Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS Security |
Sponsored by |
|
Perceptions can be difficult to change. People see the world through the lens of their own experiences and desires, and new ideas can be difficult to assimilate. Such is the case with the registration ecosystem. Today's operational models exist because of decisions made over time, but the assumptions that were used to support those decisions can (and should) be continuously challenged to ensure that they are addressing today's realities. Are we ready to challenge assumptions? Can the operators of registration services do things differently? more
Implementing security requires attention to detail. Integrating security services with applications where neither the security service nor the application consider their counterpart in their design sometimes make plain that a fundamental change in existing practices is needed. Existing "standard" registrar business practices require revision before the benefits of the secure infrastructure foundation DNSSEC offers can be realized. more
As we start the new year, it is worth noting some of the major events and news in 2008 that shaped the industry and fueled considerable discussions. Last year's occurrences made for a very historic year, bearing the seeds of future changes for the DNS and domain name industry. more
It's unclear what this means in the long run. Do bad actions and actors go undetected? Do we lose our visibility into network management? What is a "secure" network, and how do we secure it using traditional techniques of network perimeter traffic inspection when all the network traffic is opaque? If we can't see inside the DNS anymore, then how can we tell if (or when) the DNS has been captured by one or two digital behemoths? more
Microsoft announced today its plans to adopt DNS over HTTPS (DoH) protocol in Windows and will also keep other options such as DNS over TLS (DoT) on the table for consideration. more
While the majority of ICANN's Security and Stability Advisory Committee (SSAC) have given the organization the green signal to roll, or change, the "top" pair of cryptographic keys used in the DNSSEC protocol, commonly known as the Root Zone KSK (Key Signing Key), five members of the committee advised against the October 11 rollover timeline. more
Back from the holidays I must admit I was thinking quite a bit on what is good policy for a registry? Of course I have my own personal favorites that I can not walk away from easily, but instead of thinking for too long, I decided to write down now immediately what is in my head. The main reasons for this are two: the decision by ICANN to change the rules for change in policy regarding the Add Grace Periods. more
On Sept. 27, Internet Corporation for Assigned Names and Numbers (ICANN) announced that the first root zone Key Signing Key (KSK) rollover - originally scheduled to take place on Oct. 11 - will be postponed. Although this was certainly a difficult decision, we fully agree that erring on the side of caution is the best approach to take. In this blog post, I want to explain some of the involvement Verisign has had in KSK rollover preparations, as well as some of the recently available research opportunities which generated data that we shared with ICANN related to this decision. more
ICANN video highlighting last week's historical DNSSEC key signing ceremony held in a high security data centre located in Culpeper, VA, outside of Washington, DC. "During the ceremony, participants were present within a secure facility and witnessed the preparations required to ensure that the so-called key-signing-key (KSK) was not only generated correctly, but that almost every aspect of the equipment, software and procedures associated with its generation were also verified to be correct and trustworthy." more
Within the last year or two, I've heard people express an opinion to the effect that if the domain name industry put as much focus on preventing distributed denial of service attacks as we have on implementing DNSSEC, the Internet would be a safer place. While there may be a grain of truth there, I suggest that this kind of thinking presents us with something of a false dichotomy. more
On Tuesday, September 9, 2014, you have a great opportunity to watch live a very packed agenda full of great sessions about IPv6, DNSSEC, routing/BGP security and other components of Internet infrastructure streaming out of the UKNOF / ION Belfast event in Belfast, UK. All of the sessions can be seen live. more
Any form of public communications network necessarily exposes some information about the identity and activity of the user's of its services. The extent to which such exposure of information can be subverted and used in ways that are in stark opposition to the users' individual interests forms part of the motivation on the part of many users to reduce such open exposure to an absolute minimum. The tensions between a desire to protect the user through increasing the level of opacity of network transactions to third party surveillance, and the need to expose some level of basic information to support the functions of a network lies at the heart of many of the security issues in today's Internet. more
Completely eradicating malware, botnets, phishing, pharming, and spam from the Domain Name System is not possible. That may be an odd statement from someone who just took the leadership position at the DNS Abuse Institute, but it's meant to underscore the scope of the work ahead of us. There will always be bad actors exploiting the DNS for their own criminal purposes, but working together, we can mitigate their impact. more
No one can have failed to notice that the last IPv4 address will soon be allocated. We have lived with a shortage of addresses for 15 years, but when the last address is allocated, the shortage will become acute, instead of just a pain, as it is today... In The Hitchhiker's Guide to the Galaxy, Douglas Adams describes the least expensive and most effective method for making something invisible. You simply decide that it is Someone Else's Problem or SEP, if you abbreviate. This is an approach that is frighteningly similar to the Swedish public sector's view of the address shortage on the Internet. "It is not our problem -- if we ignore it, it will probably go away." more
The essence of information privacy is control over disclosure. Whoever is responsible for the information is supposed to be able to decide who sees it. If a society values privacy, it needs to ensure that there are reasonable protections possible against disclosure to those not authorized by the information's owner. In the online world, an essential technical component for this assurance is encryption. If the encryption that is deployed permits disclosure to those who were not authorized by the information's owner, there should be serious concern about the degree of privacy that is meaningfully possible. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
