Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DNS |
Sponsored by |
|
I consult on communication issues for Neustar, an Internet infrastructure company. As most CircleIDers know, Neustar works behind the scenes to ensure the smooth operation of many critical systems like DNS, .us and .biz, local number portability and digital rights management. One of the cool things about working for them is the chance to attend the events they sponsor. Last week Neustar held a security briefing for senior federal IT personnel focused on Cybersecurity and Domain Name System Security Extensions (DNSSEC)... more
Although this article was first published just a few days ago, on May 8th, there have been several important intervening developments. First, on May 10th ICANN released a News Alert on "NGPC Progress on GAC Advice" that provides a timetable for how the New gTLD program Committee will deal with the GAC Communique. Of particular note is that, as the last action in an initial phase consisting of "actions for soliciting input from Applicants and from the Community', the NGPC will begin to "Review and consider Applicant responses to GAC Advice and Public Comments on how Board should respond to GAC Advice... more
Have some security aspects been overlooked in the rush to conclude the new gTLD program and "give birth to the baby before it starts to get really sick" as ICANN CEO Fadi Chehadé put it at a briefing jointly organised by ICANN and the European Commission a few days ago? Ever since 2008 when the ICANN Board approved the GNSO-evolved policy that became the new gTLD program, it has been reworked so much that it's difficult to imagine any stone has been left unturned. Yet a recent letter threatens to open up a new can of worms. more
A recent ICANNfocus article discussed the magnitude of ICANN's legal fees. Specifically, ICANNfocus questioned whether the extent of ICANN's legal fees, about 20% of their total revenues, was related to the organization functioning as a regulator instead of simply as a technical manager of the internet. more
"Breaking the Internet" is really hard to do. The network of networks is decentralized, resilient and has no Single Point Of Failure. That was the paradigm of the first few decades of Internet history, and most people involved in Internet Governance still carry that model around in their heads. Unfortunately, that is changing and changing rapidly due to misguided government intervention. more
There is considerable coverage this morning (or this evening in Tunis) on the last minute WSIS deal struck yesterday. The gist of the coverage rightly reports that the U.S. emerged with the compromise they were looking for as the delegates agreed to retain ICANN and the ultimate U.S. control that comes with it (note that there is a lot in the WSIS statement that may ultimately prove important but that is outside the Internet governance issue including the attention paid to cybercrime, spam, data protection, and e-commerce). This outcome begs the questions -- what happened? And, given the obvious global split leading up to Tunis, what changed to facilitate this deal? more
While travelling home from Geneva, I was thinking quite a lot on the relationship between a ccTLD (registry) and a Country. This is because many countries are starting to talk louder and louder about the responsibilities Countries have on critical infrastructure, or (possibly more important) the management of the critical infrastructure. Will for example any (none?) of ccTLD operators (servers) sustain a denial of service attack of a scale similar to the attack on the root servers? What can ccTLD operators do to resist the malicious attacks? Should this be discussed? more
A recent statement released by the U.S. Federal Trade Commission emphasized that the Whois databases should be kept "open, transparent, and accessible," allowing agencies like the FTC to protect consumers and consumers to protect themselves: "In short, if ICANN restricts the use of Whois data to technical purposes only, it will greatly impair the FTC's ability to identify Internet malefactors quickly -- and ultimately stop perpetrators of fraud, spam, and spyware from infecting consumers' computers," the statement states." more
In my last article, I described efforts underway to standardize new cryptographic algorithms that are designed to be less vulnerable to potential future advances in quantum computing. I also reviewed operational challenges to be considered when adding new algorithms to the DNS Security Extensions (DNSSEC). In this post, I'll look at hash-based signatures, a family of post-quantum algorithms that could be a good match for DNSSEC from the perspective of infrastructure stability. more
We have posted our support of the WHOIS Policy Review Team Report with two important comments. First, on page 79 of the report it is confirmed that the RAA is unenforceable on WHOIS inaccuracy (we wrote about this while at the last ICANN meeting) because the language of RAA 3.7.8 has no enforcement provision. It is now time for ICANN to confirm this problem officially. more
What's the difference between .local and .here? Or between .onion and .apple? All four of these labels are capable of being represented in the Internet's Domain Name System as a generic Top Level Domains (gTLDs), but only two of these are in fact delegated names. The other two, .local and .onion not only don't exist in the delegated name space, but by virtue of a registration in the IANA's Special Use Domain Name registry, these names cannot exist in the conventional delegated domain name space. more
The Internet Commerce Association (ICA) has posted a position paper and analysis of S. 2661, introduced on 2/25/08 in the US Senate. While we are firmly opposed to phishing and other criminal activities that may utilize domain names we are very concerned about the provisions of the proposal that appear to provide trademark owners with a means to avoid both UDRP and ACPA actions and alternatively bring private claims against domain names with a lower burden of proof and the potential for far higher monetary damages, without even requiring an allegation that the DN was in any way being utilized in a phishing scheme... more
The desired goal of most of the other countries other than US is to end up with their own local language suffixes, own local language domain names, basically their own Internet, with its own domain registration policies -- in a nutshell, a very big and a very complex global mess, indeed. This fight over ICANN, the Internet Corporation for Assigned Names and Numbers, is all about a golden key, as without it, the Internet is completely useless. ...It's also ICANN, the organization that from the start has made some very stringent and often very weird policies about such issues as the golden keys. Now its global authority is being challenged, and such fights could divide the power of this controlling body, and any adverse outcome will simply split the Internet. more
The past several years have seen significant efforts to keep local Internet communications local in places far from the well-connected core of the Internet. Although considerable work remains to be done, Internet traffic now stays local in many places where it once would have traveled to other continents, lowering costs while improving performance and reliability. Data sent directly between users in those areas no longer leaves the region. Applications and services have become more localized as well, not only lowering costs but keeping those services available at times when the region's connectivity to the outside world has been disrupted... The recently published paper, "Geographic Implications of DNS Infrastructure Distribution" focuses on the distribution of DNS infrastructure. more
Isn't security as important to discuss as .XSS? The DNS has become an abuse infrastructure, it is no longer just a functional infrastructure. It is not being used by malware, phishing and other Bad Things [TM], it facilitates them. Operational needs require the policy and governance folks to start taking notice. It's high time security got where it needs to be on the agenda, not just because it is important to consider security, but rather because lack of security controls made it a necessity. more
A World-Renowned Source for Internet Developments. Serving Since 2002.