[news release] A new Internet transport technology that improves web application performance, security, and privacy has been published as a standard by the Internet Engineering Task Force (IETF).
Tag Archives: Internet Engineering Task Force
Request for Proposal: PTI Service Organization Control Audits
ICANN is seeking a provider to conduct information systems audits mandated by the various contracts between the ICANN organization and the Internet Engineering Task Force (IETF) and the Regional Internet Registries (RIR). The audits are also part of the contract between the ICANN organization and its affiliate, Public Technical Identifiers (PTI).
PTI is responsible for the operational aspects of coordinating the Internet’s unique identifiers and maintaining the trust of the community to provide these services in an unbiased, responsible and effective manner. Mainly, PTI is responsible for the operation of the Internet Assigned Numbers Authority (IANA) functions; domain names, number resources, and protocol parameter assignments.
The objective of this request for proposal (RFP) is to select an independent audit firm to examine the security, process integrity and availability of the controls created as part of the Trust Services Criteria for the SOC 2® and the SOC 3®. The defined audit periods are 1 October 2017 through 30 September 2018 for the SOC 2® and 1 December 2017 through 30 November 2018 for the SOC 3®.
For a complete overview of the RFP including the timeline, please see here [PDF, 545 KB].
Indications of interest are to be received by emailing PTI.SOC2nSOC3.Audits-RFP@icann.org. Proposals should be electronically submitted by 18:00 PDT on 8 September 2017 using ICANN‘s sourcing tool, access to which may be requested via the same email address above.
This ICANN announcement was sourced from:
https://www.icann.org/news/announcement-2017-08-11-en
Privacy Concerns in the Domain Name System by Samantha Bradshaw & Laura DeNardis
Abstract: Some of the most contentious policy debates of our time involve questions surrounding the privacy of user data and the extent to which personally identifiable information is encrypted on mobile devices, in transit, or in the cloud. However, one aspect of personal privacy often missing from the public discourse is the question of confidentiality in the Internetâs Domain Name System (DNS).
Situated conceptually in the field of Science and Technology Studies (STS) and topically within the extensive body of research on global Internet governance, this research project asks: to what extent do DNS queries raise privacy considerations; what is at stake for Internet privacy, security, business models and stability; and how can various Internet governance stakeholders address these privacy concerns? To help establish the dominant frames for conceptualizing privacy in the public sphere, the research project examines dominant media sources for a five-year period between 2010-2015 and compares this coverage data to other online privacy concerns such as search engine privacy and user device encryption. To assess the extent of privacy concerns implicated by DNS queries and understand the stakes of various privacy mitigating options, the research project draws from interviews with DNS engineers and privacy advocates; the archival mailing lists of the DNS Privacy Working Group; proceedings of meetings of the Internet Engineering Task Force; and relevant Internet Request for Comments (RFCs).
This paper makes two contributions to information and communication technology policy and scholarship: first, it will contribute to the corpus of Internet governance scholarship around the Domain Name System by expanding the spectrum of policy issues it implicates to include concerns about individual privacy; and second, it will provide an evidentiary basis to expand policymaking considerations around privacy to include DNS queries rather than primarily content and personally identifiable information.
Stakeholder Proposals to Come Together at ICANN Meeting in Argentina by Assistant Secretary for Communications and Information and NTIA Administrator Lawrence E. Strickling
Next week, hundreds of members of the Internet stakeholder community will attend ICANN’s 53rd meeting in Argentina. As I head to Buenos Aires, one of NTIAâs top priorities continues to be the transition of NTIAâs role related to the Internet Domain Name System. Since we announced the IANA stewardship transition in March 2014, the response of the stakeholder community has been remarkable and inspiring. I thank everyone for their hard work.
The meeting in Buenos Aires will be pivotal, as the community finalizes the components of the transition proposal and determines what remains to be done. The three stakeholder groups planning the transition of the individual IANA functions have made great progress. I congratulate the Cross Community Working Group on Naming Related Functions for finishing its draft proposal and look forward to this work stream reaching closure. The other two stakeholder groups â the Internet Engineering Task Force, which is shepherding the protocol parameter proposal, and the five Regional Internet Registries, which collaborated on the numbering proposal â finished their proposals earlier this year.
Now the IANA Stewardship Transition Coordination Group (ICG) must combine these proposals into a consolidated transition proposal and then seek public comment on all aspects of the plan. ICGâs role is crucial, because it must build a public record for us on how the three customer group submissions tie together in a manner that ensures NTIAâs criteria are met and institutionalized over the long term.
In addition to the ICG transition proposal, the final submission to NTIA must include a plan to enhance ICANNâs accountability. Given that the draft proposal of the Cross Community Working Group on Enhancing ICANN Accountability will be a major focus of the discussions next week in Argentina, I would like to offer the following questions for stakeholders to consider:
- The draft proposes new or modified community empowerment tools. How can the Working Group on Accountability ensure that the creation of new organizations or tools will not interfere with the security and stability of the DNS during and after the transition? Do new committees and structures create a different set of accountability questions?
- The draft proposal focuses on a membership model for community empowerment. Have other possible models been thoroughly examined, detailed, and documented? Has the working group designed stress tests of the various models to address how the multistakeholder model is preserved if individual ICANN Supporting Organizations and Advisory Committees opt out? Similarly, has the working group developed stress tests to address the potential risk of capture and barriers to entry for new participants of the various models? Further, have stress tests been considered to address potential unintended consequences of âoperationalizingâ groups that to date have been advisory in nature?
- The draft proposal suggests improvements to the current Independent Review Panel (IRP). The IRP has been criticized for its own lack of accountability. How does the proposal analyze and remedy existing concerns with the IRP?
- In designing a plan for improved accountability, should the working group consider what exactly is the role of the ICANN Board within the multistakeholder model? Should the standard for Board action be to confirm that the community has reached consensus, and if so, what accountability mechanisms are needed to ensure the Board operates in accordance with that standard?
- The proposal is primarily focused on the accountability of the ICANN Board. Has the Working Group also considered if there need to be accountability improvements that would apply to ICANN management and staff or to the various ICANN Supporting Organizations and Advisory Committees?
All of these questions require thoughtful consideration prior to the communityâs completion of the transition plan. Similar to the ICG, the Working Group on Accountability will need to build a public record and thoroughly document how the NTIA criteria have been met and will be maintained in the future.
As the plans take final shape, I hope the community starts to focus on the matter of implementation of its recommendations. Have the issues of implementation been identified and addressed in the proposal so that the community and ICANN can implement the plan as expeditiously as possible once we have reviewed and accepted it? This is an important issue right now because after the Buenos Aires meeting, NTIA will need to make a determination on extending its current contract with ICANN, which expires on September 30, 2015. Last month, I asked both the ICG and the Working Group on Accountability for an update on the transition planning, as well as their views on how long it will take to finalize and implement the transition plan if it were approved. Keeping in mind that the community and ICANN will need to implement all work items identified by the ICG and the Working Group on Accountability as prerequisites for the transition before the contract can end, the communityâs input on timing is critical and will strongly influence how NTIA proceeds with the contract extension. I look forward to hearing from everyone in Buenos Aires.
At this key juncture, it is timely to not only take stock of all the work that has occurred, but also what lies ahead. I recognize that some stakeholder groups have finalized their proposals and are anxious to move forward. But NTIA will only review a comprehensive plan that includes all elements, and we must let the multistakeholder process run its full course. In that same spirit, I urge all global stakeholders â community members, ICANN Board members, and ICANN staff  â to work together constructively to complete this final stage of the transition. The commitment by the global community to develop a consensus proposal that meets NTIAâs conditions and improves ICANNâs accountability is a testament to the power of the multistakeholder model.
This post was sourced from the NTIA website here.
DENIC implements secure and confidential e-mail communication based on DANE and DNSSEC
[news release] The .DE registry and managing organization, DENIC, is among the early adopters who have implemented the technology labelled DANE with the objective to secure e-mail communication. Having been developed by the Internet Engineering Task Force (IETF) as an open standard, DANE is a powerful tool to encrypt data traffic between mail servers and to verify the identity of the involved servers, in a reliable manner.
For the German version, see: www.denic.de/denic-im-dialog/pressemitteilungen/pressemitteilungen/3947.html
DANE interlinks conventional certificates (a sort of electronic âidentity cardsâ) with the Internetâs âdirectory serviceâ, the Domain Name System (DNS). The e-mail transport encryption enabled by DANE and based on the security extensions DNSSEC effectively eliminates the risk of e-mails or messages being redirected or intercepted, as a result of man-in-the-middle interference. DANE for e-mail is an essential step towards securing Internet communications end-to-end for everyone.
The .DE top level domain has been signed with DNSSEC since 2011 already, when DENIC established one of the fundamental bases paving the way for the practical use of DANE, in Germany. For more details on how DNSSEC can be implemented technically, domain holders are referred to their Internet service providers.
Background Information
About DANE
DANE (DNS-Based Authentication of Named Entities) is described in RFC 6698, a specification issued by the Internet Engineering Task Force (IETF). Using DANE enables so-called X.509 certificates to be stored in the Domain Name System (DNS). The purpose of X.509 certificates is to confirm the identity of a webserver (or other systems). Linking certificates to the DNS creates a number of new options:
- By publishing a root certificate, the server operator can state which Certificate Authority (CA) he relies on, thus which organization is authorized to issue digital certificates for his servers. In case another CA issues such certificate either maliciously or as a result of a manipulation of its systems, but without the operatorâs express consent, the Internet user will be alerted accordingly.
- Where self-signed certificates are used, with no CA services involved, a second channel is established by the certificate being publication via the DNS. This enables the application to validate and accept such certificate.
- Additionally, DANE allows using different certificates (and thereby different cryptographic parameters) for services which can be accessed via the same host name (such as mail, web or instant messaging).
Currently DANE is used, particularly in Germany, to control encrypted communication between mail servers. Further applications are presently undergoing standardization procedures within the IETF. Among the applications currently being extended using DANE are end-to-end encryption and digital signing based on the S/MIME process.
About DNSSEC
The Domain Name System (DNS) as it was originally designed does not provide for any authentication of the distributed information. Communication between name servers and Internet applications (such as web browsers or VoIP phones) is not completely safe against third-party tampering. Over the past years, various attack scenarios have been described, which keep being refined by attackers. By adding digital signatures to the DNS, DNSSEC (short for DNS Security) helps protecting DNS data. These signatures make sure that responses to application requests are identical to the data published by the responsible DNS administrator, in their name servers. The root of the DNS hierarchy has been DNSSEC secured since 2010, with the .DE domain managed by DENIC following up in 2011.
This DENIC news release was sourced from:
http://www.denic.de/denic-im-dialog/pressemitteilungen/pressemitteilungen/3947.html
Statement from the I* Leaders Coordination Meeting, Santa Monica, 14 February 2014
Leaders of the organizations responsible for coordination of the Internet technical infrastructure (loosely referred to as “I* leaders”) met last week in Santa Monica, California, USA. During the 2-day meeting, they discussed activities underway and exchanged views and updates on a range of topics including:
- IETF and W3C efforts to improve overall Internet privacy and security (www.ietf.org & w3.org)
- Globalization of the IANA functions (www.iana.org)
- The 1net initiative, website and new collaboration forum (1net.org)
- The “Netmundial” â Global Multistakeholder Meeting on the Future of Internet Governance (netmundial.br)
- ICANN strategy panels and globalization (www.icann.org)
- Preparations for the 2014 ITU Plenipotentiary Conference (www.internetsociety.org/plenipotbackground)
- Web 25th anniversary and W3C 20th anniversary planning (w3.org)
There was discussion of the significant progress and momentum that has developed since our last meeting, and as well as the need for continued engagement of all stakeholders in evolution of the Internet ecosystem. The leaders were encouraged by the progress made in many areas, and note that there is a lot of work happening in our respective communities, driven by the participants and handled with the usual community processes.
The meeting also welcomed Kathy Brown, the incoming CEO of the Internet Society, and Carolina Aguerre as a representative of the ccTLD registry community.
Participating I* Leaders â
- Adiel A. Akplogan, CEO African Network Information Center (AFRINIC)
- John Curran, CEO American Registry for Internet Numbers (ARIN)
- Paul Wilson, Director General Asia-Pacific Network Information Centre (APNIC)
- Russ Housley, Chair Internet Architecture Board (IAB)
- Fadi Chehadé, President and CEO Internet Corporation for Assigned Names and Numbers (ICANN)
- Jari Arkko, Chair Internet Engineering Task Force (IETF)
- Kathy Brown, President and CEO Internet Society (ISOC)
- Raúl EcheberrÃa, CEO Latin America and Caribbean Internet Addresses Registry (LACNIC)
- Axel Pawlik, Managing Director Réseaux IP Européens Network Coordination Centre (RIPE NCC)
- Jeff Jaffe, CEO World Wide Web Consortium (W3C)
- Carolina Aguerre, General Manager, LACTLD (association of ccTLD registry operators in Latin America and Caribbean)
This ICANN announcement was sourced from:
www.icann.org/en/news/announcements/announcement-14feb14-en.htm
Montevideo Statement on the Future of Internet Cooperation
The leaders of organizations responsible for coordination of the Internet technical infrastructure globally have met in Montevideo, Uruguay, to consider current issues affecting the future of the Internet.
The Internet and World Wide Web have brought major benefits in social and economic development worldwide. Both have been built and governed in the public interest through unique mechanisms for global multistakeholder Internet cooperation, which have been intrinsic to their success. The leaders discussed the clear need to continually strengthen and evolve these mechanisms, in truly substantial ways, to be able to address emerging issues faced by stakeholders in the Internet.
In this sense:
- They reinforced the importance of globally coherent Internet operations, and warned against Internet fragmentation at a national level. They expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance.
- They identified the need for ongoing effort to address Internet Governance challenges, and agreed to catalyze community-wide efforts towards the evolution of global multistakeholder Internet cooperation.
- They called for accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing.
- They also called for the transition to IPv6 to remain a top priority globally. In particular Internet content providers must serve content with both IPv4 and IPv6 services, in order to be fully reachable on the global Internet.
Adiel A. Akplogan, CEO
African Network Information Center (AFRINIC)
John Curran, CEO
American Registry for Internet Numbers (ARIN)
Paul Wilson, Director General
Asia-Pacific Network Information Centre (APNIC)
Russ Housley, Chair
Internet Architecture Board (IAB)
Fadi Chehadé, President and CEO
Internet Corporation for Assigned Names and Numbers (ICANN)
Jari Arkko, Chair
Internet Engineering Task Force (IETF)
Lynn St. Amour, President and CEO
Internet Society (ISOC)
Raúl EcheberrÃa, CEO
Latin America and Caribbean Internet Addresses Registry (LACNIC)
Axel Pawlik, Managing Director
Réseaux IP Européens Network Coordination Centre (RIPE NCC)
Jeff Jaffe, CEO
World Wide Web Consortium (W3C)
###
- To read this announcement in Spanish, please visit: www.icann.org/es/news/press/releases/release-07oct13-es
- To read this announcement in French, please visit: www.icann.org/fr/news/press/releases/release-07oct13-fr
- To read this announcement in Arabic, please visit: www.icann.org/ar/news/press/releases/release-07oct13-ar
- To read this announcement in Russian, please visit: www.icann.org/ru/news/press/releases/release-07oct13-ru
- To read this announcement in Chinese, please visit: www.icann.org/zh/news/press/releases/release-07oct13-zh
This announcement was sourced from the ICANN web site at:
www.icann.org/en/news/announcements/announcement-07oct13-en.htm
IETF Meeting in Berlin sponsored by DENIC: Open Internet standards through technical excellence
[news release] More than 1,500 technical experts are coming together in Berlin from 28 July until 2 August at the IETF (Internet Engineering Task Force) Meeting to jointly work at the further evolution of the Internet and to develop tomorrow’s protocol standards. As the global Internetâs premier technical standards body, the IETF is open to any interested person, and the results of its work are based on competence and the best technical arguments. In 106 working groups experts from 74 countries develop concepts to enhance security, speed and user-friendliness on the Internet â be it to secure routes, to provide extensions for mobile applications or to protect data in the cloud.
Other examples for IETF’s successful standardization process are the possibility to use special characters in domain names â such as the German letter eszett (Ã) as the latest implementation and numerous special characters of other languages â as well as a multitude of other Internet applications. This underscores the global importance of open standards and their creation through collective development work.
The meeting in Berlin is the 87th of its type and the second event since 1997 to be held in Germany. Reason enough for DENIC eG, which is organized as a not-for-profit cooperative and thus strongly committed to the entire Internet community and the open and participatory evolution of the Internet, to support IETF’s work as platinum sponsor of the Berlin meeting.
As the meeting in Berlin too will have an impact on the way we will use the Internet in the future.
For further information please go to https://www.ietf.org/meeting/87.
Background Information:
The Internet Engineering Task Force (IETF) is the Internetâs premier technical standards body. It gathers a large open international community of network designers, engineers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. The IETF seeks broad participation. The work of the IETF takes place online, largely through email lists, reducing barriers to participation and maximizing contributions from around the world. IETF Working Groups (WGs) are organized by topic into several areas (e.g., routing, transport, security, etc.).
For more information, see: www.ietf.org
This DENIC news release was sourced from:
www.denic.de/en/denic-in-dialogue/press-releases/press/3719.html
Dotless Domains ‘Inherently Harmful To Internet Security’: IAB
The Internet Architecture Board (IAB) has come out against dotless domains, saying they “will not work as intended by TLD operators in the vast majority of cases.”In their statement, the IAB said “it has come to the attention of the IAB that there are proposals for so-called ‘dotless’ domains in the root zone, and that some existing top-level domains (TLDs) are already operating in such a mode. TLD operators of dotless domains are intending that single label names — those containing no dots — resolve to the TLD itself, rather than be resolved locally, within the context of the local site at which the user resides.”The IAB, a committee of the Internet Engineering Task Force (IETF), issued a statement, titled “Dotless Domains Considered Harmful”. In the executive summary, the IAB say they “strongly [recommend] against considering, implementing, or deploying dotless domains. As well, “the IAB believes that dotless domains are inherently harmful to Internet security.”In the third point noting the problems with dotless domains, the IAB says “applications and platforms that apply a suffix search list to a single-label name are in conformance with IETF standards track RFCs. Furthermore, applications and platforms that do not query DNS for a TLD are in conformance with IETF standards track recommendations intended to minimize security vulnerabilities and reduce load on the root servers.”The full report from the IAB is available from:
www.iab.org/documents/correspondence-reports-documents/2013-2/iab-statement-dotless-domains-considered-harmful/
ICANN: Consultation on the Source of Policies & User Instructions for Internet Number Resource Requests
Section I: Description, Explanation, and Purpose:
The Internet Assigned Numbers Authority (IANA) functions contract (SA1301-12-CN-0035) between ICANN and the United States Department of Commerce, National Telecommunications Information Administration (NTIA) to maintain the continuity and stability of services related to certain interdependent Internet technical management functions, known collectively as the Internet Assigned Numbers Authority calls for a public consultation from all interested and affected parties to help satisfy the following objectives:
C.2.6 Transparency and Accountability â [No later than 1 October 2013], the Contractor shall, in collaboration with all interested and affected parties as enumerated in Section C.1.3, develop user instructions including technical requirements for each corresponding IANA function and post via a website.
C.2.7 Responsibility and Respect for Stakeholders â [No later than 1 October 2013], the Contractor shall, in collaboration with all interested and affected parties as enumerated in Section C.1.3, develop for each of the IANA functions a process for documenting the source of the policies and procedures and how it will apply the relevant policies and procedures for the corresponding IANA function and post via a website.
The interested and affected parties are identified in C.1.3 as:
â¦the multi-stakeholder, private sector led, bottom-up policy development model for the domain name system (DNS) that the Internet Corporation for Assigned Names and Numbers (ICANN) represents; the Internet Engineering Task Force (IETF) and the Internet Architecture Board (IAB); Regional Internet Registries (RIRs); top-level domain (TLD) operators/managers (e.g., country codes and generic); governments; and the Internet user community.
The IANA functions are identified in C.2.9 as:
(1) the coordination of the assignment of technical Internet protocol parameters; (2) the administration of certain responsibilities associated with the Internet DNS root zone management; (3) the allocation of Internet numbering resources; and (4) other services related to the management of the ARPA and INT top-level domains (TLDs).
This consultation relates to the user instructions for the allocation of Internet numbering resources.
This is one of a series of consultations to identify source documents and publish user instructions for the delivery of the IANA functions, as described in contract SA1301-12-CN-0035.
- Consultation on the Source of Policies & User Instructions for Internet Number Resource Requests [PDF, 458 KB]
- Contract SA1301-12-CN-0035 and related documents
- ICANN Address Supporting Organization (ASO) MoU
- Memorandum of Understanding Concerning the Technical Work of the Internet Assigned Numbers Authority
Comment / Reply Periods
- Comment Open Date: 25 June 2013
- Comment Close Date: 16 July 2013 – 23:59 UTC
- Reply Open Date: 17 July 2013
- Reply Close Date:7 August 2013 – 23:59 UTC
Important Information Links
www.icann.org/en/news/public-comment/iana-policies-user-instructions-25jun13-en.htm