The future of Internet governance: should the U.S. relinquish Its authority over ICANN?

How ICANN and the Internet domain name system are ultimately governed may set an important precedent in future policy debates over how the Internet should be governed, and what role governments and intergovernmental organizations should play. Overview Currently, the U.S. government retains limited authority over the Internet’s domain name system, primarily through the Internet Assigned Numbers Authority (IANA) functions contract between the National Telecommunications and Information Administration (NTIA) and the Internet Corporation for Assigned Names and Numbers (ICANN). By virtue of the IANA functions contract, the NTIA exerts a legacy authority and stewardship over ICANN, and arguably has more influence over ICANN and the domain name system (DNS) than other national governments. On March 14, 2014, NTIA announced the intention to transition its stewardship role and procedural authority over key Internet domain name functions to the global Internet multistakeholder community. To accomplish this transition, NTIA has asked ICANN to convene interested global Internet stakeholders to develop a transition proposal. NTIA has stated that it will not accept any transition proposal that would replace the NTIA role with a government-led or an intergovernmental organization solution. Currently, Internet stakeholders are engaged in a series of working groups to develop a transition proposal. Their goal is to submit a final proposal to NTIA by summer 2015. NTIA must approve the proposal in order for it to relinquish its authority over the IANA functions contract. While the IANA functions contract expires on September 30, 2015, NTIA has the flexibility to extend the contract for any period through September 2019. Concerns have risen in Congress over the proposed transition. Critics worry that relinquishing U.S. authority over Internet domain names may offer opportunities for either hostile foreign governments or intergovernmental organizations, such as the United Nations, to gain undue influence over the Internet. On the other hand, supporters argue that this transition completes the necessary evolution of Internet domain name governance towards the private sector, and will ultimately support and strengthen the multistakeholder model of Internet governance. Legislation has been introduced in the 113th and 114th Congresses which would prevent, delay, or impose conditions or additional scrutiny on the transition. In the 113th Congress, a provision in the Consolidated and Further Continuing Appropriations Act, 2015 (P.L. 113-235) provides that during FY2015, NTIA may not use any appropriated funds to relinquish its responsibility with respect to Internet domain name system functions. In the 114th Congress, H.R. 805 (the DOTCOM Act of 2015) would prohibit NTIA from relinquishing its authority over the Internet domain name system until the Government Accountability Office (GAO) submits a report to Congress examining the implications of the proposed transfer. The proposed transition could have a significant impact on the future of Internet governance. National governments are recognizing an increasing stake in ICANN and DNS policy decisions, especially in cases where Internet DNS policy intersects with national laws and interests related to issues such as intellectual property, cybersecurity, privacy, and Internet freedom. How ICANN and the Internet domain name system are ultimately governed may set an important precedent in future policy debates—both domestically and internationally—over how the Internet should be governed, and what role governments and intergovernmental organizations should play

NSEC5, DNSSEC authenticated denial of existence

The Domain Name System Security Extensions (DNSSEC) introduced two resource records (RR) for authenticated denial of existence: the NSEC RR and the NSEC3 RR. This document introduces NSEC5 as an alternative mechanism for DNSSEC authenticated denial of existence. NSEC5 uses verifiable random functions (VRFs) to prevent offline enumeration of zone contents. NSEC5 also protects the integrity of the zone contents even if an adversary compromises one of the authoritative servers for the zone. Integrity is preserved because NSEC5 does not require private zone-signing keys to be present on all authoritative servers for the zone, in contrast to DNSSEC online signing schemes like NSEC3 White Lies.https://datatracker.ietf.org/doc/draft-vcelak-nsec5/First author draf

Regional Address Registries, Governance and Internet Freedom

Regional Internet Address Registries (RIRs) are private, nonprofit and transnational governance entities that evolved organically with the growth of the Internet to manage and coordinate Internet Protocol addresses. The RIR's management of Internet address resources is becoming more contentious and more central to global debates over Internet governance. This is happening because of two transformational problems: 1) the depletion of the IPv4 address space; and 2) the attempt to introduce more security into the Internet routing system. We call these problems "transformational" because they raise the stakes of the RIR's policy decisions, make RIR processes more formal and institutionalized, and have the potential to create new, more centralized control mechanisms over Internet service providers and users. A danger in this transition is that the higher stakes and centralized control mechanisms become magnets for political contention, just as ICANN's control of the DNS root did. In order to avoid a repeat of the problems of ICANN, we need to think carefully about the relationship between RIRs, governments, and Internet freedom. In particular, we need to shield RIRs from interference by national governments, and strengthen and institutionalize their status as neutral technical coordinators with limited influence over other areas of Internet governance

HLOC: Hints-Based Geolocation Leveraging Multiple Measurement Frameworks

Geographically locating an IP address is of interest for many purposes. There are two major ways to obtain the location of an IP address: querying commercial databases or conducting latency measurements. For structural Internet nodes, such as routers, commercial databases are limited by low accuracy, while current measurement-based approaches overwhelm users with setup overhead and scalability issues. In this work we present our system HLOC, aiming to combine the ease of database use with the accuracy of latency measurements. We evaluate HLOC on a comprehensive router data set of 1.4M IPv4 and 183k IPv6 routers. HLOC first extracts location hints from rDNS names, and then conducts multi-tier latency measurements. Configuration complexity is minimized by using publicly available large-scale measurement frameworks such as RIPE Atlas. Using this measurement, we can confirm or disprove the location hints found in domain names. We publicly release HLOC's ready-to-use source code, enabling researchers to easily increase geolocation accuracy with minimum overhead.Comment: As published in TMA'17 conference: http://tma.ifip.org/main-conference