Refusing REFUSED

The U.S. Congress' road to Stopping Online Piracy (SOPA) and PROTECT IP (PIPA) has had some twists and turns due to technical constraints imposed by the basic design of the Internet's Domain Name System (DNS). PIPA's (and SOPA's) provisions regarding advertising and payment networks appear to be well grounded in the law enforcement tradition called following the money, but other provisions having to do with regulating American Internet Service Providers (ISPs) so as to block DNS resolution for pirate or infringing web sites have been shown to be ineffectual, impractical, and sometimes unintelligible. more»

CircleID's Top Ten Posts of 2011

Here are the top ten most popular news, blogs, and industry updates featured on CircleID in 2011 based on the overall readership of the posts for the year. Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2012. Happy New Year! more»

DNS Policy is Hop by Hop; DNS Security is End to End

The debate continues as to whether ISP's can effectively filter DNS results in order to protect brand and copyright holders from online infringement. It's noteworthy that there is no argument as to whether these rights holders and their properties deserve protection - nobody is saying "content wants to be free" and there is general agreement that it is harder to protect rights in the Internet era where perfect copies of can be made and distributed instantaneously. What we're debating now is just whether controlling DNS at the ISP level would work at all and whether the attempt to insert such controls would damage Secure DNS (sometimes called DNSSEC). more»

Breaking the Internet HOWTO: The Unintended Consequences of Governmental Actions

"Breaking the Internet" is really hard to do. The network of networks is decentralized, resilient and has no Single Point Of Failure. That was the paradigm of the first few decades of Internet history, and most people involved in Internet Governance still carry that model around in their heads. Unfortunately, that is changing and changing rapidly due to misguided government intervention. more»

The Christmas Goat, IPv6 and DNSSEC - Second Season

Last year the municipality of Gavle asked my company if we could help them load share the streaming pictures of the famous Christmas goat in Gävle. I accepted the invitation and set up a separate domain. My own interest in this was of course to track the usage of IPv6 and validation of DNSSEC from the visitors of the site. more»

Technical Comments on Mandated DNS Filtering Requirements of H. R. 3261 ("SOPA")

About two months ago, I got together with some fellow DNS engineers and sent a letter to the U. S. Senate explaining once again why the mandated DNS filtering requirements of S. 968 ("PIPA") were technically unworkable. This letter was an updated reminder of the issues we had previously covered... In the time since then, the U. S. House of Representatives has issued their companion bill, H. R. 3261 ("SOPA") and all indications are that they will begin "markup" on this bill some time next week. more»

DNSSEC Update from ICANN 42 in Dakar

While the global rollout of DNSSEC continues at the domain name registry level - with more than 25% of top-level domains now signed - the industry continues to focus on the problem of registrar, ISP and ultimately end-user adoption. At the ICANN meeting in Dakar in late October, engineers from some of the early-adopting registries gathered for their regular face-to-face discussion about how to break the "chicken or egg" problems of secure domain name deployment. more»

Taking the Anti-SOPA Message to the People

It was fascinating last week to read coverage of congressional hearings around the SOPA bill, or Stop Online Privacy Act. The bill has strong support from the Motion Picture Association of America, the U.S. Chamber of Commerce and big pharmaceutical companies. It's opposed by most technology and telecom companies, plus consumer advocate groups like the Electronic Frontier Foundation and Public Knowledge. more»

Protecting Intellectual Property is Good; Mandatory DNS Filtering is Bad

It has been about six months since I got together with four of my friends from the DNS world and we co-authored a white paper which explains the technical problems with mandated DNS filtering. The legislation we were responding to was S. 968, also called the PROTECT-IP act, which was introduced this year in the U. S. Senate. By all accounts we can expect a similar U. S. House of Representatives bill soon, so we've written a letter to both the House and Senate, renewing and updating our concerns. more»

Hacking Away at the Internet's Security

The front page story of the September 13 2011 issue of the International Herald Tribune said it all: "Iranian activists feel the chill as hacker taps into e-mails." The news story relates how a hacker has "sneaked into the computer systems of a security firm on the outskirts of Amsterdam" and then "created credentials that could allow someone to spy on Internet connections that appeared to be secure." According to this news report this incident punched a hole in an online security mechanism that is trusted by hundreds of millions of Internet users all over the network. more»

DNSSEC Takes Off in Wake of Root Zone Signing

The Domain Name System Security Extensions (DNSSEC) is a suite of IETF-developed specifications designed to validate information provided by the Domain Name System (DNS). ... When the root zone was signed in June 2010, this acted as a catalyst for TLD operators to deploy DNSSEC on their side. We have seen a gradual but significant increase in signed TLDs since then. The map in this post shows the level of DNSSEC deployment in Europe. more»

Defense in Depth for DNSSEC Applications

At the time of this writing DNSSEC mostly does not work. This is not a bad thing - in fact it's expected... There is a significant last-mover advantage DNSSEC deployment (or IPv6 deployment) and that can't be helped. It's all in a good cause though - everybody knows we need this stuff and some farsighted contributors put a lot of money and other resources into DNSSEC years or decades ago to ensure that when the time comes the world will have a migration path. Sadly, this leaves current investors and application designers and developers wondering whether there's a market yet. more»

DNSSEC Baby Steps Reported at ICANN 41

The Internet is slowly beginning to adopt the new DNSSEC domain names standard, but significant challenges remain. That was the main takeaway from a four-hour workshop on the technology held during the recent ICANN 41 public meeting in Singapore, which heard from many domain registries, registrars and other infrastructure providers. more»

Six Key Issues About Operating a TLD Registry

Brand owners unfamiliar with the domain name system (DNS) are hearing that their first step in registering a top level domain (TLD) is to select a back-end TLD registry provider. The fear instilled in them is that if they don't act quickly, all available service providers will have reached their capacity. Given ICANN's tight and inflexible application submission schedule, brands don't want to be left at the starting gate. more»

DNSSEC Maintenance - Just Like Mowing the Lawn

DNSSEC is a hot topic. It's a technology newly unleashed on popular networking, which has led to countless articles and posts on the subject, including right here on CircleID. The way a lot of articles try to get your attention is to talk about a technology, like DNSSEC, in a way that makes the technology either seem really significant or really complicated. That is why a lot of articles about DNSSEC make it sound like something huge, complicated, and scary. But it's not. more»