Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
There seems to be a heated debate on this site about NAT (network-address translation). What came as a surprise to me is that a lot of the arguments seem to reside in ideological point of views which obscure the real issues at hand -- IP addressing, IP security -- and have little to do with NAT's actual merits or drawbacks. more
We, as the Internet engineering community, have made a great mistake. Actually, it wasn't even one large mistake, but a series of small ones. Engineers are busy people, and most of us work under the constraints of the organizational entities we serve (be it ISPs, non-internet corporates, or even non-profits). Few of us have time for politics; even fewer have the desire and motivation for politics, and those of us who do try usually end up facing a brick wall of stubbornness, lack of understanding of the underlying technical issues, or just a deaf ear. more
In his article titled, "End of Life Announcement", John Walker (author of the Speak Freely application) makes a few arguments about Network Address Translation (NAT) that are simply not true: "There are powerful forces, including government, large media organisations, and music publishers who think this situation is just fine. In essence, every time a user--they love the word "consumer"--goes behind a NAT box, a site which was formerly a peer to their own sites goes dark, no longer accessible to others on the Internet, while their privileged sites remain. The lights are going out all over the Internet. ...It is irresponsible to encourage people to buy into a technology which will soon cease to work." more
This is the second part of a multi-part series reported by ICANNfocus. This part discusses the congressional concerns regarding ICANN's governance of the Internet. "Since 1999 Congress has repeatedly expressed serious concerns regarding ICANN's governance of the internet. Congress has substantial responsibility for overseeing the key aspects of internet governance. Among its specific responsibilities, Congress has the duty to oversee implementation of the Department of Commerce's Memorandum of Understanding (MOU) and contract with ICANN." more
I wish to correct several misstatements made by Brock Meeks in his article, "Fort N.O.C.'s", published January 20. I am speaking as an operator of the "F" root name server which was mentioned several times in this story. ..."A" root is not special in any way. Our "F" root server receives updates from an unrelated server called SRS which is operated under contract from the US Department of Commerce and the Internet Corporation for Assigned Names and Numbers (ICANN). These updates are received by all 13 root name servers, with "A" root a peer of the other 12, having no special capability or importance. If any one of these 13 servers (including "A" root) were temporarily unavailable due to a failure or disaster, there would be no noticeable impact on the Internet as a whole. more
Internet Systems Consortium (ISC), formerly Internet Software Consortium, has changed its name to better reflect the new direction of the organization. The renamed company has expanded the mission of the original ISC to include more focus on Global DNS operations. In addition to developing and maintaining production quality Open Source software, such as BIND and DHCP, ISC will now enhance the stability of the global DNS through reliable F-root nameserver operations and ongoing operation of a DNS crisis coordination center, ISC's OARC for DNS; and further protocol development efforts, particularly in the areas of DNS evolution and facilitating the transition to IPv6. more
For the first time in Internet history the number of instances of DNS root servers outside the United States has overtaken the number within. The balance was tipped by the recent launch in Frankfurt of an anycast instance of the RIPE NCC operated K-root server. The K-root server is one of the 13 DNS root servers that resolve lookups for domain names all over the world and form a critical part of the global Internet infrastructure. The K-root server has been operated by the RIPE NCC since 1997 when the first server was installed at the London Internet Exchange (LINX) in London, UK. more
I just wanted to call people's attention to this International Chamber of Commerce (ICC) paper on Internet governance. I don't endorse it; haven't actually read it yet, but their say will play a big role and should be widely known: "Coming barely a month after the World Summit on the Information Society (WSIS) in Geneva, and prepared by ICC's Commmission on E-Business, IT and Telecoms, the paper divides the issue of Internet governance into three main components - technical engineering, coordination of the names and numbers system and public policy matters." more
ICANN's Security and Stability Advisory Committee (SECSAC) recently released some recommendations regarding the DNS infrastructure, specifying among other things, that sub-zone delegation be kept up-to-date. ...The SECSAC report doesn't mention, but I believe is trying to address, is the alarming fact that nearly 10% of the name servers listed in the root zone are lame, either they aren't authoritative for the zones they are supposed to be, or they are unreachable much of the time.
more
Please do sit down. Should the shock cause you to suddenly lose consciousness, I hereby disclaim all responsibility for any subsequent loss or injury. I'm about to defend the anthrax of the Internet: NAT. Network Address Translation is a hack to enable private IP addresses on one side of a router (inside your network) to talk to public IP addresses on the other side (on the Internet, outside your network). It really doesn't matter how it works. The consequence is that unless the router is specifically configured, outsiders can't get in uninvited. So those on the inside can't, by default, act as servers of any service to the outside world. more
In the second part of this two-part series article (part one here), Andrew McLaughlin concludes his critical look at the recently reported study, Public Participation in ICANN, by John Palfrey, Clifford Chen, Sam Hwang, and Noah Eisenkraft at the Berkman Center for Internet & Society at Harvard Law School... "ICANN has never attempted to be -- and was never designed to be -- 'representative' of the worldwide Internet community in any mathematically precise way. In view of the vast size of the global population of Internet users, and the specialized technical focus of ICANN's policy-making responsibilities, it would be a hopeless task to try to achieve truly representative statistical proportionality among ICANN's participants, committees, task forces, or Board members. Rather, here's how the U.S. government's foundational 1998 DNS policy statement described the core principle of 'representation'." more
In a Red Herring Conference held last week in California, Mitch Ratcliffe's offers an analytical overview of an interview held with Stratton Scalovs, VerisSign's CEO..."He then goes on to say that we need to move the complexity back into the center of the Net! He says the edge can't be so complex. Get David Isenberg in here! Ross Mayfield, sitting in front of me, laughs out loud. I am dumbfounded. According to VeriSign, the Net should not be open to any type of application, only applications that rely on single providers of services, like VeriSign. This is troglodyte talk." more
This is the second part of a two-part series interview by Geert Lovink with Milton Mueller discussing ICANN, World Summit on the Information Society, and the escalating debates over Internet Governance. Read the first part of this Interview here. Geert Lovink: "Confronted with Internet governance many cyber activists find themselves in a catch 22 situation. On the one hand they do not trust government bureaucrats to run the Internet, out of a justified fear that regulation through multilateral negotiations might lead to censorship and stifle innovation. On the other hand they criticize the corporate agendas of the engineering class that is anything but representative. What models should activists propose in the light of the World Summit on the Information Society (WSIS)? There seems to be no way back to a nation state 'federalist' solution. Should they buy into the 'global civil society' solution?" more
Fueled by the lack of public IP addresses, 70% of Fortune 1000 companies have been forced to deploy NATs (Source: Center for Next Generation Internet). NATs are also found in hundreds of thousands of small business and home networks where several hosts must share a single IP address. It has been so successful in slowing the depletion of IPv4 addresses that many have questioned the need for IPv6 in the near future. However, such conclusions ignore the fact that a strategy based on avoiding a crisis can never provide the long-term benefits that solving the underlying problems that precipitated the crisis offers. more
On November 4, 2003, VeriSign announced a new "trust enhancing" seal which they built using Macromedia's Flash technology...While there are problems inherent to VeriSign's approach that call into question their understanding of "The Value of Trust," there are ways they could have made this particular implementation less trivially spoofable. The flaws I demonstrate on this page are flaws in the concept and the execution rather than anything inherently flawed in Flash. Overall this kind of graphical "trustmark" is extremely easy to forge just by recreating the artwork. But in this case, you don't even have to do that. The seal can still be called directly off the VeriSign servers, yet it is easily modified, without recreating artwork, and without doing anything untoward with VeriSign's servers! more
A World-Renowned Source for Internet Developments. Serving Since 2002.