What ICANN Can Learn from Humpty Dumpty

I have been an active participant in the ICANN "grand experiment" from the beginning. An experiment in which a private sector led organization was entrusted by the Internet community and governments to be a trustee of a global public resource. However, at no time during my twelve years of participation in ICANN have I been more concerned about the long term viability of this organization than I do now heading into the Singapore meeting. Failure of the ICANN Board to do the right thing in Singapore will have a profound impact on the future of the private sector led model. more

Password Policies Need to Be the Same if We Want Users to Take Our Advice

The other day on Facebook, one of my friends mentioned that today (i.e., that day) was a good day to update his passwords. But he then lamented that some web sites don't allow you to create more than a 12-character password! He was incensed! Well, maybe not incensed but showed contempt for the fact these sites restricted password length. more

Paid Peering: Issues and Misunderstandings

Recently I was asked for my opinion on Google paying France Telecom (FT) to deliver traffic into FT's network, i.e. Google paying to peer with FT. I wasn't aware Google pays FT. I don't even know if it's true. But I do know this is a topic fraught with misunderstandings. Also, if there is a "problem" here, the problem is one of competition (or lack thereof) in portions of the French broadband access market. It is not a problem that can be or should be fixed by "network neutrality" regulations or legislation. more

Defending Against the Hackers of 1995

Two factor authentication that uses an uncopyable physical device (such as a cellphone or a security token) as a second factor mitigates most of these threats very effectively. Weaker two factor authentication using digital certificates is a little easier to misuse (as the user can share the certificate with others, or have it copied without them noticing) but still a lot better than a password. Security problems solved, then? more

What Next for Email Service Providers?

It's been a very bad month for ESPs, companies that handle bulk mailings for their clients. Several of them have had internal security breaches, leaking client information, client mailing lists, or both. Many have also seen clients compromised, with the compromised credentials used to send spam. The sequence of events suggests all the ESPs whose clients were compromised were themselves compromised first. (That's how the crooks knew who to attack.) more

Corporate Domain Registration Practices in Light of New gTLDs

For years, corporate domain name administrators have scoffed at every new second-level and third-level country code Top-Level Domain (ccTLD) liberalization, and rightly so. Until recently, most had continued the practice of registering significant numbers of variations, misspellings and typo-squats. While I have never encouraged the practice of registering every variation in every geography, as this becomes prohibitively expensive over time... With what seems to be the imminent launch of hundreds of new TLDs as a result of ICANN's new initiative, companies appear to be saying enough is enough, and meaning it. more

Court Approves Nortel’s Sale of IPv4 Addresses to Microsoft

Yesterday morning (26-April-2011), in US Bankruptcy Court for the District of Delaware, Judge Kevin Gross signed an order authorizing Nortel's sale of IPv4 addresses to Microsoft. This is an important moment for the Internet community, as it represents the beginning of a new market-based mechanism for the distribution of scarce IPv4 address resources. As the various Regional Internet Registry (RIR) organizations exhaust their supply, traditional "needs-based" distribution will become impossible. more

Top 3 New Requirements to the TLD Evaluation Criteria and What They Mean for Applicants

Three sections of the redlined version of the Draft Evaluation Criteria for new Top-Level Domains (TLDs) caught my attention. It seems ICANN wants to ensure it has information to not only evaluate and score responses, but to conduct a post-launch analysis of the program's success in terms of expanded competition, consumer choice and trust. That additional information means more work by both the applicant and for ICANN. But it's a good move because pre-launch preparation and thought staves off mishaps and misfortunes later. more

Really? A Hearing on New gTLDs at this Late Stage?

To the dismay of many (and the chagrin of some), it appears as though the US House Subcommittee on Intellectual Property, Competition and the Internet will be conducting a hearing on New generic Top-Level Domains (gTLDs). Meanwhile, ICANN is careening towards the finish line of the new gTLD Program with a vote by the ICANN Board scheduled for June 20th. Just what this all means remains to be seen. more

A Closer Look at Apple and Location-Tracking

There's been a lot of media attention to a report that iPhones track your movements. It's even reached the U.S. Senate. I'm underwhelmed. I think that the threat is overhyped. What is happening is that these devices create a hidden file with your location... more

New gTLD Discussion Draft - Top 10

Okay, so spending my Monday morning printing out and reviewing 348 pages of the "New gTLD Discussion Draft" is not exactly what I had mind when I woke up today, but kudos to ICANN for keeping to the timeline that they had released last month. Since, most of you do not have the time or the patience (and probably have real work to do), I've taken it upon myself to highlight the most important changes in this version. more

7 Must Have Attributes of an IP Address Management System

Exponential growth of networks combined with the complexity introduced by IT initiatives e.g. VoIP, Cloud computing, server virtualization, desktop virtualization, IPv6 and service automation has required network teams to look for tools to automate IP address management (IPAM). Automated IPAM tools allow administrators to allocate subnets, allocate/track/reclaim IP addresses and provide visibility into the networks. Here are some examples of what a typical IPAM tool can do... more

9 Thoughts on Stepping Up Spam and Malware Enforcement

In a tweet, EU commissioner for the Information Society Neelie Kroes congratulates OPTA on the spam fine for the golf ball printing company Backsound. Since 2004 the Dutch OPTA is the number one spam and malware fighter of the EU with a total of €1.9 million in fines. It made me ask two question to myself: How come that we seldom hear of other spam fines in the EU? And can the EU change this in any way? more

IPv4 Addresses Not Property, Canada Weighs in on the Nortel/Microsoft Transfer

The recent tempest in a teacup on ARINs PPML list over the transfer of IP address blocks from Nortel (a company in Chapter 11) to Microsoft has some interesting Internet Governance dimensions that are yet to be discussed. One aspect that has been overlooked amidst all the sound and fury, is the governmental perspective on IP address transfers. more

Will Blocking a TLD Fracture the Internet?

In his eloquent dissent against approving .XXX, ICANN Board member George Sadowsky talked about blocking and filtering top-level domains. It's a concise statement of a concern that has been identified by various people, including members of the Governmental Advisory Committee (GAC), as an impediment to the new generic Top-Level Domain (gTLD) program. It's a thorough defense of a common point of view about blocking TLDs, but while no-one can disagree about the fact of blocking, what is the actual effect? more