/ Recently Commented

IPv6 Deployment Around the World: A New Digital Divide?

Alain Durand, Principal Technologist at ICANN, visited Georgia Institute of Technology last week for a talk on the global adoption of Internet Protocol version 6 (IPv6). The Internet Governance Project organized the talk in cooperation with Atlanta's Technology Development Center (ATDC) and the Institute for Information Security and Privacy. Durand, who was involved in the IPv6 standardization efforts at IETF back in the early to mid-1990s, offered a clear eyed assessment of the protocol's critical flaw... more

Why You Must Learn to Love DNSSEC

It's been nearly two months since the high profile BGP hijack attack against MyEtherwallet, where crypto thieves used BGP leaks to hijack MEW's name servers, which were on Amazon's Route53, and inserted their own fake name servers which directed victims to their own fake wallet site, thereby draining some people's wallets. It generated a lot of discussion at the time... What isn't fully appreciated is that attack has, in fact, changed the game somewhat... more

Google Engineer Ben McIlwain on Why HSTS Could Be a Perfect Fit for .Brands Security

The Google-run .app TLD was always destined to draw attention and scrutiny, from the moment it fetched a then-record ICANN auction price of $25 million. Since it reached General Availability in May it has gained more than 250,000 registrations making it one of the world's most successful TLDs. However perhaps more interesting was Google's choice to add the .app TLD and its widely used .google extension to the HTTP Strict Transport Security (HSTS) Top-Level Domain preload list, offering an unprecedented level of security for all domains under .google and .app. more

ICANN vs EPAG: ICANN Seeks Appeal Plus Pushes for ECJ Referral

As I predicted ICANN is pursuing its case against EPAG. They're now not only appealing the case to a higher court in Germany but are also trying to get the entire thing referred to the European Court of Justice. In an announcement late last night ICANN made it very clear what their intentions are. While they're pursuing the appeal in the higher court in the German region, which makes sense at some level, it's also very clear that they're not taking "no" for an answer. more

US Govt Formally Asks Whether It Should Reassert Its Control of Internet, Reversing ICANN Handover

A formal inquiry released by the US National Telecommunications and Information Administration (NTIA) on Tuesday questions whether IANA Stewardship Transition should be "unwound." more

Leveraging Traffic Statistics to Manage Corporate Domain Portfolios

Corporate domain name portfolios often consist of domain names that do not resolve to relevant content. In fact, it's not uncommon for less than half of corporate domains to point to live content. Sure there are domains such as those that point to "sucks" sites or those registered anonymously for future use that purposely do not resolve, but those are the exception to the rule. more

WHOIS Users Facing Serious Challenges Caused by Post-GDPR Fragmentation

On May 25, 2018, the European General Data Protection Regulation (GDPR) came into effect, meaning that European data protection authorities (DPAs) can begin enforcing the regulation against non-compliant parties. In preparation, the ICANN Board passed a Temporary Specification for gTLD Registration Data - essentially a temporary policy amendment to its registrar and registry contracts to facilitate GDPR compliance while also preserving certain aspects of the WHOIS system of domain name registration data. more

What Happens If Two Applications for a New gTLD Are a City and a Family Name?

When applying for a new gTLD, what happens if two applications for the same extension are a city and a family name? Which one wins? Let's imagine that a person whose family name is "Marseille" applied for the .MARSEILLE new gTLD in the next round of the ICANN new gTLD program. What if there was a .MARSEILLE new gTLD too but as the name of the French city? more

DNS Firewall Market Expected to Grow From $90.5 Million in 2018 to $169.7 Million by 2023

DNS firewall market size is expected to grow from USD 90.5 million in 2018 to USD 169.7 million by 2023, at a Compound Annual Growth Rate (CAGR) of 13.4% according to a market research conducted by MarketsandMarkets. more

ICANN vs Epag/Tucows: German Court Rules Against ICANN

German courts seem to be pretty fast, so instead of having to wait weeks or months to see how they'd rule, we've already got the answer. The German court in Bonn has ruled that EPAG (Tucows) is not obliged to collect extra contacts beyond the domain name registrant. The decision, naturally, is in German, but there is a translation into English that we can use to understand how the court arrived at this decision. more

ICANN vs EPAG/Tucows: Tucows Releases Statement on What They're Doing and Why

As I noted over the weekend, ICANN has instigated legal action against EPAG, an ICANN accredited registrar based in Germany that is part of the Tucows group. ICANN claims that the case is to "preserve WHOIS data", but Tucows asserts in their statement that the ICANN approach is flawed. It's not a frivolous statement, but one they've backed with fairly detailed rationale - and this is just their public statement and not a formal legal filing. more

GDPR PII Time-Bomb? Kill it With Fire!

Hi! My name is spamfighter. I investigate spam and phish in a post-GDPR dystopia. Recently, I invented Fire, to save you millions of €uros. One day, my Boss suggested I automate some of my processes. I, for one, welcome our Robot Overlords (and a happy boss), but I can be exacting about the tools I use. Perhaps not to the degree of the infamous Van Halen 'no brown M&M's' contractual clause but I have no patience for poorly-designed software, and truly dislike typing when... more

ICANN Files Legal Action Against Domain Registrar for Refusal to Collect WHOIS Data

Germany-based ICANN-accredited registrar EPAG owned by Tucows has informed ICANN that it plans to stop collecting Whois contact information from its customers as it violates the GDPR rules. more

U.S. Complaint to WTO on China VPNs Is Itself Troubling

On 23 February, the U.S. Administration had the chutzpah to file a formal communication to the World Trade Organization (WTO) complaining about "measures adopted and under development by China relating to its cybersecurity law." However, it is the U.S. complaint that is most troubling. Here is why. The gist of the U.S. complaint is that China's newly promulgated directive on the use of VPN (Virtual Private Network) encrypted circuits from foreign nations runs afoul of... more

Schneier and Kerr on Encryption Workarounds

Bruce Schneier is a famous cryptography expert and Orin Kerr a famous cyberlaw professor. Together they've published a law journal article on Encryption Workarounds. It's intended for lawyers so it's quite accessible to non-technical readers. The article starts with a summary of how encryption works, and then goes through six workarounds to get the text of an encrypted message. more