ICANN ICANN Email List Archives


<<< Chronological Index >>>    <<< Thread Index >>>

Transition Action Plan, Security and Stability

  • To: <iic-consultation@xxxxxxxxx>
  • Subject: Transition Action Plan, Security and Stability
  • From: "Robert C. Hutchinson" <bob@xxxxxxxx>
  • Date: Thu, 31 Jul 2008 15:03:57 -0700

Mr. Paul Twomey


President & CEO





Dear Mr. Twomey, the ICANN Board, and the President?s Strategy Committee on
Improving Institutional Confidence 


In ICANN?s proposed Transition Action Plan, Security and Stability is listed
as the fifth of five initiatives. But I believe that security and stability
of the Internet is the single most important factor in determining the
community?s confidence in ICANN.  


Following news that the Kaminsky DNS exploit is a real threat that is
showing up in the wild, the Internet community wants reassurance that ICANN
is doing all it can to protect the security and stability of the DNS. This
hack could be just the tip of the iceberg.


DNS integrity is increasingly vulnerable to attacks and abuse via numerous
paths; cache poisoning, distributed denial-of-service attack, greedy
business interests, social engineering, government intervention and
spoofing. These vulnerabilities are increasingly attractive because of the
Internet¹s value to the world economy.


Finding effective technological solutions and implementing them has been a
serious issue.  For example, DNSSec, while it fixes the cache poisoning,
adds new woes by making the DNS system more vulnerable to distributed
denial-of-service attack, does not protect the entire resolver chain and
adds a complex, vulnerable-to-attack, fragmented key-management scheme.  It
is essentially too little, too late.

To make matters worse, while some vulnerabilities can be fixed with
technology, several of the integrity problems are the result of ICANN policy
and lax business practices.


The vulnerability of DNS system is dynamic and the attack methods are not
predictable.  ICANN's current plan for adding more TLDS, IDNs and IPv6 will
likely add new avenues of attack.

I encourage ICANN to add metrics [similar to the ones created for IANA] that
quantify DNS integrity and help industry to deploy organized and effective




Robert C. Hutchinson

Internet Product Architect



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy