ICANN to Auction New Generic Top Level Domains

ICANN has just published a paper from its contractor PowerAuctions LLC, regarding the use of auctions to award new Top Level Domains (TLD) strings in case of contention. I can understand what ICANN wants to avoid. In the past, it has been criticized for using the "beauty contest" model with the redelegation of the .net TLD... However, the auction model is based on the idea that whoever wins the auction will be able to recoup its investment on the sale... more

Visibility of Prefix Lengths in IPv4 and IPv6

Internet routes are specified for an address prefix. The shorter the prefix, the more general the route. A shorter prefix covers more address space and thus a bigger part of the Internet. Very long prefixes cover few addresses and are used for local routing close to the destination address. In general, it is not necessary to distribute very long prefixes to the whole Internet, because a more general, shorter prefix is sufficient to direct packets in the direction of the destination. more

Writing the Next Chapter for the Historic One-Time Pad

The OTP, or One-Time Pad, also known as the Vernam cipher, is, according to the NSA, "perhaps one of the most important in the history of cryptography." If executed correctly, it provides uncrackable encryption. It has an interesting and storied history, dating back to the 1880s, when Frank Miller, a Yale graduate, invented the idea of the OTP. Communication was expensive and difficult in the age of telegrams, and few messages were easily encrypted. more

Yahoo’s New Domain Keys: Will it Be Effective?

To paraphrase an old Klingon proverb, there can be no spam solution, so long as e-mail is free. Yahoo has unveiled plans to launch its Domain Keys software as an open-source toolkit in 2004. The intent is to allow developers of major e-mail systems to integrate Yahoo's public/private key authentication system into their own software and thus create momentum for a standard whose raison d'etre is identify verification. This is a commendable effort, but a closer look reveals that it will not only not stop the spam problem, it may have almost no effect at all. more

How Unconscionable is the Profit That Verisign Makes from Its Registry?

VeriSign makes a great deal of money from the .COM and .NET registries. Can we tell how much they make, and how much that might change if the CFIT lawsuit succeeds? It's not hard to make some estimates from public information. The largest gTLD registry that VeriSign doesn't run is .ORG, which was transferred a few years ago to the Public Internet Registry (PIR) which pays Afilias to run the registry, and uses whatever is left over to support the Internet Society (ISOC)... more

Thoughts on the Open Internet - Part 3: Local Filtering and Blocking

The public policy objectives in the area of content filtering and blocking space are intended to fulfil certain public policy objectives by preventing users within a country from accessing certain online content. The motives for such public policies vary from a desire to uphold societal values through to concessions made to copyright holders to deter the circulation of unauthorised redistribution of content. more

An End to Spam Litigation Factories? (Gordon v. Virtumundo)

When CAN-SPAM was passed in 2003, it was fairly clear that Congress wasn't trying to enable broad private enforcement. Everyone knew that rabid anti-spammers would seize any new statutory right for a litigation frenzy... Although I personally think Congress would better served all of us by omitting all private enforcement rights in CAN-SPAM, unquestionably the private rights in CAN-SPAM are drafted narrowly to prevent their abuses. That hasn't stopped some zealous anti-spammers from testing the limits of CAN-SPAM's private enforcement remedies anyway. more

ARIN Takes Steps Toward Greater Diversity

For some time, the board of the American Registry for Internet Numbers (ARIN) has expressed a desire to have greater diversity across its leadership structures. Finally, steps are being taken to have representation that better reflects the diversity of the ARIN community... since ARIN was founded on April 18, 1997, two of its main oversight structures -- the Board of Trustees and Advisory Council -- have only been populated with persons from North America. At last, that changes. more

Conventional Thinking Won’t Work in New Era of ISIS & ‘Unprecedented’ Cyber & Non-Cyber Attacks

Conventional thinking or solutions will no longer work in the new era of ISIS and the 'Unprecedented' cyber and non-cyber attacks we live in today. Like it or not, everyone is impacted, and no one is immune. Whether you are an average citizen, a chairman or CEO of a multinational, or a government or academic institution leader, the questions to ponder are: Do you know what to do next? Do you know what the solution is? more

The IETF’s *Other* Diversity Challenge

The Internet Engineering Task Force (IETF) is the standards body for the Internet. It is the organization that publishes and maintains the standards describing the Internet Protocol (IP -- versions 4 and 6), and all directly related and supporting protocols, such as TCP, UDP, DNS (and DNSSEC), BGP, DHCP, NDP, the list goes on, and on... But how do they do that? How does the IETF produce documents, and ensure that they are high quality, relevant, and influential? more

Open DNS Resolvers - Coming to an IP Address Near You!

Three vectors were exploited in the recent DDoS attack against Spamhaus: 1) Amplification of DNS queries through the use of DNSSEC signed data; 2) Spoofed source addresses due to lack of ingress filtering (BCP-38) on originating networks; 3) Utilisation of multiple open DNS resolvers While. 1) is unavoidable simply due to the additional data that DNSSEC produces, and 2) "should" be practised as part of any provider's network configuration, it is 3) that requires "you and I" ensure that systems are adequately configured.  more

The US as Keeper of a ‘Free’ Internet?

The imminent expiration date (September 30) of the joint project agreement between ICANN and the US government, establishing the US as unilateral supervisor over Internet's addressing and Domain Name System (DNS) operations, has rejuvenated the call for an internationalization of Internet oversight. The average Internet user, however, is unlikely to benefit from a change in the current status quo as both alternatives, full privatization and intergovernmental oversight, are bound to affect both the Internet's innovative power and the personal liberties enjoyed by its users. more

Net Neutrality and the Obama Stimulus Package

As long as US telecom is duopoly dominated, a neutral Internet is endangered if not impossible; regulation of this kind of concentrated power is necessary but is unlikely to be sufficient. The solution, IMHO, is to dilute the power of the duopoly so that consumers can buy whatever kind of Internet access they want. Countries like the UK with a competitive ISP market do not seem to have net neutrality problems nor require net neutrality regulation and have better Internet access than we do at lower prices. more

Smart Phishing for Smartphones

A common security prediction for 2010 is the continued rise of malware and phishing attacks on mobile phones. The MarkMonitor Security Operations Center recently detected an interesting twist on this theme involving a popular smartphone and the latest smart technologies used by cybercriminals. In this case, instead of compromising a smartphone to steal its information, cybercriminals used phishing techniques to clone smartphones. more

The Internet Monopolies?

Tim Wu had an OpEd published in the Wall Street Journal this weekend: In the Grip of the Internet Monopolists. There are commentaries on the piece on The Technology Liberation Front and TechCrunch. The more I thought about the OpEd, the more troubling it seemed. more