News and Updates

Giuseppe Graziano launches three-letter domain marketplace

Domain Name Wire - Tue, 2018-09-18 18:30

New domain marketplace is dedicated to just 17,576 possible domains.

Giuseppe Graziano, a domain broker who runs, has launched a new marketplace for buying and selling three-letter .com domain names. has always specialized in short domain names, so Liquid Domain Market Exchange is right up its alley. Still, can a marketplace dedicated to a maximum pool of 17,576 possible listings work?

If you want instant liquidity, it probably will. During the beta period, a domain owner sold his domain within 15 minutes of setting his price.

Graziano says the marketplace is not for selling domains to end users, so sellers need to price their domains with domain investors in mind.

Premium account holders can set up alerts to quickly know when a domain that meets their requirements is listed. A premium account is free for the remainder of 2018 if you sign up by September 25.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Why rebranded as Sonic, and how it got
  2. Trump is still trending…in .com
Categories: News and Updates

Domain name sinkholes and those funky domain registrations

Domain Name Wire - Tue, 2018-09-18 17:06

Sinkholes are why you see companies register a bunch of weird domain names.

A different kind of sinkhole.

Palo Alto Networks Inc was granted a patent today related to domain sinkholing, and it’s a continuation patent of one that was granted in 2016.

It reminded me of times I’ve seen companies (notably Microsoft) register a bunch of nonsensical domain names. Why would a company register a lot of domains with random digits and letters?

The answer is often that it’s a sinkhole.

A sinkhole redirects or blocks traffic meant for a destination. They are used by the security community to stop botnet traffic, phishing and other bad activity.

There are many ways to create a sinkhole. An ISP can simply divert traffic from the IP address you see in Whois to another. A company (or the government) can also go through the courts to get control of a domain name and then change its nameservers.

Some malware campaigns continually register new domain names as their other names get snuffed out and blocked by security companies. It’s sometimes possible to figure out what the future domain registrations will be, and that’s when you might see a company register a huge list of odd domain names. They know what domains the malware will register next, so the company registers the domains to prevent them from being registered by the bad guys.

A famous example of registering a domain to stop an attack was the domain name iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea(.)com. A person researching the WannaCry ransomware noticed this domain in the malware and registered it. It turns out that registering the domain acted as a killswitch. The malware was programmed to check in on this domain and stop if the domain was registered.

While the WannaCry example isn’t a typical sinkhole, it’s interesting to think about how domain names are used to propagate malware and botnets, and how registering domains can thwart the bad guys.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. The Weakest Security Link is You
  2. This week’s new TLDs: 3 more from XYZ
  3. Secure your accounts better with a U2F security key
Categories: News and Updates

Caribbean Candidates Vie for Posts in ARIN Elections

Domain industry news - Tue, 2018-09-18 17:02

Three Caribbean candidates — Peter Harrison, Kerrie-Ann Richards and Alicia Trotman — have been named among the final candidates to contest elections for leadership roles at the American Registry for Internet Numbers (ARIN) in October.

ARIN is one of five Internet registries worldwide that coordinate the distribution and administration of number resources. The registry serves the United States, Canada and several territories in the Caribbean.

Richards and Trotman will vie for posts on the ARIN Advisory Council. In 2017, Jamaican-born Richards and Barbadian-born Trotman made history, becoming the first Caribbean members of the ARIN advisory council since the registry was founded on April 18, 1997.

"I am running again because there is still much work to be done," Trotman said.

"The Caribbean voice matters at this level because policy decided here will affect the growth of the Internet in the region," said Richards, chairperson of education non-profit Vision for Jamaica.

"We are the only ones shortlisted from outside North America. I feel that we bring valuable perspectives to the table and added diverse insight from our Caribbean experience," she added.

Jamaican-born Harrison will contest for a seat on the ARIN Board of Trustees. Harrison is the chief technical officer and co-founder of Silicon Valley-based colocation services provider Colovore. He is also the founder of the Palisadoes Foundation, a registered non-profit that coordinates student internships in software development for Jamaican residents.

"My work with Palisadoes has many parallels with the ARIN fellowship program and I believe my broad experience would be of benefit to the ARIN and to the Caribbean," said Harrison, who has worked with hyperscale companies like Google, Netflix and eBay, as well as smaller ones in the Caribbean.

In an August 9 post, ARIN announced that Regenie Fräser, the former Secretary General of a regional trade association, had been selected to a special appointment to serve on its Board of Trustees for a one-year term "so as to provide more diversity in the Board's composition." Fräser became the first non-white and Caribbean person appointed as a trustee.

The final 2018 candidate slate for the ARIN Advisory Council also includes Brad Gorman (Verisign), Kathleen Hunter (Comcast), Rob Seastrom (ByteGrid) and Amy Potter. The final slate for the ARIN Board of Trustees includes Anna Valsami (Telstra), Cathy Chen-Rennie (Capriole Consulting) and Paul Andersen (EGATE Networks).

On October 4, during ARIN's public policy meeting in Vancouver, British Columbia, candidates will have the opportunity to address ARIN members. More information on each candidate is available on the ARIN website.

Online voting opens on October 4 at 6 pm EDT and closes on October 12 at 6 pm. All terms will begin on January 1, 2019.

Written by Gerard Best, Development Journalist

Follow CircleID on Twitter

More under: Internet Governance, IP Addressing

Categories: News and Updates

ICANN loses in German court (again)

Domain Name Wire - Tue, 2018-09-18 14:01

Attempts to get an injunction forcing a German registrar to collect certain Whois data are failing.

ICANN has yet again failed to convince German courts that an injunction is needed to force domain name registrar EPAG to continue collecting certain information for Whois.

The non-profit domain name overseer sued EPAG, part of Tucows, the day the EU’s General Data Protection Regulation (GDPR) went into effect. EPAG had informed ICANN it would no longer collect Administrative and Technical contact data for Whois because of its interpretation of GDPR.

EPAG’s arguments included that it didn’t necessarily have a contractual relationship with the Admin or Tech contacts and that it was still collecting the registrant information.

The court denied the injunction and ICANN has gone through several appeals processes, bouncing between the courts.

In light of yet another ruling from an appeals court, ICANN said that it was limited to the issue of the necessity of an injunction.

Tucows CEO Elliot Noss has said that the lawsuit isn’t really adversarial. Both ICANN and Tucows no doubt believe they are correct but would welcome some clarification from the courts on how GDPR applies to Whois.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. ICANN files legal action against Tucows registrar over GDPR
  2. Tucows responds to ICANN legal action related to GDPR
  3. German court denies injunction against Tucows’ registrar EPAG over GDPR
Categories: News and Updates

UDRP has its limits when it comes to taking down counterfeit websites

Domain Name Wire - Tue, 2018-09-18 12:28

Even if the domain owner is doing a bad thing, UDRP can only be used if all three prongs of the policy are met.

This website looks like that of Zimmermann, even showing a picture of one of its storefronts. It’s a fake, but UDRP isn’t the appropriate way to take it down.

The Uniform Domain Name Dispute Resolution Policy (UDRP) is a good tool to take over cybersquatted domain names. These names are often being used for nefarious purposes such as phishing or selling counterfeit goods.

One such case involving counterfeit goods that was just decided by National Arbitration Forum shows the limits of using UDRP to take down a site: you still have to prove that the domain is cybersquatting under the three prongs of UDRP.

The case was filed by Australian clothier Zimmermann Wear Pty Ltd against ZimOutlet(.)com. There’s no question that the domain owner is up to no good. The site is made to look like the clothing company and is allegedly shipping counterfeit goods when someone orders.

The problem is that Zimmermann and Zim aren’t that similar. Panelist David E. Sorkin did a good job comparing this case to others in which only part of the trademark was used in the domain:

Although Complainant has not offered any authority on this issue, the Panel has considered various decisions under the Policy involving domain names that incorporate the first few letters of a longer mark. In Fuji Photo Film U.S.A., Inc. v. Center for Ban on Drugs, D2004-0970 (WIPO Feb. 25, 2005), the Panel found to be confusingly similar to FUJI, on the grounds that it combined the first three letters of the four-letter mark—”essentially the entirety of Complainant’s mark”—with a generic term for the complainant’s principal product. Similarly, in Chevron Intellectual Property LLC v. Linda Hearn, FA 1409285 (Forum Nov. 15, 2011), the Panel found to be confusingly similar to CHEVRON, combining the first four letters of the mark with a term descriptive of the complainant’s products and services. In Tesco Stores Ltd. v. Mat Feakins, DCO2013-0017 (WIPO Oct. 4, 2013), the Panel found to be confusingly similar to TESCO, even though the second-level component of the domain name corresponded to only the first three letters of the mark, on the grounds that the domain name taken in its entirety was identical to the complete mark but for the intervening dot.

Confusing similarity is particularly likely to be found where a mark is commonly referred to by its first syllable, and of course where the complainant also possesses trademark rights in the truncated form of the mark. See, e.g., Supercell Oy v. Ltd / Jordan Rash, Application Automation LLC, D2015-1445 (finding confusingly similar to CLASH OF CLANS, based upon evidence that the mark is often abbreviated to “CLASH”); Caterpillar Inc. v. Jonathan Scandreth, FA 1348137 (Forum Nov. 8, 2010) (finding and other domain names confusingly similar to CAT and CATERPILLAR, based upon registered trademark rights in both forms of the mark); Anheuser-Busch Inc v. Dot Com Internet Solutions, D2001-0500 (WIPO June 13, 2001) (finding and other domain names confusingly similar to BUD and BUDWEISER, based upon registered trademark rights in both forms of the mark).

The decisions cited above are all distinguishable from the present matter. The disputed domain name incorporates only three letters of a ten-letter trademark. While those letters correspond to the first syllable of the mark, it is not clear that they serve as the distinctive or dominant aspect of the mark. Complainant has not claimed that it has rights in ZIM or that its ZIMMERMANN mark is commonly referred to in this truncated manner. (Indeed, a cursory Google search for “zim” would likely lead one to conclude that these letters standing alone almost never refer to Complainant.) Nor does the generic term “outlet” that the domain name appends to these three letters bear any obvious connection to Complainant or its products; an “outlet” could be a discounter or retailer of virtually any sort of products.

It’s quite clear that the domain owner is doing a bad thing. Sometimes panelists make the wrong decision for the right reason, effectively trying to remedy a wrong using UDRP. But it’s important for panelists to apply the same standards across all cases. Kudos to Sorkin for his decision in this case.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Twitter finally gets domain it won in dispute
  2. Reverse domain name hijacking in Hakoba Saree case
  3. saved in UDRP despite no-show by domain owner
Categories: News and Updates

Day 2 Photos & Highlights from the 2018 MERGE! Conference in Orlando Sunday

DN Journal - Mon, 2018-09-17 22:59
The 2nd annual MERGE! conference continued Sunday in Orlando with the 2nd of 4 days of non-stop activity. We have the Sunday photos and highlights for you.
Categories: News and Updates

Rob Monster exits DigitalTown, George Nagy takes over CEO role

Domain Name Wire - Mon, 2018-09-17 18:46

Rob Monster has left DigitalTown.

Monster pares CEO roles down to one.

Rob Monster has resigned as CEO of DigitalTown, a company that provides community building platforms. The company owns a large portfolio of domain names, including 11,000 .city domain names.

Monster told Domain name Wire that the move has been planned for a while. In an email, he said that new CEO George Nagy, who was the COO, “brings significant experience with running and selling public companies and with working with institutional investors, both which will be highly relevant for the next phase.”

He was CEO of both DigitalTown and domain name company Epik. He will now have more time to focus on Epik and other endeavors.

He noted:

As a general statement, my competency leans more toward vision, strategy and corporate development. Over the last 2.5 years, we completed 7 acquisitions with which we assembled the technology and team that has allowed us to start rollout of DigitalTown around the world as well as secure deals with both private developers and government clients.

Blockchain, Crypto and Decentralized Apps are a logical response to the pattern of winner-take-all and the policies that allow it. Timing-wise, I believe the world is on the cusp of a major catalyzing event that will make DigitalTown a lot more relevant. The economic situations that are unfolding in Puerto Rico, Turkey, Venezuela and Argentina are not isolated events.

Looking ahead, I continue to be a significant DigitalTown shareholder with 18 million shares and to be an informal advisor. I have high hopes for George and the team we built. Epik continues to manage DigitalTown’s domain portfolio and will help accelerate progress on selling domains into the hands of end-users, an area that was lower priority while I was running both companies.

On the personal side, after 3 years of working 100 hour weeks while running 2 companies, I am looking forward to devoting more time to equipping Epik for the next phase. I also plan to devote more time to Christian ministry and philanthropy. My family doubts that I will slow down. Regardless I am taking a measured and Spirit-led approach to what comes next.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Monster Venture Partners Closing Doors
Categories: News and Updates

ICANN #63 in Barcelona is next month

Domain Name Wire - Mon, 2018-09-17 17:54

Meeting will attract policymakers, registries, registrars and domain investors.

ICANN #63 takes place in Barcelona, Spain next month from October 20-25. I was on the fence about going but booked my travel over the weekend.

I find ICANN meetings to be a good place to catch up with registries, registrars, service providers and domainers in one place. I’ve heard lots of chatter from domain investors about going to this event, so it should be a good one to attend.

There will also be lots of continuing discussion about GDPR as it relates to domain names. Policy stuff might not be fun, but it has a huge impact on everyone in the business.

Details are here if you’re interested in attending. Nearby hotels are available starting at €185 per night and there is no cost to attend.

If you are going and want to meet up, please drop me a line.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

No related posts.

Categories: News and Updates

XYZ files renewed motion for fees against Verisign

Domain Name Wire - Mon, 2018-09-17 17:06

District Court will reconsider request for Verisign to pay legal fees stemming from lawsuit.

After winning its second Appeals Court case against Verisign, top level domain name registry .XYZ is renewing its request (pdf) for Verisign to pay attorney fees.

Here’s the background:

Verisign (NASDAQ:VRSN) sued XYZ for false advertising. A federal district court granted summary judgment in XYZ’s favor, and XYZ asked the court to award it legal fees of over $1 million. Verisign then appealed the original case and lost the appeal. The federal district court then ruled against awarding legal fees (beyond about $57,000 related to discovery.)

XYZ appealed the attorney fees decision. In May, the Appeals Court agreed with XYZ that the lower court did not consider the motion for fees correctly. It wrote:

…we hold that a prevailing party need only prove an exceptional case by a preponderance of the evidence, rather than by clear and convincing evidence, as the district court below required. We further clarify that a prevailing party need not establish that the losing party acted in bad faith in order to prove an exceptional case.

That sent the case back to the lower court to apply the correct standard to XYZ’s motion for fees. On Saturday, XYZ filed its post-remand submission in support of its motion for fees.

XYZ gives a long list of reasons the case should be considered exceptional, including Verisign’s broad discovery requests, 25 depositions and 17 third-party subpoenas. XYZ wrote:

Why would a sophisticated company with competent legal counsel file such a flimsy case? XYZ said nothing about .com that hadn’t been said before, and Verisign’s own numbers showed .com registrations continued to grow even after XYZ’s statements. Why draw further attention to those statements by filing a lawsuit over them? Why drag that suit on as the odds of victory grew ever longer, all the while refusing to ever meaningfully discuss settlement? The reasonable inference is that Verisign’s primary motive wasn’t winning the lawsuit so much as sending a message, not only to XYZ but to all of the other new top-level domains that entered the market and presented Verisign with meaningful competition for the first time in decades.

The circumstantial evidence supports an inference that Verisign’s true motive in pursuing a claim this weak, this aggressively, was to drain XYZ’s resources, intimidate its principal, and send a message to its other new competitors. [redacted] Under these circumstances, fee-shifting is warranted to both deter such conduct going forward and to compensate XYZ for enduring, defending and defeating Verisign’s tenuous claims and faulty lawsuit.

XYZ spent over $1 million defending itself in the lawsuit.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Judge: .XYZ statements were puffery and opinion
  2. .XYZ asks Verisign to pay $1.6 million in fees from lawsuit
  3. XYZ files opening brief in request for Verisign to pay $1.6 million
Categories: News and Updates

Continued Threats from Malware

Domain industry news - Mon, 2018-09-17 16:14

As part of my job, I manage an incident response team that was engaged by a significant organization in Georgia whose network was infected by the QBOT (a.k.a. QAKBOT) malware. The customer had been infected for over a year, several teams before ours had failed to solve the problem, and they continued to get reinfected by the malware when they thought they had eradicated it. Over time it had spread to more than 1,000 computers in their ecosystem stealing user credentials along the way. Malware is a real problem for businesses and consumers, but how many people really understand what it is? I was recently asked this same basic question and realized that even my answer as a security subject matter expert was not as clear as it could have been. So, I thought it was time to put together this article to answer not only what malware is, but what it does, how to eradicate it and what are the best practices to remain secure.

To begin with, malware is a generic industry term that refers to malicious software designed to do harm to computer systems. Many people use the terms malware and computer virus interchangeably but technically that would be incorrect. The three most common categories malware falls into are viruses, worms and trojans. Ransomware, a specific type of malware, can result from any of these three malware categories' but typically is the result of a trojan. A computer virus is a malicious software that, when executed, replicates itself by modifying other computer programs and inserting its own code. Computer viruses typically need a human to execute them for a computer system to get infected. A computer worm is a malicious software whose primary function is to infect other computers while remaining active on infected systems. A computer worm is a self-replicating malware that duplicates itself (without human interaction) to spread to uninfected computers and it does not need to attach itself to another program in order to cause damage. Lastly, a trojan is malicious software that looks legitimate but can take control of your computer. A trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network, much like other types of malware. The QBOT malware I referenced earlier is somewhat unique in that it is defined as both a trojan and a worm. It is self-replicating, spreading to other computers on its own, steals user credentials and in this case disrupted the customer's active directory environment on their network.

Malware can infect your computer in a number of ways. The most common ones are the opening of an infected email attachment, connecting to an infected data source (e.g. thumb drive, network drive, etc.) and going to an infected website. According to Google, they identify and blacklist thousands of unsafe websites every week, which contain some sort of malicious software dangerous to their visitors (Google Transparency Report). It is estimated that nearly three-quarters of all websites have at least one vulnerability. Infected websites can have automatic malware downloads referred to as "drive-by-downloads", exploit kits that search your computer for unpatched vulnerabilities, JavaScript infections that download malicious software your browser then executes, URL injections commonly embedded inside of compromised WordPress blog sites or browser hijacks that constantly redirect you to other pages, collect personal information, or act as gateways to rootkits. This issue has even impacted well known and reputable websites due to their advertiser's and included 3rd party content that became compromised without their knowledge. The truly dangerous stuff and luckily less common today either happens before you receive your device somewhere in the supply chain or infects your machine at a level prior to your operating system loading. Some of the newest malware are known to infect your computer's BIOS or mobile device's bootloader.

Once infected, the malware is likely to spread through email, file sharing or your network to other workstations, servers, mobile devices or less protected devices like copiers and printers. Imagine everything you copy or print becoming available for sale on the internet. If connected to a network it can take advantage of existing file-transport or information-transport capabilities on the system itself, allowing it to travel unaided. If it can't find the mode of transport it wants, advanced malware is able to download additional post-exploitation modules to gain access to additional tools of the trade. Don't be surprised if you see malware utilizing older protocols like NetBIOS, which for today's operating systems is only used for file or printer sharing on a local area network. Once the new device is infected it doesn't always require human intervention to activate or launch the malware, many times simply exploiting a vulnerability on the target system. When on a file share, like a network drive, malware will typically infect files (e.g. MS Word or Excel) which it knows a human will eventually launch, activating hidden macros it has infected them with to perform its malicious intent.

To eradicate malware from your environment most incident response teams will implement a multi-step process but all of them should include some type of detection, analysis, containment, mitigation and lessons-learned to be applied after the incident. Our customer in Georgia failed to eliminate their malware issues prior to our involvement, by failing to properly perform two of these steps. They were unable to properly detect the QBOT malware due a lack of internal monitoring capabilities and its self-mutating nature rendering their signature-based tools completely ineffective. They also failed to contain the outbreak allowing it to reinfect systems immediately following their cleaning. There are no shortcuts. Each step in your incident response team's playbook will be important. Even basic things like changing access credentials and patching software are critical steps in your remediation plan.

If our customer in Georgia had properly segmented their network, it would have eliminated the propagation of exploits to a single segment and the malware's ability to laterally move around the network. Allowing unfiltered workstation-to-workstation communications (as well as other peer-to-peer communications) creates serious vulnerabilities, and can allow malware to easily spread to multiple systems. If malware can establish an effective "beach head" within your network, and then spread to create backdoors to maintain persistence, it will be difficult for defenders to contain and eradicate it. Monitoring for this lateral network traffic and external communications with command and control servers can identify a large majority of malware infections on a network.

Best practices to avoid getting infected by malware and reducing the impact if you do become infected include development of pre-establish security policies & procedures, companywide staff training, constant backups, consistent software vulnerability patching, use of a behavioral-based endpoint protection platform (EPP), proper network segmentation, encryption of data, effective monitoring of network traffic and security alerts, implementation of least-privilege based access rights for users, accounts, and computing processes and finally network edge-based protections (e.g. UTM, NGF, DNS, etc.) to block access to malicious sites and exfiltration of data. If you are not utilizing any of these best practice items I highly recommend contacting a qualified vendor to help. The risk is real and after the Target breach in 2013, it is widely recognized that all levels of management can now be held accountable for cybersecurity breaches.

Written by Rick Rumbarger, Technology Executive

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Cybersecurity, Malware

Categories: News and Updates

The Registry/Registrar Sales Channel with Jay Daley – DNW Podcast #202

Domain Name Wire - Mon, 2018-09-17 15:30

.Org operator is changing how it works with registrars.

Public Interest Registry (PIR), the group that operates the .org top level domain name, recently announced changes to how it’s approaching marketing through the domain name registrar channel. On today’s show, PIR interim President and CEO Jay Daley discusses why the organization is making these changes. Jay discusses the current state of registry marketing and sales through registrars, how we got here, and what might change in the future. It’s a great interview.

Also:, DomainTools injunction, Sedo gets into expired domains, and Verisign’s (NASDAQ:VRSN) .com contract.

Subscribe via iTunes to listen to the Domain Name Wire podcast on your iPhone or iPad, view on Google Play Music, or click play above or download to begin listening. (Listen to previous podcasts here.)

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. The challenges of new TLDs with Tobias Sattler – DNW Podcast #177
  2. Sandeep Ramchandani, CEO of Radix – DNW Podcast #183
  3. All About .Me – DNW Podcast #191
Categories: News and Updates

Photos & Highlights from the 1st Full Day of Business at the 2018 MERGE! Conference in Orlando Saturday

DN Journal - Sun, 2018-09-16 18:37
The 2018 MERGE! Conference is in full swing in Orlando. We have Photos & Highlights from the opening business day Saturday.
Categories: News and Updates

(DNS) Security Protocols Do What They Say on the Tin

Domain industry news - Fri, 2018-09-14 19:23

DNS-over-TLS has recently become a welcome addition to the range of security protocols supported by DNS. It joins TSIG, SIG(0) and DNSSEC to add privacy, and, in the absence of validating stub resolvers, necessary data integrity on the link between a full-service resolver and the users' stub resolver. (The authenticated source feature of TLS may also offer some additional benefits for those of a nervous disposition.) Good stuff.

What is not good stuff is when implementers suggest that any specific security protocol is capable of doing more than it says on its tin.

Protocol designers, and especially security protocol designers, are cautious people and careful to define precisely, or as precisely as the English language is capable of, the functionality of their design in its specification (in our case RFCs).

It has been suggested that ubiquitous DNS-over-TLS (stub to resolver, resolver to authoritative sources) is functionally equivalent to DNSSEC. It is not. Both DNSSEC and TLS do what they say on their tin. No more and no less.

DNSSEC is designed to ensure DNS data originates only from the authoritative source and is unchanged at the termination of the DNSSEC scope — when the DNS data is validated. It does so by digitally signing the zone (technically RRsets within the zone) using RRSIG records and by providing a verifiable chain of trust, typically via the DNS delegation hierarchy (DS records). DNSSEC can be viewed as an application-specific content security and authentication protocol. That's what it says on its tin (RFC 4033 and many others).

TLS provides integrity, privacy and source authentication for data supplied to the TLS software via some API (not defined by TLS) from some application (not defined by TLS). The application may obtain the data it supplies to TLS by self-creation, from RAM, from a filesystem, a remote location or by some other esoteric process, any or all of which may be vulnerable. If the data supplied by the application, for example, a web server, a DNS resolver or a mail system, is clean, corrupt, has been hacked or is otherwise maliciously modified TLS will simply ensure the clean, corrupt, hacked or otherwise modified data is delivered unchanged and confidentially to the TLS peer. TLS is a powerful and highly efficient general purpose (non-application specific) secure communications and end-entity authentication protocol. That's what it says on its tin (RFC 8446 and many others).

(There is one application specific data content element within TLS. During the TLS handshake phase a certificate, typically an X.509 certificate, is normally supplied and validated before the connection can be established. The certificate validation process is not specified within TLS but determined by the certificate type. For example, the X.509 certificate validation process is defined by RFC 5280 and others.)
TLS plays a vital role in securing access to many services and will contribute its own unique capabilities to DNS.

The bottom line: If you want your clients to have privacy, secure last-mile communications and are content to hope the data you are sending is correct, then DNS-over-TLS is for you; If you want your clients to have privacy, secure last-mile communications and want to ensure the data you are sending is correct, then you need both DNS-over-TLS and DNSSEC.

There is, however, another reason to welcome DNS-over-TLS. TLS has been around, in one form or another (including its SSL ancestor), for about 26 years, DNSSEC for about half that period. TLS/SSL has had 5 minor surgeries and one, recent, major surgery (TLS 1.3). TLS penetration rates are high, partly driven by the inherent benefits of the protocol, partly by threat of obliteration by the search engines if not implemented. (Does that constitute a modest carrot and a very big stick?) Whatever the reasons, TLS has always taken a pragmatic approach to implementation while maintaining the highest levels of security. Perhaps the DNS community needs to review critically the implementation details of DNSSEC with the objective of radically improving its penetration rate. Learn some lessons from its new (TLS) stable mate.

DNSSEC is, arguably, the only application-specific content security protocol the Internet has. That has meant wrestling with its unique problems. But let's stop fighting the theory wars of the past (DNSSEC works) and admit we need some, perhaps major, surgery to make it practical.

Written by Ron Aitchison, Consultant, developer, trainer and author

Follow CircleID on Twitter

More under: DNS, DNS Security

Categories: News and Updates

"Seven Dirty Words" Restriction Policy Lifted from .US Domain Name Registrations

Domain industry news - Fri, 2018-09-14 03:20

Neustar, the registry operator of the .US domain and NTIA have reversed course, allowing the inclusion of previously restricted "seven dirty words" from future .US domain name registrations. The decision came after EFF and the Cyberlaw Clinic at Harvard Law School intervened in the cancelation of a domain name containing a restricted word. The domain name registered by Mr. Rubin was suspended by Neustar calling it a violation of an NTIA "seven dirty words" policy — "a phrase with particular First Amendment significance," said EFF.

Cyberlaw Clinic explains in a blog post the significance of the case: "As a general rule, First Amendment law makes clear that the government cannot impose content-based restrictions on speech. The well-known case, Federal Communications Commission v. Pacifica Foundation, 438 U.S. 726 (1978), held that the Federal Communications Commission ('FCC') may regulate over-the-air broadcasts of the so-called 'seven dirty words' comedic bit made famous by George Carlin. But, that ruling is limited to broadcasts over public airwaves and is inapplicable to other forms of media distribution. It thus surprised [us] to learn that NTIA and Neustar had a policy of using the Pacifica list of seven words to police domain name registrations. NTIA and Neustar saw fit to cancel [Mr. Rubin's] registration in accordance with that policy upon noting that it incorporated the 'f-word.'"

Follow CircleID on Twitter

More under: Censorship, Domain Names, Internet Governance, Law, Policy & Regulation

Categories: News and Updates

LACNIC, Google, CaribNOG and Internet Society to Hold 'Internet Week Trinidad and Tobago'

Domain industry news - Thu, 2018-09-13 22:31

The Latin American and Caribbean Internet Registry (LACNIC) and Google will hold a series of workshops next month as part of Internet Week Trinidad and Tobago, an event intended to advance the Internet development agenda of the wider region.

The workshops are part of a project through which LACNIC and Google seek to strengthen digital markets in Central American and Caribbean countries. This joint project seeks to enhance local connectivity and strengthen the ecosystem for entrepreneurs.

A half-day workshop will focus on marketing strategies for entrepreneurs, offering local business owners and start-up founders a package of free training on the use of Google's digital marketing tools.

A two-day workshop will focus on the nuts and bolts of Internet connectivity and traffic optimization, covering a range of technical issues such as the new Internet Protocol (IPv6), routing security (BGP and RPKI), peering models, open standards and root servers.

Another workshop, under the umbrella of LACNIC's AMPARO project, will address emerging cybersecurity issues across the region.

As part of Internet Week Trinidad and Tobago, the Caribbean Network Operators Group (CaribNOG) will hold its sixteenth regional meeting, an all-day affair held with the support of the Internet Society. CaribNOG 16 will focus on cybersecurity, outlining some of the foundational and necessary steps to secure an online environment in which Caribbean businesses can compete and collaborate internationally, across all industries.

The Internet Society will also conduct a session, continuing its capacity-building campaigns in the Caribbean region, this time with a particular focus on the issues of disaster management and mitigation.

The four-day event, held from October 2nd to 5th, is being held with the support of the Caribbean Telecommunications Union and the Internet Corporation for Assigned Names and Numbers (ICANN).

The workshop series in Trinidad and Tobago follows a similar conference held in Guatemala City last month, with the local support of the Guatemalan telecommunications regulator. Another series will be held later this year in the Dominican Republic.

Written by Gerard Best, Development Journalist

Follow CircleID on Twitter

More under: Cybersecurity, Internet Governance, IP Addressing, Regional Registries

Categories: News and Updates

Current Security Measures Not Enough to Protect Data in Lost or Stolen Laptops, Experts Warn

Domain industry news - Thu, 2018-09-13 22:11

A weakness in modern computers allows attackers to steal encryption keys and other sensitive information, according to the latest discovery by cybersecurity firm F-Secure. Researchers from the firm are warning PC vendors and users that current security measures are not sufficient to protect data in lost or stolen laptops. Attackers do need physical access to the computer to carry out the exploit, however, F-Secure Principal Security Consultant Olle Segerdahl says once achieved, an adversary can successfully perform the attack in about 5 minutes. From the report: "The weakness allows attackers with physical access to a computer to perform a cold boot attack — an attack that's been known to hackers since 2008. Cold boot attacks involve rebooting a computer without following a proper shutdown process, then recovering data that remains briefly accessible in the RAM after the power is lost. Modern laptops now overwrite RAM specifically to prevent attackers from using cold boot attacks to steal data. However, Segerdahl and his team discovered a way to disable the overwrite process and re-enable the decade-old cold boot attack."

Plan ahead: "A quick response that invalidates access credentials will make stolen laptops less valuable to attackers. IT security and incident response teams should rehearse this scenario and make sure that the company's workforce knows to notify IT immediately if a device is lost or stolen," says Olle. "Planning for these events is a better practice than assuming devices cannot be physically compromised by hackers because that's obviously not the case."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity

Categories: News and Updates

New: “Like” comments on Domain Name Wire

Domain Name Wire - Thu, 2018-09-13 21:24

Now you can Like comments you read on Domain Name Wire.

Ever read a comment on Domain Name Wire that you agree with or find interesting? Now, in addition to adding your own reply or comment, you can Like the person’s comment.

Just look for the Like link underneath the comment:

In the future, I might feature comments that get more likes.

The Like feature is an experiment. Let me know if you think it’s useful or not.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

No related posts.

Categories: News and Updates

Alphabet's Loon Balloons Can Now Cover 1000km of Internet Connectivity via 1 Access Point

Domain industry news - Thu, 2018-09-13 19:54

Loon, formerly a Google X project and now an independent Alphabet company, reveals that it successfully transmitted data over a 1000 kilometers (621 miles) via a network of 7 balloons. This new milestone was achieved using a new custom antenna that stretched a 100km connection between two balloons ten times further across seven balloons. Why does this matter? Salvatore Candido, Head of Engineering at Loon, explains: "Even with our balloons' expanded coverage area  —  which is 20 to 30 times greater than a traditional ground-based system  —  there are people who live outside the reach of one of our balloons operating adjacent to a backhaul connection on the ground. If we can extend our reach by passing that connection across a network of balloons, like a cosmic soccer team advancing the ball through the sky, we can cover far more people."

Follow CircleID on Twitter

More under: Access Providers, Broadband, Wireless

Categories: News and Updates

The UN Panel on Digital Cooperation: Reinventing the Wheel or Innovating Internet Policy Making?

Domain industry news - Thu, 2018-09-13 18:34

The new High-Level Panel on Digital Cooperation (HLP.DC), appointed by UN Secretary General Antonio Guterres, will have its first face-to-face meeting in New York, September 25-26, 2018, just before the beginning of the 73rd UN General Assembly. The Panel, co-chaired by an American woman, Melinda Gates from the Microsoft Foundation and a Chinese man, Jack Ma from Ali Baba, "is expected to raise awareness about the transformative impact of digital technologies across society and the economy, and contribute to the broader public debate on how to ensure a safe and inclusive digital future for all, taking into account relevant human rights norms." Its final report will be tabled in May 2019.

To paint a picture, how the "digital future for all" should look like, is a big challenge. There is obviously an opportunity that the panel concludes with some exciting new political innovations on how to stabilize a peaceful cyberspace which enables digital trade, sustainable development as well as economic growth and respects human rights. But there is also a risk that the outcome will be just another report which will sooner or later disappear in the UN archives.

Internet Governance and the United Nations: A Hot Potatoe

Internet Governance and United Nations is a delicate issue and a hot potato. Since 2003, the days of the UN World Summit of the Information Society (WSIS), there is a hidden intergovernmental arm-twisting behind the scenes on how to manage the global Internet. Some governments prefer an intergovernmental oversight UN mechanism, others prefer a multi-stakeholder governance model.

Just recently, in January 2018, the UNCSTD Working Group on Enhanced Cooperation (WGEC), after four years of arm-twisting, failed to reach a consensus on what to do next to enhance Internet Governance cooperation. Politically, the world is split over the question of how to manage the evolution and the use of the most important infrastructure of the 21st century. And with the growing unilateralism in today's world politics, there is only little hope, that a common understanding will emerge soon. In contrary, the fragmentation of opinions and approaches in world politics includes a growing risk of re-nationalization and fragmentation of the Internet.

On the other hand, the world has changed since 2003. 15 years ago, less than half a billion people were online. Today, we have more than four billion Internet users. In 2003, Internet Governance was a technical issue with some political implications. Now it is a political issue with a technical component. In 2003, the political controversy was mainly about the management of critical Internet resources; it was ICANN vs. ITU. Today, it is cybersecurity, cyberweapons, digital trade, eCommerce, privacy, freedom of expression and many other issues, managed by intergovernmental organizations and networks from G7, G20, BRICS, NATO, ASEAN, OSCE and SCO until WTO, UNESCO, WIPO, ILO, HRC and many others. Those actors had little or nothing to do with the Internet 15 years ago. Now they are key players. While the role of technical bodies like ICANN, RIRs, IETF, IAB, IEEE, ISOC, and others is as important as it was in 2003, there is a significant power shift in the global Internet Governance Ecosystem.

At the eve of the 2020s, there is no difference anymore between the "Internet world" and the "real world." The "real world" is now a world based on the Internet. In 1996, John Perry Barlow declared in Davos, that the cyberspace is the "new home of mind" where "Governments of the Industrial World" and "the giants of flesh and steel" have no place. But today's reality is, that the "giants of flesh and steel" and the "governments of the world" have likewise settled in cyberspace. And indeed, cyberspace is too big to be populated and managed by just one single community or by one stakeholder group. Peace, security, disarmament, trade, sustainable development, and human rights, where the UN has a mandate for policymaking since 1945, are now Internet issues.

Insofar, it makes a lot of sense that a UN panel looks into the broader implications of future digital cooperation. And it is very wise, to leave this investigation into the digital future, not in the hands of the "governments of the world" and the "giants of flesh and steel" but also not to exclude them.

One can not ignore that the new Internet Governance complexity has produced a new need to go beyond the Internet controversies of the last 15 years. Time is ripe to start a new thinking about a common responsibility of all state and non-state actors in tomorrow's digital world. Time is ripe for a new and unbiased approach to the global Internet Governance dialogue. We have to leave behind us the senseless battles between "multilateralism" and "multistakeholderism." As said above, the cyberspace is too big to be managed just by one group. There is space both for multistakeholder collaboration as well as for intergovernmental arrangements, as long as all sides follow international law, human rights and the fundamental principles of Internet Governance, as laid down, inter alia, in the NetMundial Declaration from April 2014.

When Guterres addressed the Munich Security Conference (MSC) on February 16, 2018, he made it clear that he is "one of those that defend that only through a multiple stakeholder approaches we will be able to make progress." I believe, said Guterres, that "it is necessary to bring together governments, the private sector involved in these areas, civil society, academia and research centers, in order to be able to establish at least some basic protocols to allow for the web to be an effective instrument for the good." He rejected any UN ambitions to control the Internet and added: "I don't intend that the United Nations has a leadership role on this, but I can guarantee that the United Nations would be ready to be a platform in which different actors could come together and discuss the way forward, in order to find the adequate approaches to make sure that we are able to deal with the problem of cybersecurity… especially now that artificial intelligence that is providing enormous potential for economic development, social development and for the well-being for all of us."

The UN as a facilitator, not as a manager or controller. This sounds reasonable. With all its weaknesses, the UN has a high authority and gives processes legitimacy. This gives the panel enough flexibility: it is not bound by traditional UN rules of procedures, but it benefits from the aura of the UN.

With the appointment of the new panel, Guterres has now placed the hot potato into the hands of a rather mixed multistakeholder group from around the globe with ministers, CEOs, professors, technical experts, civil society activists, Nobel prize winners and even one of the fathers of the Internet, Vint Cerf. Guterres can now wash his hands and say good luck. But will the panel be able to deliver? Payday is May 2019, a very small timeframe for such a big problem.

On the other hand, with so many Internet reports which have been produced in the last years by high-level commissions and working groups, it should not be a problem for the panel to understand the issue. There is no need anymore "to study" the various implications. All the cards are on the table. This is a time for courageous, creative and innovative decisions. If the panel produces a short report with very clear and simple messages which embrace the new Internet Governance complexity, it can offer a way forward on how to frame the political Internet discussions in the 2020s. It can send back the hot potato to the 193 UN member states and the numerous non-state actors on a dish with a knife and a fork and good instructions on how to eat it.

The WGIG Experience

Guiterres is not the first UN Secretary General who appointed an expert group to discuss Internet issues. In 2003, at the end of the first phase of the UN World Summit on the Information Society (WSIS) in Geneva, the governments of China and the US disagreed fundamentally on how the Internet should be governed. The risk was high, that the whole summit would have been collapsed. China argued in favor of "governmental leadership" for the Internet. The US preferred "private sector leadership." Both governments disagreed even about the terminology of "Internet Governance." The only thing they could agree was to ask UN Secretary General Kofi Annan, to establish a "Working Group on Internet Governance" (WGIG) with a mandate to define "Internet Governance," to identify Internet-related public policy issues and to give some recommendations to the UN member states, what to do during the 2nd phase of WSIS, scheduled for 2005.

Before the first WGIG meeting, Kofi Annan said in a speech in New York in March 2004: "The issues are numerous and complex. Even the definition of what we mean by internet governance is a subject of debate. But the world has a common interest in ensuring the security and the dependability of this new medium. Equally important, we need to develop inclusive and participatory models of governance. The medium must be made accessible and responsive to the needs of all the world's people." And he added that "in managing, promoting and protecting [the internet's] presence in our lives, we need to be no less creative than those who invented it. Clearly, there is a need for governance, but that does not necessarily mean that it has to be done in the traditional way, for something that is so very different."

Kofi Annan's call for "political innovation" was reflected already in the composition of the WGIG. The 40 members came not only from governments, as usual in the UN context, but included also stakeholders from the private sector, civil society, the academic and technical community. And indeed, the combined wisdom of this multistakeholder group paved the way for a real political innovation: The group rejected the concept, that the Internet needs "a leader." It argued that the Internet needs primarily a "trusted collaboration" and the engagement of the private sector, the civil society, the technical-academic community, and governments. Policy development and decision making should be "shared" by all stakeholders in their "respective roles," that is no stakeholder can substitute another stakeholder, but all stakeholders are needed to find sustainable solutions for the new emerging problems.

Not everybody in the WGIG expected that the governments will accept the "multistakeholder approach" as an innovative proposal for policymaking in cyberspace. Intergovernmental negotiations as a "world summit" have their own rules and governments take reports from expert groups normally just as "food for thought." Insofar it came as a surprise that the WGIG recommendation was confirmed in the "Tunis Agenda," word by word. There was no reasonable alternative on the negotiation table. And before declaring "defeat," the heads of States of the 193 UN member states took the "low hanging fruits" and opened the door to do "something that is so very different," as Kofi Annan has said in New York in 2004.

Nevertheless, the "governmental leadership camp," which could not stop the "opening of the door," tried to link the journey into the new cyberspace to their traditional understanding on the sovereign rights of states. For them, the "respective roles" of the stakeholders included a privileged role for governments, reflected in paragraph 35 of the Tunis Agenda which said that "authority for Internet-related public policy issues is the sovereign right of States." However, paragraph 35 was linked to paragraph 68 which said that the "development of public policy by governments" should be done "in consultation with all stakeholders." And paragraph 34 introduced language, that multistakeholder cooperation should be based on "shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet."

Which sounds like a "hair-splitting" by "word-smiths" reflected the unsettled conflict between worldviews of "hierarchies" and "networks," of "autocracies" and "democracies." It left space for three rather different concepts for digital cooperation:

  • The traditional concept of an absolute "state sovereignty" where "one decision maker" sits on top of a hierarchy,
  • The concept of "state sovereignty linked to consultations with non-state actors" where decision making remains in the hands of the "master on the top," but has to go through an open and transparent process,
  • The multistakeholder concept where policy development and decision making is shared on more or less equal footing among all involved and affected stakeholders, based on bottom-up, open and transparent processes.

Since 2005, the Internet Governance Forum (IGF), established by the Tunis Agenda, became the place for exercising such a multistakeholder cooperation. It worked out not bad. The multistakeholder approach for Internet Governance prooved its value. The IGF itself got a limited mandate which excluded the decision-making capacity. But the IGF discussions paved the way for a number of success stories by preparing such decisions through its open and transparent processes.

One example is the NetMundial Declaration on Principles of Internet Governance. Another one is ICANN's IANA transition. Since the first IGF in Athen in 2006, "Principles for Internet Governance" were discussed in numerous plenaries and workshops. In 2014, NetMundial summarized, globalized and multistakeholderized the IGF discussions and the numerous efforts by organizations like OECD, Council of Europe, Global Network Initiative (GNI), Association for Progressive Communication (APC) and others. In 2016, the IANA transition — a controversial item on nearly every IGF — demonstrated the capacity of the multistakeholder approach to transfer the stewardship role over the IANA functions from a powerful government to an empowered community.

Looking Forward

But all this is water under the bridge. Times have changed. There is a new Internet Governance Complexity. The power balance within the Internet Governance Ecosystem has shifted. On the horizon, we see shadows of new intergovernmental cyberconflicts, digital trade wars and massive violations of individual human rights. Are the "good old days" of the Internet over?

The Internet is again at a crossroads. This is not dramatically new. Since years the Internet community is stumbling forward from crossroads to crossroads. But at the next crossroads, the traffic will reach a new level. The "Internet community" is not sitting anymore in the driver's seat. The new vehicles on the information superhighway are operated by the security community, the military, the police, the trade people and many more constituencies which have their own established rules, procedures, cultures, lobby groups and only a little or no knowledge about the history of yesterday's Internet battles.

This new "clash of cultures" goes far beyond "multilateralism" vs. "multistakeholderism," far beyond "bellheads" vs. "netheads" or "privacy vs. security." 15 years ago, the military people were sitting over disarmament proposals, the police were dealing with traditional crimes, WTO people negotiated trade treaties, the UN Human Rights Commission discussed violations of human rights in failed states. All those communities were sitting in their well-established silos, busy with their well-defined core business. Today, all those groups have to deal with Internet-related issues.

Like on the Internet itself, where every computer is connected to every computer, every political problem is now connected to any other problem. Measures to strengthen cybersecurity — as the adoption of new laws — have economic implications, will affect digital trade and touch individual human rights as freedom of expression or privacy. Measures to protect human rights will affect the digital economy and cybersecurity. The European GDPR is a good example. Its intention, to strengthen individual privacy, has rocked the business model of many global corporations and challenges the day-to-day operations of law enforcement agencies.

The new "clash of cultures" is a "multiple clash" were military, trade, human rights, and Internet thinking comes together and it is not clear how this different approaches can be managed in a way that they can co-exist, learn from each other and coordinate their efforts to save cyberspace, to enable economic growth and sustainable development, respect human rights and allow a further and unfragmented evolution of a free, open and safe Internet. It seems that the old story of "the elephant and the seven blind men" gets a new reality check. A four-star-general, a police officer, an Internet entrepreneur, a human rights activist, a governmental bureaucrat, a professor, and an Internet user will have rather different sensors on their fingertips if they touch the Internet. But there is only one Internet.

It needs indeed a new wave of wisdom to bring this new complexity and the subsequent powershift in the Internet Governance Ecosystem into a new balance. The growing shadows of cyberconflicts and digital wars at the horizon are wake up calls. It is not too late to stop a digital dwindling spiral which could lead into a cyber catastrophe. But something has to be done to avoid, that the "clash" leads to a "crash," to a "digital Hiroshima."

It is interesting to recognize, that the two co-chairs of the panel are linked to private corporations which have initiated projects which are aimed to avoid a cyberwar and to enhance collaboration by developing digital trade. Microsoft is pushing since a couple of years for a "Digital Geneva Convention" to stabilize cyberpeace. Its "Tech Accord" is an invitation not only to the private sector, to move forward with substantial arrangements. AliBaba has launched an "eWorld Trade Platform" (eWTP) which is aimed to promote digital trade. "It is easy to start a trade war, but difficult to manage the consequences," said Jack Ma in January 2018 at the World Economic Forum in Davos. And he added: "Don't use trade as a weapon, use trade as a means to cooperate. It will take 30 years to fix the pain."

In other words, the new UN panel is confronted with the big issues. After years of great progress in the first ten years of the 21st century, in the last couple of years, we have seen rather irritating processes in the cyber world. Will the panel be able to make proposals to reverse such negative trends? Will the panel make innovative recommendations which will enable the pendulum to swing back in the 2020s? There are already two milestones fixed in the next decade: 2025 will see the WSIS+20 review of the Tunis Agenda. 2030 is the checkpoint for the sustainable development goals (SDGs).

Kofi Annan's plea for "policy innovation" was right in 2004, it is also right in 2018. Something has been achieved in the last 15 years. There is no need to reinvent the wheel. The WGIG-Definition, the IGF, the NetMundial Declaration, the London process, the IANA transition are good starting points. But with the new challenges coming from the new political unilateralism and the technical evolutions like the Internet of Things and Artificial Intelligence, a new innovative wave for Internet policymaking is needed. The multistakeholder approach was an innovation in 2005. The world is waiting now for another political innovation.

The UN panel is not alone. As said above, in the last years, many Internet reports had been produced by high-level groups. And more are in the pipeline. The UN Secretary-General did welcome "the increased focus on the implications of digital technologies for our society and our economy through commissions, conferences and other forums. This signifies that the timing is ripe for the digital policy ecosystem to evolve to the next level of maturity. The work of all these initiatives can and should be mutually reinforcing. Wherever possible, this Panel will work with other initiatives and seek to identify synergies and complementarities." The "Global Commission on the Future of Work" and the "Global Commission on Stability in Cyberspace" are only two such bodies, which could help to reach this "next level of maturity."

In my "Internet Governance Outlook 2018” I wrote: "What is needed is a holistic approach which takes into consideration all aspects, including unintended side effects. But unfortunately, the existing Internet negotiations mechanisms — with the exception of the Internet Governance Forum (IGF) — does not provide such a broad and inclusive approach. As long as the constituencies will remain in their silos, progress will be limited. And if this "silo approach" is mixed with a political unwillingness to enter into multistakeholder arrangements, not much can be expected from 2018."

I hope that I was wrong and the UN Panel will contribute to turning political unwillingness into readiness that will take the next stumbling step forward into the still unknown territory of the endless cyberspace.

Written by Wolfgang Kleinwächter, Professor Emeritus at the University of Aarhus

Follow CircleID on Twitter

More under: Internet Governance, Policy & Regulation

Categories: News and Updates

Verisign files patent application for IDN domain searches

Domain Name Wire - Thu, 2018-09-13 15:20

Patent covers providing IDN translations and transliterations of ASCII searches.

.Com registry Verisign (NASDAQ: VRSN) has filed a U.S. patent application (pdf) for searching for internationalized domain names (IDN).

An IDN is a domain name that includes at least one non-ASCII character. Many top level domain names allow people to register domain names in languages with non-ASCII character sets, such as Arabic, Japanese and Russian. These domains can be registered in .com, and Verisign now offers some transliterations of .com to the right of the dot. (A transliteration of .com is essentially something that makes the same sound as ‘com’ in the language.)

The patent application describes a way to search for a word and see various translations and transliterations. For example, I might enter a search for ‘house’ in ASCII and the search would return translations and transliterations in other languages. I can see if the domains are available or registered.

It’s essentially a namespinner with a translation element. The graphic to the right is from the patent application.

Sumit Daryani and Craig Davies are listed as the inventors. The patent application was filed in March 2017 and published by the U.S. Patent and Trademark Office today.

© 2018. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) Latest domain news at Domain Name Wire.

Related posts:
  1. VeriSign Gets Patent Related to Internationalized Domain Names
  2. Verisign gets patent for Recovery of a Failed Registry
  3. Why getting patents is smart for domain name companies
Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer