Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
Ten years ago, I wrote an article that looked back on the developments within the Internet over the period from 1998 to 2008. Well, another ten years have gone by, and it's a good opportunity to take a little time once more to muse over what's new, what's old and what's been forgotten in another decade of the Internet's evolution... The evolutionary path of any technology can often take strange and unanticipated turns and twists.
With the DNSSEC Root Key Rollover coming up on October 11, how prepared are we as an industry? What kind of data can we collect in preparation? What is the cost-benefit (or not) of implementing DANE? What can we learn from an existing rollover of a cryptographic algorithm? All those questions and more will be discussed at the DNSSEC Workshop at the ICANN 62 meeting in Panama City, Panama, on Monday, June 25, 2018.
It's been nearly two months since the high profile BGP hijack attack against MyEtherwallet, where crypto thieves used BGP leaks to hijack MEW's name servers, which were on Amazon's Route53, and inserted their own fake name servers which directed victims to their own fake wallet site, thereby draining some people's wallets. It generated a lot of discussion at the time... What isn't fully appreciated is that attack has, in fact, changed the game somewhat...
On May 25, 2018, the European General Data Protection Regulation (GDPR) came into effect, meaning that European data protection authorities (DPAs) can begin enforcing the regulation against non-compliant parties. In preparation, the ICANN Board passed a Temporary Specification for gTLD Registration Data - essentially a temporary policy amendment to its registrar and registry contracts to facilitate GDPR compliance while also preserving certain aspects of the WHOIS system of domain name registration data.
As I noted over the weekend, ICANN has instigated legal action against EPAG, an ICANN accredited registrar based in Germany that is part of the Tucows group. ICANN claims that the case is to "preserve WHOIS data", but Tucows asserts in their statement that the ICANN approach is flawed. It's not a frivolous statement, but one they've backed with fairly detailed rationale - and this is just their public statement and not a formal legal filing.
When a new TLD goes into General Availability or Land Rush, the first few days are filled with registrations that reflect how the market perceives the TLD. Registrants may register domain names to develop or for speculative purposes. Others register to protect their brand. The first major web usage survey for a new TLD is generally a Signs of Life survey where the early stages of development can be detected. These surveys were based on the May 19th, 2018 .APP zone file.
On Friday I was on a surprisingly interesting session at Rightscon 2018 in Toronto about GDPR and WHOIS. The panel consisted of Eleeza Agoopian from ICANN staff; Avri Doria who was recently appointed to the ICANN board; Elliot Noss who runs large registrar Tucows; Stephanie Perrin who has done a lot of privacy work for the Canadian government and as an ICANN volunteer, and me; Milt Mueller, who is now at Georgia Tech, moderated.
I always geek out a little when I see something ICANN-related breaking out into the real world, like when the bus-stop display has borked, and its LAN is vainly searching for an IP number so it can reboot. Or the ICANN Paris meeting back in 2008 when the board gave the thumbs up to the GNSO policy to launch new gTLDs. One day we were an obscure Californian organisation doing something technical-seeming most people had never heard of, and the next we were working two phones each, giving journalists quotes and information for dozens of front-page news stories around the world.
Would you like to share information about how you are using DNSSEC with the wider technical community? Do you have an idea for how to make DNSSEC or DANE work better? Or work with new applications? If so - and if you will be attending ICANN 62 in Panama City, Panama from 25-28 June 2018 - then please consider sending in a proposal to participate as a speaker in the ICANN 62 DNSSEC Workshop!
Late last week, ICANN published the guidance from the Article 29 Working Party (WP29) that we have been waiting for. Predictably, WP29 took a privacy maximalist approach to the question of how Europe's General Data Protection Regulation (GDPR) applies to WHOIS, a tool widely used by cybersecurity professionals, businesses, intellectual property owners, consumer protection agencies and others to facilitate a safer and more secure internet.
A World-Renowned Source for Internet Developments. Serving Since 2002.