Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
In this newly released paper Randal Vaughn and Gadi Evron discuss the threat of Distributed Denial of Service (DDoS) attacks using recursive DNS name servers open to the world. The study is based on case studies of several attacked ISPs reported to have on a volume of 2.8Gbps. One reported event indicated attacks reaching as high as 10Gbps and used as many as 140,000 exploited name servers. more
What would it take for this upcoming meeting to be a success? I am a big believer in ICANN's core principles, and in the forum it provides for private self-governance of domain names and numbers. I think the ICANN model continues to have great potential as a form of governance. For this meeting to be a success for me, personally, I'd like to see those core principles made more visibly operational -- or at least see a start made on this effort. I'm putting a stake in the ground with these posts, and we'll see whether progress happens or not. more
As the ICANN's week-long meeting in Wellington, New Zealand is now fully underway, the approval of the proposed .XXX top-level domain (TLD) continues to remain a key topic of discussion and its eventual approval yet uncertain. The .XXX TLD was widely expected to receive its final approval at the ICANN's last meeting held in Vancouver about 4 months earlier but the discussion was unexpectedly delayed as the organization and governments requested more time to review the merits of setting up such a domain. Stuart Lawley, president of the would-be .XXX operator ICM Registry LLC offers his comments from Wellington. more
Internationalized (non-ascii) domain names (IDN) are a key issue for ICANN. Yesterday, the Board completed two days of workshop presentations about various matters (IANA, security, GAC relationships), and we were briefed on the IDN testing that is planned. I thought it might be useful to make clear the distinction between the tests (which are testing mechanisms for IDNs) and the very difficult policy questions that confront ICANN. As several people explained to me yesterday, they're different. more
This morning I learned about MicroIDs from Doc Searls. Jeremy Miller has proposed MicroIDs as a microformat that "allows anyone to simply claim verifiable ownership over their own pages and content hosted anywhere." A MicroID is a hash of two hashed values. The first is a verified communication ID. The second is the URI of the site that the content will be published on. You end up with a unique, long string of gibberish that can be put in the header of a Web page or even wrapped around one part of a page... more
Ok, so I had a day in Wellington that was not busy with other things so I thought I'd wander over to the ICANN venue and sit in on the PUBLIC Forum... I saw friends on the walk over and we entered the venue, chatting about several different things. They pulled out their badges. I didn't have one. They were admitted, I was denied entrance... more
It has taken almost three years -- by some counts, more than 6 years -- but ICANN's domain name policy making organization has finally taken a stand on Whois and privacy. And the results were a decisive defeat for the copyright and trademark interests and the US government, and a stunning victory for advocates of the rights of individual domain name registrants... more
Today, there are hundreds of once highly protected famous name brands, which were backed by multi-million dollar promotional budgets, now commonly used in daily lingo as generic names, as it was their huge popularity that made them lose their trademark protection. So why is the use of famous trademarked names as 'verbs' in our daily language feared by the attorneys representing that mark? Now this calls for a closer look... more
In the last few years there have been many discussions on how the Internet is governed, and how it should be governed. The whole World Summit on the Information Society (WSIS) ended talking about this problem. It caused exchange of letters between the US Secretary of State and the European Union presidency. And it caused a public discussion, organized by the US Department of Commerce on that issue. I saw some reflection of this discussion and here are some comments on that. My colleague Milton Mueller of the Syracuse University sent me an e-mail today in which, among other, it says, "A global email campaign by IGP generated comments from 32 countries... more
In looking at the general topic of trust and the Internet, one of the more critical parts of the Internet's infrastructure that appears to be a central anchor point of trust is that of the Domain Name Service, or DNS. The mapping of "named" service points to the protocol-level address is a function that every Internet user relies upon, one way or another. The ability to corrupt the operation of the DNS is one of the more effective ways of corrupting the integrity of Internet-based applications and services. If an attacker can in some fashion alter the DNS response then a large set of attack vectors are exposed. ...The more useful question is whether it is possible to strengthen the DNS. The DNS is a query -- response application, and the critical question in terms of strengthening its function is whether it is possible to authenticate the answers provided by the DNS. DNSSEC provides an answer to this question. more
From the perspective of Internet security operations, here is what Net Neutrality means to me. I am not saying these issues aren't important, I am saying they are basically arguing over the colour of bits and self-marginalizing themselves. For a while now I tried not to comment on the Net Neutrality non-issue, much like I didn't comment much on the whole "owning the Internet by owning the Domain Name System" thingie. Here it goes anyway. Two years ago I strongly advocated that consumer ISP's should block some ports, either as incident response measures or as permanent security measures... more
The IETF DKIM working group has been making considerable progress, and now has a close-to-final draft. DKIM will let domains sign their mail so if you get a message from [email protected], the furble.net mail system can sign it so you can be sure it really truly is from furble.net. But unless you already happen to be familiar with furble.net, this doesn't give you any help deciding whether you want the message. This is where the new Domain Assurance Council (DAC) comes in... more
Another paper from the Fifth Workshop on the Economics of Information Security, (WEIS 2006) is Proof of Work can Work by Debin Liu and L, Jean Camp of Indiana University. Proof of work (p-o-w) systems are a variation on e-postage that uses computation rather than money. A mail sender solves a lengthy computational problem and presents the result with the message. The problem takes long enough that the sender can only do a modest number per time period, and so cannot send a lot of messages, thereby preventing spamming. But on a net full of zombies, proof of work doesn't work. more
Bloomberg is reporting that Gregory Reyes is facing criminal and civil charges in relation to securities fraud. Reuters and the Mercury News also have coverage. "Former Brocade Communications Systems Inc. Chief Executive Officer Gregory Reyes became the first CEO charged in the U.S. probe of the backdating of stock option grants to create lucrative employee pay packages." more
Becky Burr (former NTIA official) and lobbyist Marilyn Cade has made a proposal to create a multilateral working group to oversee the root zone file updates. I would characterize the Burr-Cade proposal as a "small step for mankind and a giant step for the US" to paraphrase Neil Armstrong. The main merit of the proposal is that it looks like something the USG might want to follow. Sevaral people suggested there should be no governmental oversight at all but that does not look realistic, in the sense that there can be huge economic and political interests behind ICANN decisions. more
A World-Renowned Source for Internet Developments. Serving Since 2002.