Domain Names |
Sponsored by |
|
I am writing this note in order to express my concern about an impending change in the root of the Domain Name System (DNS) and two of the largest Top Level Domains (TLDs). I am concerned that there is a risk of disruption to the net that has not been adequately evaluated and I am concerned that this change is being deployed without adequate monitoring or safeguards. more
The biggest buzz from the Paris ICANN meeting was that the board accepted last fall's proposal for a streamlined process to add new TLDs. A variety of articles in the mainstream press, many featuring inflammatory but poorly informed quotes (from people who probably got a phone call saying "We go to press in five minutes, what do you think about ICANN's plan to add a million new domains?") didn't help. When can we expect the flood of TLDs? Don't hold your breath... more
Last week's tizzy about IDN (Internationalized Domain Name) spoofing was an interesting exercise in watching how people react to the unknown. The nearly-universal response to the problem that had been described in detail many years ago was "turn off IDNs" instead of "assume that the people who created IDNs knew about this, so let's do some research." The following is based on my thoughts this week. For those of you who are not familiar with my earlier work, I'm one of the authors of the IDN standards... more
In 2008 KnujOn published a report indicating that 70 ICANN accredited Registrars had no publicly disclosed business location. The fundamental problem was one of community trust and consumer faith. Registrars extend their legitimacy to their domain customers who then transact and communicate with the public. more
Consider this scenario: you need a domain name for your site so you go to your favorite domain registrar's website and upon a quick search find that your third choice is actually available! You quickly pull your credit card and register the name. Everything is good and you can't wait to have your new domain start pointing to your site and represent your official email address. But not so fast -- some of the recent events are revealing that, these days, when you are registering a domain name there is one more critical thing you need to do: check under the hood! more
The Canadian Internet Registration Authority (CIRA) has announced its proposed policy to provide all dot-ca domain name holders with increased privacy safeguards, bringing it in line with recently-enacted Canadian privacy laws. more
In the 2021 Domain Security Report, we analyzed the trend of domain security adoption with respect to the type of domain registrar used, and found that 57% of Global 2000 organizations use consumer-grade registrars with limited protection against domain and DNS hijacking, distributed denial of service (DDoS), man-in-the-middle attacks (MitM), or DNS cache poisoning. On average, the adoption of domain security controls is two times higher for enterprise-class registrars than for those using consumer-grade registrars. more
The past year has brought a rise in so-called "open and chartered" top-level domains (TLDs). Like the traditional open TLDs of .COM, .NET, and .ORG, these namespaces encourage large-scale registrations, but they differ in that they limit who can legitimately register domains. So far, many thousands of their registrations seem to break the stated rules. It's therefore worth thinking through their respective enforcement efforts -- before the situation gets out of control. more
If you're brave, today you can finally download the Internet Explorer 7 public beta. Why should you be interested? Not because the browser's wonderful. It isn't -- initial reports are that it's not ready for prime-time. But you might be interested to know that as of today, users of IE will be able to use internationalized domain names (IDNs). ...Many other browsers are already IDN-capable, including Firefox, but most people in the world use Explorer. Think China, Japan, India. Think most of the world's population... Think of millions of new Internet users working in their own language, customers for commercial goods and services. But think also about intellectual property nightmares, think about phishing, think about whether there's one interoperable Internet, or several Internets acting very weird. These issues and others will become big news when people start using IDNs massively -- and with support from Internet Explorer, that's about to happen. more
Should ICANN's Wait-Listing Service be implemented?
Why yes or why not? What are the negative or positive consequences that are being overlooked?
In light of the recent events regarding ICANN's approval of the Wait-Listing Service (WLS), CircleID is requesting all stakeholders (all individuals or organization that own domain names or sell related services) to submit their comments 'for' or 'against' WLS. All comments gathered will be posted on CircleID WLS Speical Coverage and presented to key decision makers... more
Today a letter was submitted to the President of ICANN, Paul Twomey, at the ICANN Carthage meeting, "asking him to ensure that strong privacy safeguards, based on internationally accepted standards, are established for the WHOIS database." Latest reports indicated that the draft letter had been signed by about 50 nonprofit groups and represented 21 countries on six continents. "Signers of the letter included the American Library Association, the U.S. Association for Computing Machinery, the Australian Council for Civil Liberties, Electronic Frontier Finland, Privacy Ukraine, and the United Kingdom's Foundation for Information Policy Research." more
My weekly Law Bytes column (freely available hyperlinked version, Toronto Star version) focuses on the recent Canadian parliamentary discussion on domain name disputes. As discussed about ten days ago, the impetus for governmental interest in domain name disputes and Internet governance is the registration of several domain names bearing the names of sitting Members of Parliament by the Defend Marriage Coalition, an opponent of same-sex marriage legislation. The resulting websites, which include donboudria.ca and davidmcguinty.ca, include MP contact information, photos, and advocacy materials. more
The term "attack surface" is often heard in cybersecurity conversations. It refers to the sum of all possible attack vectors or the vulnerabilities that threat actors can exploit to penetrate a target network or damage an organization somehow. An unused and forgotten subdomain, for instance, can become an attack vector when taken over. Certain categories of companies have very large attack surfaces. Such is the case of streaming media businesses like Netflix and HBO Max. more
There are a lot of bad, but smart, people out there on the net. They are quick to find and capitalize on vulnerabilities, particularly those vulnerabilities in mass market software. These bad folks are quite creative when it comes to making it hard to locate and shutdown the computers involved. For example, a virus that takes over a victim's computer might communicate with its control point, or send its captured/stolen information, by looking up a domain name. Normally domain names are somewhat static - the addresses they map to don't change very frequently - typically changes occur over periods measured in months or longer. more
Efforts have been ongoing in the ICANN community to develop a better understanding of its role in the combat of abuse. This theme has been rising in prominence every year since 2018, and 2021 appears to be the tipping point, in which consensus has built around the idea that more can be accomplished in terms of reducing the impact of rogue actors using the Internet for malicious purposes. more
A World-Renowned Source for Internet Developments. Serving Since 2002.