[funsec] OpenCRS: Internet Domain Names: Background and Policy Issues
http://opencrs.com/document/97-868/ Summary Navigating the Internet requires using addresses and corresponding names that identify the location of individual computers. The Domain Name System (DNS) is the distributed set of databases residing in computers around the world that contain address numbers mapped to corresponding domain names, making it possible to send and receive messages and to access information from computers anywhere on the Internet. The DNS is managed and operated by a not-for-profit public benefit corporation called the Internet Corporation for Assigned Names and Numbers (ICANN). Because the Internet evolved from a network infrastructure created by the Department of Defense, the U.S. government originally owned and operated (primarily through private contractors) the key components of network architecture that enable the domain name system to function. A 1998 Memorandum of Understanding (MOU) between ICANN and the Department of Commerce (DOC) initiated a process intended to transition technical DNS coordination and management functions to a private-sector not-for-profit entity. While the DOC has played no role in the internal governance or day- to-day operations of the DNS, ICANN remained accountable to the U.S. government through the MOU, which was superseded in 2006 by a Joint Project Agreement (JPA). On September 30, 2009, the JPA between ICANN and DOC expired and was replaced by an Affirmation of Commitments (AoC), which provides for review panels to periodically assess ICANN processes and activities. Many of the technical, operational, and management decisions regarding the DNS can have significant impacts on Internet-related policy issues such as intellectual property, privacy, e- commerce, and cybersecurity. With the expiration of the ICANN-DOC Joint Project Agreement on September 30, 2009, and the announcement of the new AoC, the 112th Congress and the Administration may continue to assess the appropriate federal role with respect to ICANN and the DNS, and examine to what extent ICANN is positioned to ensure Internet stability and security, competition, private and bottom-up policymaking and coordination, and fair representation of the global Internet community. A related issue is whether the U.S. government's unique authority over the DNS root zone should continue indefinitely. Foreign governments have argued that it is inappropriate for the U.S. government to have exclusive authority over the worldwide DNS, and that technical coordination and management of the DNS should be accountable to international governmental entities. On the other hand, many U.S. officials argue that it is critical for the U.S. government to maintain authority over the DNS in order to guarantee the stability and security of the Internet. The expiration of the JPA, the implementation of the Affirmation of Commitments, and the continuing U.S. authority over the DNS root zone remain issues of interest to the 112th Congress, the Administration, foreign governments, and other Internet stakeholders worldwide. Other specific issues include the possible addition of new generic top-level domain names (gTLDs), .xxx and the protection of children on the Internet, the security and stability of the DNS, and the status of the WHOIS database. How all of these issues are ultimately addressed could have profound impacts on the continuing evolution of ICANN, the DNS, and the Internet. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] OpenCRS: Internet Domain Names: Background and Policy Issues
See also: http://blog.internetgovernance.org/blog/_archives/2011/1/29/4737705.html - ferg On Sun, Jan 30, 2011 at 3:49 PM, Shawn Merdinger wrote: > http://opencrs.com/document/97-868/ > > Summary > > Navigating the Internet requires using addresses and corresponding > names that identify the location of individual computers. The Domain > Name System (DNS) is the distributed set of databases residing in > computers around the world that contain address numbers mapped to > corresponding domain names, making it possible to send and receive > messages and to access information from computers anywhere on the > Internet. The DNS is managed and operated by a not-for-profit public > benefit corporation called the Internet Corporation for Assigned Names > and Numbers (ICANN). Because the Internet evolved from a network > infrastructure created by the Department of Defense, the U.S. > government originally owned and operated (primarily through private > contractors) the key components of network architecture that enable > the domain name system to function. A 1998 Memorandum of Understanding > (MOU) between ICANN and the Department of Commerce (DOC) initiated a > process intended to transition technical DNS coordination and > management functions to a private-sector not-for-profit entity. While > the DOC has played no role in the internal governance or day- to-day > operations of the DNS, ICANN remained accountable to the U.S. > government through the MOU, which was superseded in 2006 by a Joint > Project Agreement (JPA). On September 30, 2009, the JPA between ICANN > and DOC expired and was replaced by an Affirmation of Commitments > (AoC), which provides for review panels to periodically assess ICANN > processes and activities. Many of the technical, operational, and > management decisions regarding the DNS can have significant impacts on > Internet-related policy issues such as intellectual property, privacy, > e- commerce, and cybersecurity. With the expiration of the ICANN-DOC > Joint Project Agreement on September 30, 2009, and the announcement of > the new AoC, the 112th Congress and the Administration may continue to > assess the appropriate federal role with respect to ICANN and the DNS, > and examine to what extent ICANN is positioned to ensure Internet > stability and security, competition, private and bottom-up > policymaking and coordination, and fair representation of the global > Internet community. A related issue is whether the U.S. government's > unique authority over the DNS root zone should continue indefinitely. > Foreign governments have argued that it is inappropriate for the U.S. > government to have exclusive authority over the worldwide DNS, and > that technical coordination and management of the DNS should be > accountable to international governmental entities. On the other hand, > many U.S. officials argue that it is critical for the U.S. government > to maintain authority over the DNS in order to guarantee the stability > and security of the Internet. The expiration of the JPA, the > implementation of the Affirmation of Commitments, and the continuing > U.S. authority over the DNS root zone remain issues of interest to the > 112th Congress, the Administration, foreign governments, and other > Internet stakeholders worldwide. Other specific issues include the > possible addition of new generic top-level domain names (gTLDs), .xxx > and the protection of children on the Internet, the security and > stability of the DNS, and the status of the WHOIS database. How all of > these issues are ultimately addressed could have profound impacts on > the continuing evolution of ICANN, the DNS, and the Internet. > ___ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] OpenCRS: Internet Domain Names: Background and Policy Issues
On 30/01/11 18:49 -0500, Shawn Merdinger wrote: >http://opencrs.com/document/97-868/ > >Summary > >Navigating the Internet requires using addresses and corresponding >names that identify the location of individual computers. The Domain >Name System (DNS) is the distributed set of databases residing in I had no idea that DNS root zone administration had reached the level of US congressional review, and I'm slightly encouraged that it has. Two relevant items that were left out of this overview, that re-enforce the need for a clear separation between the technical administration of IANA resources and US interests: Jon Postel's attempt to move several DNS root name servers away from network solutions [1] The recent domain hijacking done at the demand of the MPAA and RIAA. I'm encouraged by the tone of the "Concluding Observations" though: "In transferring management of the DNS to the private sector, the key policy question has always been how to best ensure achievement of the White Paper principles: Internet stability and security, competition, private and bottom-up policymaking and coordination, and fair representation of the global Internet community" Which restates the concept of transferring ICANN (or its replacement) to private control, and at least provides a foundation for why one might want to do so. These two sections are bound to be used as scare tactics against it: .xxx and Protecting Children on the Internet Domain Names and Intellectual Property [1] http://en.wikipedia.org/wiki/Jon_Postel -- Dan White ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] "Hunting Hydrogen Ballons with Fireworks"
Very geeky, but amusing. http://www.youtube.com/watch?v=ozHoP_YThRI == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org A person reveals his character by nothing so clearly as the joke he resents. - G. C. Lichtenberg victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] [HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb
Happy 2011 everyone! Just a reminder that the Call for Papers for the second annual HITBSecConf in Europe is closing on the 18TH OF FEBRUARY! We've received some awesome submissions so far and the event is really shaping up nicely. The event will once again take place at the NH Grand Krasnapolsky in Amsterdam from the 17th - 20th of May. HITB2011AMS will be a quad-track conference line up featuring keynote speaker Joe Sullivan (Chief Security Officer of Facebook) and a special keynote panel discussion on 'The Economics of Vulnerabilities' In addition, the event also features a brand new Capture The Flag - World Domination competition run by the HITB.nl CTF Crew, an expanded Hackerspaces Village (now featuring a Hackerspaces Challenge with LEGO MINDSTORMS!) an updated Lock Picking Village run by members from TOOOL.nl and of course the HITBSIGINT sessions - 15 minute talks held during the coffee and lunch breaks with a focus on highlighting up and coming research and researchers. As always, talks that are more technical or that discuss new and never before seen attack methods are of more interest than a subject that has been covered several times before. HITB CFP: http://cfp.hackinthebox.org/ === Topics of interest include, but are not limited to the following: # Cloud Security # 3G/4G/WIMAX Security # File System Security # SS7/GSM/VoIP Security # Smart Card and Physical Security # Network Protocols, Analysis and Attacks # Applications of Cryptographic Techniques # Side Channel Analysis of Hardware Devices # Data Recovery, Forensics and Incident Response # Analysis of Malicious Code / Viruses / Malware # Windows / Linux / OS X / *NIX Security Vulnerabilities # Next Generation Exploit and Exploit Mitigation Techniques # WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security Each non-resident speaker will receive accommodation for 3 nights / 4 days at the Krasnapolsky. For each non-resident speaker, HITB will cover travel expenses up to EUR1200.00. Your submission will be reviewed by The HITB CFP Review Committee which includes: Charlie Miller(Principal Analyst, Independent Security Evaluators) Jeremiah Grossman (Founder, Whitehat Security) Red Dragon Thanh (THC, VNSECURITY, Intel Corp) Mark Curphey (Director, Microsoft Corp) Cesar Cerrudo (Founder / CEO ArgenISS) Saumil Shah (Founder CEO Net-Square) Shreeraj Shah (Founder, BlueInfy) Fredric Raynal(Sogeti/Cap Gemini) Robert Hansen (rsnake) (SecTheory) Alexander Kornburst (Red Database) Emmanuel Gadaix (Founder, TSTF) Andrea Barisani (Inverse Path) Ed Skoudis(InGuardians) Haroon Meer (Sensepost) Chris Evans (Google) Philippe Langlois (TSTF) Skyper(THC) PLEASE NOTE: We do not accept product or vendor related pitches. If you would like to showcase your company's products or technology, please contact us for further participation opportunities. === Event Website: http://conference.hackinthebox.org/hitbsecconf2011ams/ We look forward to receiving your submissions and to seeing you in Amsterdam in May! - The HITB.nl Team - http://conference.hitb.nl --- Hafez Kamal HITB Crew Hack in The Box (M) Sdn. Bhd. Suite 26.3, Level 26, Menara IMC, No. 8 Jalan Sultan Ismail, 50250 Kuala Lumpur, Malaysia Tel: +603-20394724 Fax: +603-20318359 ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
