I finally got the "official" word from Vint Cerf of ICANN, "on the record", who confirmed that my interpretation is correct, that differential/tiered pricing on a domain-by-domain basis would not be forbidden under the .biz/info/org proposed contracts. This means that the registries could charge $100,000/yr for sex.biz, $25,000/yr for movies.org, etc. if they wanted to -- it would not be forbidden the way the proposed contracts are currently written. This would represent a powerful pricing weapon for registries, and a fundamental shift in possible domain name pricing, that could lead them to emulate .tv-style price schedules. It doesn't mean they will necessarily do it, but it's not forbidden. When a contract doesn't forbid something bad, it implicitly allows it... more
ENUM has a critical role to play in telephony services convergence. Although many carriers are adopting ENUM there are myths swirling around the confuse newcomers. In data networks, the domain name system (DNS) is responsible for converting Uniform Resource Locators (URL's) to IP addresses in order to route data traffic. The ENUM protocol performs a similar essential function of linking E.164 telephone numbers to Universal Resource Identifiers (URIs) -- enabling communication services to use traditional phone numbers to set up calls over IP networks. Unfortunately, there's a good deal of hype and confusion around ENUM, which might lead carriers to delay ENUM implementations. That delay would be a mistake... more
For some years now the general uptake of IPv6 has appeared to be "just around the corner". Yet the Internet industry has so far failed to pick up and run with this message, and it continues to be strongly reluctant to make any substantial widespread commitment to deploy IPv6. Some carriers are now making some initial moves in terms of migrating their internet infrastructure over to a dual protocol network, but for many others it's a case of still watching and waiting for what they think is the optimum time to make a move. So when should we be deploying IPv6 services? At what point will the business case for IPv6 have a positive bottom line? It's a tough question to answer, and while advice of "sometime, probably sooner than later" is certainly not wrong, it's also entirely unhelpful as well! more
I'm kinda foxed by the some of the discussion going on about "Net Neutrality". The internet was designed from the outset not to be content neutral. Even before there was an IP protocol there were precedence flags in the NCP packet headers. And the IP (the Internet Protocol) has always had 8 bits that are there for the sole purpose of marking the precedence and type-of-service of each packet. It has been well known since the 1970's that certain classes of traffic -- particularly voice (and yes, there was voice on the internet even during the 1970's) -- need special handling... more
All those Internet Governance pundits who track ICANN the way paparazzi track Paris Hilton are barking up the wrong tree. They've mistaken the Department of Street Signs for the whole of the state. The real action involves words like rbldnsd, content filtering, and webs of trust. Welcome to the Internet! What's on the menu today? Spam, with some phish on the side! We've got email spam, Usenet spam, IRC spam, IM spam, Jabber spam, Web spam, blogs spam, and spam splogs. And next week we'll have some brand new VoIP spam for you. Now that we're a few years into the Cambrian explosion of messaging protocols, I'd like to present a few observations around a theme and offer some suggestions. more
In looking at the general topic of trust and the Internet, one of the more critical parts of the Internet's infrastructure that appears to be a central anchor point of trust is that of the Domain Name Service, or DNS. The mapping of "named" service points to the protocol-level address is a function that every Internet user relies upon, one way or another. The ability to corrupt the operation of the DNS is one of the more effective ways of corrupting the integrity of Internet-based applications and services. If an attacker can in some fashion alter the DNS response then a large set of attack vectors are exposed. ...The more useful question is whether it is possible to strengthen the DNS. The DNS is a query -- response application, and the critical question in terms of strengthening its function is whether it is possible to authenticate the answers provided by the DNS. DNSSEC provides an answer to this question. more
From the perspective of Internet security operations, here is what Net Neutrality means to me. I am not saying these issues aren't important, I am saying they are basically arguing over the colour of bits and self-marginalizing themselves. For a while now I tried not to comment on the Net Neutrality non-issue, much like I didn't comment much on the whole "owning the Internet by owning the Domain Name System" thingie. Here it goes anyway. Two years ago I strongly advocated that consumer ISP's should block some ports, either as incident response measures or as permanent security measures... more
Several people emailed me about the actual things the senator said and why he is off-base. I decided to listen to his speech again, and write down the points I believe are critical. Senator Stevens who everyone is dissing on for his speech on Net Neutrality in my book spoke nothing less than brilliant. I will also tell you, in my opinion, exactly why... He nailed down the subject into the point that matters: Business. It's about profit. more
Black Frog -- a new effort to continue the SO-CALLED Blue Security fight against spammers. A botnet, a crime, a stupid idea that I wish would have worked -- News items on Black Frog. Blue Frog by Blue Security was a good effort. Why? Because they wanted to "get spammers back". They withstood tremendous DDoS attacks and abuse reports, getting kicked from ISP after ISP. ...The road to hell is filled with good intentions. Theirs was golden, but they got to hell, quite literally, non-the-less. ...When Blue Security went down, some of us made a bet as to when two bored guys sitting and planning their millions in some café would show up, with Blue Security's business plan minus the DDoS factor. Well -- they just did. more
In follow-up to recent announcement on the release of the latest edition of the very popular DNS and BIND book -- often referred to as the bible of DNS -- CircleID has caught up with Cricket Liu, co-author and a world renowned authority on the Domain Name System. In this interview, Cricket Liu talks about emerging issues around DNS such as security and IPv6 support, and important new features such as internationalized domain names, ENUM (electronic numbering), and SPF (the Sender Policy Framework). "Cricket Liu: We're now seeing more frequent attacks against DNS infrastructure. ...Turns out that name servers are terrific amplifiers -- you can get an amplification factor of nearly 100x. These attacks have raised awareness of the vulnerability of Internet name servers, which is possibly the only positive result..." more
My weekly Law Bytes column (Toronto Star version, freely available version) examines the growing trend toward a two-tiered Internet, which upends the longstanding principle of network neutrality under which ISPs treat all data equally. I argue that the network neutrality principle has served ISPs, Internet companies, and Internet users well. It has enabled ISPs to plausibly argue that they function much like common carriers and that they should therefore be exempt from liability for the content that passes through their systems. ...Notwithstanding its benefits, in recent months ISPs have begun to chip away at the principle. more
I'm sure this is something that's been raked over before, but I don't see a common understanding of what 'Net Neutrality' actually is. Despite many of the Internetorati demanding it by law. There appear to be several different camps, which you could paint as "bottom of IP", "middle" and "top". The bottomistas would see enforced Internet Protocol itself as a premature optimisation and violation of the end-to-end principle. Unhappy that you only get IPv4 or IPv6? Still grumpy that you only have IPv4 and not even IPv6? Really miserable that your VoIP packets are staggering under the poisonous load of IPv6 headers? You're a bottomista. more
mTLD's .mobi entered the root zone on Tuesday, quietly contrasted amidst all of the recent ICANN/VeriSign announcements. The .mobi mTLD is a Dublin, Ireland based joint venture between the Nokia Corporation, Vodafone Group Services Limited, and Microsoft. The .mobi domain was granted to service a sponsored community, consisting of: Individual and business consumers of mobile devices, services and applications; Content and service providers; Mobile operators; Mobile device manufacturers and vendors; IT technology and software vendors who serve the mobile community, and there are numerous benefits of .mobi to this community. more
Ever since Neustar announced they signed a deal with GSMA to oversea global database for the mobile operators last week (see also Washington Post), there are many debates about the deal online. "Neustar, a company that should certainly know better, has announced that they're going to create a .gprs TLD to serve the mobile phone industry This, of course, requires creation of a private root zone, against the very strong warnings in RFC 2826" said Steven Bellovin. To the more supportive John Levine: "This isn't quite as stupid as it seems. The GSM industry needs some way to maintain its roaming user database, the database is getting considerably more complicated with 3G features, and it looks to me like they made a reasonable decision to use DNS over IP to implement it rather than inventing yet another proprietary distributed database." more
Is it just a coincidence that some of the leading Internet-based application companies are pushing aggressively into network connectivity at exactly the same time the major telephone companies are pushing into content? Or are we witnessing the end of the Internet as we know it? Think back to the online world fifteen years ago. There was AOL, there was Compuserve, there was Prodigy, and there was Apple's eWorld. Sure, there were researchers and students posting to Usenet newsgroups and navigating through Gopher sites, but the Internet was a sideshow for individuals and business users. ...the online world of those days was fragmented and small. Every online service was an island. Are we going back to those days? more