DNSSEC Happy Talk Enters a New Era

So we finally have a signed root zone. Now when is someone going to answer the question I first asked over five years ago and have still not had an answer to: How do the domain name owner's keys get into the TLD? Before we have a system people can use there have to be technical standards, validation criteria and a business model. Where are they? more

FedRAMP: Critical to Cost-Effective Cloud Computing Cybersecurity

In September 2009, the Obama Administration announced the Federal Cloud Computing Initiative. As the government's CIO explained, cloud computing "has the potential to greatly reduce waste, increase data center efficiency and utilization rates, and lower operating costs." The Federal Risk and Authorization Management Program (FedRAMP) addresses the key elements of a cloud computing framework for federal agencies. more

A Framework for Selecting New TLDs

Your corporate domain names send implicit messages (signals) through their Top-Level Domains (TLDs) and their second-level words. Shape your domain names so to send the right messages and to avoid sending unintentionally confusing messages. The post focuses on a framework to help bidders determine which TLDs send messages that are potentially profit generating... Soon TLDs such as ".car," ".cars," ".green," and ".eco" will be available to any qualified body whose request is favored by the allocation system. The system being discussed is a combination of beauty contests and auctions. more

44% Of Domain Names Globally are Country Code TLDs, 56% Generic TLDs, Reports CENTR

The Council of European National Top level Domain Registries (CENTR) released its global TLD report today, stating that the global TLD market grew 1.4% year over year at the end of first quarter this year. more

Internet Penetration in the Middle East has Tripled in the Past 8 Years, New Arabic Domains Credited

Internet penetration in the Middle East tripled in the past eight years, from 20 per cent in 2009 to 60 per cent this year as a result of the introduction of Arabic domain names. more

Stopping Illegal Activity Online - It’s More Complicated Than It Seems

There was a compelling article in the Wall Street Journal (WSJ) the other day about ICANN and illegal online pharmacies. The result of a six-month investigation, the reporter, Jeff Elder, calls into question ICANN's effectiveness in investigating complaints of suspected illegal activity on domain names it has a contractual relationship with. Elder cites a recent incident where Interpol and the U.S. Food and Drug Administration tried to have 1,300 websites shut down because they were suspected of selling drugs without a prescription. more

ICANN’s New TLDs: Of Course There Will Be an Auction - Part 1

The process for ICANN's new TLDs says that if there are several equally qualified applicants for a TLD, and they can't agree which one gets it, ICANN will hold an auction to decide. Recently some people have suggested that the applicants could use a private auction instead. Well, of course. In a situation like this, the question isn't whether there will be an auction, but only who will keep the money. more

Half of Phishing Sites in the Wild Have SSL Certificates and Show Padlock Security Icon, Study Finds

A new study by anti-phishing company PhishLabs reveals 49 percent of all phishing sites in the third quarter of 2018 had Secure Sockets Layer or SSL with HTTPS in their URL. more

Branded Domains Are the Focal Point of Many Phishing Attacks

As a long-established online attack strategy, phishing remains a popular tool for fraudsters because of its effectiveness. The Anti-Phishing Working Group reported more than 300,000 distinct phishing attacks in December 2021 -- more than three times the number reported in early 2020, and the highest monthly total ever identified. more

Verisign’s Preliminary Comments on ICANN’s Name Collisions Phase One Report

Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done. I have outlined the four main observations... more

New gTLD Auctions and Potential Unintended Consequences

Auctions will play a critical role in ICANN's new generic Top-Level Domain (gTLD) process, the only question is whether they reinforce ICANN's position as a steward of a global public resource, or undermine it. Auctions are one of two widely used mechanisms used in the allocation of scarce global resources, the other being a comparative analysis (aka beauty contest). ... This paper seeks to highlight those potential unintended consequences and propose a more equitable model consistent with ICANN's role as a steward of public global resource. more

ICANN-JPA Coverage

At the end of this month, September 30th, the Joint Project Agreement (JPA) between the Internet Corporation for Assigned Names and Numbers (ICANN) and the U.S. Department of Commerce (DoC) will come to an end. While ICANN has affirmed its commitment in maintaining a long-term, formal relationship with the United States, talks of new changes and a more independent ICANN is intensifying as the expiration date is quickly approaching. For the next upcoming days, this page will be frequently updated with related news and updates. more

Email in the World’s Languages - Part II

In our last installment we discussed MIME, Unicode and UTF-8, and IDNA, three things that have brought the Internet and e-mail out of the ASCII and English only era and closer to fully handling all languages. Today we'll look at the surprisingly difficult problems involved in fixing the last bit, internationalized e-mail addresses. more

Phishing Moving to the Web Channel

Today we received one of the first phish attempts to be made as a web spam (comment spam/blog spam) attempt. I wasn't convinced, and thought that perhaps it was a way to gather and verify RELEVANT online identities. Someone put me straight. It's phishing. I've often in the past had run-ins with the good folks in the anti virus realm back between 1996 and 2005 who thought Trojan horses and then spyware were not part of their business. Years later the AV business people ruled it is part of their business and ran to catch up. Same with botnets. more

Another Year of the Transition to IPv6

I bet that nobody believed in 1992 that thirty years later, we'd still be discussing the state of the transition to IPv6! In 1992 we were discussing what to do about the forthcoming address crunch in IPv4, and having come to terms with the inevitable prospect that the silicon industry was going to outpace the capacity of the IPv4 address pool in a couple of years, we needed to do something quickly more