Cybersecurity |
Sponsored by |
|
Why shouldn't there be a .gadi TLD? Why not one for Microsoft? This post is not about alternate roots or why they are bad, this post is about something else. We do need to go over some background (from my perspective) very quickly though. ICANN has a steel-fist control over what happens in the DNS realm. They decide what is allowed, and who gets money from it. Whether it's VeriSign for .com or any registrar for the domains they sell. They decide if .gadi should exist or not. ...What I am here to discuss is why Microsoft, as a non-arbitrary choice this time, indeed, of all the world, should kick it aside, creating an alternate root while at the same time not disturbing the world's DNS. more
The new and proposed ICANN registry contracts contain no definite price terms, and thus permit potential tiered pricing on a per domain name basis. This has raised concern within the community that a registry operator might abuse its sole source position to engage in pricing practices detrimental to registrants. ...Notwithstanding the possibility of tiered pricing on a per domain name basis in connection with the recently executed sponsored registry contracts (.MOBI, .JOBS, .TRAVEL, .CAT, and .TEL), there have been numerous comments submitted in connection with this possibility in connection with the proposed contracts for the .BIZ, .INFO and .ORG registry contracts. There were four messages that motivate me to write this article... more
For some years now the general uptake of IPv6 has appeared to be "just around the corner". Yet the Internet industry has so far failed to pick up and run with this message, and it continues to be strongly reluctant to make any substantial widespread commitment to deploy IPv6. Some carriers are now making some initial moves in terms of migrating their internet infrastructure over to a dual protocol network, but for many others it's a case of still watching and waiting for what they think is the optimum time to make a move. So when should we be deploying IPv6 services? At what point will the business case for IPv6 have a positive bottom line? It's a tough question to answer, and while advice of "sometime, probably sooner than later" is certainly not wrong, it's also entirely unhelpful as well! more
A couple of days ago the BBC reported that a document called the Information Operations Roadmap (PDF) had been declassified and that it contained some pretty interesting stuff. The American dominance over the Internet, recently manifested by its unwillingness to hand over some of the critical control to UN-organizations, may have another side to it. more
If you're brave, today you can finally download the Internet Explorer 7 public beta. Why should you be interested? Not because the browser's wonderful. It isn't -- initial reports are that it's not ready for prime-time. But you might be interested to know that as of today, users of IE will be able to use internationalized domain names (IDNs). ...Many other browsers are already IDN-capable, including Firefox, but most people in the world use Explorer. Think China, Japan, India. Think most of the world's population... Think of millions of new Internet users working in their own language, customers for commercial goods and services. But think also about intellectual property nightmares, think about phishing, think about whether there's one interoperable Internet, or several Internets acting very weird. These issues and others will become big news when people start using IDNs massively -- and with support from Internet Explorer, that's about to happen. more
Without commenting on the particulars as they relate to Goodmail -- especially since I am on the advisory board for Habeas, a competitor -- let me note that public discussion is largely missing the nature of the current Internet mail realities and the nature of the ways we can deal with them. There are two articles in the current issue of the Internet Protocol Journal, of which I wrote one, that provide some useful background about this reality. Simply put, Internet mail needs to sustain spontaneous communications... more
Cindy's piece on the EFF website seems to be a bit of a pastiche, with elements taken out of various articles (some outright wrong, some merely misinformed) that have been doing the rounds of the media for quite a while now about Goodmail. She started off comparing AOL and Goodmail with the old email hoax about congress taxing email. That same line was used in a CircleID post by Matt Blumberg, CEO & Chairman of Returnpath... Various other quotes from different places - Richard Cox from Spamhaus on CNN for example. However a lot of the quotes in those articles are being based on wrong or out of context assumptions, starting with one that goes "AOL is going to remove all its existing whitelists and force people to use Goodmail". more
All those Internet Governance pundits who track ICANN the way paparazzi track Paris Hilton are barking up the wrong tree. They've mistaken the Department of Street Signs for the whole of the state. The real action involves words like rbldnsd, content filtering, and webs of trust. Welcome to the Internet! What's on the menu today? Spam, with some phish on the side! We've got email spam, Usenet spam, IRC spam, IM spam, Jabber spam, Web spam, blogs spam, and spam splogs. And next week we'll have some brand new VoIP spam for you. Now that we're a few years into the Cambrian explosion of messaging protocols, I'd like to present a few observations around a theme and offer some suggestions. more
In my recent write-up I start by discussing some recent threats network operators should be aware of, such as recursive DNS attacks. Then, a bit on the state of the Internet, cooperation across different fields and how these latest threats with DDoS also relate to worms and bots, as well as spam, phishing and the immense ROI organized crime sees. I try and bring some suggestions on what can be done better, and where we as a community, as well as specifically where us, the "secret hand-shake clubs" of Internet security fail and succeed. Over-secrecy, lack of cooperation, lack of public information, and not being secret enough about what really matters. more
I suppose not many have been listening to Paul Vixie or surfing from China, I have done both. The Chinese "alternate root" has been going on for a while. China is creating an alternate root, which it can control while using the Chinese language. I doubt I need to tell any of you about ICANN, VeriSign, Internet Governance, alternate roots or the history of these issues. Everyone else will. Unlike most of my colleagues, I hold a different opinion on the subject and have for some time. China launches an alternate root? It's about time they do, too! more
Internationalized (non-ascii) domain names (IDN) are a key issue for ICANN. Yesterday, the Board completed two days of workshop presentations about various matters (IANA, security, GAC relationships), and we were briefed on the IDN testing that is planned. I thought it might be useful to make clear the distinction between the tests (which are testing mechanisms for IDNs) and the very difficult policy questions that confront ICANN. As several people explained to me yesterday, they're different. more
"GOD, at least in the West, is often represented as a man with a flowing beard and sandals. Users of the Internet might be forgiven for feeling that nature is imitating art — for if the Net does have a god he is probably Jon Postel" (The Economist, Feb. 1997) David W. Maher, Senior Vice President, Law and Policy of Public Interest Registry (PIR) offers his reminiscence of the early days of the Internet and attempts made to restructure the Domain Name System — an article he has entitled 'Reporting to God'. more
In looking at the general topic of trust and the Internet, one of the more critical parts of the Internet's infrastructure that appears to be a central anchor point of trust is that of the Domain Name Service, or DNS. The mapping of "named" service points to the protocol-level address is a function that every Internet user relies upon, one way or another. The ability to corrupt the operation of the DNS is one of the more effective ways of corrupting the integrity of Internet-based applications and services. If an attacker can in some fashion alter the DNS response then a large set of attack vectors are exposed. ...The more useful question is whether it is possible to strengthen the DNS. The DNS is a query -- response application, and the critical question in terms of strengthening its function is whether it is possible to authenticate the answers provided by the DNS. DNSSEC provides an answer to this question. more
From the perspective of Internet security operations, here is what Net Neutrality means to me. I am not saying these issues aren't important, I am saying they are basically arguing over the colour of bits and self-marginalizing themselves. For a while now I tried not to comment on the Net Neutrality non-issue, much like I didn't comment much on the whole "owning the Internet by owning the Domain Name System" thingie. Here it goes anyway. Two years ago I strongly advocated that consumer ISP's should block some ports, either as incident response measures or as permanent security measures... more
Another paper from the Fifth Workshop on the Economics of Information Security, (WEIS 2006) is Proof of Work can Work by Debin Liu and L, Jean Camp of Indiana University. Proof of work (p-o-w) systems are a variation on e-postage that uses computation rather than money. A mail sender solves a lengthy computational problem and presents the result with the message. The problem takes long enough that the sender can only do a modest number per time period, and so cannot send a lot of messages, thereby preventing spamming. But on a net full of zombies, proof of work doesn't work. more
A World-Renowned Source for Internet Developments. Serving Since 2002.