Home / Blogs

Discussion at the Internet Governance Forum in Geneva

Patrik Fältström

While travelling home from Geneva, I was thinking quite a lot on the relationship between a ccTLD (registry) and a Country. This is because many countries are starting to talk louder and louder about the responsibilities Countries have on critical infrastructure, or (possibly more important) the management of the critical infrastructure.

Will for example any (none?) of ccTLD operators (servers) sustain a denial of service attack of a scale similar to the attack on the root servers? What can ccTLD operators do to resist the malicious attacks? Should this be discussed?

Many ccTLD (and other TLD) operators can. Many can not. TLD operators can normally withstand an attack better than DNS lower down the DNS hierarchy. I.e. the closer to the root the servers are, the better they can withstand an attack. Of course I generalize, but what I am trying to say is that maybe the community should not be worried about the root servers not being able to provide a service anymore.

For more information about DNS infrastructure, see for example the latest issue of the Internet Protocol Journal.

One thing that worries me is any direct correlation between "the country" and "the ccTLD". That binding is something that I think ICANN and other countries should be very careful of doing "too fast". Take .NU for example. What do we know of the potential contractual agreements between the ccTLD manager and the country? Same with .TV, or .TW, or .AX (or .SE for that matter).

It can NOT be the case that the government is responsible for something they do not want to be responsible for, if you see what I mean. We do not know what responsibility they have, or want to have.

And even IF they have that responsibility (or rather, regardless of who has that responsibility) they have to calculate the risk of being attacked, for example using the DNS protocol, and compare that with the cost of being able to withstand the attack.

The person/group that is responsible for the service (the board for a company website for example) must take a conscious decision on what load the website must be able to handle. Given that requirement, the IT staff can calculate a cost to build it, that the board accept. When later an attack arrives, and the site dies, one can directly see whether it was lower than the required load it could handle (and then the site was built the wrong way) or higher than required, and then the board might have taken the wrong decision regarding what the site should handle.

I am as you see nervous over external bodies stating what load a service must be able to handle that someone else is responsible (and pay) for. Anything below the root I think is such a service that "the global community should not decide on". The local community the TLD serve should make the decision.

To explain and discuss things and tell what attacks exists, so that the board (or country) in the examples above make the correct decisions, absolutely.

To increase cooperation between police etc. so that the source of large attacks can be found, absolutely.

To increase legal cooperation so that it is illegal to initiate attacks, absolutely.

But to say what load a ccTLD dns must be able to handle, no, I do not think so.

I also think you should read the blog post of my friend Kurt-Erik Lindqvist (also responsible for i-root) regarding the ddos in Estonia. He comments on an article about the attack in his blog.

What I think IGF can help, where I agree with Kurtis, is to discuss what is actually going on out there, how to cooperate to find the criminals, and how to actually bring them to court.

My experience is that the hardest thing today is not to find the people, it is to bring them to court, and tie what they do to something that actually is illegal according to some legislation.

It is the COOPERATION between technical people, police and legislative bodies, in ALL countries that can be, and should be improved.

And that is where IGF can help. A lot!

By Patrik Fältström. More blog posts from Patrik Fältström can also be read here.

Related topics: Cyberattack, Cybercrime, Cybersecurity, DDoS, DNS, ICANN, Internet Governance, Internet Protocol, Registry Services, Top-Level Domains

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

Re: Discussion at the Internet Governance Forum in Geneva Milton Mueller  –  Jun 01, 2007 7:37 AM PDT

Patrik:
The Whois debates have revealed a similar need for inter-agency, transnational, multi-stakeholder cooperation and deliberation. The current working group on Whois now includes some people, such as a small number of law enforcement agencies and bank representatives, who were not previously involved directly in ICANN processes. When we talk about how best to respond to phishing sites, many of the same issues as ccTLD DDos attacks are raised.

My questions to you are: how exactly can the IGF help achieve the kind of cooperation you are seeking? How is IGF better than direct intergovernmental negotiations and conventions? What processes or mechanisms within IGF can leverage its advantages over those other processes?

Re: Discussion at the Internet Governance Forum in Geneva Suresh Ramasubramanian  –  Jun 03, 2007 9:48 AM PDT

IGF?  Not by itself.  It certainly doesnt have a mandate to do anything of the sort.  However, getting all the relevant people together in the same room tends to speed up the process, if at least through backchannel contacts first. 

Mutual negotations between individual governments tends to take rather longer, and conventions are typically negotiated at a ministerial level - a far higher and more formalized level of interaction than inter agency cooperation, which is what is going to help much more in this case.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Cybersecurity

Sponsored by Verisign

DNS Security

Sponsored by Afilias

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Domain Registrations Reach 331.9 Million, 6.7 Million Growth Year over Year

.brands Spotlight: Banking and Finance Industries

Google Buys Business.Site Domain for 'Google My Business'

Radix Announces Global Web Design Contest, F3.space

Global Domain Name Registrations Reach 330.6 Million, 1.3 Million Growth in First Quarter of 2017

.TECH Gets Its Big Hollywood Break

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

.PRESS Supports Press Freedom Day for 3rd Consecutive Year

Leading Internet Associations Strengthen Cooperation

5 Afilias Top Level Domains Now Licensed for Sale in China

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Startup League Reports from WebSummit, Lisbon