Wait and see approach on abuse attracts ICANN Stakeholder attention: A few weeks ago I made a detailed argument as to why product safety applies to domains, just like it does to cars and high chairs. I also argued that good products equal good business or "economically advantaged" in the long run. Then I really made a strong statement, I said if we don't actively engage other Internet stakeholders -- those that interact with our products, we would eventually lose the opportunity to self-regulate. more
As the autumn leaves fall from naked trees to be trampled or encased in the winter snow, it reminds us of another year quickly gone by. Yet, for organisations that were breached and publicly scrutinised for their security lapses, it's been a long and arduous year. It was about this time last year that the news broke of Target's mega breach. Every news outlet was following the story and drip feeding readers with details, speculation and "expert opinion" on what happened, why it happened and who did it. more
If you will be at ICANN 52 in Singapore in February 2015 (or can get there) and work with DNSSEC or the DANE protocol, we are seeking proposals for talks to be featured as part of the 6-hour DNSSEC Workshop on Wednesday, February 11, 2015. The deadline to submit proposals is Wednesday, December 10, 2015... The full Call For Participation is published online and gives many examples of the kinds of talks we'd like to include. more
On the evening of Tuesday, September 9th, Congressional leaders unveiled a 1,603 page, $1.01 trillion FY 2015 appropriations bill to fund the U.S. government through the end of September 2015. One provision of the omnibus bill would delay the IANA transition until after the September 30, 2015 expiration of the current contract between the NTIA and ICANN. more
Section 3.18 of the ICANN 2013 Registrar Accreditation Agreement (RAA) contains language requiring registrars to investigate and respond to abuse complaints. Nearly one year into the new RAA's effective period, what do we know about Section 3.18? If a person or entity wants to submit a complaint, what should they keep in mind? This article reviews the meaning of Section 3.18, how to leverage it, offers a list of do's and don'ts for complainants, and offers a few recommendations for registrars. more
The latest Anti-Phishing Working Group (APWG) Global Phishing Survey, which analyzed over 100,000 phishing attacks in the first half of 2014, examines the progress that top level domains (TLDs) are making in responding to phishing attacks that use their TLDs. The report finds the .INFO domain has the lowest average phishing uptimes as compared to other TLDs, such as .COM and .NET. more
Yesterday's DDoS attack against DNSimple brought to light a longstanding need for DNS nameserver operators to have an ability to unilaterally repudiate domains from their nameservers. The domains under attack started off on DNSMadeEasy, migrated off to DNSimple and took up residence there for about 12 hours, causing a lot of grief to DNSimple and their downstream customers. more
While the debate continues as to whether most new gTLDs are a sound long-term investment for their registry operators, there's no disputing that the program has been an economic boom for ICANN. The 1,930 first round applications each required an application fee of $185,000, which added up to a tidy $357 million. Even after refunds for withdrawn applications ICANN still cleared about a third of a billion dollars from the first round before a single string was delegated. more
In the tenth month of the revolutionary expansion of generic top-level Internet domains, global registrations in new gTLDs reached more than three million addresses, providing the clearest illustration yet of the strong international appetite for new, relevant addressing options. As we near the first full year of new gTLD availability, focus now shifts to another critical metric -- renewals -- which we expect to show similar strength based on history and data analysis. more
Back in the early 1980s we witnessed the launch of the first e-payments systems by French banks in Biarritz. A similar project was launched in Japan and a year or so later Berlin also launched their pilot service. In Biarritz the whole town received smartcards and all the shops were given devices to handle e-cash. Over the next 30 years very little happened -- nowhere did banks build on this initiative to take a leadership role in e-payments. more
China is holding the First Internet Conference in the rivertown of Wuzhen, calling for global Internet interconnectivity and shared governance by all. Founders of China's top three Internet companies Alibaba, Tencent and Baidu as well as executives from global giants including Apple, Amazon, Google and Facebook all joined the gala. more
The EFF has just posted a shallower than usual deeplink alleging an "email encryption downgrade attack" by ISPs intent on eavesdropping on their customers. They, along with VPN provider Golden Frog, have additionally complained to the FCC reporting this. Here, they've just noticed something that's common across several hotel / airport wifi networks... more
According to ici.radio-canada.ca, the Government of Quebec has decided to end its participation in the new gTLD .Quebec, just days before .Quebec launches. According to the story the Government has decided not to change Government websites to .Quebec and will instead retain all of its Website to end in .gouv.qc.ca... "The news will no doubt be received as a cold shower by PointQuébec organization, which is the company that is operating .Quebec registry. more
The April NETmundial meeting was a seminal event in the history of Internet Governance. Fears that the meeting might fail to reach consensus were not realized. Instead, the participants achieved a high degree of harmony -- the "Spirit of NETmundial" -- that resulted in issuance of a consensus Statement that, while lacking in precise detail, was effused with positive energy. Since that meeting there has been considerable discussion within the Internet Governance (IG) community as to what lessons have been learned from NETmundial, and how its work might best be carried into the future. more
There has been a lot of back and forth recently in the ICANN world on what constitutes domain abuse; how it should be identified and reported AND how it should be addressed. On one side of the camp, we have people advocating for taking down a domain that has any hint of misbehaviour about it, and on the other side we have those that still feel Registries and Registrars have no responsibility towards a clean domain space. (Although that side of the camp is in steady decline and moving toward the middle ground). more