POSTS TAGGED: burt_kaliski

Solving Challenges of Scale in Data and Language

Burt Kaliski | Jul 29, 2014

It would not be too much of an exaggeration to say that the early Internet operated on the scale of kilobytes, with all spoken languages represented using a single character encoding – ASCII.  Today's global Internet, so fundamental to society and the world's economy, now enables access to orders of magnitude more information, connecting a speakers of a full spectrum of languages.

The research challenges continue to scale along with data volumes and user diversity.

Two reports at the recent Verisign Labs Distinguished Speaker Series event held at Verisign's offices in Fribourg, Switzerland -- the first such event in Europe -- underscored the ongoing activity in this area.

The event's first speaker, Prof. Philippe Cudré-Mauroux is the director of the eXascale Infolab at the University of Fribourg.  Exascale is of course the next in the series starting with the kilobyte measure and continuing with mega-, giga-, tera-, peta- and then exa-:  on the order of 1018.

Prof. Cudré-Maroux described his research group's work on Hadaps, a new system for distributing and load-balancing data across servers by taking into account differences in server performance.  He also presented one of the real-world applications of the kind that drive demand for exascale data analysis, an intelligent system for detecting leaks in municipal water systems based on pressure variations reported by sensors.

The remainder of his talk covered a new data publishing platform, the Entity Registry System (ERS).  Designed for semi-connected environments, ERS provides scalability in the broader world where Internet connectivity is not always so reliable.  (ERS was one projects funded in the Verisign Labs Infrastructure Grant program, and previously reported at the December installment of the series.)

Read more

The Real Uneven Playing Field of Name Collisions

Burt Kaliski | May 06, 2014

Recent comments on the name collisions issue in the new gTLD program raise a question about the differences between established and new gTLDs with respect to name collisions, and whether they’re on an even playing field with one another.

Verisign’s latest public comments on ICANN’s “Mitigating the Risk of DNS Namespace Collisions” Phase One Report, in answering the question, suggest that the playing field the industry should be concerned about is actually in a different place. The following points are excerpted from the comments submitted April 21.

In a previous comment, Eric Osterweil summarized key differences between established and new gTLDs as they affect name collision risks.  Namespaces associated with established TLDs, he observed, represent “well known and measurable real estate” that system administrators can plan for.  In contrast, namespaces associated with applied-for strings including new gTLDs, Osterweil continued, “inherently have no well-known policies and structure” – other than the assumption that they weren’t expected to be delegated in the future foreseeable to system administrators.

Osterweil’s points are important to keep in mind, because they apply just as much to one of the comments in this public review period as they did to comments in the previous period.

A better understanding of the situation starts with clear definitions.  A name collision occurs when one system assumes that a name is in one name space, another system assumes that the name is in another name space, and the two systems interact unaware of their difference in assumptions.  One of the reasons they may not be aware is that the assumptions of both systems were historically the same, and then the assumptions of one of the systems changed.

ICANN’s Security and Stability Advisory Committee (SSAC) expresses the definition as follows in SAC062:

“The term ‘name collision’ refers to the situation in which a name that is properly defined in one operational domain or naming scope may appear in another domain (in which it is also syntactically valid), where users, software, or other functions in that domain may misinterpret it as if it correctly belonged there.”

With this definition in mind, it’s useful to highlight two situations that are not the same as name collisions.

Read more

Verisign’s Preliminary Comments on ICANN’s Name Collisions Phase One Report

Burt Kaliski | Apr 16, 2014

Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS.  However, there is still much work to be done.

Below, I have outlined the four main observations from ICANN’s "Mitigating the Risk of DNS Namespace Collisions" Phase One Report discussed in Verisign’s public comment along with recommendations:

Read more

Proceedings of Name Collisions Workshop Available

Burt Kaliski | Mar 26, 2014

Presentations, papers and video recordings from the name collisions workshop held earlier this month in London are now available at the workshop web site, namecollisions.net.

The goal for the workshop, described in my “colloquium on collisions” post, was that researchers and practitioners would “speak together” to keep name spaces from “striking together.”  The program committee put together an excellent set of talks toward this purpose, providing a strong, objective technical foundation for dialogue.  I’m grateful to the committee, speakers, attendees and organizers for their contributions to a successful two-day event, which I am hopeful will have benefit toward the security and stability of Internet naming for many days to come.

Keynote speaker, and noted security industry commentator, Bruce Schneier (Co3 Systems ) set the tone for the two days with a discussion on how humans name things and the shortcomings of computers in doing the same.  Names require context, he observed, and “computers are really bad at this” because “everything defaults to global.”  Referring to the potential that new gTLDs could conflict with internal names in installed systems, he commented, “It would be great if we could go back 20 years and say ‘Don’t do that’,” but concluded that policymakers have to work with DNS the way it is today.  

Bruce said he remains optimistic about long-term prospects as name collisions and other naming challenges are resolved:  “I truly expect computers to adapt to us as humans,” to provide the same kind of trustworthy interactions that humans have developed in their communications with one another.

Read more

Jeff Schmidt to Present Name Collision Management Framework at Research Workshop

Burt Kaliski | Mar 04, 2014

I’m delighted to announce that the name collisions workshop this weekend will include Jeff Schmidt, CEO of JAS Global Advisors, presenting the Name Collision Occurrence Management Framework that his firm just released for public review.

Jeff’s presentation is one of several on the program announced by the program committee for the Workshop and Prize on Root Causes and Mitigations of Name Collisions (WPNC).

The program starts with a keynote presentation by Bruce Schneier, and will also include research papers and invited panels on various aspects and implications of the name collisions issue.

As a gathering of researchers and practitioners with broad expertise in DNS, network operations and Internet systems, the workshop provides an ideal venue for community engagement on the proposals in the new framework document, as well as on solutions to the issue more generally.

Thanks to the program committee for their careful review of the papers submitted to the workshop and the well-rounded program for the event, which runs March 8-10.  To register to attend, visit namecollisions.net/registration