The group who is urging lawmakers to reconsider enacting such a mandate into law, includes leading domain name system (DNS) designers, operators, and researchers, responsible for numerous "RFCs" (technical design documents) for DNS, publication of many peer-reviewed academic studies related to architecture and security of the DNS, and responsible for the operation of important DNS infrastructure on the Internet.
The paper highlights the following as some of the serious technical and security concerns should the mandated DNS filtering be enacted into law:
The group insists that "the goals of PROTECT IP can be accomplished without reducing DNS security and stability, through strategies such as better international cooperation on prosecutions and the other remedies contained in PROTECT IP other than DNS-related provisions."
To download the paper title, "Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill," click here [PDF].
Authors of the paper:
Steve Crocker (CircleID) is CEO of Shinkuro, Inc. a security-oriented consulting and development company, and has been leading Shinkuro's work on deployment of DNSSEC, the security extension to DNS. He currently serves as vice chair of the board of ICANN and served as chair of ICANN's Security and Stability Advisory Committee from its inception in 2002 until 2010. He has been active in the Internet community since 1968 when he helped define the original set of protocols for the Arpanet, founded the RFC series of publications and organized the Network Working Group, the forerunner of today's Internet Engineering Task Force (IETF). He later served as the first Area Director for Security in the IETF. Over his forty plus years in network research, development and management, he has been an R&D Program Manager at DARPA, senior researcher at University of Southern California's Information Sciences Institute, Director of Aerospace Corp's Computer Science Laboratory, vice president of Trusted Information Systems, co-founder, senior vice president and CTO of CyberCash, Inc. and co-founder and CEO of Longitude Systems, Inc.
David Dagon is a post-doctoral researcher at Georgia Institute of Technology studying DNS security and the malicious use of the domain resolution system. He is a co-founder of Damballa, an Internet security company providing DNS-based defense technologies. He has authored numerous peer-reviewed studies of DNS security, created patent-pending DNS security technologies, and proposed anti-poisoning protocol changes to DNS.
Dan Kaminsky (CircleID) has been a noted security researcher for over a decade, and has spent his career advising Fortune 500 companies such as Cisco, Avaya, and Microsoft. Dan spent three years working with Microsoft on their Vista, Server 2008, and Windows 7 releases. Dan is best known for his work finding a critical flaw in the Internet's Domain Name System (DNS) and for leading what became the largest synchronized fix to the Internet's infrastructure of all time. Of the seven Recovery Key Shareholders who possess the ability to restore the DNS root keys, Dan is the American representative. Dan is presently developing systems to reduce the cost and complexity of securing critical infrastructure.
Danny McPherson (CircleID) is Chief Security Officer for VeriSign where he is responsible for strategic direction, research and innovation in infrastructure, and information security. He currently serves on the Internet Architecture Board (IAB), ICANN's Security and Stability Advisory Council, the FCC's Network Reliability and Interoperability Council (NRIC), and several other industry forums. He has been active within the Internet operations, security, research, and standards communities for nearly 20 years, and has authored a number of books and other publications related to these topics. Previously, he was CSO of Arbor Networks, and prior to that held technical leadership positions with Amber Networks, Qwest Communications, Genuity, MCI Communications, and the US Army Signal Corp.
Paul Vixie (CircleID) founded Internet Systems Consortium in 1996 and served as ISC's President from 1996 to 2011 when he was named Chairman and Chief Scientist. Vixie was the principal author of BIND versions 4.9 to 8.2, which is the leading DNS server software in use today. He was also a principal author of RFC 1996 (DNS NOTIFY), RFC 2136 (DNS UPDATE), and RFC 2671 (EDNS), coauthor of RFC 1876 (DNS LOC), RFC 2317 (DNS for CIDR), and RFC 2845 (DNS TSIG). Vixie's other interests are Internet governance and policy, and distributed system security.
On Mandated Content Blocking in the Domain Name System, Paul Vixie
Updates: UPDATED May 26, 2011 12:42 PM PST
Ron Wyden: Puts Hold On PROTECT IP, Temporarily Withdraws Amendment On The PATRIOT Act Techdirt, May.26.2011
Wyden Places Hold on Protect IP Act Press Releases, May.26.2011
Wyden Vows To Again Block Leahy Anti-Online Piracy Bill National Journal, May.26.2011
Senate panel OKs controversial antipiracy bill CNet, May.26.2011
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines
Neustar DNS Services
Neustar DDoS Protection