Featured Blogs


Call for Participation - DNSSEC Workshop at ICANN 55 in Marrakech, Morocco

Do you have an idea for a new way to use DNSSEC or DANE to make the Internet more secure? Have you recently installed DNSSEC and have a great case study you can share of lessons learned? Do you have a new tool or service that makes DNSSEC or DANE easier to use or deploy? Do you have suggestions for how to improve DNSSEC? Or new ways to automate or simplify the user experience? If you do, and if you will be attending ICANN 55 in Marrakech, Morocco (or can get there), we are now seeking proposals for the ICANN 55 DNSSEC Workshop that will take place on Wednesday, 9 March 2016. more»

The Cock and the Goat: ICANN in the Age of Horrorism

Like everyone else, former ICANN board members have been preoccupied by the horrific November 13th, 2015 attacks on Paris, France, by a bunch of cold-blooded mass murderers. Our email list discussion of the Paris attacks covered a number of issues, including the inevitable question: what, if anything, should ICANN do in response? Some list subscribers concluded that the events had nothing to do with ICANN's mission, and that we should just sigh and move on. Others, on the other hand, said: not so fast, it would serve ICANN well to take a closer look at the matter, and its ramifications on wider world of ICANN.  more»

Officially Compromised Privacy

The essence of information privacy is control over disclosure. Whoever is responsible for the information is supposed to be able to decide who sees it. If a society values privacy, it needs to ensure that there are reasonable protections possible against disclosure to those not authorized by the information's owner. In the online world, an essential technical component for this assurance is encryption. If the encryption that is deployed permits disclosure to those who were not authorized by the information's owner, there should be serious concern about the degree of privacy that is meaningfully possible. more»

Zero Rating: Something Is Better Than Nothing! Or Is It?

One of the primary purposes of global Internet Governance Forum (IGF) is to introduce a wide range of topics to newcomers and provide them with the opportunity to take back what they have learned in the hopes of establishing an understanding of the Internet Governance philosophy at the community or national level. As a first time participant at the 10th Global Internet Governance Forum (IGF 2015) that took place in Joao Pessoa Brazil, in early November of 2015, I felt the burden of being a representative from a developing country, a place where discussion of important issues is limited to a small group of individuals, often in informal settings, over coffee or in my case, green tea. more»

The Emotional Cost of Cybercrime

We know more and more about the financial cost of cybercrime, but there has been very little work on its emotional cost. David Modic and I decided to investigate. We wanted to empirically test whether there are emotional repercussions to becoming a victim of fraud (Yes, there are). We wanted to compare emotional and financial impact across different categories of fraud and establish a ranking list (And we did). more»

Why I Wrote 'Thinking Security'

I have a new book out, Thinking Security: Stopping Next Year's Hackers. There are lots of security books out there today; why did I think another was needed? Two wellsprings nourished my muse. (The desire for that sort of poetic imagery was not among them.) The first was a deep-rooted dissatisfaction with common security advice. This common "wisdom" -- I use the word advisedly -- often seemed to be outdated. Yes, it was the distillation of years of conventional wisdom, but that was precisely the problem: the world has changed; the advice hasn't. more»

Regulation and Reason

Imagine living in a country where it was necessary to register with your community government by providing a copy of one of the following... This may be necessary in perhaps a large number of nations. However, as a United States citizen and resident, I was quite surprised when my local community issued the request. I investigated and found much to my dismay, that my community in fact was required by regulation to survey its residents on a biennial basis. more»

In Network Security Design, It's About the Users

One of the longstanding goals of network security design is to be able to prove that a system -- any system -- is secure. Designers would like to be able to show that a system, properly implemented and operated, meets its objectives for confidentiality, integrity, availability and other attributes against the variety of threats the system may encounter. A half century into the computing revolution, this goal remains elusive. more»

Only One Week Left to Submit Nominations for PIR Board of Directors (Closes Nov 30)

If you would like to help guide the future of the Public Interest Registry (PIR), the non-profit operator of the .ORG, .NGO and .ONG domains, the deadline for nominations is MONDAY, NOVEMBER 30, 2015! After reading the information about the PIR Board requirements, you are welcome to nominate either yourself or anyone else using the PIR Nomination Form. Nominations close at 23:00 UTC on November 30, 2015, so don't delay! more»

Zero Rating, a Poisoned Chalice for the Developing World

A very Interesting meeting The Internet Governance Forum (IGF) with an ambitious theme of connecting the worlds next billion people to the Internet took place in early November 2015 in a beautiful resort city of João Pessoa in Brazil under the auspice of the United Nations. Few citizens of the world paid attention to it yet the repercussions of the policy issues discussed affect us all. more»

As WHOIS Transitions to RDAP, How Do We Avoid the Same Mistakes?

In 1905, philosopher George Santayana famously noted, "Those who cannot remember the past are condemned to repeat it." When past attempts to resolve a challenge have failed, it makes sense to consider different approaches even if they seem controversial or otherwise at odds with maintaining the status quo. Such is the case with the opportunity to make real progress in addressing the many functional issues associated with WHOIS. We need to think differently. more»

RIPE 71 Meeting Report

The RIPE 71 meeting took place in Bucharest, Romania in November. Here are my impressions from a number of the sessions I attended that I thought were of interest. It was a relatively packed meeting held over 5 days. So this is by no means all that was presented through the week... As is usual for RIPE meetings, it was a well organised, informative and fun meeting to attend in every respect! If you are near Copenhagen in late May next year I'd certainly say that it would be a week well spent. more»

USA Fibre Investments Encouraging Further Operator Expansion

According to data from the FttH Council, the number of homes passed with fibre in the US increased 13% in 2015, year-on-year, to 26 million. Combined with Canada and Mexico, the number of passed homes has reached 34 million. The take-up rate is excellent by international standards, at more than 50%. Commonly operators look to about 20% to 30% take-up before work can begin on new fibre infrastructure to communities. more»


Internet public policy -- and the technical ecosystem -- is at a crossroads and the choice of CEO that ICANN's board makes now is probably the most important such choice it has ever made. Since I work in Internet policy across the Geneva institutions where more than 50% of all international Internet-related policy meetings take place, and have worked at ICANN in senior positions in the past, I thought I would suggest some qualities the next CEO should have. more»

How DANE Strengthens Security for TLS, S/SMIME and Other Applications

The Domain Name System (DNS) offers ways to significantly strengthen the security of Internet applications via a new protocol called the DNS-based Authentication of Named Entities (DANE). One problem it helps to solve is how to easily find keys for end users and systems in a secure and scalable manner. It can also help to address well-known vulnerabilities in the public Certification Authority (CA) model. Applications today need to trust a large number of global CAs. more»

Latest Blogs

Recently Discussed

Most Discussed – Last 30 Days

Most Viewed – Last 30 Days

Sponsored Topics