ccTLDs Might Be Property

The long-running saga of victims who are pursuing 'state sponsors of terrorism' via ICANN has taken yet another turn. Some time back the Plaintiffs in Rubin & ors -v- Islamic Republic of Iran & ors managed to obtain Writs of Attachment in the Federal court district in Washington (D.C.) courts ordering that the ccTLDs of those respective countries be seized in part-payment of the damages they are owed. ICANN, fairly predictably, became involved at this point. more

The EFF and Hanlon’s Razor

The EFF has just posted a shallower than usual deeplink alleging an "email encryption downgrade attack" by ISPs intent on eavesdropping on their customers. They, along with VPN provider Golden Frog, have additionally complained to the FCC reporting this. Here, they've just noticed something that's common across several hotel / airport wifi networks... more

Domain Name Abuse Is a 4 Letter Word

There has been a lot of back and forth recently in the ICANN world on what constitutes domain abuse; how it should be identified and reported AND how it should be addressed. On one side of the camp, we have people advocating for taking down a domain that has any hint of misbehaviour about it, and on the other side we have those that still feel Registries and Registrars have no responsibility towards a clean domain space. (Although that side of the camp is in steady decline and moving toward the middle ground). more

If It Doesn’t Exist, It Can’t Be Abused

A number of outlets have reported that the U.S. Post Service was hacked, apparently by the Chinese government. The big question, of course, is why. It probably isn't for ordinary criminal reasons: The intrusion was carried out by "a sophisticated actor that appears not to be interested in identity theft or credit card fraud," USPS spokesman David Partenheimer said. ... But no customer credit card information from post offices or online purchases at usps.com was breached, they said. more

GTLDs Valuation Components That You Must Not Overlook

This post outlines the valuation pitfalls that need to be avoided when competing for the acquisition of a new generic Top-Level Domain (gTLD). The most widely used financial tools to determine the economic viability of a capital investment project, such as bidding for a new gTLD, are the Internal Rate of Return (IRR) and the Net Present Value (NPV), which measures the expected additional value a project would create if undertaken. more

Accountability Group Charter Sets the Bar Too Low

In mid-August ICANN staff attempted to impose their own proposal for the process that will determine what overall new ICANN accountability measures should accompany the proposed IANA functions transition -- and thereby replace the restraining and corrective oversight role that the U.S. has played through periodic reevaluation of ICANN performance in conjunction with re-awarding of the IANA contract. In united reaction against that attempt, the ICANN community sent an unprecedented joint letter to CEO Fadi Chehade and the ICANN Board... more

Secure Unowned Hierarchical Anycast Root Name Service - And an Apologia

In Internet Draft draft-lee-dnsop-scalingroot-00.txt, I described with my coauthors a method of distributing the task of providing DNS Root Name Service both globally and universally. In this article I will explain the sense of the proposal in a voice meant to be understood by a policy-making audience who may in many cases be less technically adept than the IETF DNSOP Working Group for whom the scalingroot-00 draft was crafted. I will also apologize for a controversial observation concerning the addition of new root name servers... more

Customer Confusion over New(ish) gTLDs Targeting Financial Services

For the last decade and a bit, banking customers have been relentlessly targeted by professional phishers with a never-ending barrage of deceitful emails, malicious websites and unstoppable crimeware -- each campaign seeking to relieve the victim of their online banking credentials and funds. In the battle for the high-ground, many client-side and server-side security technologies have been invented and consequently circumvented over the years. Now we're about to enter a new era of mitigation attempts... more

New MANRS Initiative Aims to Improve Security of Internet Routing

How can we work together to improve the security and resilience of the global routing system? That is the question posed by the "Routing Resilience Manifesto" site with the suggested answer launched today of the "Mutually Agreed Norms for Routing Security (MANRS) document, to which a number of network operators have already signed on as participants, including: Comcast, Level 3, NTT, RUNNet, ClaraNet, SURFnet, SpaceNet, KPN and CERNET. more

Scaremongering from Spy Agents

In an article for the Financial Times, Mr Hannigan -- the chief of the British spy agency GCHQ said: "I understand why they [US technology companies] have an uneasy relationship with governments. They aspire to be neutral conduits of data and to sit outside or above politics." "But increasingly their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism."... more