Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
In my last article, I described efforts underway to standardize new cryptographic algorithms that are designed to be less vulnerable to potential future advances in quantum computing. I also reviewed operational challenges to be considered when adding new algorithms to the DNS Security Extensions (DNSSEC). In this post, I'll look at hash-based signatures, a family of post-quantum algorithms that could be a good match for DNSSEC from the perspective of infrastructure stability. more
While travelling home from Geneva, I was thinking quite a lot on the relationship between a ccTLD (registry) and a Country. This is because many countries are starting to talk louder and louder about the responsibilities Countries have on critical infrastructure, or (possibly more important) the management of the critical infrastructure. Will for example any (none?) of ccTLD operators (servers) sustain a denial of service attack of a scale similar to the attack on the root servers? What can ccTLD operators do to resist the malicious attacks? Should this be discussed? more
Sun, surf, and ... service operators? It's a match made in heaven! The Caribbean cable and telecommunications industry may not be large, but it is an important and fast-growing region. The recent Caribbean Cable & Telecommunications Association (CCTA) Annual Meeting in Puerto Rico threw the spotlight on this slice of paradise and I was there to catch up on some of the trends emerging for the year ahead. more
The beginnings of the Internet are shrouded in myth and misunderstandings that have led to some claims of proprietary ownership of the Internet. Where and when did the Internet begin? The only thing Internet historians seem to agree on is that it was not 1969, or the Pentagon, (or for that matter Al Gore). From there on, there is a wide divergence of views as to when, where, and by whom the Internet may have been invented... more
Over three-quarters of the more than 55,000 UDRP cases decided since 1999 have been undefended. Requiring adequate evidentiary support of the complainant's allegations in disputes where the respondent has not filed a response, is therefore critical for producing just outcomes under the UDRP. While most UDRP disputes involve clear cybersquats that are indefensible, a significant number involve domain names that are not clearly cybersquats... more
A recent statement released by the U.S. Federal Trade Commission emphasized that the Whois databases should be kept "open, transparent, and accessible," allowing agencies like the FTC to protect consumers and consumers to protect themselves: "In short, if ICANN restricts the use of Whois data to technical purposes only, it will greatly impair the FTC's ability to identify Internet malefactors quickly -- and ultimately stop perpetrators of fraud, spam, and spyware from infecting consumers' computers," the statement states." more
Dave Taht died on April 1st. I met him only recently, and never in person, but his passing saddens me. His technical work and evangelism have improved the Internet, and I will give some examples of his contributions to the Internet community and users, but I am sad because he was a good person -- idealistic, unselfish, open, and funny. I'll miss him. First, his contributions, then his values. more
Two weeks ago, the Federal Trade Commission held a summit on e-mail authentication in Washington, DC; the community of people who handle bulk mail came together and agreed on standards and processes that should help reduce the proliferation of spoofed mail and fraudulent offers. This was a big, collective step in the right direction. But e-mail sender authentication alone won't solve the Net's fraud and phishing problems - nor will any single thing. It requires a web of accountability among a broad range of players. Yet this week there's another meeting, in Cape Town, South Africa, that could make even more of a difference...but it probably won't. more
A message on Dave Farber's Interesting People list complained that Comcast was blocking mail forwarded by DynDNS, a popular provider of DNS and related services for small-scale users... Actually, they're blocking it because a lot of it is spam. This is a problem that every mail forwarder and every mail system encounters; the only unusual thing here is that DynDNS is whining about it. It's yet another way that spammers have broken the mail for the rest of us. more
Avivah Litan, the storied Gartner analyst, laid it down succinctly for insiders in her blog two and one-half years ago. She said, "Web 3.0 will transform us from Web 2.0's monetization via surveillance capitalism and advertising to monetization built directly into the protocol that is equally available to any connected user." Translated, that means we'll control our destiny by owning and managing our credentials for logging into systems, content, financial resources, and, importantly, our data. And, we are told, blockchain technology will enable all that. more
We have posted our support of the WHOIS Policy Review Team Report with two important comments. First, on page 79 of the report it is confirmed that the RAA is unenforceable on WHOIS inaccuracy (we wrote about this while at the last ICANN meeting) because the language of RAA 3.7.8 has no enforcement provision. It is now time for ICANN to confirm this problem officially. more
I first outline a brief history of free file-sharing technology, then draw some general and domain name lessons, then outline the what, how, and why that make your activism effective and necessary... The domain name industry is decentralized and atomic in that anyone from anywhere in the world can register a domain name, keep the ownershp name and address private, and host it from a country where the U.S. and European legal systems don't apply. Thus, legal action will only drive domain owners further underground. more
I outline the implications for value presented by ICANN's proposed introduction of new Top-Level Domains (TLDs) on user search and navigation, companies, and registries... For the new tools to be value adding they should facilitate navigation, reduce search cost, or provide actionable branding information through marketing. Unfortunately, the new TLDs bring in a mixed bag of value-adding and -destroying tools. more
Isn't security as important to discuss as .XSS? The DNS has become an abuse infrastructure, it is no longer just a functional infrastructure. It is not being used by malware, phishing and other Bad Things [TM], it facilitates them. Operational needs require the policy and governance folks to start taking notice. It's high time security got where it needs to be on the agenda, not just because it is important to consider security, but rather because lack of security controls made it a necessity. more
The Internet Commerce Association (ICA) has posted a position paper and analysis of S. 2661, introduced on 2/25/08 in the US Senate. While we are firmly opposed to phishing and other criminal activities that may utilize domain names we are very concerned about the provisions of the proposal that appear to provide trademark owners with a means to avoid both UDRP and ACPA actions and alternatively bring private claims against domain names with a lower burden of proof and the potential for far higher monetary damages, without even requiring an allegation that the DN was in any way being utilized in a phishing scheme... more
A World-Renowned Source for Internet Developments. Serving Since 2002.