Telfonica, and .br, with participation from Core, Nida (.kr), and .zaDNA (.za). more

Closer Look at Domain Name Transfer Policy and the Hijacking of Panix.com

Given the recent panix.com hijacking, I will give an outline of the current ICANN transfers process for gtlds. In the case of panix.com, evidence so far indicates that a third party that holds an account with a reseller of Melbourne IT, fraudulently initiated the transfer. The third party appears to have used stolen credit cards to establish this account and pay for the transfer. That reseller is analyzing its logs and cooperating with law enforcement. more

Preventing A New World Internet Order

If anyone needs another reason why the UN should not be in charge of the internet, they need look no further than the upcoming UNESCO conference on "Freedom of Expression in Cyberspace." The United Nations Education Scientific and Cultural Organization conference will discuss "whether universal free expression standards should be applied to the Internet and how free expression can be protected while respecting individual privacy, national laws and cultural differences." The conference is being held in preparation for the second phase of the UN's World Summit on the Information Society (WSIS)." more

Customer Service is Law: The Panix Story

The NANOG list yesterday was the virtual equivalent of a nearby nocturnal car alarm: "panix.com has been hijacked!" (whoo-WEE, whoo-WEE); "those jerks at VeriSign!" (duhhhhh-WHEEP, duhhhh-WHEEP); "no one's home at Melbourne IT!" (HANK, HANK, HANK, HANK). Finally, on Monday morning in Australia, the always-competent and helpful Bruce Tonkin calmly fixed the situation. So the rest of us can get some sleep now. But as we nod off in the quietness, let's consider just exactly what happened here. more

Hijacking of Panix.com: A Call for An Emergency Rollback Procedure

There's a thread on NANOG to the effect that Panix, the oldest commercial Internet provider in New York, had its domain name 'panix.com' hijacked from Dotster over to MelbourneIT and it has pretty well taken panix.com and its customers offline. Looks like this may be among the first high-profile unauthorized transfer under the new transfer policy. It begs the question, despite the existence of the dispute policy under the new system, what provisions should there be for a situation like this where every hour causes untold damage to the party in question... more

Topics

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

Latest Blogs

Recently Discussed

Most Discussed – Last 30 Days

Most Viewed – Last 30 Days