Tag Archives: IETF

QUIC: Innovative New Technology for Sending Data Over the Internet Published as Open Standard

[news release] A new Internet transport technology that improves web application performance, security, and privacy has been published as a standard by the Internet Engineering Task Force (IETF).

Continue reading QUIC: Innovative New Technology for Sending Data Over the Internet Published as Open Standard

Request for Proposal: PTI Service Organization Control Audits

ICANN logoICANN is seeking a provider to conduct information systems audits mandated by the various contracts between the ICANN organization and the Internet Engineering Task Force (IETF) and the Regional Internet Registries (RIR). The audits are also part of the contract between the ICANN organization and its affiliate, Public Technical Identifiers (PTI).

PTI is responsible for the operational aspects of coordinating the Internet’s unique identifiers and maintaining the trust of the community to provide these services in an unbiased, responsible and effective manner. Mainly, PTI is responsible for the operation of the Internet Assigned Numbers Authority (IANA) functions; domain names, number resources, and protocol parameter assignments.

The objective of this request for proposal (RFP) is to select an independent audit firm to examine the security, process integrity and availability of the controls created as part of the Trust Services Criteria for the SOC 2® and the SOC 3®. The defined audit periods are 1 October 2017 through 30 September 2018 for the SOC 2® and 1 December 2017 through 30 November 2018 for the SOC 3®.

For a complete overview of the RFP including the timeline, please see here [PDF, 545 KB].

Indications of interest are to be received by emailing PTI.SOC2nSOC3.Audits-RFP@icann.org. Proposals should be electronically submitted by 18:00 PDT on 8 September 2017 using ICANN‘s sourcing tool, access to which may be requested via the same email address above.

This ICANN announcement was sourced from:

After 18 Years Of Discussions, IANA Functions Transferred To Global Multi-stakeholder Group

On 1 October the US government through the Department of Commerce’s National Telecommunications and Information Administration (NTIA) relinquished its role of overseeing the technical management of the ‘internet’s address book’, or the IANA functions, that ICANN has overseen since its inception. The role was handed over to a global multi-stakeholder group, allowing the IANA functions contract to expire.But the right of American politics did its best to thwart the transfer of powers using its usual efforts of fear and ignorance. The cheerleader of the opposition was Senator Ted Cruz who invoked fear reminiscent of the cold war opposition to the USSR, saying the transfer of powers jeopardised “free speech online and has been widely denounced by conservative and grassroots leaders and Members of Congress.”There was even a lawsuit from four US Republican state governments – Arizona, Texas, Oklahoma and Nevada – that sought a temporary restraining order to prevent the IANA contract from expiring on 30 September. The states argued the handover was unconstitutional and required congressional approval. But the case failed.From Saturday the global multi-stakeholder group, which consists of a collection of academics, technical experts, private industry and government representatives, public interest advocates and individual users around the world, will oversee the IANA functions. It’s a transfer that has been planned since 1997 and in March 2014 a formal plan was announced. It had been a goal of Democratic and Republican administrations, with the odd exception, through the Clinton, George W. Bush and Obama presidencies.There won’t be many noticeable changes. Speaking to IP Pro: The Internet, ICANN’s Theresa Swinehart said “nothing really changes in the context of ICANN overall, aside from some adjustments in the clerical functions and the role we play in accommodating the community proposal, and in enhancing some of the accountability processes we have in place.””It’s not changes to what we do, it’s taking on additional areas and areas of additional balances on the accountability side.”The change had near unanimous support from the global internet community, including from the Internet Society and the Internet Engineering Taskforce (IETF).”Today’s outcome confirms the strength of both the community and the multi-stakeholder process in tackling issues important to the continued growth and evolution of the Internet,” said Gonzalo Camarillo, Chair of the Internet Society’s Board of Trustees. “We commend the NTIA for its trust and confidence in the multi-stakeholder Internet community to achieve this important accomplishment.”The IETF noted in a blog post that “this is a good day — but also in many ways just like previous days. It is what we are already doing. The Internet will continue to work as it has before. The communities continue to work with the IANA system to make sure it responds to the needs of the users, as we have. Networks and people co-operate, voluntarily, so that they can connect over the Internet. Just like what the world has been doing since the dawn of the Internet.””Like many things on the internet, this is the result of many incremental steps by many people, Andrew Sullivan, IAB Chair, told the IETF blog. “It is incremental change that brings us the stability of the internet.””We rarely get the opportunity to witness a global consensus as broad and diverse as the one in favour of this transition,” Alissa Cooper, Chair of the IANA stewardship transition Coordination Group, who also spoke to the IETF blog. “Hundreds of people and organizations from across sectors and across the world had the courage and endurance to see this process through, and as a result the Internet is running as smoothly today as it did yesterday.”

Privacy Concerns in the Domain Name System by Samantha Bradshaw & Laura DeNardis

Social Science Research Network logoAbstract: Some of the most contentious policy debates of our time involve questions surrounding the privacy of user data and the extent to which personally identifiable information is encrypted on mobile devices, in transit, or in the cloud. However, one aspect of personal privacy often missing from the public discourse is the question of confidentiality in the Internet’s Domain Name System (DNS).

The DNS is a distributed but hierarchically organized system that translates alphanumeric domain names into IP addresses. One facet of Internet governance scholarship on the DNS has focused on examining public policy concerns related to freedom of speech, intellectual property, cybersecurity, and jurisdictional oversight. However, the design of the DNS also inherently raises a number of privacy concerns, one being the technological condition that DNS queries are almost always unencrypted. Although these queries do not contain “content” such as email text, images, or search terms, they do reveal the sites a user visits. As such, query data can disclose sensitive information-seeking practices related to addiction services, gender identity, disease treatment, pornography, abortion clinics, mental illness, employment, or online dating services. Given that almost every activity online begins with a DNS query, concerns about the prospects for unauthorized access to query information and practices for how queries are processed, retained, aggregated, or shared should be examined further.

Situated conceptually in the field of Science and Technology Studies (STS) and topically within the extensive body of research on global Internet governance, this research project asks: to what extent do DNS queries raise privacy considerations; what is at stake for Internet privacy, security, business models and stability; and how can various Internet governance stakeholders address these privacy concerns? To help establish the dominant frames for conceptualizing privacy in the public sphere, the research project examines dominant media sources for a five-year period between 2010-2015 and compares this coverage data to other online privacy concerns such as search engine privacy and user device encryption. To assess the extent of privacy concerns implicated by DNS queries and understand the stakes of various privacy mitigating options, the research project draws from interviews with DNS engineers and privacy advocates; the archival mailing lists of the DNS Privacy Working Group; proceedings of meetings of the Internet Engineering Task Force; and relevant Internet Request for Comments (RFCs).

This paper makes two contributions to information and communication technology policy and scholarship: first, it will contribute to the corpus of Internet governance scholarship around the Domain Name System by expanding the spectrum of policy issues it implicates to include concerns about individual privacy; and second, it will provide an evidentiary basis to expand policymaking considerations around privacy to include DNS queries rather than primarily content and personally identifiable information.


Stakeholder Proposals to Come Together at ICANN Meeting in Argentina by Assistant Secretary for Communications and Information and NTIA Administrator Lawrence E. Strickling

Lawrence E Strickling NTIA imageNext week, hundreds of members of the Internet stakeholder community will attend ICANN’s 53rd meeting in Argentina. As I head to Buenos Aires, one of NTIA’s top priorities continues to be the transition of NTIA’s role related to the Internet Domain Name System. Since we announced the IANA stewardship transition in March 2014, the response of the stakeholder community has been remarkable and inspiring. I thank everyone for their hard work.

The meeting in Buenos Aires will be pivotal, as the community finalizes the components of the transition proposal and determines what remains to be done. The three stakeholder groups planning the transition of the individual IANA functions have made great progress. I congratulate the Cross Community Working Group on Naming Related Functions for finishing its draft proposal and look forward to this work stream reaching closure. The other two stakeholder groups – the Internet Engineering Task Force, which is shepherding the protocol parameter proposal, and the five Regional Internet Registries, which collaborated on the numbering proposal – finished their proposals earlier this year.

Now the IANA Stewardship Transition Coordination Group (ICG) must combine these proposals into a consolidated transition proposal and then seek public comment on all aspects of the plan. ICG’s role is crucial, because it must build a public record for us on how the three customer group submissions tie together in a manner that ensures NTIA’s criteria are met and institutionalized over the long term.

In addition to the ICG transition proposal, the final submission to NTIA must include a plan to enhance ICANN’s accountability. Given that the draft proposal of the Cross Community Working Group on Enhancing ICANN Accountability will be a major focus of the discussions next week in Argentina, I would like to offer the following questions for stakeholders to consider:

  • The draft proposes new or modified community empowerment tools. How can the Working Group on Accountability ensure that the creation of new organizations or tools will not interfere with the security and stability of the DNS during and after the transition? Do new committees and structures create a different set of accountability questions?
  • The draft proposal focuses on a membership model for community empowerment. Have other possible models been thoroughly examined, detailed, and documented?  Has the working group designed stress tests of the various models to address how the multistakeholder model is preserved if individual ICANN Supporting Organizations and Advisory Committees opt out?  Similarly, has the working group developed stress tests to address the potential risk of capture and barriers to entry for new participants of the various models? Further, have stress tests been considered to address potential unintended consequences of “operationalizing” groups that to date have been advisory in nature?
  • The draft proposal suggests improvements to the current Independent Review Panel (IRP). The IRP has been criticized for its own lack of accountability. How does the proposal analyze and remedy existing concerns with the IRP?
  • In designing a plan for improved accountability, should the working group consider what exactly is the role of the ICANN Board within the multistakeholder model?  Should the standard for Board action be to confirm that the community has reached consensus, and if so, what accountability mechanisms are needed to ensure the Board operates in accordance with that standard?
  • The proposal is primarily focused on the accountability of the ICANN Board. Has the Working Group also considered if there need to be accountability improvements that would apply to ICANN management and staff or to the various ICANN Supporting Organizations and Advisory Committees?

All of these questions require thoughtful consideration prior to the community’s completion of the transition plan. Similar to the ICG, the Working Group on Accountability will need to build a public record and thoroughly document how the NTIA criteria have been met and will be maintained in the future.

As the plans take final shape, I hope the community starts to focus on the matter of implementation of its recommendations. Have the issues of implementation been identified and addressed in the proposal so that the community and ICANN can implement the plan as expeditiously as possible once we have reviewed and accepted it?  This is an important issue right now because after the Buenos Aires meeting, NTIA will need to make a determination on extending its current contract with ICANN, which expires on September 30, 2015. Last month, I asked both the ICG and the Working Group on Accountability for an update on the transition planning, as well as their views on how long it will take to finalize and implement the transition plan if it were approved.  Keeping in mind that the community and ICANN will need to implement all work items identified by the ICG and the Working Group on Accountability as prerequisites for the transition before the contract can end, the community’s input on timing is critical and will strongly influence how NTIA proceeds with the contract extension. I look forward to hearing from everyone in Buenos Aires.

At this key juncture, it is timely to not only take stock of all the work that has occurred, but also what lies ahead. I recognize that some stakeholder groups have finalized their proposals and are anxious to move forward. But NTIA will only review a comprehensive plan that includes all elements, and we must let the multistakeholder process run its full course. In that same spirit, I urge all global stakeholders – community members, ICANN Board members, and ICANN staff  – to work together constructively to complete this final stage of the transition. The commitment by the global community to develop a consensus proposal that meets NTIA’s conditions and improves ICANN’s accountability is a testament to the power of the multistakeholder model.

This post was sourced from the NTIA website here.

DENIC implements secure and confidential e-mail communication based on DANE and DNSSEC

[news release] The .DE registry and managing organization, DENIC, is among the early adopters who have implemented the technology labelled DANE with the objective to secure e-mail communication. Having been developed by the Internet Engineering Task Force (IETF) as an open standard, DANE is a powerful tool to encrypt data traffic between mail servers and to verify the identity of the involved servers, in a reliable manner.

For the German version, see: www.denic.de/denic-im-dialog/pressemitteilungen/pressemitteilungen/3947.html

DANE interlinks conventional certificates (a sort of electronic “identity cards”) with the Internet’s “directory service”, the Domain Name System (DNS). The e-mail transport encryption enabled by DANE and based on the security extensions DNSSEC effectively eliminates the risk of e-mails or messages being redirected or intercepted, as a result of man-in-the-middle interference. DANE for e-mail is an essential step towards securing Internet communications end-to-end for everyone.

The .DE top level domain has been signed with DNSSEC since 2011 already, when DENIC established one of the fundamental bases paving the way for the practical use of DANE, in Germany. For more details on how DNSSEC can be implemented technically, domain holders are referred to their Internet service providers.

Background Information

About DANE

DANE (DNS-Based Authentication of Named Entities) is described in RFC 6698, a specification issued by the Internet Engineering Task Force (IETF). Using DANE enables so-called X.509 certificates to be stored in the Domain Name System (DNS). The purpose of X.509 certificates is to confirm the identity of a webserver (or other systems). Linking certificates to the DNS creates a number of new options:

  1. By publishing a root certificate, the server operator can state which Certificate Authority (CA) he relies on, thus which organization is authorized to issue digital certificates for his servers. In case another CA issues such certificate either maliciously or as a result of a manipulation of its systems, but without the operator’s express consent, the Internet user will be alerted accordingly.
  2. Where self-signed certificates are used, with no CA services involved, a second channel is established by the certificate being publication via the DNS. This enables the application to validate and accept such certificate.
  3. Additionally, DANE allows using different certificates (and thereby different cryptographic parameters) for services which can be accessed via the same host name (such as mail, web or instant messaging).

Currently DANE is used, particularly in Germany, to control encrypted communication between mail servers. Further applications are presently undergoing standardization procedures within the IETF. Among the applications currently being extended using DANE are end-to-end encryption and digital signing based on the S/MIME process.


The Domain Name System (DNS) as it was originally designed does not provide for any authentication of the distributed information. Communication between name servers and Internet applications (such as web browsers or VoIP phones) is not completely safe against third-party tampering. Over the past years, various attack scenarios have been described, which keep being refined by attackers. By adding digital signatures to the DNS, DNSSEC (short for DNS Security) helps protecting DNS data. These signatures make sure that responses to application requests are identical to the data published by the responsible DNS administrator, in their name servers. The root of the DNS hierarchy has been DNSSEC secured since 2010, with the .DE domain managed by DENIC following up in 2011.

This DENIC news release was sourced from:

Statement from the I* Leaders Coordination Meeting, Santa Monica, 14 February 2014

ICANN logoLeaders of the organizations responsible for coordination of the Internet technical infrastructure (loosely referred to as “I* leaders”) met last week in Santa Monica, California, USA. During the 2-day meeting, they discussed activities underway and exchanged views and updates on a range of topics including:

There was discussion of the significant progress and momentum that has developed since our last meeting, and as well as the need for continued engagement of all stakeholders in evolution of the Internet ecosystem. The leaders were encouraged by the progress made in many areas, and note that there is a lot of work happening in our respective communities, driven by the participants and handled with the usual community processes.

The meeting also welcomed Kathy Brown, the incoming CEO of the Internet Society, and Carolina Aguerre as a representative of the ccTLD registry community.

Participating I* Leaders –

  • Adiel A. Akplogan, CEO African Network Information Center (AFRINIC)
  • John Curran, CEO American Registry for Internet Numbers (ARIN)
  • Paul Wilson, Director General Asia-Pacific Network Information Centre (APNIC)
  • Russ Housley, Chair Internet Architecture Board (IAB)
  • Fadi Chehadé, President and CEO Internet Corporation for Assigned Names and Numbers (ICANN)
  • Jari Arkko, Chair Internet Engineering Task Force (IETF)
  • Kathy Brown, President and CEO Internet Society (ISOC)
  • Raúl Echeberría, CEO Latin America and Caribbean Internet Addresses Registry (LACNIC)
  • Axel Pawlik, Managing Director Réseaux IP Européens Network Coordination Centre (RIPE NCC)
  • Jeff Jaffe, CEO World Wide Web Consortium (W3C)
  • Carolina Aguerre, General Manager, LACTLD (association of ccTLD registry operators in Latin America and Caribbean)

This ICANN announcement was sourced from:

Montevideo Statement on the Future of Internet Cooperation

The leaders of organizations responsible for coordination of the Internet technical infrastructure globally have met in Montevideo, Uruguay, to consider current issues affecting the future of the Internet.

The Internet and World Wide Web have brought major benefits in social and economic development worldwide. Both have been built and governed in the public interest through unique mechanisms for global multistakeholder Internet cooperation, which have been intrinsic to their success. The leaders discussed the clear need to continually strengthen and evolve these mechanisms, in truly substantial ways, to be able to address emerging issues faced by stakeholders in the Internet.

In this sense:

  • They reinforced the importance of globally coherent Internet operations, and warned against Internet fragmentation at a national level. They expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance.
  • They identified the need for ongoing effort to address Internet Governance challenges, and agreed to catalyze community-wide efforts towards the evolution of global multistakeholder Internet cooperation.
  • They called for accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing.
  • They also called for the transition to IPv6 to remain a top priority globally. In particular Internet content providers must serve content with both IPv4 and IPv6 services, in order to be fully reachable on the global Internet.

Adiel A. Akplogan, CEO
African Network Information Center (AFRINIC)

John Curran, CEO
American Registry for Internet Numbers (ARIN)

Paul Wilson, Director General
Asia-Pacific Network Information Centre (APNIC)

Russ Housley, Chair
Internet Architecture Board (IAB)

Fadi Chehadé, President and CEO
Internet Corporation for Assigned Names and Numbers (ICANN)

Jari Arkko, Chair
Internet Engineering Task Force (IETF)

Lynn St. Amour, President and CEO
Internet Society (ISOC)

Raúl Echeberría, CEO
Latin America and Caribbean Internet Addresses Registry (LACNIC)

Axel Pawlik, Managing Director
Réseaux IP Européens Network Coordination Centre (RIPE NCC)

Jeff Jaffe, CEO
World Wide Web Consortium (W3C)


This announcement was sourced from the ICANN web site at:

IETF Meeting in Berlin sponsored by DENIC: Open Internet standards through technical excellence

DENIC logo[news release] More than 1,500 technical experts are coming together in Berlin from 28 July until 2 August at the IETF (Internet Engineering Task Force) Meeting to jointly work at the further evolution of the Internet and to develop tomorrow’s protocol standards. As the global Internet’s premier technical standards body, the IETF is open to any interested person, and the results of its work are based on competence and the best technical arguments. In 106 working groups experts from 74 countries develop concepts to enhance security, speed and user-friendliness on the Internet – be it to secure routes, to provide extensions for mobile applications or to protect data in the cloud.

What starts as a draft working paper is discussed in the various expert groups – either at the IETF meetings or via mailing lists. Taking multiple iterations, the protocol or service is then developed and brought to standard maturity. One example is the TCP protocol which, as part of the Internet protocol family, forms an important basis for the Internet we know today. The standards that provide the form of the Domain Name System (DNS) developed in the IETF this way.Based on open and freely available standards, DNS enables the resolution of domain names and their translation into IP addresses, and thus easy use of the Internet. Additional security is provided by security extensions like DNSSEC (Domain Name System Security Extensions), which was developed in the IETF and has been implemented as a standard by more than 100 country codes, including .de.

Other examples for IETF’s successful standardization process are the possibility to use special characters in domain names – such as the German letter eszett (ß) as the latest implementation and numerous special characters of other languages – as well as a multitude of other Internet applications. This underscores the global importance of open standards and their creation through collective development work.

The meeting in Berlin is the 87th of its type and the second event since 1997 to be held in Germany. Reason enough for DENIC eG, which is organized as a not-for-profit cooperative and thus strongly committed to the entire Internet community and the open and participatory evolution of the Internet, to support IETF’s work as platinum sponsor of the Berlin meeting.

As the meeting in Berlin too will have an impact on the way we will use the Internet in the future.

For further information please go to https://www.ietf.org/meeting/87.

Background Information:

The Internet Engineering Task Force (IETF) is the Internet’s premier technical standards body. It gathers a large open international community of network designers, engineers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. The IETF seeks broad participation. The work of the IETF takes place online, largely through email lists, reducing barriers to participation and maximizing contributions from around the world. IETF Working Groups (WGs) are organized by topic into several areas (e.g., routing, transport, security, etc.).
For more information, see: www.ietf.org

This DENIC news release was sourced from:

Dotless Domains ‘Inherently Harmful To Internet Security’: IAB

The Internet Architecture Board (IAB) has come out against dotless domains, saying they “will not work as intended by TLD operators in the vast majority of cases.”In their statement, the IAB said “it has come to the attention of the IAB that there are proposals for so-called ‘dotless’ domains in the root zone, and that some existing top-level domains (TLDs) are already operating in such a mode. TLD operators of dotless domains are intending that single label names — those containing no dots — resolve to the TLD itself, rather than be resolved locally, within the context of the local site at which the user resides.”The IAB, a committee of the Internet Engineering Task Force (IETF), issued a statement, titled “Dotless Domains Considered Harmful”. In the executive summary, the IAB say they “strongly [recommend] against considering, implementing, or deploying dotless domains. As well, “the IAB believes that dotless domains are inherently harmful to Internet security.”In the third point noting the problems with dotless domains, the IAB says “applications and platforms that apply a suffix search list to a single-label name are in conformance with IETF standards track RFCs. Furthermore, applications and platforms that do not query DNS for a TLD are in conformance with IETF standards track recommendations intended to minimize security vulnerabilities and reduce load on the root servers.”The full report from the IAB is available from: