DNS |
Sponsored by |
|
In the first part of our interview with Michael Froomkin, a Professor of Law at the University of Miami School of Law and one of the founding members of ICANNWatch, several issues were discussed regarding his recent article in the Harvard Law Review called, "[email protected]: Toward a Critical Theory of Cyberspace".
Michael Froomkin, who has underlined several striking lessons to be learned from IETF/ICANN contrast, continues with us in the second part of this interview, addressing even deeper matters such as ICANN's institutional design. more
For more than 15 years, the IETF has been working on DNSSEC, a set of extensions to apply digital signatures to DNS. Millions of dollars in government grants and several reboots from scratch later, DNSSEC is just starting to see real world testing. And that testing is minimal -- only about 400 of the more than 85,000,000 .com domains support DNSSEC, fewer than 20% of US government agencies met their mandated December 31, 2009 deadline for DNSSEC deployment, and only two of the thirteen root zone name servers is testing with even dummy DNSSEC data. more
Perceptions can be difficult to change. People see the world through the lens of their own experiences and desires, and new ideas can be difficult to assimilate. Such is the case with the registration ecosystem. Today's operational models exist because of decisions made over time, but the assumptions that were used to support those decisions can (and should) be continuously challenged to ensure that they are addressing today's realities. Are we ready to challenge assumptions? Can the operators of registration services do things differently? more
So this Internet thing, as we discussed in our last article, is broken. I promised to detail some of the specific things that are broken. Implicit trust is the Achilles heel of the Internet... All of the communication between the resolver and the DNS server is in plain text that can be easily seen and changed while in transit, further, the resolver completely trusts the answer that was returned... more
A coalition of over 50 domain Registrars from around the world have recommended an alternative to ICANN's proposed 2004-2005 budget. The alternative proposal from the ICANNBudget.org Registrars would cap Registrar contributions at $11 million per year for the next three years. Although this proposal represents a significant expansion beyond ICANN's 2003-2004 budget of $8.6 million budget, it is still slim compared with ICANN's own $15.8 million budget proposal. Of potentially greater importance, the alternative budget differs significantly from ICANN's proposal in the structure of the Registrar fees. more
The Internet Corporation for Assigned Names and Numbers (ICANN) went before a Congressional panel this week to defend its plan to create an unlimited number of new Internet domains (like .web, .food, etc.) I was a witness at the hearing, which made one thing clear: the "consensus" on new Internet domains is not as strong as ICANN would have us think. more
A cranky letter from the NTIA to ICANN, submitted in late December during ICANN's comment period for new top-level domains, has encouraged the awkward coalition of those opposed to new TLDs. The NTIA (National Telecommunications and Information Administration), a division of the Department of Commerce, is the agency tasked with being ICANN's watchdog. So a letter from them carries some weight, though not as much as some people think... more
Implementing security requires attention to detail. Integrating security services with applications where neither the security service nor the application consider their counterpart in their design sometimes make plain that a fundamental change in existing practices is needed. Existing "standard" registrar business practices require revision before the benefits of the secure infrastructure foundation DNSSEC offers can be realized. more
Excavation is fun. You get to rumble around on heavy equipment bashing up this and tearing up that. Each scoop uncovers original earth. As your big machine chews up the hill, an occasional sparkle suggests a raw gem or two. ...ICANN business is still predominately conducted on Email lists/forums. Email lists and forums are good at excavating... more
"The domain name industry is kicking off one of its most fundamental shifts in its plumbing this week," Kevin Murphy reporting in Domain Incite. more
At its 32d International Junket Meeting last week, ICANN's Board approved the GNSO Council's recommendations for the eventual addition to the root of new generic top-level domains (gTLDs). This means that eventually, when the staff drafts, community comments upon, and Board approves implementation processes, those with deep pockets will have the opportunity to bid for new TLD strings... more
Anyone that has attended a meeting of the Internet Engineering Task Force (IETF) will know that the somewhat dry topic of internet protocols is often the source of passionate disagreement. But rarely does that debate extend beyond the confines of internet engineers. That has not been the case with a new protocol which aims to make the Internet's underlying domain name system more secure by default. more
In what can best be described as a historic decision, today the ICANN Board overwhelmingly approved the new gTLD Program with a vote of 13 to 1 with 2 abstentions. Applications for new gTLDs will be accepted from January 12, 2012 to April 12, 2012. Experts believe that there will likely be hundreds of new applications submitted during this first round. more
The following is a selected summary of the recent NANOG 63 meeting, held in early February, with some personal views and opinions thrown in! ...One view of the IETF's positioning is that as a technology standardisation venue, the immediate circle of engagement in IETF activities is the producers of equipment and applications, and the common objective is interoperability. more
As a reader of this article, you are probably familiar with the DNS cache poisoning techniques discovered a few years ago. And you have most likely heard that DNSSEC is the long term cure. But you might not know exactly what challenges are involved with DNSSEC and what experience the early adopters have gathered and documented. Perhaps you waited with our own rollout until you could gather more documentation over the operational experience when rolling out DNSSEC. This article summarizes authors' experiences and learnings from implementing the technology in production environments as well as discusses associated operational issues. more
A World-Renowned Source for Internet Developments. Serving Since 2002.