The .net Top Level Domain and Cross-Coupled Failures

The .net Top Level Domain (TLD) contains the names of the main group of DNS root servers as well as the names of the servers for several other large TLDs, such as .com, .org, .arpa and .mil. Most of the focus about the .net redelegation has concerned the quality of the registration systems. But that is a minor matter next to the quality of the name server operation.  more

A Political Analysis of SPF and Sender-ID

In my spare time when I'm not dealing with the world of e-mail, I'm a politician so now and then I put on my cynical political hat. At the FTC Authentication Summit one of the more striking disagreements was about the merits and flaws of SPF and Microsoft's Sender-ID. Some people thought they are wonderful and the sooner we all use them the better. Others thought they are deeply flawed and pose a serious risk of long-term damage to the reliability of e-mail. Why this disagreement over what one might naively think would be a technical question? more

.NET Bid Contenders

Yesterday was the deadline for the submissions of responses to the .NET re-bid RFP. As of my last count, there are five companies that I am aware of that submitted proposals for the .NET rebid. Three of these were quite publicly announced, Afilias, Denic, and Verisign. The other two bidders are Multi-Stakeholder groups. Sentan and Core++. Sentan appears to be a Joint Venture between .jp and Neulevel, and Core++ is ISC, Telfonica, and .br, with participation from Core, Nida (.kr), and .zaDNA (.za). more

Closer Look at Domain Name Transfer Policy and the Hijacking of Panix.com

Given the recent panix.com hijacking, I will give an outline of the current ICANN transfers process for gtlds. In the case of panix.com, evidence so far indicates that a third party that holds an account with a reseller of Melbourne IT, fraudulently initiated the transfer. The third party appears to have used stolen credit cards to establish this account and pay for the transfer. That reseller is analyzing its logs and cooperating with law enforcement. more

Hijacking of Panix.com: A Call for An Emergency Rollback Procedure

There's a thread on NANOG to the effect that Panix, the oldest commercial Internet provider in New York, had its domain name 'panix.com' hijacked from Dotster over to MelbourneIT and it has pretty well taken panix.com and its customers offline. Looks like this may be among the first high-profile unauthorized transfer under the new transfer policy. It begs the question, despite the existence of the dispute policy under the new system, what provisions should there be for a situation like this where every hour causes untold damage to the party in question... more

Customer Service is Law: The Panix Story

The NANOG list yesterday was the virtual equivalent of a nearby nocturnal car alarm: "panix.com has been hijacked!" (whoo-WEE, whoo-WEE); "those jerks at VeriSign!" (duhhhhh-WHEEP, duhhhh-WHEEP); "no one's home at Melbourne IT!" (HANK, HANK, HANK, HANK). Finally, on Monday morning in Australia, the always-competent and helpful Bruce Tonkin calmly fixed the situation. So the rest of us can get some sleep now. But as we nod off in the quietness, let's consider just exactly what happened here. more

Internet to ITU: Stay Away from My Network

An ITU document entitled "Beyond Internet Governance" crossed my desk earlier this week. Given that I had absolutely nothing better to do, I decided to give it a read. The audacity of the ITU Secretariat is nothing less than shocking. It has been a long while since I read such a self-serving, narrow-minded and inaccurate document. The backbone of the ITU's contention rests on the premise that something called the Next Generation Network and the contention that this network will act as one big bug fix for all the problems created by current inter-networking technology. more

A Year of CAN SPAM

The CAN SPAM Act of 2003 went into effect a year ago on Jan 1, 2004. As of that date, spam suddenly stopped, e-mail was once again easy and pleasant to use, and Internet users had one less problem to worry about. Oh, that didn't happen? What went wrong? more

2004: The Year That Promised Email Authentication

As the year comes to a close, it is important to reflect on what has been one of the major actions in the anti-spam arena this year: the quest for email authentication. With email often called the "killer app" of the Internet, it is important to reflect on any major changes proposed, or implemented that can affect that basic tool that many of us have become to rely on in our daily lives. And, while many of the debates involved myriads of specialized mailing lists, standards organizations, conferences and even some government agencies, it is important for the free and open source software (FOSS) community as well as the Internet community at large, to analyze and learn lessons from the events surrounding email authentication in 2004. more

Where Did the .ORG Money Go?

A friend pointed me to the latest Internet Society budget for 2005 :- ISOC is expecting PIR (ie, .ORG) to contribute 3.4M to the society! Wow, thats 2-3x as much as what Internet Society gets from its membership! I think that's pretty neat because ISOC has been in the red for many years and could certainly use some help financially. After all, it is hosting IETF and also paying for the IANA registry and RFC-Editors, all of which is critical to the Internet standardization process... more

Survey Predicts Attacks on the Network Infrastructure Within 10 Years

Pew Internet Project has released a report called "The Future of the Internet" based on a recently conducted survey where 1,286 internet experts are said to have looked at the future impact of the internet and assessed predictions about how technology and society will unfold. The following is and excerpt from the report predicting at least one devastating attack will occur in the next 10 years on the networked information infrastructure or the United States power grid. more

OMB Focuses On Cybersecurity

Ensuring federal cybersecurity is essential to protecting national security. According to some media reports, recommendations have been made to the Bush Administration to "create a distinct administrative cybersecurity position within the Homeland Security Department to oversee progress in the federal government and act as a liaison with private industry." However, before new bureaucracy is created, it is important to recognize the practical cybersecurity policies and projects that are already being undertaken by the Administration. more

Reforming Whois

Now that we're into the New Year and deadline for public comment on the proposed new .CA whois policy nears and now that my term as a CIRA Director enters its home stretch, I wanted to take some time to elaborate further on my Unsanctioned Whois Concepts post from long ago and revise it somewhat. more

Tracking Internet Piracy: Harder Than You Think

Wired Magazine recently published an article called "The Shadow Internet", where it says: "Anathema is a so-called topsite, one of 30 or so underground, highly secretive servers where nearly all of the unlicensed music, movies, and videogames available on the Internet originate. Outside of a pirate elite and the Feds who track them, few know that topsites exist. Even fewer can log in." But what are the difficulties in tracking and identifying these so-called topsites? Joel Snyder, a senior network consultant responds. more

Person to Person Security and Privacy Infringement

IT security strategies invariably focus on maintaining impenetrable fortresses around computers and network systems. Firewalls, virtual private networks and anti-virus programs are the tools IT engineers use to create their digital security. Sophisticated defense systems can be very effective at keeping the obvious attackers at bay, yet they often create a false sense of security because the real attacks, the kind that inflict irreparable damage on a system or network, avoid the obvious routes into the secure fortress. more