DNS |
Sponsored by |
|
ICANN video highlighting last week's historical DNSSEC key signing ceremony held in a high security data centre located in Culpeper, VA, outside of Washington, DC. "During the ceremony, participants were present within a secure facility and witnessed the preparations required to ensure that the so-called key-signing-key (KSK) was not only generated correctly, but that almost every aspect of the equipment, software and procedures associated with its generation were also verified to be correct and trustworthy." more
While the majority of ICANN's Security and Stability Advisory Committee (SSAC) have given the organization the green signal to roll, or change, the "top" pair of cryptographic keys used in the DNSSEC protocol, commonly known as the Root Zone KSK (Key Signing Key), five members of the committee advised against the October 11 rollover timeline. more
Within the last year or two, I've heard people express an opinion to the effect that if the domain name industry put as much focus on preventing distributed denial of service attacks as we have on implementing DNSSEC, the Internet would be a safer place. While there may be a grain of truth there, I suggest that this kind of thinking presents us with something of a false dichotomy. more
ICANN staff recently posted on its website an updated timeline on the new gTLD process. Attempting to be "fair and balanced," I see some good, some bad, and some potential ugly in this timeline. I know there are a lot of good people at ICANN working very hard to conclude the Herculean task of implementing the new gTLD process. However, ICANN just can't help shooting itself in the foot with poorly worded and ambiguous statements... more
A call to action went out: a small, California-based organization called People for Internet Responsibility (PFIR) posted an announcement for an urgent conference - "Preventing the Internet Meltdown." The meltdown that PFIR envisioned was not an impending technical malfunction or enemy attack. Instead, conference organizers foresaw "risks of imminent disruption" to the Internet that would come from an unlikely sector: government officials and bureaucrats working on the unglamorous-sounding problems of Internet Governance. more
The advance teams are already gathered in Tunisia ahead of next week's second phase of the World Summit on the Information Society, and those of us on the press list are being deluged with announcements, releases, notices and invitations to meetings. The meeting, which runs from 15-18 November, is an opportunity to look at the progress that has been made since December 2003, when representatives and heads of state gathered in Geneva. more
It took a trip to California - the land of the gold rush - to discover that most elusive of ICANN aspirations: consensus. ICANN kicked off this week's meeting in San Francisco with a parade of Internet pioneers discussing the past, present and future of ICANN. ... ICANN insiders might focus on points of contention that came out of this morning's comments -- whether on new gTLDs or the future of the IANA functions -- but I was more interested by those areas where ICANN pioneers clearly agreed. more
History is a great teacher, we are told. So, on the cusp of an explosion in new top-level domains, what can we learn from the two previous expansions of the Internet's naming space? And what are the pitfalls to avoid? Let's just assume the fundamental and obvious lessons of realistic expectations, a solid business plan and prudent resource management, and instead focus on the little talked about but still critical lessons that will separate the winners and the losers in this race. But first - a caveat! more
Earlier this year, the Internet Engineering Task Force’s (IETF’s) Internet Engineering Steering Group (IESG) announced that several Proposed Standards related to the Registration Data Access Protocol (RDAP), including three that I co-authored, were being promoted to the prestigious designation of Internet Standard. Initially accepted as proposed standards six years ago, RFC 7480, RFC 7481, RFC 9082 and RFC 9083 now comprise the new Standard 95. RDAP allows users to access domain registration data and could one day replace its predecessor the WHOIS protocol. more
DNS is not something that most people think about when using the Internet. Neither should they have to: the DNS is just part of the infrastructure in the same way that IP addresses are. The only time a user ought to notice the DNS is when it breaks (and it should never break). If that's true, then we ought to expect any Internet client - including web browsers - to use the very same infrastructure as everything else and for the DNS resolution mechanisms to be the ones offered by the operating system. What makes browsers different? more
As widely discussed recently, observed within the ICANN community several years ago, and anticipated in the broader technical community even earlier, the introduction of a new generic top-level domain (gTLD) at the global DNS root could result in name collisions with previously installed systems. Such systems sometimes send queries to the global DNS with domain name suffixes that, under reasonable assumptions at the time the systems were designed, may not have been expected to be delegated as gTLDs. more
Yesterday's DDoS attack against DNSimple brought to light a longstanding need for DNS nameserver operators to have an ability to unilaterally repudiate domains from their nameservers. The domains under attack started off on DNSMadeEasy, migrated off to DNSimple and took up residence there for about 12 hours, causing a lot of grief to DNSimple and their downstream customers. more
On Sept. 27, Internet Corporation for Assigned Names and Numbers (ICANN) announced that the first root zone Key Signing Key (KSK) rollover - originally scheduled to take place on Oct. 11 - will be postponed. Although this was certainly a difficult decision, we fully agree that erring on the side of caution is the best approach to take. In this blog post, I want to explain some of the involvement Verisign has had in KSK rollover preparations, as well as some of the recently available research opportunities which generated data that we shared with ICANN related to this decision. more
Some of ICANN's current proceedings on the introduction of new generic top level domains (gTLDs) provide a case study on how not to develop public policy. In particular, the Rights Protection Mechanism proceedings, with serious implications for trademark owners, have followed a course that does not correspond to the ideal of ICANN's bottom-up, consensus-based processes for policy development. More importantly, these proceedings are effectively unilateral developments in international law without the benefit of treaties or international conventions. more
During the 27th Usenix Security Symposium held in Baltimore, MD last week, a group of researchers from China revealed results obtained from a large-scale analysis DNS interceptions. more
A World-Renowned Source for Internet Developments. Serving Since 2002.