News

Kyiv, April 13. Hostmaster, the technical administrator of the .UA domain, completed DNSSEC implementation activities and started using the technology commercially. Today, the international organization ICANN satisfied Hostmaster’s request to make an entry about DNSSEC key for .UA in the root zone of the domain names system (DNS).

This allowed Ukrainian companies to protect their sites from scammers who redirect users to scam sites using loopholes in the DNS. The DNSSEC technology applies digital signatures and guarantees authenticity of domain names.

So far, the technology has been adopted by three companies to protect their sites: RIFT Ltd (Rivne), Netassist (Kyiv), and NIC.UA (Dnipropetrovsk) to ensure safety of the domains rovno.ua, netassist.ua, and nic.ua, respectively.

At the moment, DNSSEC is being used worldwide by more than 70 top level domains (approximately 26% of the total amount), of which 60 are country domains (24%).   

In February nic.at introduced the security standard DNSSEC for the .at zone - that's why the latest .at report is dedicated to this topic. Although DNSSEC deals with encryption, NIC.at tried to treat the topic as 'unencrypted' as possible!

Find out yourself and explore the DNSSEC world map, take a look behind the scenes of our DNSSEC deployment and meet international DNSSEC pioneers! Furthermore you will get to know how registrars think about DNSSEC and which results the first .at barometer has delivered.

 Find the report here:

http://www.nic.at/en/uebernic/current_issues/at_report/

Paris saw one of the largest IETF meetings in recent years with over 1400 engineers - and also a few lawyers and policy people – gathered in a busy week. With meeting slots completely filled and additional launch and site meetings added on top, issues discussed between several working groups were the push for authentication and identification on the ever more resourceful web, World v6 Launch day (and the many life-saving efforts or Ipv4) and yet another attempt to use the Domain Name System (DNS) for another new alternative technology, this time for securing BGP routes.

Securing routing with the DNS as an alternative to the „oldie“ Routing PKI (RPKI) was presented as another approach to to make use of the DNS, in fact after challenging Transport Layer Security and its not beloved anymore system of certification authorities with DANE (DNS-based Authentication of Named Entities), it is now RPKI who seems to get competition from the DNSSEC-secured name space. Joe Gersch from the DNSSEC-provider Secure64 and Dan Massey from the University of Colorado, who is an author of some DNSSEC RFCs, presented ROVER – Route Origin Verification. Instead of implementing new infrastructure for the verification of BGP routes, the in-addr.arpa tree could be checked for announcements of IP address blocks.

Once a CIDR-block was announced administrators could query the DNS to see if it it was an authoritative announcment. The only trick necessary according to Gersch and Massey was to marry the eight-bit structure of the DNS with blocks unfitting in that structure. Gersch and Massey presented a proposal for „reverse DNS naming convention for CIDR address blocks“. Currently only complete IP addresses, but not address ranges may be registered under in-addr.arpa. Practically speaking the block 129.82.0.0/16 will be registered as 82.129.in-addr.arpa, the block      129.82.64.0/18 will be registered as 129.82.m.0.1 ( 129.82.m.0.1.0.0.0.0.0.0). In both the DNS and, much more in the RPKI WG of the IETF there were a lot of critical comments, but the DNS WG agreed to allow work to continue on the reverse naming draft despite some experts warning against pursuing ROVER, as it would introduce circular arguments and a bootstrapping problem in case of attacks. (For an evaluation of ROVER by Stephane Bortzmeyer, see his blogpost) 

Another topic discussed feverishly is the development of a new IETF standard for Whois in the WEIRDS working group. Beside the number registries that started the discussion, not only a large registry like VeriSign, but also a coming TLD-registry like Google declared its committment to a new Whois.

Web Identity

More and easier to use security options for the ever growing net of web platforms were a topic discussed not only during the Oauth working group of the IETF, but also in the technical plenary, a panel by the ISOC and an additional lunch panel chaired by representatives of the World Wide Web Consortium. The W3C is just about the start its own new WG on Web Cryptography and was very much interested in not add to the growing fragmentation of the Web Identity Space – with the more well-known OpenID and OpenID Connect suite (Google, Yahoo, Microsoft, Facebook),   BrowserID (mainly Mozilla), the not widely implemented OASIS SAML suite and smaller initiatives like WebID already competing. Instead the W3C wanted to offer building blocks, with a focus on strong cryptographic tools, Harry Halpin from the W3C said. The differences between Mozilla's Browser ID, that was presented several times by TLS-coauthor Eric Rescorla, and the OpenID Connect approach (which marries Oauth features and classical single sign-on solutions) are blurred, but experts from different sites agree, that BrowserID is somehow optimized to not allow the identity provider to see what the user is doing on the web.

If „the market“ will decide the tussle? At least, US lawyer Wendy Seltzer, representing the W3C, said, standards were desparately needed to avoid that users were compelled by content providers to authenticate via their prefered identity provider. In the US there were newspapers for example that were only available for online subscription if the user came from a Facebook account.

IPv6 – This time it's for real

The IETF leadership is prepared to finally clear the IPv6 related WGs from work that is targeted to extend the lifetime of Ipv4 with an „Ipv4Exit“ WG. In Paris the Ipv6Op WG once more saw a long list of drafts talking Ipv4, and not IPv6. At the same time the Internet Society has announced that the second WorldIPv6 Day (on June, 6th 2012) will be no other test flight, but instead should mark the take off. Several large network providers including Comcast and Time Warner Cable, content providers including Google and Yahoo and hardware companies like Cisco and Dlink announced they would launch IPv6. Network providers participating have to offer IPv6 to every new customer and have to push their IPv6 traffic to at least one percent by June, 6. An observation made by non-US participants at the meeting was that ISOC had not rallied as much support outside of the US.

Precisely 20 years ago today Estonia established its first Internet connection with the outside world. Previously people in Estonia could only send and receive e-mails via slow modem connections by making international calls to Finland. Such a solution was both complicated and inadequate because it excluded a wide range of Internet possibilities.
Click for Full Article

Following the publication of the calls for applications to manage the 11 top-level extensions in the Official Journal of the French Republic on March 20, 2012, AFNIC has announced his candidacy for the extensions in question and has launched its campaign of calls for support.

AFNIC has successfully acted as the Registry for the .fr (France), .re (Reunion Island),.pm (St. Pierre and Miquelon), .tf (French Southern and Antarctic Territories), .wf (Wallis and Futuna) and .yt (Mayotte) TLDs since 1998.

"The association is particularly committed to extending this unbiased approach, giving each category of stakeholder (registrars, users, private and public sectors) a fair place, while promoting sharing and openness in a non-profit environment," said Jean-Pierre Dardayrol, Chairman of AFNIC. "AFNIC therefore wishes to re-assert its commitment to the French Internet community by applying for the management of the 11 French Internet extensions included in the calls for applications," he added.

Click for full article

The Swedish company OpenDNSSEC AB (svb), which is operated by .SE (The Internet Infrastructure Foundation), will receive a capital injection of

The .uk registry has now hit over 10 million domains – maintaining its position as the world’s second largest country code registry.

The 10 millionth registration follows on from two years of strong growth in .uk domains. 

Nominet is marking this occasion by announcing a major investment in the .uk brand – a particularly important step given the backdrop of a changing landscape of domain names. This work is focused on growing the market and driving growth in .uk by delivering and building a compelling .uk brand story for businesses and consumers. A marketing campaign, set to roll out from May this year, will include a dedicated .uk website.

Click to read full article 

DIFO and DK Hostmaster A/S have decided to change the management structure of the companies. Currently, DIFO and DK Hostmaster A/S each have their own director, Lise Fuhr for DIFO and Per Kølle for DK Hostmaster. From now on, DIFO and DK Hostmaster will have one management group consisting of a CEO and a Vice CEO who will function as management for both DIFO and DK Hostmaster.

The change to the management structure will be implemented as part of a planned generational handover on the occasion of Per Kølle’s imminent retirement. Per has given an enormous contribution and, not least, it is Per’s achievement that DIFO and DK Hostmaster are currently extremely well-run administrators of the .dk domain. Per’s knowledge will not be easy to replace and, consequently, the organisation is pleased that Per has agreed to continue his association with DK Hostmaster.

The Boards have now commenced recruiting Per’s replacement, who will be the new CEO for DIFO  and DK Hostmaster.

Lise Fuhr will continue as Vice CEO in the new management structure. Over the past three years, Lise has given DIFO a voice in the national and international domain policy and has attended to relations to DIFO’s many stakeholders. DIFO and DK Hostmaster are pleased that Lise has agreed to remain a part of the new management.

The changes in the management structure will become effective from 1 March. Until a new CEO is found, Lise Fuhr will be temporarily appointed as CEO.

The CENTR Guide to ICANN43 is now available. 
The guide contains key topics in the ccNSO, GAC and gNSO spheres as well as relevant sessions to attend.  

Click for the Guide to ICANN43 

Leap day on the Internet: 29 February 2012 is also a special day for the .at-zone. At 11.35 a.m., the local domain registry nic.at activated the security extension DNSSEC for .at-domains. The first Austrian domain with a DNSSEC signature is the tourism portal austria.at.

“Security is the dominant topic on the Internet. With the DNSSEC extension we have now set another milestone for the security of the .at-zone”, says nic.at CEO Robert Schischka. “While the DNSSEC signature of domains is not equally relevant for every domain holder, highly sensitive sectors like banks, insurance companies or online shop providers will definitely welcome DNSSEC as an additional means of protection. This technology increases the safety of sensitive transactions and is another measure to protect the users against misuse on the Internet.”

The first .at-domain with DNSSEC signature goes to… Salzburg!

Great joy in Salzburg: The first .at-domain with a DNSSEC signature in Austria is the tourism platform austria.at. Says CEO Renate Emminger: “This is a double jubilee for us. We registered our domain austria.at in 1997, and on its 15^th birthday its own DNSSEC signature provides even more security.” Co-manager Josef Rehrl adds: “We didn’t have to think twice after being informed by our registrar WORLD4YOU about DNSSEC. As a tourism and booking platform, security is of utmost importance to us. As payment transactions are also performed on our portal, we can say that everything that increases the confidence on the Internet is a boon to our customers.”

Only a few DNSSEC pioneers among Austrian registrars

WORLD4YOU, a company located in Linz, is one of the first registrars to offer this new service for .at-domains to its customers. CEO Johannes Kührerüber told us about his motives: “We believe that this service makes us stand out well. DNSSEC is a useful supplement, especially for customers whose domains are used for financial transactions or the transmission of sensitive data. Thus, we have thoroughly tested the required processes and sequences, as we really wanted to be among the first registrars offering this service in Austria.” More information about DNSSEC from nic.at available here

 

Photo credits:
Photo 1: nic.at CEOs Robert Schischka (far left) and Richard Wein (far right) hand over the certificate for the first Austrian domain with DNSSEC signature to CEOs of austria.at Renate Emminger and Josef Rehrl
© nic.at, Wildbild
Photo 2:
Mood of celebration at nic.at – CEOs Richard Wein (left) and Robert Schischka (right) raise their glasses of “DNSSECco” to the successful launch of DNSSEC for the .at-zone.
© nic.at, Wildbild 

Further inquiry note: 

Mag. Monika Pink-Rank, nic.at PR
Tel: +43(0)662/4669-63
This email address is being protected from spambots. You need JavaScript enabled to view it.

Go to Original Article via NIC.at site