Is NIST’s Recent Letter on o.com a Bureaucratic Coup d’Etat?

Verisign recently informed ICANN that it had received a letter from the National Institute for Standards and Technology (NIST), an agency of the U.S. Department of Commerce, regarding the proposed auction of o.com described in the Second Amendment to the .com Registry Agreement agreed to by ICANN and Verisign in March 2019. This letter, which doesn't appear to be on official letterhead, is from a NIST Grants Officer and purports to overturn a letter raising objections to the auction... more

An Institute to Combat DNS Abuse

Over the last few years, it's become clear that abuse of the Domain Name System -- whether in the form of malware, botnets, phishing, pharming, or spam -- threatens to undermine trust in the Internet. At Public Interest Registry, we believe that every new .ORG makes the world a better place. That means anything that gets in the way of that is a threat, and that includes DNS Abuse. more

More Warning Shots for ICANN, or the End of the Road?

Last fall, I wrote about ICANN's failed effort to achieve its goal of preserving the Whois domain name registration directory to the fullest extent possible. I predicted that if the policy effort failed, governments would take up the legislative pen in order to fulfill the long-ignored needs of those combating domain name system harms. That forecast has now come true through significant regulatory actions in the United States and the European Union in the form of a proposed directive from the European Commission (EC) and instruction from the US Congress to the National Telecommunications and Information Administration (NTIA). more

.com Is A Clear and Present Danger to Online Safety

"The Internet is the real world now." This assessment was offered by Protocol, a technology industry news site, following the very real violence on Capitol Hill during the counting of the electoral college votes that officially determines the next president of the United States. The media outlet went on to say that, "[t]he only difference is, you can do more things and reach more people online -- with truth and with lies -- than you can in the real world." more

The State of DNS Abuse: Moving Backward, Not Forward

ICANN's founding promise and mandate are optimistic -- ensure a stable and secure internet that benefits the internet community as a whole. Recent months, however, have highlighted the uncomfortable truth that ICANN's and the industry's approach to DNS abuse is actually moving backward, ignoring growing problems, abdicating on important policy issues, and making excuses for not acting. Further, the impending failure of ICANN's new WHOIS policy to address cybersecurity concerns will add fuel to the fire, resulting in accelerating DNS abuse that harms internet users across the globe. more

Reflections on the .ORG Domain Registry Sale

For all the many reasons raised by thousands of petitioners by prominent members of the U.S. Congress, and the California Attorney General's office, this "sale" plainly should not be occurring. However, in a very real way, it is déjà vu. For me, as one of the handful of people who were members of the original InterNIC public advisory committee which oversaw the spinout of the registry activity from its DARPA government instantiation to a private enterprise business... more

Communities of Things

When I want to go to a website, I just type in the URL, and I'm there. Sure, we had to get a subscription from a service provider and set up our devices, but that was a one-time thing. As we move into a world of many connected devices, it's no longer a one-time thing. Today, creating connected devices and services requires thinking about all the mechanics and networking and onboarding and providers. more

Dear U.S.A. – Observations on the Cyber Solarium Commission Report

I am writing to you as someone who is not your citizen, (although I had the fortune to wed the most beautiful of your daughters), to share my thoughts about the recent US Government Cyber Solarium Commission report. U.S.A. We owe you one! Without you and your citizens there would be no free Internet as we know it. Thank You! Your constitution is our inspiration. We, the global digital citizenship want to be "the people", in order to "secure the Blessings of Liberty to ourselves and our Posterity..." more

Stop Propagating False Information About the .ORG Transaction

We were disappointed to see The Pittsburgh Post-Gazette publish a recent editorial on February 13 about the sale of Public Interest Registry (PIR, the company that operates .ORG) that propagates false information about the transaction, including runaway prices, censorship and lack of experience. Runaway prices? Ethos Capital and PIR have committed to capping price increases to no more than ten percent per year on average. more

Internet Economics

One year ago, in late 2017, much of the policy debate in the telecommunications sector was raised to a fever pitch over the vexed on-again off-again question of Net Neutrality in the United States. It seemed as it the process of determination of national communications policy had become a spectator sport, replete with commentators who lauded our champions and demonized their opponents. more

DOHA and ZIPPO Make Forty Five

Forty five what? Forty five abandoned top-level domains. On November 7, ICANN received a notice from the Communication Regulatory Authority of the State of Qatar that they are terminating the registration agreement for .DOHA. Two weeks before that, the Zadco company terminated .ZIPPO. In addition to the $180,000 application fee, applicants had to hire consultants, make arrangements with back-end operators, go through the certification process to get their TLD online. more

HTTPS Interceptions Are Much More Frequent Than Previously Thought

I have written about the problems with the "little green lock" shown by browsers to indicate a web page (or site) is secure. In that article, I consider the problem of freely available certificates, and a hole in the way browsers load pages. In March of 2017, another paper was published documenting another problem with the "green lock" paradigm - the impact of HTTPS interception. more

Why Government Agencies Use Ugly, Difficult to Use Scanned PDFs - There’s More Than Meets the Eye

Sometimes, a government agency will post a PDF that doesn't contain searchable text. Most often, it's a scan of a printout. Why? Don't the NSA, the Department of Justice, etc., know how to convert Word (or whatever) directly to PDF? It turns out that they know more than some of their critics do. The reason? With a piece of paper, you know much more about what you're actually disclosing. more

What Happens If Two Applications for a New gTLD Are a City and a Family Name?

When applying for a new gTLD, what happens if two applications for the same extension are a city and a family name? Which one wins? Let's imagine that a person whose family name is "Marseille" applied for the .MARSEILLE new gTLD in the next round of the ICANN new gTLD program. What if there was a .MARSEILLE new gTLD too but as the name of the French city? more

Have We Reached Peak Use of DNSSEC?

The story about securing the DNS has a rich and, in Internet terms, protracted history. The original problem statement was simple: how can you tell if the answer you get from your query to the DNS system is 'genuine' or not? The DNS alone can't help here. You ask a question and get an answer. You are trusting that the DNS has not lied to you, but that trust is not always justified. more