A compromised private key should not be accepted. An attacker might use a compromised private key to impersonate a site, and this vulnerability needs to be prevented to ensure that users can use services over the network with trust in their integrity and security. The way to stop a compromised key from being accepted is to disseminate the information that the key is no longer trustable, and this is achieved by revoking the public key certificate. But we are having some problems in taking this theory and creating practical implementations of certificate revocation.
The last few decades have not been a story of unqualified success for European technology enterprises. The European industrial giants of the old telephone world have found it to be extraordinarily difficult to translate their former dominant positions in the telco world into the Internet world. To be brutally frank, none of the current generation of major players in the digital environment are European. The concern is that if today’s technology world equates to the previous world of far-flung colonial empires then relative national wealth and prosperity appear to be linked to the ability to master, or preferably dominate, critical aspects of the sector. And in this respect Europe appears to have been left behind.
Currently, there are discussions in the IETF's Internet Area on the topic of architectural evolution of the Internet and its implications for the changing role of IP addresses, and I'd like to share some of my thoughts on this topic here.
Time for another annual roundup from the world of IP addresses. Let's see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself.
Time for another annual roundup from the world of IP addresses. Let's see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself.
At the start of each year, I have been reporting on the behaviour of the inter-domain routing system over the past 12 months, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet.
We have come down a long and tortuous path with respect to the treatment of Internet addresses. The debate continues over whether the formation of markets for IPv4 addresses was a positive step for the Internet, or a forced decision that was taken with extreme reluctance. Let’s scratch at this topic and look at the formation of this market in IP addresses and the dynamics behind it and then look at the future prospects for this market.
It's conference and workshop season right now, and November has been unusually busy this year. At the end of the month was the DNS Operations and Research meeting, DNS-OARC 36. These are my notes from those presentations at the meeting that I found to be of interest.
The RIPE community held a meeting in November. Like most community meetings in these Covid-blighted times it was a virtual meeting. Here’s my notes from a few presentations that piqued my interest.
One of the more interesting recent events that acts as a showcase into early DNS research was the DNS and Internet Naming Research Directions (DINR) workshop.
Here the rest of the notes from some selected working group meetings that caught my attention at the recent IETF 112 meeting that are not related to DNS work.
Here are notes from some selected working group meetings that caught my attention at the recent IETF 112 meeting. And, yes, I should say at the outset that the DNS continues to catch a lot of my attention these days, so I’ll divide this report into DNS and the other topics. This is the DNS part.
The network operations community is cautiously heading back into a mode of in-person meetings and the NANOG meeting at the start of November was a hybrid affair with a mix of in-person and virtual participation, both by the presenters and the attendees. I was one of the virtual mob, and these are my notes from the presentations I found to be of personal interest.
How open is the DNS market? This is q question that is not just about barriers to competitive entry for new providers into the market. There is more to this question about the use of markets as a signalling mechanism across a diverse collection of intertwined producers and consumers. How effective is the market as a signalling mechanism across these entities? Is the market providing clear signals that allows orchestration of activity to support the evolution of a coherent and robust service? Is the market-driven evolution of the delivered product or service one that is chaotic and periodically disrupted?
The role of cryptography is to keep one step ahead of advances in computing capability. One response is to keep using the same algorithm, but extend the key lengths. Here we look at the viability of DNSSEC when we use a 4,096-bit RSA key.
Potaroo blog