News
More than one million .nl domain names secured with DNSSEC
SIDN, the company behind .nl, announced today that the Dutch country-code domain now has more than 1 million DNSSEC domain names. This milestone is reached exactely one month after the .nl domain became the internet domain with more DNSSEC-secured domain names than any other domain on the internet.
Roadmap
As the internet’s roadmap, the DNS has always been vulnerable to criminal threats such as cache poisoning and ‘man-in-the-middle’ attacks by unidentified parties. The perpetrators of such attacks can divert internet users to fake websites or intercept e-mail, even though the correct domain name
is used. These vulnerabilities were underestimated until 2008, when Dan Kaminsky demonstrated that the DNS was easy to manipulate. Kaminsky’s revelations gave urgency to the worldwide rollout of DNSSEC, which had been in progress for some time. DNSSEC tackles the problems identified by Kaminsky. It provides a method for ascertaining whether an incoming DNS response is authentic and originates from the right source. The practical outcome of that is that the DNS is more reliable. In July 2010, ICANN signed the root zone and a month later SIDN followed suit by signing the .nl zone with DNSSEC. Once that had been done, early adopters had the opportunity to have trust anchors added to the .nl zone file during a Friends & Fans phase. On 15 May 2012, SIDN implemented DNSSEC in its Domain Registration System, making it possible for .nl registrars to automate the processes of signing domain names. Detailed information about DNSSEC is available fromwww.dnssec.nl (in Dutch only).
Go to Original Article
The World Wide Web, by the Numbers
Tim Berners-Lee's vision for the World Wide Web was predicated on two core ideas: universality and connectivity. But now that the web has been around for a generation -- and, you know, changed the world, revolutionized information, etc., etc. -- how has it actually been adopted? Is the web, its obvious success notwithstanding, ultimately living up to its vision and its potential?
...See Full Article
Cleaning up Switzerland’s internet sites
Viruses and other malware are lurking not just on porn sites, but in places you might never expect. To make it safer to surf, the Switch foundation monitors the Swiss web for malicious code. As a result, Swiss computers are the least infected in the world.
“Error: the webpage cannot be displayed”. It’s not uncommon to get this kind of message when surfing on the web. So you check that the address has been typed correctly and try again, but the page still does not come up. Annoying? Yes, but it might be for your own good.
There are a number of reasons why a site may be inaccessible: connection problems, servers down, or updates in progress. But the site may also have been blocked deliberately for the sake of IT security.
“Some sites have got malicious code hidden in them that can infect a computer. The consequences can be serious: personal data and passwords may be stolen, or the whole system may crash”, explained IT expert Michael Hausding, who belongs to the Computer Emergency Response Team (CERT) at Switch, the organisation that looks after Switzerland’s Internet access. “My job is to block infected sites and prevent the spread of malware and other harmful code.”
Although invisible to the Internet user, CERT is successfully holding the line for Switzerland against malware. According to the most recent report of the Panda Security company, Switzerland is the country with the least number of infected computers in the world (see sidebar). “Apart from our work there are the actions of the major Internet service providers, who inform their customers periodically about the current threats”, adds Hausding.
See also in alternate languages:
Launch of signed output in DENIC Whois Service
In line with international standards, DENIC has made available a whois service for many years. This information service provides access to a variety of domain data and thus guarantees that whoever needs to can quickly find out whom to contact, if a .de domain causes technical problems or infringes rights. Duly taking account of the legitimate interests of data privacy, the service has been developed continuously. User data are protected and access is secured through access restrictions.
Last but not least because of the limited access, DENIC was asked to create a function in the whois that enables a domain holder to actively prove in a secure and easy manner that he/she actually is the holder of a .de domain.
DENIC has now complied with this request: Upon completion of today's maintenance, as from about 17:00 CET, the DENIC web-whois will offer our customers the option to obtain in response to a whois query a signed output with a .de domain's holder data. Such signed whois output can be used to prove beyond doubt who was the holder of the domain name at the time when the query was made, for example, if the domain is planned to be sold or in case of matters of legal relevance.
The advantage of a query with signed information output is that the received data is reliable and unforgeable and that it bears a time stamp.
To ensure that a domain query is submitted by an authorized person and not by an automated script (bot), also the new expanded whois function is protected by a Captcha, which must be deciphered by the requester to get access to the domain holder data. To further improve security, the Captcha version introduced in 2009 was replaced by reCAPTCHA in the course of the current amendments.
You will find more detailed information about the new signed whois output and the exact procedure of signing and verifying domain data on our special information page.
Go to Original Article
New RFC published by Working Group co-chaired by Ondřej Surý of CZ.NIC
The DANE (DNS-based Authentication of Named Entities) working group, chaired by Ondřej Surý of CZ.NIC Laboratories and a Google representative, issued a new Internet standard in August. The current RFC (Request for Comments) number 6698 concerns a new technology that enables the verification of certification authorities on the basis of DNS. This quite revolutionary idea may considerably increase the use of DNSSEC technology by end users. The recently published Internet standard is the third document of its kind created with participation of CZ.NIC Laboratories.
The idea of storing certificate fingerprints in DNS has been circulating in the IETF (Internet Engineering Task Force) for quite some time, but could only be securely implemented after the root zone was signed using DNSSEC technology in July 2010. The first discussion of the project at what is known as a Birds of a Feather meeting, initiated by Ondřej Surý and Warren Kumari of Google, took place at the end of July 2010 at the annual 2010 IETF congress in Maastricht; the official DANE working group was established in the autumn of the same year. The first stage of this project, with the participation of an international team of experts, concluded this August with the publishing of RFC 6698, defining the new TLSA DNS record and methods of working with it.
“IETF has been working on the DANE project for more than two years. The objective of our effort is a fundamental change in the way certificates are used in Internet services. To date, anyone interested in obtaining a security certificate had to contact a certification authority, but the new technology allows them to create their own certificate and store it in DNS secured with DNSSEC. This will save time and money,” adds Ondřej Surý, Head of CZ.NIC Laboratories.
At the last meeting in Vancouver, members of the DANE working group agreed on the further development of the project. The group is planning to create a more precise definition of the use of TLSA records in Internet protocols such as SMTP, XMPP, and SIP. Other tasks will include creating functional implementations for example in web browsers such as Mozilla Firefox or Google Chrome.
Go to Original ArticleMonthly Roundup August 2012
The latest edition of the CENTR Roundup newsletter is now available covering activities from August 2012.
This edition includes;
- Member news highlights
- Survey summary: Pricing and Billing Methods
- CENTR Statistics
- Article: A short overview of Chinese Registrations
- Upcoming CENTR Events
Click to download the roundup
_________________________________________________________
Monthly Roundup Archive
Federal Supreme Court upholds SWITCH's appeal
In the switchplus case, the Federal Supreme Court upheld SWITCH's appeal on 14 August 2012. The Foundation has noted the verdict with satisfaction.
On 22 March 2012, SWITCH lodged an appeal with the Federal Supreme Court against the verdict of the Federal Administrative Court of 13 February 2012. This verdict banned SWITCH from providing a link to its subsidiary switchplus ag on the www.switch.ch website. SWITCH's appeal was upheld in its entirety by the Federal Supreme Court on 14 August 2012.
SWITCH acted correctly
"With its decision, the Federal Supreme Court is supporting SWITCH's economic freedom", explains Andreas Dudler, Managing Director of SWITCH. The decision specifies inter alia that it must be possible for SWITCH to provide information on the group website www.switch.ch not only about its core business for the universities but also on the services of its subsidiary switchplus. With its verdict, the Federal Supreme Court also confirms that SWITCH has not given its subsidiary switchplus an unlawful advantage.
Background
In response to the sustained calls from domain name customers for hosting services, SWITCH set up its commercial subsidiary switchplus ag in 2009. This provides services associated with an internet presence – from the registration of the domain name, via web mail and CMS hosting, right through to hosted exchange. SWITCH uses its subsidiary's profits to support Switzerland's universities.
End of the legal dispute
After switchplus ag had been set up, a group of hosting providers prevented the market entry of the subsidiary. The decision taken by the Federal Supreme Court should now have put an end to this longstanding discussion. "We welcome this pioneering decision by the Federal Supreme Court. It confirms that SWITCH has always acted correctly", says Marco D'Alessandro, media spokesman for SWITCH.
Go to Article
Icelandic Registry introduce VID (Very Important Domains)
ISNIC is always evolving the registration of .is domains. A very important change, which is designed to increase the security of .is domains further, is being planned. This includes being able to mark domains as "very important domains", or VID.
VID's will get special treatment, especially regarding rights and renewals. So called VID insurance means that a VID's registration never expires accidentally. It will also be harder to transfer VID's to new registrants, since it will require confirmation from the registrants themselves, either digitally or a signed confirmation.
To prepare for this change, domain registrants are asked to update the registrants email at ISNIC, which can be done under "Modify Registration" on My Page. Only the administrative contact can edit the registrant information. In the fall, all administrative contacts and registrants with a registered email address will get an email where these changes will be explained in detail.
Drop-catching and Whois at Domain Name Debate 2012
SIDN is organising the 2012 Domain Name Debate at the Koninklijke Schouwburg in The Hague on 28 September. SIDN uses such debates to gauge stakeholder opinion on proposed changes to the rules governing the Netherlands' internet domain. At the debates, any interested party can have a say and thus help to shape future policy. The fourth Domain Name Debate focuses on drop-catching and further restriction of the amount of information about private registrants available from the Whois.
...Read More (Full Article)
InternetNZ approves new second level domain - .kiwi.nz
- represents an identifiable, significant community of interest.
- represents an on-going and long-lived community of interest.
- does not conflict with, duplicate or cause confusion about, any existing second-level domain and is a useful addition to the current DNS (Doman Name System) hierarchy.
- uses a name to represent the domain that is an obvious derivative of a word that properly describes the community of interest, e.g. .org.nz for organisation, or a complete word, e.g. .maori.nz.
- does not bring the .nz domain name space into disrepute.
Go to Original Article