In my last article, I described efforts underway to standardize new cryptographic algorithms that are designed to be less vulnerable to potential future advances in quantum computing. I also reviewed operational challenges to be considered when adding new algorithms to the DNS Security Extensions (DNSSEC). In this post, I'll look at hash-based signatures, a family of post-quantum algorithms that could be a good match for DNSSEC from the perspective of infrastructure stability. more
On January 14, 2021, the Office of the United States Trade Representative (USTR) released its 2020 Review of Notorious Markets for Counterfeiting and Piracy (the Notorious Markets List, or NML). This publication enumerates online and physical markets that have been reported to engage in trademark, counterfeiting, and copyright infringement at scale. For the first time, the NML documents show how internet platforms play a part in bringing illicit goods into the US. more
I posted reviews of important LEO-satellite Internet service developments during 2017, 2018 and 2019. I've updated those posts during the years and have 18 new posts for 2020. In 2020 we saw increased effort from China, OneWeb's bankruptcy and restructuring with new ownership and prospects, Amazon investng in space-related infrastructure, Telesat making steady progress, SpaceX making rapid progress and satellite and debris tracking and collision-avoidsnce service startups. The following are brief summaries of and links to the 2020 posts. more
As chance has it, the attempt by NTIA to create a fake Trump Open 5G Security Framework MAGAverse as they headed out the door on 15 January is being followed this week by the global meeting of 3GPP SA3 (Security) to advance the industry's real open 5G security Framework. Designated TSGS3-102e (the 102nd meeting, occurring electronically), it continues the practice of assembling companies, organisations, and agencies from around the world every 8 to 12 weeks to focus on 5G security for current and future releases of 5G infrastructure. more
Internet Governance, like all governance, needs to be founded on guiding principles from which all policymaking is derived. There are no more fundamental principles to guide policymaking than the Universal Declaration of Human Rights (UDHR). This article, Part 7 of a series, looks at Articles 20 and 21 and explores how principles in the UDHR and lessons learned over the last half-century help define the rights and duties of one's engagement in the digital spaces of the Internet ecosystem. more
One of the "key" questions cryptographers have been asking for the past decade or more is what to do about the potential future development of a large-scale quantum computer. If theory holds, a quantum computer could break established public-key algorithms including RSA and elliptic curve cryptography (ECC), building on Peter Shor's groundbreaking result from 1994. more
We all use the Internet daily. Practically every element of our reality has its equal in the virtual realm. Friends turn into social media contacts, retail establishments to e-commerce shops, and so on. We can't deny that the way the Internet was designed, to what it has become, differs much. One example that we'll tackle in this post is the seeming loss of connection between domains and their distinguishable owners. more
As the saying goes, it's not over until it's over. So, it wasn't surprising that Trump's minions just got one last 5G minefield out the door. On 15 January, his followers at Dept. of Commerce's NTIA published the "National Strategy to Secure 5G Implementation Plan". The 40-page document consists of a fairly standard Washington policy playbook of 18 activities with six annexes that "details how the United States along with like-minded countries will lead global development, deployment, and... more
Time for another annual roundup from the world of IP addresses. Let's see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself. Back around 1992, the IETF gazed into their crystal ball and tried to understand how the Internet was going to evolve and what demands would be placed on the addressing system as part of the "IP Next Generation" study. more
A name collision occurs when a user attempts to resolve a domain in one namespace, but it unexpectedly resolves in a different namespace. Name collision issues in the public global Domain Name System (DNS) cause billions of unnecessary and potentially unsafe DNS queries every day. A targeted outreach program that Verisign started in March 2020 has remediated one billion queries per day to the A and J root name servers, via 46 collision strings. more
As every year, at the end of ICANN's Annual General Meeting (AGM), the new Nominating Committee (NomCom) comes together to start its work. Due to the Corona pandemic, the circumstances were slightly different; however, the 2021 NomCom kicked-off end of 2020. ICANN's Nominating Committee is charged with identifying, recruiting, and selecting nominees of the highest possible quality for key leadership positions at ICANN. more
In my last post, I looked at what happens when a DNS query renders a "negative" response -- i.e., when a domain name doesn't exist. I then examined two cryptographic approaches to handling negative responses: NSEC and NSEC3. In this post, I will examine a third approach, NSEC5, and a related concept that protects client information, tokenized queries. The concepts I discuss below are topics we've studied in our long-term research program as we evaluate new technologies. more
I recently shared at a conference how a seasoned brand and fraud expert from one of the world's largest global financial institutions lamented a major attack where multiple fraudulent websites would pop up every single day. All attacks were launched from the same registrar and web hosting company, and no matter how much they reached out to these providers, they received the same reply: "we will pass on your request to the registrant or site owner," and then nothing happened. more
Last fall, I wrote about ICANN's failed effort to achieve its goal of preserving the Whois domain name registration directory to the fullest extent possible. I predicted that if the policy effort failed, governments would take up the legislative pen in order to fulfill the long-ignored needs of those combating domain name system harms. That forecast has now come true through significant regulatory actions in the United States and the European Union in the form of a proposed directive from the European Commission (EC) and instruction from the US Congress to the National Telecommunications and Information Administration (NTIA). more
In my previous post, I described the first broad scale deployment of cryptography in the DNS, known as the Domain Name System Security Extensions (DNSSEC). I described how a name server can enable a requester to validate the correctness of a "positive" response to a query -- when a queried domain name exists -- by adding a digital signature to the DNS response returned. more
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byVerisign
Sponsored byRadix