ICANN meet addresses domain name security
 
|
|||
 | |||
|
Prompted by concern over the September 11 terrorist attacks, the Internet Corporation for Assigned Names and Numbers this week will host a special meeting on the security and the stability of the Internet's naming and addressing systems.
The goal of the meeting is to foster debate among the Internet's policy, business and technical circles regarding potential vulnerabilities and fixes required by the domain name system. More than 800 people have registered to attend including government officials, representatives of Internet ventures and network security experts.
"We want to heighten awareness and understanding of the issues and problems and challenges" of securing the Internet's naming system, says ICANN CEO Stuart Lynn. Lynn says ICANN's various constituency groups - for domain name registries, ISPs and commercial ventures, to name a few - will discuss best practices and may propose new procedures as part of the debate.
"At the ICANN meeting we have a unique opportunity where you have this intersection of technical, business and policy interests all gathered under one roof," says Elliot Noss, president and CEO of registrar Tucows. "My hope is that we identify critical business issues and areas where improvements can be made, and we set in place processes where we can fix them."
In a controversial move, ICANN cancelled the regular agenda for its annual meeting to focus on security. Among the speakers are; director of the U.S. Government's Critical Information Assurance Office John Tritak; AT&T Labs Research Internet security guru Steve Bellovin;, and CTO of Counterpane Internet Security Bruce Schneier. Japan's Senior Vice-Minister for Public Management, Home Affairs, Posts and Telecommunications Kenji Kosaka will deliver the welcoming keynote on Tuesday.
"If we don't have a secure, stable naming system, you can forget about everything else," Lynn says. "All those who depend on this critical infrastructure need and want to be reassured that we're doing all we can to secure [it.]"
ICANN observers expect few decisions that would improve security of the Internet's naming system to be made at the meeting. In fact, ICANN has no authority to regulate Internet security although it can tighten the security requirements in the contracts it awards to registries, registrars and operators of the Internet's root servers.
"ICANN can foster discussion, improve awareness and education...but I don't see a policy coming out of this," says Ray Plzak, president of the American Registry for Internet Numbers.
Regarding the security of the Internet's main domain name data centers, Plzak says: "I don't think it's appropriate for any one group or body to regulate or dictate these things."
One challenge for the meeting is how detailed it can be regarding vulnerabilities in the Internet's naming system.
"It's going to be a delicate balancing act," says Mark Rippe, vice president of operations for VeriSign Global Registry. "Clearly you want to be careful in a public forum about how much detail you go into regarding security. But to the extent that it raises awareness and helps develops trusted relationships between major players...then it's a great thing."
Indeed, security is likely to be a more prominent topic in upcoming ICANN meetings as well, officials say.
"One of the things that we hope will come out of [meeting] is the recognition that security is not a one-time event and needs to be an ongoing consideration," Lynn says.
Related Links
