When I want to go to a website, I just type in the URL, and I'm there. Sure, we had to get a subscription from a service provider and set up our devices, but that was a one-time thing. As we move into a world of many connected devices, it's no longer a one-time thing. Today, creating connected devices and services requires thinking about all the mechanics and networking and onboarding and providers. more
It was 30 years ago today, on January 1, 1983, that the ARPANET had a "flag day" when all connected systems switched from using the Network Control Protocol (NCP) to the protocols known as TCP/IP. This, then, gave rise to the network we now know as the Internet. more
This is the first in a series of releases that tie extensive code injection campaigns directly to policy failures within the Internet architecture. In this report we detail a PHP injection found on dozens of university and non-profit websites which redirected visitor's browsers to illicit pharmacies controlled by the VIPMEDS/Rx-Partners affiliate network. This is not a unique problem, however the pharmacy shop sites in question: HEALTHCUBE[DOT]US and GETPILLS[DOT]US should not even exist under the .US Nexus Policy. more
In many respects the internet is going to hell in a hand basket. Spam, phishing, DNS poisoning, DDoS attacks, viruses, worms, and the like make the net a sick place. It is bad enough that bad folks are doing this. But it is worse that just about every user computer on the net offers a nice fertile place for such ill behavior to be secretly planted and operated as a zombie under the control of a distant and unknown zombie farmer. ...Some of us are coming to the converse point of view that the net is being endangered by the masses of ill-protected machines operated by users. more
In his article titled, "End of Life Announcement", John Walker (author of the Speak Freely application) makes a few arguments about Network Address Translation (NAT) that are simply not true: "There are powerful forces, including government, large media organisations, and music publishers who think this situation is just fine. In essence, every time a user--they love the word "consumer"--goes behind a NAT box, a site which was formerly a peer to their own sites goes dark, no longer accessible to others on the Internet, while their privileged sites remain. The lights are going out all over the Internet. ...It is irresponsible to encourage people to buy into a technology which will soon cease to work." more
Two recent celebrated cybersecurity standards history events brought together sets of people who were intimately involved with some of the most significant network security standards work ever undertaken. These included the X.509 digital certificate standards at ITU X.509 Day, and the Secure Digital Network System (SDNS) standards at the NSA Cryptologic History Symposium 2022. more
One of the basic tools in network design is the so-called "stacked" protocol model. This model was developed in the late 1970s as part of a broader effort to develop general standards and methods of networking. In 1983, the efforts of the CCITT and ISO were merged to form The Basic Reference Model for Open Systems Interconnection, usually referred to as the Open Systems Interconnection Reference Model or the "OSI model." more
A little over 25 years ago, the Internet Society proposed that they assume responsibility for the DARPA Internet Protocol (IP) specifications Intellectual Property Rights (IPR) that were being evolved by the Internet Engineering Task Force (IETF) to facilitate their use by the mainstream network communication standards bodies and providers. Last week, the IETF, in an attempt to fend off alternative Internet Protocols emerging in the 5G ecosystem and create a standards monopoly, asserted... more
The IETF is in the midst of a vigorous debate about DNS over HTTP or DNS over HTTPS, abbreviated as DoH. How did we get there, and where do we go from here? (This is somewhat simplified, but I think the essential chronology is right.) Javascript code running in a web browser can't do DNS lookups, other than with browser.dns.resolv() to fetch an A record, or implicitly by fetching a URL which looks up a DNS A or AAAA record for the domain in the URL. more
I've been prompted to write this brief opinion piece in response to a recent article posted on CircleID by Tony Rutkowski, where he characterises the IETF as a collection of "crypto zealots." He offers the view that the IETF is behaving irresponsibly in attempting to place as much of the Internet's protocols behind session level encryption as it possibly can. ... Has the IETF got it wrong? Is there a core of crypto zealots in the IETF that are pushing an extreme agenda about encryption? more
Back in the early 2000s, several notable Internet researchers were predicting the death of the Internet. Based on the narrative, the Internet infrastructure had not been designed for the scale that was being projected at the time, supposedly leading to fatal security and scalability issues. Yet somehow the Internet industry has always found a way to dodge the bullet at the very last minute. more
My assertion is that the Internet Engineering Task Force (IETF) is an institution whose remit is coming to a natural end. This is the result of spectacular success, not failure. However, continuing along the present path risks turning that success into a serious act of wrongdoing. This will leave a social and political legacy that will tarnish the collaborative technical achievements that have been accumulated thus far. more
So you are the IT regulator for a country and you are convinced that the shortage of IPv4 address space represents a threat to the development of the Internet in your country and you want to do something about it. Being that as regulator you don't really run the countries IP networks, what can you really do? I've heard many regulators in over 30 countries grapple with this problem. The purpose of this article is to think through some ideas to guide action on using (or not) regulation to drive IPv6 adoption. more
It is an open secret that the current state of IPv4 allocation contains many accidental historical imbalances and in particular developing countries who wish to use IPv4 are disadvantaged by the lack of addresses available through ordinary allocation and are forced into purchasing addresses on the open market. As most of the addresses for sale are held by organisations based in the developed world, this amounts to a transfer of wealth from the developing world to the developed world, on terms set by the developed world. more
Recently, my firm has seen a lot of interest come from Enterprises seeking IPAM/DNS tools. We predicted that IPv6 adoption and the need for automation software/tools would follow the Internet ecosystem's supply chain starting with Service Providers consisting of ISPs, I/PaaS, ASPs, then content providers (mostly a service really), then Enterprises, followed by SMBs & Consumers. While good for business, it has also forced us to revisit and think thru many TCP/IP protocol standards... more