It is an open secret that the current state of IPv4 allocation contains many accidental historical imbalances and in particular developing countries who wish to use IPv4 are disadvantaged by the lack of addresses available through ordinary allocation and are forced into purchasing addresses on the open market. As most of the addresses for sale are held by organisations based in the developed world, this amounts to a transfer of wealth from the developing world to the developed world, on terms set by the developed world. more
When you're standing close to ICANN, the domain business may seem pretty big, but when you stand farther away, not so much. Verisign's revenues are about $1 billion/year. The .COM and .NET top-level domains together have about 150M names. The next biggest gTLDS are .ORG with 25M and .INFO with 12M. The biggest new TLDs are TOP with 2.9M and .XYZ with 1.8M, with both bloated by firesale prices. The rest are smaller, mostly much smaller. more
The results of a study presented today at a meeting of internet network researchers depicts critical communications infrastructure could be submerged by rising seas in as soon as 15 years. more
There have been many news stories of late about potential attacks on the American electoral system. Which attacks are actually serious? As always, the answer depends on economics. There are two assertions I'll make up front. First, the attacker -- any attacker -- is resource-limited. They may have vast resources, and in particular, they may have more resources than the defenders -- but they're still limited. Why? more
I have written about the problems with the "little green lock" shown by browsers to indicate a web page (or site) is secure. In that article, I consider the problem of freely available certificates, and a hole in the way browsers load pages. In March of 2017, another paper was published documenting another problem with the "green lock" paradigm - the impact of HTTPS interception. more
By some estimates, only half of the world's population has internet access, leaving the other half at a sizeable competitive disadvantage. This profound connectivity gap is especially significant in the unserved and underserved areas of developing and least-developed countries. For people who live in these places, Internet connectivity is not just about the Internet. It is a lifeline that gives access to electronic commerce and telehealth services, distance learning, social and political engagement, government services... more
U.S. federal government officials have revealed Russian hackers have been able to gain access to the networks of electric utilities in the country, according to a report by The Wall Street Journal. more
Sometimes, a government agency will post a PDF that doesn't contain searchable text. Most often, it's a scan of a printout. Why? Don't the NSA, the Department of Justice, etc., know how to convert Word (or whatever) directly to PDF? It turns out that they know more than some of their critics do. The reason? With a piece of paper, you know much more about what you're actually disclosing. more
The legal status of domain names is one of the most hotly debated topics with regards to evolving property rights and how they should be applied to technological and intellectual property 'innovations' in cyberspace. At present, there are two opposing factions on this topic: On one hand, there are those who maintain that domain names should be considered as contracts for services, which originate from the contractual agreement between the registrant and the registrar. more
The existence of the 2001 Cybercrime Convention is generally well known. The treaty has now been ratified/acceded to by 60 countries worldwide, including the United States. Less well known is the existence of the Additional Protocol to the Convention "concerning the criminalization of acts of a racist and xenophobic nature committed through computer systems." more
My Comcast bill arrived today with a sneaky new $2.68 charge, $2.50 for leasing one (and only one) set-top box and $0.18 for the remote. This new billing line item, like the many others Comcast has introduced, adds to its bottom line with no additional capital expenditure. It shows how resisting the obligation to return to accepting set-top box free, "cable ready" sets was a smart strategy. more
The need for an access model for non-public Whois data has been apparent since GDPR became a major issue before the community well over a year ago. Now is the time to address it seriously, and not with half measures. We urgently need a temporary model for access to non-public Whois data for legitimate uses, while the community undertakes longer-term policy development efforts. more
It's been nearly two months since the high profile BGP hijack attack against MyEtherwallet, where crypto thieves used BGP leaks to hijack MEW's name servers, which were on Amazon's Route53, and inserted their own fake name servers which directed victims to their own fake wallet site, thereby draining some people's wallets. It generated a lot of discussion at the time... What isn't fully appreciated is that attack has, in fact, changed the game somewhat... more
The Google-run .app TLD was always destined to draw attention and scrutiny, from the moment it fetched a then-record ICANN auction price of $25 million. Since it reached General Availability in May it has gained more than 250,000 registrations making it one of the world's most successful TLDs. However perhaps more interesting was Google's choice to add the .app TLD and its widely used .google extension to the HTTP Strict Transport Security (HSTS) Top-Level Domain preload list, offering an unprecedented level of security for all domains under .google and .app. more
As I predicted ICANN is pursuing its case against EPAG. They're now not only appealing the case to a higher court in Germany but are also trying to get the entire thing referred to the European Court of Justice. In an announcement late last night ICANN made it very clear what their intentions are. While they're pursuing the appeal in the higher court in the German region, which makes sense at some level, it's also very clear that they're not taking "no" for an answer. more