POSTS TAGGED: burt_kaliski
Burt Kaliski | Jul 29, 2014
It would not be too much of an exaggeration to say that the early Internet operated on the scale of kilobytes, with all spoken languages represented using a single character encoding – ASCII. Today's global Internet, so fundamental to society and the world's economy, now enables access to orders of magnitude more information, connecting a speakers of a full spectrum of languages.
The research challenges continue to scale along with data volumes and user diversity.
Two reports at the recent Verisign Labs Distinguished Speaker Series event held at Verisign's offices in Fribourg, Switzerland -- the first such event in Europe -- underscored the ongoing activity in this area.
The event's first speaker, Prof. Philippe Cudré-Mauroux is the director of the eXascale Infolab at the University of Fribourg. Exascale is of course the next in the series starting with the kilobyte measure and continuing with mega-, giga-, tera-, peta- and then exa-: on the order of 1018.
Prof. Cudré-Maroux described his research group's work on Hadaps, a new system for distributing and load-balancing data across servers by taking into account differences in server performance. He also presented one of the real-world applications of the kind that drive demand for exascale data analysis, an intelligent system for detecting leaks in municipal water systems based on pressure variations reported by sensors.
The remainder of his talk covered a new data publishing platform, the Entity Registry System (ERS). Designed for semi-connected environments, ERS provides scalability in the broader world where Internet connectivity is not always so reliable. (ERS was one projects funded in the Verisign Labs Infrastructure Grant program, and previously reported at the December installment of the series.)
Burt Kaliski | May 06, 2014
Recent comments on the name collisions issue in the new gTLD program raise a question about the differences between established and new gTLDs with respect to name collisions, and whether they’re on an even playing field with one another.
Verisign’s latest public comments on ICANN’s “Mitigating the Risk of DNS Namespace Collisions” Phase One Report, in answering the question, suggest that the playing field the industry should be concerned about is actually in a different place. The following points are excerpted from the comments submitted April 21.
In a previous comment, Eric Osterweil summarized key differences between established and new gTLDs as they affect name collision risks. Namespaces associated with established TLDs, he observed, represent “well known and measurable real estate” that system administrators can plan for. In contrast, namespaces associated with applied-for strings including new gTLDs, Osterweil continued, “inherently have no well-known policies and structure” – other than the assumption that they weren’t expected to be delegated in the future foreseeable to system administrators.
Osterweil’s points are important to keep in mind, because they apply just as much to one of the comments in this public review period as they did to comments in the previous period.
A better understanding of the situation starts with clear definitions. A name collision occurs when one system assumes that a name is in one name space, another system assumes that the name is in another name space, and the two systems interact unaware of their difference in assumptions. One of the reasons they may not be aware is that the assumptions of both systems were historically the same, and then the assumptions of one of the systems changed.
ICANN’s Security and Stability Advisory Committee (SSAC) expresses the definition as follows in SAC062:
“The term ‘name collision’ refers to the situation in which a name that is properly defined in one operational domain or naming scope may appear in another domain (in which it is also syntactically valid), where users, software, or other functions in that domain may misinterpret it as if it correctly belonged there.”
With this definition in mind, it’s useful to highlight two situations that are not the same as name collisions.
Burt Kaliski | Apr 16, 2014
Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done.
Below, I have outlined the four main observations from ICANN’s "Mitigating the Risk of DNS Namespace Collisions" Phase One Report discussed in Verisign’s public comment along with recommendations:
Burt Kaliski | Mar 26, 2014
Presentations, papers and video recordings from the name collisions workshop held earlier this month in London are now available at the workshop web site, namecollisions.net.
The goal for the workshop, described in my “colloquium on collisions” post, was that researchers and practitioners would “speak together” to keep name spaces from “striking together.” The program committee put together an excellent set of talks toward this purpose, providing a strong, objective technical foundation for dialogue. I’m grateful to the committee, speakers, attendees and organizers for their contributions to a successful two-day event, which I am hopeful will have benefit toward the security and stability of Internet naming for many days to come.
Keynote speaker, and noted security industry commentator, Bruce Schneier (Co3 Systems ) set the tone for the two days with a discussion on how humans name things and the shortcomings of computers in doing the same. Names require context, he observed, and “computers are really bad at this” because “everything defaults to global.” Referring to the potential that new gTLDs could conflict with internal names in installed systems, he commented, “It would be great if we could go back 20 years and say ‘Don’t do that’,” but concluded that policymakers have to work with DNS the way it is today.
Bruce said he remains optimistic about long-term prospects as name collisions and other naming challenges are resolved: “I truly expect computers to adapt to us as humans,” to provide the same kind of trustworthy interactions that humans have developed in their communications with one another.
Burt Kaliski | Mar 04, 2014