In my day job I run one of the largest registrars / resellers of IE domains (the IE ccTLD is the domain name for Ireland). In the course of doing that I have spent quite a lot of time becoming accustomed to the rules and regulations that govern both the naming and general registration criteria of IE domains. In some cases I can understand why rules are the way they are, whereas in others I am completely baffled... more
At the Internet Governance Forum in Baku, I made an intervention on behalf of NL IGF, reporting on the recommendations given by the participants of Workshop 87... I concluded that more regulatory and law enforcement bodies need to become part of the IGF discussions, as they are an integral part of governing the Internet from a safety and security perspective. Mr. Cerf responded with a one-liner: "I can't help observing, if we keep the regulatories confused, maybe they will leave us alone". more
In many respects the internet is going to hell in a hand basket. Spam, phishing, DNS poisoning, DDoS attacks, viruses, worms, and the like make the net a sick place. It is bad enough that bad folks are doing this. But it is worse that just about every user computer on the net offers a nice fertile place for such ill behavior to be secretly planted and operated as a zombie under the control of a distant and unknown zombie farmer. ...Some of us are coming to the converse point of view that the net is being endangered by the masses of ill-protected machines operated by users. more
As the year comes to a close, it is important to reflect on what has been one of the major actions in the anti-spam arena this year: the quest for email authentication. With email often called the "killer app" of the Internet, it is important to reflect on any major changes proposed, or implemented that can affect that basic tool that many of us have become to rely on in our daily lives. And, while many of the debates involved myriads of specialized mailing lists, standards organizations, conferences and even some government agencies, it is important for the free and open source software (FOSS) community as well as the Internet community at large, to analyze and learn lessons from the events surrounding email authentication in 2004. more
There is much talk currently about the WSIS meeting taking place in Geneva this week which means some needed attention is being paid to Internet governance. While some may view the term "Internet governance" as an oxymoron and my natural reaction is something along the lines of "I hope that they continue to view regulation as too complicated so that we Internet-folks can just keep doing what we are doing" I confess to knowing deep down that we would all be better off with a simple, effective policy framework than with the current anarchic state. more
On February 4, 2004, United States Congress held a hearing on a new proposed bill called the Fraudulent Online Identity Sanctions Act (FOISA). This bill will increase prison sentences by up to seven years in criminal cases if a domain owner provides "material and misleading false contact information to a domain name registrar, domain name registry, or other domain name registration authority." What follows is a collection of commentaries made in response to this proposed bill. more
Is the internet on the verge of a meltdown? A non-profit organization, People For Internet Responsibility (PFIR), is concerned that there is the risk of "imminent disruption, degradation, unfair manipulation, and other negative impacts on critical Internet services..." PFIR believes that the "red flag" warning signs of a potential meltdown include "attempts to manipulate key network infrastructures such as the domain name system; lawsuits over Internet regulatory issues... ever-increasing spam, virus, and related problems..." more
In my spare time when I'm not dealing with the world of e-mail, I'm a politician so now and then I put on my cynical political hat. At the FTC Authentication Summit one of the more striking disagreements was about the merits and flaws of SPF and Microsoft's Sender-ID. Some people thought they are wonderful and the sooner we all use them the better. Others thought they are deeply flawed and pose a serious risk of long-term damage to the reliability of e-mail. Why this disagreement over what one might naively think would be a technical question? more
The DNSSEC is a security protocol for providing cryptographic assurance (i.e. using the public key cryptography digital signature technology) to the data retrieved from the DNS distributed database (RFC4033). DNSSEC deployment at the root is said to be subject to politics, but there is seldom detailed discussion about this "DNS root signing" politics. Actually, DNSSEC deployment requires more than signing the DNS root zone data; it also involves secure delegations from the root to the TLDs, and DNSSEC deployment by TLD administrations (I omit other participants involvement as my focus is policy around the DNS root). There is a dose of naivety in the idea of detailing the political aspects of the DNS root, but I volunteer! My perspective is an interested observer. more
As a daily and enthusiastic reader of The New York Times, I was disappointed to read their February 1 article on CAN-SPAM entitled, "Law Barring Junk E-Mail Allows a Flood Instead" (subscription required). The theme of the article was, as the title suggests, that enacting CAN-SPAM was worse than having no laws at all. The article really missed the point on several fronts. more
A company called PW Registry Corporation makes the following announcement regarding the .PW ccTLD originally designated for the country of Palau: "The PW Registry Corporation announced today plans for the activation of the PW top- level domain (TLD), the Internet's first and only domain extension devoted to "Communities of Shared Interests". Unlike other domain extensions, such as .com, .biz, and .info, PW is aimed at providing individuals and consumer/affinity organizations a highly-personalized, permanent and portable e-mail address and a managed platform for community and social networking." more
I'm sitting here at the Inbox conference on e-mail, and listening to an encouraging, plays-nicely-with-other-children talk from Ryan Hamlin, GM of anti-spam technology and strategy at Microsoft. Over the past couple of months, with evidence abounding at this conference, a number of big industry players have been getting together to fight spam. Most significantly, Microsoft, Yahoo! and AOL - plus a bunch of (other) ISPs are getting together behind a single standard for "Sender ID " - (actually, server authentication) name not yet determined... more
Stratton Sclavos of VeriSign distills the essence of the SiteFinder controversy in his CNet interview...There is a subtle but essential misunderstanding here. Innovation can and should happen in Internet infrastructure, but there are a handful of core elements that must remain open and radically simple if the Internet is to remain, well, the Internet. These include TCP/IP, SMTP, HTTP, BIND, BGP, and the DNS (especially the .com registry). Any change in these protocols should be very carefully vetted through a consensus-based process. more
Looking back at the year that just ended, here are the top ten most popular news, blogs, and industry news on CircleID in 2009 based on the overall readership of the posts. Congratulations to all the participants whose posts reached top readership in 2009 and best wishes to the entire community in 2010. more
I am at the ICANN meeting in Rome. The big story here is that ICANN is under attack for not sticking to its narrow mission -- technical coordination of the DNS and IP numbering system. People here are referring obliquely to the VeriSign lawsuit as "recent events" (as in "in light of recent events"). This euphemism reminds me of words used to reference the US Civil War ("the late unpleasantness"). more
A World-Renowned Source for Internet Developments. Serving Since 2002.