Latest news of the domain name industry

Recent Posts

Did Michael Dell just back ICANN’s DNS-CERT?

Kevin Murphy, May 5, 2010, Domain Policy

Michael Dell may have just backed ICANN’s call for a global DNS Computer Emergency Response Center, in a speech at a security conference.

Techworld is reporting that Dell and/or his CIO, Jim Stikeleather, referred to ICANN’s role in security during an address at the EastWest Institute Worldwide Cybersecurity Summit.

It’s not entirely clear whether the following quote is attributable to Stikeleather or Dell himself; my guess is Stikeleather:

ICANN manages the assignment of domain names and IP addresses, headquartered in California, is heavily US centric. There is a need to have more global participation on domain management as well as the future planning and next generation infrastructure needed to address the changes that will affect the Internet usage in years to come.

On the surface, it looks like a criticism of ICANN, but it could quite easily be interpreted as backing ICANN chief Rod Beckstrom’s recent call for the establishment of a global DNS-CERT to coordinate threats to the domain name system.

The quote immediately preceding it in the Techworld article is starkly reminiscent of Hot Rod’s controversial comments at the Governmental Advisory Committee at the Nairobi meeting in March.

“There is a preponderance of evidence that indicates cybercriminals could inflict major outages to portions of our critical infrastructure with minimal effort,” Jim Stikeleather reportedly said.

He was speaking at a session entitled “How do we build international cybersecurity consensus?”, which is a question Beckstrom has been asking in relation to the DNS-CERT idea.

A public comment forum on the DNS-CERT business case ICANN had presented ended a couple of weeks ago.

If I were to go out on a limb, I would say that a rough consensus emerged that such an entity was probably a good idea, and that ICANN could play a role, but that other bodies, such as DNS-OARC, might do a better job of coordinating it.

Politics at play in DNS CERT debate

Kevin Murphy, April 12, 2010, Domain Policy

ICANN chief Rod Beckstrom may have shot himself in the foot when he claimed at the Nairobi meeting that the domain name system is “under attack” and “could stop at any given point in time”.

Beckstrom wants ICANN to create a new CERT, Computer Emergency Response Team, to coordinate DNS security, but he’s now seeing objections from country-code domain managers, apparently connected to his remarks last month.

Chris Disspain of auDA, Australia’s .au registry, has just filed comments on behalf of the ccNSO council, which he chairs, saying it’s not clear whether there’s any need for a DNS CERT, and that ICANN is moving too fast to create one.

It’s pretty clear from the ccNSO statement that Hot Rod’s fairly blunt remarks at the GAC meeting in Nairobi, which I transcribed in full here, have influenced the ccNSO’s thinking on the matter:

the comments of ICANN’s CEO and President, Rod Beckstrom, to governmental representatives in Nairobi, have the potential to undermine the productive relationships established under ICANN’s multi-stakeholder model, cause damage to the effective relationships that many ccTLD operators have developed with their national administrations and discounted the huge efforts of many in the ICANN and broader security community to ensure the ongoing security and stability of the Internet

Disspain had already strongly written to Beckstrom, during the ICANN meeting, calling his comments “inflammatory” and reiterating some of the points made in the latest ccNSO filing.

Beckstrom’s response to Disspain’s first letter is here. I would characterize it as a defense of his position.

It seems pretty crazy that something as important as the DNS has no official security coordination body but, as Disspain points out, there are already some organizations attempting to tackle the role.

DNS-OARC, for example, was set up to fulfill the functions of a DNS CERT. However, as founder Paul Vixie confessed, it has so far failed to do so. Vixie thinks energies would be better spent fixing DNS-OARC, rather than creating a new body.

ICANN’s comments period on its DNS CERT business case is open for another couple of days. It’s so far attracted only a handful of comments, mostly skeptical, mostly filed by ccTLD operators and mostly suggesting that other organizations could handle the task better.

If Beckstrom’s aim in Nairobi was to reignite the debate and Get Stuff Done by scaring stakeholders into action, he may find he’s been successful.

However, if his aim was to place ICANN at the center of the new security initiative, he may ultimately live to regret his remarks.

Either way, I expect DNS security will eventually improve as a result.