DNS |
Sponsored by |
Imagine my surprise upon reading a BBC article which identified ISC BIND as the top security vulnerability to UNIX systems. At ISC, we have striven for a decade to repair BIND's reputation, and by all accounts we have made great progress. "What could this be about," I wondered, as I scanned the BBC article for more details. It turns out that BBC was merely parroting what it had been told by SANS. OK, let's see what SANS has to say...
I am writing this note in order to express my concern about an impending change in the root of the Domain Name System (DNS) and two of the largest Top Level Domains (TLDs). I am concerned that there is a risk of disruption to the net that has not been adequately evaluated and I am concerned that this change is being deployed without adequate monitoring or safeguards.
TLD registrations in the Internet's root-zone file currently are divided into two broad classifications: generic and country-code top-level domains. With respect to the latter classification, no new "strategy" is required to add further ccTLDs as a relatively well-working process is already in place to integrate the occasional new country-code top-level domain. With one of these two classifications under reasonably sound management, it is therefore perfectly understandable to see that the ICANN organization consequently views its obligation to "Define and implement a predictable strategy for selecting new TLDs" as a mandate "to begin the process of allocating and implementing new gTLDs"... the flaw in this conclusion, however, stems from the presumption that the Internet's taxonomy must necessarily contain only the two above-so-mentioned broad classifications. I am proposing a third TLD classification -- based on languages.
The MOU between the Department of Commerce and ICANN includes a series of specific milestones that the corporation is required to accomplish by certain specified dates. One of the specific requirements placed on ICANN by the agency is to define "a predictable strategy for selecting new TLDs using straightforward, transparent, and objective procedures that preserve the stability of the Internet...." The MOU goes on to state that "(strategy development to be completed by September 30, 2004 and implementation to commence by December 31, 2004)."
As long suspected by some, the IETF is going to be closing up the Mail Transfer Agent Authentication in DNS (MARID) Working Group according to today's post by Ted Hardie, co-AD for Applications. Larry Seltzer of eWeek was right on target about this: "The rest of the SID standards process will now be a waste of time thanks to Microsoft, and the other participants will afterwards pick up the pieces and get the job done with another spec."
The following article is an excerpt from the recently released Internet Analysis Report 2004 - Protocols and Governance. Full details of the argument for protocol reform can be found at 'Internet Mark 2 Project' website, where a copy of the Executive Summary can be downloaded free of charge. ..."In releasing this section for comment, I would like to point out that the report's conclusions are based on a cumulative examination of various protocols and systems. We are at a point of time where other protocols and systems are equally problematic -- the report points to some significant problems with DNS structure and scalability, and also points out that, to all intents and purposes, the basic email protocol, SMTP, is broken and needs immediate replacement."
The Noncommercial Users Constituency (NCUC) is the constituency group representing civil society organizations in the formation of domain name policy. In August 2004 it initiated a process to nominate people to serve on the UN Secretary-General's Working Group on Internet Governance, as representatives of civil society. Our purpose was to assist the Secretary-General to identify qualified and widely-supported individuals capable of serving on the WGIG on behalf of civil society.
Recent attention to the Eighth Circuit decision in Coca-Cola v. Purdy brings to mind the class of sometimes difficult cases involving the use of another's trademark as a domain name for criticism. An ICANN UDRP decision, Full Sail Inc. v. Ryan Spevack, Case No. D2003-0502 (WIPO October 3, 2003), by Mark VB Partridge, presiding panelist, with Frederick M. Abbott and G. Gervaise Davis III, included a review and analysis of the "your trademark sucks.com" cases that remains a useful reference worthy (I hope) of the lengthy quote below.
The Internet Governance Project (IGP) issued a set of reports analyzing the current "state of play" in Internet governance. The reports were commissioned by the United Nations ICT Task Force as an input into the deliberations of the UN Secretary-General's Working Group on Internet Governance (WGIG). The report identifies the international organizations and agreements affecting the Internet, and points out where there are conflicts and gaps.
Those of you familiar with the American comic series "Peanuts" by the late Charles Schultz may be familiar with the recurring theme of Lucy's football. Lucy holds a football on her toe for Charlie Brown to practice a field goal kick. Charlie Brown realizes that the last 25 times Lucy has held the ball for him to kick, she pulled the ball out of the way at the last minute, causing him to trip and fall. Charlie Brown knows full well that Lucy may not keep the ball in place for him to kick, yet his determination gets him running towards that unlikely opportunity each and every time.