Home / Blogs

Discussion at the Internet Governance Forum in Geneva

Patrik Fältström

While travelling home from Geneva, I was thinking quite a lot on the relationship between a ccTLD (registry) and a Country. This is because many countries are starting to talk louder and louder about the responsibilities Countries have on critical infrastructure, or (possibly more important) the management of the critical infrastructure.

Will for example any (none?) of ccTLD operators (servers) sustain a denial of service attack of a scale similar to the attack on the root servers? What can ccTLD operators do to resist the malicious attacks? Should this be discussed?

Many ccTLD (and other TLD) operators can. Many can not. TLD operators can normally withstand an attack better than DNS lower down the DNS hierarchy. I.e. the closer to the root the servers are, the better they can withstand an attack. Of course I generalize, but what I am trying to say is that maybe the community should not be worried about the root servers not being able to provide a service anymore.

For more information about DNS infrastructure, see for example the latest issue of the Internet Protocol Journal.

One thing that worries me is any direct correlation between "the country" and "the ccTLD". That binding is something that I think ICANN and other countries should be very careful of doing "too fast". Take .NU for example. What do we know of the potential contractual agreements between the ccTLD manager and the country? Same with .TV, or .TW, or .AX (or .SE for that matter).

It can NOT be the case that the government is responsible for something they do not want to be responsible for, if you see what I mean. We do not know what responsibility they have, or want to have.

And even IF they have that responsibility (or rather, regardless of who has that responsibility) they have to calculate the risk of being attacked, for example using the DNS protocol, and compare that with the cost of being able to withstand the attack.

The person/group that is responsible for the service (the board for a company website for example) must take a conscious decision on what load the website must be able to handle. Given that requirement, the IT staff can calculate a cost to build it, that the board accept. When later an attack arrives, and the site dies, one can directly see whether it was lower than the required load it could handle (and then the site was built the wrong way) or higher than required, and then the board might have taken the wrong decision regarding what the site should handle.

I am as you see nervous over external bodies stating what load a service must be able to handle that someone else is responsible (and pay) for. Anything below the root I think is such a service that "the global community should not decide on". The local community the TLD serve should make the decision.

To explain and discuss things and tell what attacks exists, so that the board (or country) in the examples above make the correct decisions, absolutely.

To increase cooperation between police etc. so that the source of large attacks can be found, absolutely.

To increase legal cooperation so that it is illegal to initiate attacks, absolutely.

But to say what load a ccTLD dns must be able to handle, no, I do not think so.

I also think you should read the blog post of my friend Kurt-Erik Lindqvist (also responsible for i-root) regarding the ddos in Estonia. He comments on an article about the attack in his blog.

What I think IGF can help, where I agree with Kurtis, is to discuss what is actually going on out there, how to cooperate to find the criminals, and how to actually bring them to court.

My experience is that the hardest thing today is not to find the people, it is to bring them to court, and tie what they do to something that actually is illegal according to some legislation.

It is the COOPERATION between technical people, police and legislative bodies, in ALL countries that can be, and should be improved.

And that is where IGF can help. A lot!

By Patrik Fältström. More blog posts from Patrik Fältström can also be read here.

Related topics: Cyberattack, Cybercrime, DDoS, DNS, Registry Services, ICANN, Internet Governance, Internet Protocol, Security, Top-Level Domains

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Re: Discussion at the Internet Governance Forum in Geneva Milton Mueller  –  Jun 01, 2007 7:37 AM PDT

Patrik:
The Whois debates have revealed a similar need for inter-agency, transnational, multi-stakeholder cooperation and deliberation. The current working group on Whois now includes some people, such as a small number of law enforcement agencies and bank representatives, who were not previously involved directly in ICANN processes. When we talk about how best to respond to phishing sites, many of the same issues as ccTLD DDos attacks are raised.

My questions to you are: how exactly can the IGF help achieve the kind of cooperation you are seeking? How is IGF better than direct intergovernmental negotiations and conventions? What processes or mechanisms within IGF can leverage its advantages over those other processes?

Re: Discussion at the Internet Governance Forum in Geneva Suresh Ramasubramanian  –  Jun 03, 2007 9:48 AM PDT

IGF?  Not by itself.  It certainly doesnt have a mandate to do anything of the sort.  However, getting all the relevant people together in the same room tends to speed up the process, if at least through backchannel contacts first. 

Mutual negotations between individual governments tends to take rather longer, and conventions are typically negotiated at a ministerial level - a far higher and more formalized level of interaction than inter agency cooperation, which is what is going to help much more in this case.

To post comments, please login or create an account.

Related Blogs

Studying .BRAND New gTLDs

A Case to Further DNS Registrar Industry Self-Regulation

Loudmouths Wanted for ICANN WHOIS Replacement Work

Use STIX to Block Robocalls

How Long Does a URS Case Take?

Related News

Explore Topics

Promoted Post

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Startup League Reports from WebSummit, Lisbon

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

.SPACE Becomes the Choice of the First Ever Space Nation Asgardia

Government Guidance for Email Authentication Has Arrived in USA and UK

Afilias Chairman Jonathan Robinson Wins ICANN's 2016 Leadership Award at ICANN 57

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Why .com is the Venture Capital Community's Power Player

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

Sponsored Topics