I have recently become aware of a blog post from Recorded Future that attempts to analyze the effects of the GDPR on online security. Unfortunately, it starts by asking an irrelevant question and then goes on to use irrelevant metrics to come to a meaningless answer. The premise of Recorded Future's article - that spammers would send more spam and register more domains because GDPR came into effect - tells us nothing useful about how GDPR affects anything. It's the wrong question... more
I keep hearing stories of people using "foldering" for covert communications. Foldering is the process of composing a message for another party, but instead of sending it as an email, you leave it in the Drafts folder. The other party then logs in to the same email account and reads the message; they can then reply via the same technique. Foldering has been used for a long time, most famously by then-CIA director David Petraeus and his biographer/lover Paula Broadwell. Why is foldering used? more
Every four years, the 168-year-old, Geneva-based treaty organization that provides the legal basis for worldwide network communications, radio spectrum management, and satellite placements holds a "plenipotentiary" conference among its 193 sovereign nation members. The next plenipotentiary begins on 29 October for three weeks. In addition to potentially altering treaty provisions and resolutions, and constituting its Council as an interim governing body, it elects 17 individuals to its five permanent bodies... more
Special interests who oppose privacy are circulating draft legislation to cut short ICANN's Whois policy process, warns Milton Mueller in a post published today in Internet Governance Project. more
Recently we've seen several examples of likely state sponsored security incidents of which the appropriateness was later strongly debated. Incidents such as states impacting commercial enterprises during cyber attacks; purported sabotage of critical infrastructure, and attacks on civilian activists have all, to a greater or lesser degree, led to concerns being raised by both civilian watchdog groups, academics, technologists and governments. more
As most you might know, this year marks the 20th anniversary of the formation of the Internet Corporation for Assigned Names and Numbers (ICANN). The organization was officially incorporated as a California non-profit corporation on September 30, 1998. ICANN plans to mark its 20th anniversary during ICANN63 in Barcelona, 20-25 October 2018. In response to a request from the organization, leading up to ICANN63, CircleID will host a series of blogs written by community members... more
Amazingly enough, summer is rapidly ending as kids head back to school, the temperatures in the mornings are just slightly cooler, and soon enough jeans and sweatshirts will be upon us. It also means that the important work on ICANN's temporary specification regarding WHOIS relative to GDPR has already aged a few months. The ICANN Board adopted the temporary specification in May 2018 and it became effective on the 25th of the month. more
The number of IPv4 transactions and volume of IP addresses flowing to and from organizations in the ARIN region in the last 6 months put 2018 on track to be the most active year in the history of the IPv4 market. Nearly 25 million numbers were transferred in the first half of this year, more than doubling the volume of numbers transferred by this time last year and continuing the level of market activity in the last half of 2017 when just over 28 million numbers were transferred. more
The APNIC Blog has recently published a very interesting article by Willem Toorop of NLnet Labs on the relationship between Security Extensions for the DNS (DNSSEC) and DNS over Transport Layer Security. Willem is probably being deliberately provocative in claiming that "DoT could realistically become a viable replacement for DNSSEC." If provoking a reaction was indeed Willem's intention, then he has succeeded for me, as it has prompted this reaction. more
It is an open secret that the current state of IPv4 allocation contains many accidental historical imbalances and in particular developing countries who wish to use IPv4 are disadvantaged by the lack of addresses available through ordinary allocation and are forced into purchasing addresses on the open market. As most of the addresses for sale are held by organisations based in the developed world, this amounts to a transfer of wealth from the developing world to the developed world, on terms set by the developed world. more
When you're standing close to ICANN, the domain business may seem pretty big, but when you stand farther away, not so much. Verisign's revenues are about $1 billion/year. The .COM and .NET top-level domains together have about 150M names. The next biggest gTLDS are .ORG with 25M and .INFO with 12M. The biggest new TLDs are TOP with 2.9M and .XYZ with 1.8M, with both bloated by firesale prices. The rest are smaller, mostly much smaller. more
The results of a study presented today at a meeting of internet network researchers depicts critical communications infrastructure could be submerged by rising seas in as soon as 15 years. more
There have been many news stories of late about potential attacks on the American electoral system. Which attacks are actually serious? As always, the answer depends on economics. There are two assertions I'll make up front. First, the attacker -- any attacker -- is resource-limited. They may have vast resources, and in particular, they may have more resources than the defenders -- but they're still limited. Why? more
I have written about the problems with the "little green lock" shown by browsers to indicate a web page (or site) is secure. In that article, I consider the problem of freely available certificates, and a hole in the way browsers load pages. In March of 2017, another paper was published documenting another problem with the "green lock" paradigm - the impact of HTTPS interception. more
By some estimates, only half of the world's population has internet access, leaving the other half at a sizeable competitive disadvantage. This profound connectivity gap is especially significant in the unserved and underserved areas of developing and least-developed countries. For people who live in these places, Internet connectivity is not just about the Internet. It is a lifeline that gives access to electronic commerce and telehealth services, distance learning, social and political engagement, government services... more