The Road Less Traveled: Time Is Running Out for NTIA-Verisign Cooperative Agreement

It is remarkable? - ?for all the wrong reasons? - ?that only two months remain before the National Telecommunications and Information Administration (NTIA) must make a fateful decision on how it will address its' long-standing Cooperative Agreement with Verisign? - ?the private-sector corporation that edits the authoritative address book of the Internet's Domain Name System (DNS), maintains two of the DNS root servers, and operates the .com and .net registries of the Internet, undoubtedly one of the most lucrative concessions ever granted. more

The Diet Pill Security Model

The information security industry, lacking social inhibitions, generally rolls its eyes at anything remotely hinting to be a "silver bullet" for security. Despite that obvious hint, marketing teams remain undeterred at labeling their companies upcoming widget as the savior to the next security threat (or the last one -- depending on what's in the news today). I've joked in the past that the very concept of a silver bullet is patently wrong... more

ICANN’s Two Decades of Evolution

In the fall of 1998, I was present at the first meeting of the ICANN Board which was then made up of very senior, prominent parties from a broad spectrum of sources. Much to her credit, Esther Dyson accepted the position as the first Chair of the ICANN Board for the newly birthed organization. I was in attendance in support of the nomination of Michael Roberts as the first ICANN CEO. It was a time of uncertainty. more

Remedies for Cybersquatting: New gTLD Domain Names

In the discussions proceeding the World Intellectual Property Organization (WIPO) publishing The Management Of Internet Names And Addresses: Intellectual Property Issues (Final Report, April 30, 1999) that ultimately led to the ICANN implementing the Uniform Domain Name Dispute Resolution Policy (UDRP) (1999) commentators considered three remedies to combat cybersquatting: suspending, cancelling, and transferring infringing domain names. more

IPv6 Security Considerations

When rolling out a new protocol such as IPv6, it is useful to consider the changes to security posture, particularly the network's attack surface. While protocol security discussions are widely available, there is often not "one place" where you can go to get information about potential attacks, references to research about those attacks, potential counters, and operational challenges. more

ICANN - A Catalyst for Development

In 1998 the idea of "Newco," ICANN's informal predecessor name, was dreamlike. It was so new, so unprecedented, that it was constantly being referred to as an "experiment." It was not every day that one came across an organization conceived by one nation (e.g., the U.S.), that was available for globally shared ownership. One that was defined, in large part, by international participation. more

The Security Talent Gap Is Misunderstood and AI Changes It All

Despite headlines now at least a couple of years old, the InfoSec world is still (largely) playing lip-service to the lack of security talent and the growing skills gap. The community is apt to quote and brandish the dire figures, but unless you're actually a hiring manager striving to fill low to mid-level security positions, you're not feeling the pain -- in fact, there's a high probability many see problem as a net positive in terms of their own employment potential and compensation. more

The Emergence and Consolidation of a Jurisprudence of Domain Names

One of the fallouts of disruptive inventions is the need for new laws to counter their unexpected consequences. As it concerned the Internet, these consequences included a new tort of registering domain names identical or confusingly similar to trademarks and service marks with the intention of taking unlawful advantage of rights owners. Prior to 2000 the only civil remedy for "cybersquatting" or "cyber piracy" was expensive and time-consuming plenary actions in courts of competent jurisdiction under national trademark laws. more

Meet Peter Harrison, the Only Caribbean Candidate for ARIN Board of Trustees Elections

Peter Harrison has been named among four finalists to contest elections for two seats on the American Registry for Internet Numbers (ARIN) board of trustees in October 2018. ARIN is one of five Internet registries worldwide that coordinate the distribution and administration of number resources. The registry serves the United States, Canada and several territories in the Caribbean. more

The Missing Piece of the Security Conference Circuit

So far this year I think I've attended 20+ security conferences around the world - speaking at many of them. Along the way, I got to chat with hundreds of attendees and gather their thoughts on what they hoped to achieve or learn at each of these conferences. In way too many cases I think the conference organizers have missed the mark. I'd like to offer the following thoughts and feedback to the people organizing and facilitating these conferences (especially those catering to local security professionals). more