DNS |
Sponsored by |
|
ICANN must act now to harmonize its domain name registration data (commonly known as WHOIS) policies with Article 28 of the European Union's Network and Information Security (NIS2) directive, first to adhere to applicable laws as it fulfills its oversight responsibilities and, second, to keep its word to the community to preserve WHOIS to the fullest extent possible under law. more
On June 9 CircleID published an insightful article by Thomas Rickert entitled "Demystifying Art 28 NIS2." In that piece Thomas set forth two alternative interpretations of Article 28(6) of NIS2, and argued that TLD registries should not be required to maintain a separate database of the registrant data under NIS2. In my view, Thomas' approach is inconsistent with the remainder of Article 28, and would not achieve the goals of NIS2 to improve cybersecurity across the EU member states. more
On December 14, 2022, the European Parliament adopted the Directive on measures for a high common level of cybersecurity across the Union (Directive (EU) 2022/2555) hereinafter referred to as "NIS2"), which was published in the official journal on December 27, 2022. Being a directive, NIS2 requires transposition into national law. According to Art. 41 of NIS2, the transposition into national law must take place by October 17, 2024 and the measures must be applied as of October 18, 2024. more
There have been a number of occasions when the Internet Engineering Task Force (IETF) has made a principled decision upholding users' expectations of privacy in their use of IETF-standardised technologies. (Either that, or they were applying their own somewhat liberal collective bias to the technologies they were working on!) The first major such incident that I can recall is the IETF's response to the US CALEA measures. more
ICANN's response to the European Union's Network and Information Security Directive (NIS2) is a litmus test on whether its policy processes can address the needs of all stakeholders, instead of only satisfying the needs of the domain industry. Early indications from the ICANN Hamburg meeting point to another disappointment for law enforcement, cybersecurity professionals, and the many businesses seeking to reinstate WHOIS as required by NIS2. more
The European Union's Network and Information Security Directive (NIS1), introduced in 2016, aimed to strengthen cybersecurity among Member States. However, market fragmentation and growing digital threats led to the enactment of the NIS2 Directive. more
On 21 August 2023, ICANN org. made its position in relation to the current state of the UN's Global Digital Compact (GDC) clear in a blog post by Sally Costerton (ICANN CEO), John Curran (ARIN), and Paul Wilson (APNIC), entitled "The Global Digital Compact: A Top-down Attempt to Minimize the Role of The Technical Community." The publication strongly criticizes the GDC's attempt at folding the technical community into the civil society umbrella under a "tripartite" approach also involving the private sector and governments, as proposed by the Secretary-General's Envoy on Technology, Amandeep Gill. more
A Forever URL is one that never expires. You own it and needn't worry about forgetting to renew it. The term itself is inspired by the US Forever Stamps, which you can use even if the postal rate goes up. This article looks at the underlying mechanisms for linking such information and is aimed at a technical audience. The DNS isn't just about websites; it is fundamental to how we connect endpoints, be they websites, devices, documents etc. more
When it comes to Artificial Intelligence (AI), there is a widespread fear that AI machines will "take over" and dominate humanity. Today, we should be concerned when governments and digital corporations use AI to replace trust as the fundamental value and principle in the digital domain. more
While threat actors can use any domain across thousands of top-level domains (TLDs), they often have favorites. For instance, you may be familiar with Spamhaus's 10 most-abused TLDs for spamming. WhoisXML API researchers recently built on this list by analyzing 40,000 newly registered domains (NRDs) that sported some of the listed unreputable TLDs. We called this study "DNS Abuse Trends: Dissecting the Domains Under the Most-Abused TLDs." more
It's unclear what this means in the long run. Do bad actions and actors go undetected? Do we lose our visibility into network management? What is a "secure" network, and how do we secure it using traditional techniques of network perimeter traffic inspection when all the network traffic is opaque? If we can't see inside the DNS anymore, then how can we tell if (or when) the DNS has been captured by one or two digital behemoths? more
DNS Abuse and how to address it has been the topic of intense, often conflictual, and rarely conclusive discussions for many years, starting with the very definition of the term and the degree of responsibility bestowed upon DNS operators. In 2018, after several months of intersessional work, the Internet & Jurisdiction Global Conference brought together in Ottawa more than 200 key stakeholders to define a roadmap to address certain jurisdictional challenges on the Internet, including DNS abuse. more
Transparency and accountability are embedded in ICANN's core values. Indeed, ICANN's Bylaws mandate that "ICANN and its constituent bodies shall operate to the maximum extent feasible in an open and transparent manner ...". Public Interest Registry believes that a dedication to transparency is fundamental to the strength and continued effectiveness of ICANN's multistakeholder model. more
Recently ten Democratic Members of Congress wrote a letter to Alan Davidson, head of the NTIA, requesting that the "NTIA immediately cease the public disclosure of personal information about users of .US" country code top-level domain (ccTLD). This communication highlights a significant concern regarding domain registration data: the need to protect the privacy rights of Registrants. However, an equally significant concern regarding registration data was raised... more
As we passed five years since the Internet Assigned Numbers Authority transition took place, my co-authors and I paused to look back on this pivotal moment; to take stock of what we've learned and to re-examine some of the key events leading up to the transition and how careful planning ensured a successful transfer of IANA responsibilities from the United States Government to the Internet Corporation for Assigned Names and Numbers. more