Introducing getdns: a Modern, Extensible, Open Source API for the DNS

By Security

Verisign is pleased to announce the public introduction of getdns at The Next Web in Amsterdam (TNWEurope) April 23-24, 2014. Verisign Labs and NLNet Labs in collaboration have developed getdns, an open source implementation of the getdns-api application programming interface (api) specification.

At The Next Web, getdns is one of the challenge APIs in a 36-hour Hack Battle. Multiple teams of application coding experts are using getdns to develop innovative applications that leverage the global security infrastructure available through DNS Security Extensions (DNSSEC).

(more…)

Proceedings of Name Collisions Workshop Available

By Security

Presentations, papers and video recordings from the name collisions workshop held earlier this month in London are now available at the workshop web site, namecollisions.net.

The goal for the workshop, described in my “colloquium on collisions” post, was that researchers and practitioners would “speak together” to keep name spaces from “striking together.” The program committee put together an excellent set of talks toward this purpose, providing a strong, objective technical foundation for dialogue. I’m grateful to the committee, speakers, attendees and organizers for their contributions to a successful two-day event, which I am hopeful will have benefit toward the security and stability of internet naming for many days to come.

(more…)

Jeff Schmidt to Present Name Collision Management Framework at Research Workshop

By Security

I’m delighted to announce that the name collisions workshop this weekend will include Jeff Schmidt, CEO of JAS Global Advisors, presenting the Name Collision Occurrence Management Framework that his firm just released for public review.

Jeff’s presentation is one of several on the program announced by the program committee for the Workshop and Prize on Root Causes and Mitigations of Name Collisions (WPNC).

(more…)

Uncontrolled Interruption? Dozens of “Blocked” Domains in New gTLDs Actually Delegated

By Security

The Mitigating the Risk of DNS Namespace Collisions report, just published by JAS Global Advisors, under contract to ICANN, centers on the technique of “controlled interruption,” initially described in a public preview shared by Jeff Schmidt last month.

With that technique, domain names that are currently on one of ICANN’s second-level domain (SLD) block lists can be registered and delegated for regular use, provided that they first go through a trial period where they’re mapped to a designated “test” address. The staged introduction of new SLDs is intended to provide operators of installed systems the opportunity to assess the potential impact of an impending name collision on their own, before any external operators have an opportunity to exploit it.

(more…)

Keynote Speaker for Name Collisions Workshop: Bruce Schneier

By Security

There may still be a few security practitioners working in the field who didn’t have a copy of Bruce Schneier’s Applied Cryptography on their bookshelf the day they started their careers. Bruce’s practical guide to cryptographic algorithms, key management techniques and security protocols, first published in 1993, was a landmark volume for the newly emerging field, and has been a reference to developers ever since.

Beyond just the popularity of the book, Bruce has also been widely recognized over the past two decades for his insightful commentary on the security issues of the day, featured on his monthly Crypto-Gram newsletter, his blog, “Schneier on Security,” 11 more books including the newly published Carry On, as well as numerous essays, op-eds and interviews.

It’s a genuine privilege therefore that Bruce will be keynoting the upcoming Name Collisions Workshop, to be held on March 8-10, in London.

(more…)

New Work in the Development and Management of EPP Extensions

By Domain Names

On Dec. 12, 2013, the Internet Engineering Steering Group (IESG) announced the formation of a new working group, Extensible Provisioning Protocol Extensions (eppext). The working group was formed to create an internet Assigned Numbers Authority (IANA) registry of Extensible Provisioning Protocol (EPP) extensions and to review specifications of extensions for inclusion in the registry. EPP is the standard domain name provisioning protocol for generic top-level domain (gTLD) name registries that operate under the auspices of the Internet Corporation for Assigned Names and Numbers (ICANN). It is also used by a number of country code top-level domain (ccTLD) registries.

The “E” in EPP has been both a blessing and a curse. EPP uses features of the Extensible Markup Language (XML) that provide “hooks” for protocol extensions. These hooks make it easy to specify new functionality without having to modify EPP itself. That’s the blessing. The curse has been that easy extensibility has led to multiple independent specifications that describe similar functionality. In a 2010 presentation, Patrick Mevzek (developer of the Net::DRI Perl library that implements EPP) described XML namespaces used in 68 distinct extensions. He further described three different extensions created by different registry operators to provide domain “undelete” functionality. This duplicity of effort makes implementation much more complicated for anyone developing EPP clients.

Some background information will help explain how we got here.

(more…)

Colloquium on Collisions: Expert Panelists to Select Papers, Award $50K First Prize

By Security

According to the Online Etymology Dictionary, the verb collide is derived from the Latin verb collidere, which means, literally, “to strike together”:  com- “together” + lædere “to strike, injure by striking.”

Combined instead with loquium, or “speaking,” the com- prefix produces the Latin-derived noun colloquy: “a speaking together.”

Researchers and practitioners know well the benefits of the colloquium, the technical conference, a gathering of those speaking together on a topic.

So consider WPNC 14 – the upcoming namecollisions.net workshop – a colloquium on collisions: speaking together to keep name spaces from striking together.

(more…)

Insights on the Technology in the Real World

By Domain Names

At each of our Verisign Labs’ Distinguished Speaker Series events I learn something new that stays with me and helps shape my thinking about technology and its impact on the world. The most recent brought the benefit of three insights, as the expanded event, Advancing Internet Technologies in the Developing World, featured a keynote speaker as well as two recipients of Verisign’s Infrastructure Grants.

(more…)

Collisions Ahead: Look Both Ways before Crossing

By Security

Many years ago on my first trip to London, I encountered for the first time signs that warned pedestrians that vehicles might be approaching in a different direction than they were accustomed to in their home countries, given the left-versus-right-side driving patterns around the world. (I wrote a while back about one notable change from left-to-right, the Swedish “H Day,” as a comment on the IPv6 transition.)

If you’re not sure on which side to expect the vehicles, it’s better to look both ways — and look again — if you want to reduce the risk of a collision.

(more…)

Rewarding Research: A Better Connected World, Name Collisions and Beyond

By Domain Names

It’s a privilege for Verisign to welcome this week the recipients of our 2012 Internet Infrastructure Grant program, who will be presenting the results of research their teams have conducted over the past year and a half.  The results will be the focus of our fourth and final Verisign Labs Distinguished Speaker Series event for the year.

The event will open with a keynote talk by Prof. Ellen Zegura of Georgia Tech (United States), who will give an overview of the field these two projects explore, “Intermittent and Low-Resource Networks: Theory and Practice.” It’s an honor to have Prof. Zegura with us to describe both the academic and hands-on work she’s conducted in this important area.

(more…)