The Wild Card Incident of 9/15/2003 Steve Crocker Chair Security and Stability Advisory Committee.

Slides:



Advertisements
Similar presentations
SSAC Overview May 23, 2006 Steve Crocker
Advertisements

ICANN Report Presented by: Dr Paul Twomey CEO and President LACNIC, Montevideo 31 March 2004.
ICANN John L. Crain LACNIC V, La Habana,
1 First NIR Meeting Criteria for establishment of new National Internet Registries March 1st, Korea, Seoul.
Naming: The Domain Name System Nick Feamster CS 4251 Fall 2008.
1 VeriSign Site Finder Scott Hollenbeck SECSAC Open Meeting 7 October 2003.
ICANN Security and Stability Advisory Committee ICANN Meetings Carthage October 30, 2003.
ICANN Security and Stability Advisory Committee ICANN Meetings Shanghai October 30, 2002.
GNSO goals Bruce Tonkin Chair, GNSO Council Sao Paulo, 4 Dec 2006.
Internet Corporation for Assigned Names and Numbers Louis Touton Presentation to the FTAA Joint Public-Private Sector Committee of Experts on the Internet.
The At-Large Advisory Committee (ALAC) An Introduction by Dr. Olivier MJ Crépin-Leblond ALAC Chair.
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
DNS Security and Stability Analysis Working Group (DSSA)
Global Registry Services 1 INTERNATIONALIZED Domain Names Testbed presented to ITU/WIPO Joint Symposium Geneva 6-7 Dec An Overview On VeriSign Global.
ITU ENUM Workshop Jan 17, 2000 Copyright © 2001, Nominum, Inc. A Quick Introduction to the Domain Name System David Conrad Chief Technology Officer.
ITU ENUM Workshop Jan 8, 2002 Copyright © 2002 Nominum, Inc. A Quick Introduction to the Domain Name System Jim Reid Director, European Operations Nominum.
INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.
© Copyright 2004, JPRS 1 Community and ccTLD in Japan Joint ICANN/ITU-T ccTLD Workshop July 24, Lumpur Hiro HOTTA Japan Registry.
Structured Naming Internet Naming Service: DNS* Chapter 5 *referred to slides by David Conrad at nominum.com.
The At-Large Advisory Committee (ALAC) An Introduction by Dr. Olivier MJ Crépin-Leblond ALAC Chair.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
ICANN Security and Stability Advisory Committee ICANN Meetings Rio de Janeiro March 26, 2003.
ICANN/ccTLD Agreements: Why and How Andrew McLaughlin Monday, January 21, 2002 TWNIC.
Massive Scale Name Management: Lessons Learned from the.COM Namespace Mark Kosters 20 Aug 1999.
Security Advisory Committee ICANN Meetings Bucharest June 27, 2002.
Glen de Saint Géry ICANN GNSO Secretariat for Theresa Swinehart Counsel for International Legal Affairs Domain Day Milan.
The Domain Name System Overview Introduction DNS overview How DNS helps us? Summary.
ICANN Ben Postman. General Information Structure of ICANN What ICANN does Conflicts Regarding ICANN Alternatives/Modifications.
New gTLD Basics. 2  Overview about domain names, gTLD timeline and the New gTLD Program  Why is ICANN doing this; potential impact of this initiative.
DNS: Domain Name System Mark Ciocco Chris Janik Networks Class Presentation Tuesday April 18, 2000 To insert your company logo on this slide From the Insert.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
1 Updated as of 1 July 2014 About ICANN KISA-ICANN Language Localisation Project Module 1.1.
ICANN and the Internet Ecosystem. 2  A network of interactions among organisms, and between organisms and their environment.  The Internet is an ecosystem.
Revised Draft Strategic Plan 4 December 2010.
Basic DNS Course Lecturer: Ron Aitchison. Module 1 DNS Theory.
1 The Impact of IPv6 on Society ~ a Government Perspective ~ Kaori ITO Ministry of Public Management, Home Affairs, Posts and Telecommunications ( MPHPT)
Domain names and IP addresses Resolver and name server DNS Name hierarchy Domain name system Domain names Top-level domains Hierarchy of name servers.
IETF 73, 19 November, 2008, Minneapolis, USA1 Internet Architecture Board Update Olaf M. Kolkman IAB Chair.
ICANN Fellowship Program. 2  Program Goals  Awareness: Engage representatives from developing nations  Participation: Build capacity within ICANN community.
IANA Department Activities, RIPE 66, Dublin, Ireland May 2013 Elise Gerich.
1 Mirjam KühneINET MEA, Cairo, May 2004 Welcome to INET MEA Cairo, Egypt 8 May 2005 Mirjam Kühne, ISOC.
1 Internet Presentation GCC-IT commity Saleem Al-Balooshi ETISALAT.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
©Richard L. Goldman Internet Organizations ©Richard Goldman September 25, 2002.
1 ICANN update Save Vocea APSTAR retreat, Taipei, TW 24 February 2008.
Organizations, Institutions, the Domain Name and addressing system, Internet Governance… D-day 2005 Milan, Italy 24 November 2005 Theresa Swinehart GM,
New gTLD Basics. 2  Overview about domain names, gTLD timeline and the New gTLD Program  Why is ICANN doing this; potential impact of this initiative.
ICANN Root Name Server System Advisory Committee March 2, 1999 SUNTEC Convention Center Singapore.
1 1 The GNSO Role in Internet Governance Presented by: Chuck Gomes Date: 13 May 2010.
IDN UPDATE Tina Dam ICANN Chief gTLD Registry Liaison Public Forum, Wellington 30 March 2006.
Securing Future Growth: Getting Ready for IPv6 NOW! ccTLD Workshop, 8 th April 2011 Noumea, New Caledonia Miwa Fujii, Senior IPv6 Program Specialist, APNIC.
ICANN Regional Outreach Meeting, Dubai 1–3 April Toward a Global Internet Paul Twomey President and CEO 1 April 2008 ICANN Regional Meeting 1–3.
Fostering Multi-Stakeholder Internet Governance Models in the Region Bill Graham, Director, ICANN Board.
Domain Name System (DNS)
Internet Naming Service: DNS* Chapter 5. The Name Space The name space is the structure of the DNS database –An inverted tree with the root node at the.
Domain Name System INTRODUCTION to Eng. Yasser Al-eimad
1 Internationalized Domain Names Paul Twomey 7 April 2008.
1 27Apr08 Some thoughts on Internet Governance and expansion of the Domain Name space Paul Twomey President and CEO 9 August 2008 Panel on Internet Governance.
Vice Chair, UK Representative, Governmental Advisory Committee (GAC)
IANA FUNCTIONS STEWARDSHIP TRANSITION
ICANN Multi-Stakeholder Model
AfICTA CEO Roundtable 2015 ICANN & Business
Principles of Computer Security
ICANN’s Policy Development Activities
Unit 36: Internet Server Management
Partnership of Governments, Businesses and Civil Society: the ICANN example in coordinating resources and policy making Dr. Olivier MJ Crépin-Leblond
Rodrigo de la Parra / Laurent Ferrali ICANN org
An Introduction to ICANN
An Introduction by Dr. Olivier MJ Crépin-Leblond EURALO Chair
ICANN: MISSION, STRUCTURE AND CONSTITUENCIES
Presentation transcript:

The Wild Card Incident of 9/15/2003 Steve Crocker Chair Security and Stability Advisory Committee

Primary Security and Stability ICANN Components Constituent Participatory Organizations Generic Names Supporting Organization Country Code Names Supporting Organization Government Advisory Council 80 countries and 5 treaty organizations Root Server Advisory Committee Specialist Groups IANA Administers root database and address allocation Security and Stability Advisory Committee Volunteer experts on security and stability issues

SECSAC Committee Steve Crocker, Chair Alain Patrick Aina Jaap Akkerhuis Doug Barton Steven M. Bellovin Rob Blokzijl David R. Conrad Johan Ihren Mark Kosters Allison Mankin Ram Mohan Russ Mundy Jun Murai Frederico A.C. Neves Ray Plzak Doron Shikmoni Ken Silva Bruce Tonkin Paul Vixie Rick Wesson Staff support: Jim Galvin

SECSAC Committee Strengths Root Server Operators gTLD Operators ccTLD Operators Name Space Registries Regional Internet Registries (RIRs) Registrars Internet Security No policy or political members(!)

Preamble On Sept 15, VeriSign introduced change to.com and.net domain Redirected unassigned names to their own server (SiteFinder) Immediate complaints and problem reports Several actions, including SECSAC

SECSAC Involvement Advisory issued 9/22 Public inputs Public meetings 10/7 & 10/15 More public inputs Report will come toward end of November

SECSAC in the larger process SECSAC is an advisory committee We only speak. We dont decide or enforce. Others may choose to listen. ICANN management will deliberate and choose path following our report. Focus on Security and Stability Not competition, etc. But may include large issues

What Happened VeriSign used the wild card feature to redirect all uninstantiated names to their own servers Previously, returned standard error code This was a change to an existing service Some things broke Some took defensive action

Registries, Registrars, and Registrants Registry Zone DB Registrants End user requests add/modify/delete Registrar submits add/modify/delete to registry Registrar Master updated Registry updates zone Slaves updated

Name Resolution Name resolution is the process by which resolvers and name servers cooperate to find data in the name space To find information anywhere in the name space, a name server only needs the names and IP addresses of the name servers for the root zone (the root name servers)

Name Resolution A name server receiving a query from a resolver looks for the answer in its authoritative data first and then in its cache If it doesnt have the requested data and is not authoritative for the domain in the query, other servers must be consulted

ping Name Resolution Example Lets look at the resolution process step-by-step: annie.west.sprockets.com

Whats the IP address of Name Resolution Example The workstation annie asks its configured name server, dakota, for address ping annie.west.sprockets.com dakota.west.sprockets.com

Name Resolution Example The name server dakota asks a root name server, m, for address ping annie.west.sprockets.com m.root-servers.net dakota.west.sprockets.com Whats the IP address of

Name Resolution Example The root server m refers dakota to the com name servers This type of response is called a referral ping annie.west.sprockets.com m.root-servers.net dakota.west.sprockets.com Heres a list of the com name servers. Ask one of them.

Name Resolution Example The name server dakota asks a com name server, f, for address ping annie.west.sprockets.com m.root-servers.net dakota.west.sprockets.com Whats the IP address of f.gtld-servers.net

Name Resolution Example The com name server f refers dakota to the nominum.com name servers ping annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com Heres a list of the nominum.com name servers. Ask one of them.

If the Name doesnt exist ping annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com Heres the address of

Name Resolution Example The name server dakota asks a nominum.com name server, ns1.sanjose, for address ping annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net Whats the IP address of

Name Resolution Example The nominum.com name server ns1.sanjose responds with address ping annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net Heres the IP address for

Name Resolution Example The name server dakota responds to annie with address ping annie.west.sprockets.com f.gtld-servers.net m.root-servers.net dakota.west.sprockets.com ns1.sanjose.nominum.net

Broad Areas of Concern Abruptness No notice or community involvement But internal and private testing Is it the right thing? Changes in the core vs innovation Lots more to say Competition Not our concern; belongs elsewhere

Initial Advisory VeriSign: Please roll back Tech Community: Please clarify specs IETF, IAB, network and DNS operators ICANN: Please clarify procedures

10/7 Agenda 10:00WelcomeArnaud de Borchgrave Steve Crocker 10:20VeriSign Site Finder Scott Hollenbeck 11:00What was affectedDavid Shairer 11:30Community Tech ResponsesPaul Vixie 12:00Information FlowRichard M. Smith 12:30LUNCH 2:00Protocol Problems andSteven M. Bellovin Architectural Issues 2:30Internet Protocols and InnovationJohn C. Klensin 3:00Other Issues; Open Session 3:30Next StepsSteve Crocker 4:00Adjourn

10/15 Agenda 1:00WelcomeSteve Crocker 1:15VeriSign Business Overview of Site FinderAnthony Renzette 1:45Technical Review Panel SummaryScott Hollenbeck 2:15Technical Issues and VRSN ResponsesMatt Larson 2:45Usability Market ResearchBen Turner 3:15Next StepsChuck Gomes Rusty Lewis 3:30BREAK 3:45Measuring ISP Responses to SiteFinderBenjamin Edelman 4:15Global Name Registry StatementHakon Haugnes Geir Rasmussen 4:30Other Issues; Open Session Steve Crocker

Tentative Issues Abruptness Rightness Systemic Stability Confidence Technical Clarity Process Clarity Displaced Costs Innovation at core vs edge Future architecture Role of standards Existing wild card use.museum,.name, etc

Next Steps More Public Input Report ICANN and others will follow through

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.