<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Dear Holly,<br>
<br>
I am not saying it shouldn't. Just asking an open question.<br>
BTW as CPWG is now CC'ed to this, Michele Neylon informed us that
the Wired article was alarmist and a more accurate coverage of the
incident would be the Register article:
<a class="moz-txt-link-freetext" href="https://www.theregister.co.uk/2019/04/17/sea_turtle_dns/">https://www.theregister.co.uk/2019/04/17/sea_turtle_dns/</a><br>
Registry lock is probably the feature that should be enabled by
default.<br>
Kindest regards,<br>
<br>
Olivier<br>
<br>
<div class="moz-cite-prefix">On 20/04/2019 04:24, Holly Raiche
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CD090556-ECEA-422B-AA40-EDA5F7AD760C@internode.on.net">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Hi Olivier
<div class=""><br class="">
</div>
<div class="">Why isn’t this something that ALAC should take up? </div>
<div class=""><br class="">
</div>
<div class="">Holly<br class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">On Apr 20, 2019, at 3:30 AM, Olivier MJ
Crépin-Leblond <<a href="mailto:ocl@gih.com" class=""
moz-do-not-send="true">ocl@gih.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""> Dear
colleagues,<br class="">
<br class="">
I have just read an article on Wired that speaks of mass
scale cyber attacks on the DNS:<br class="">
<a class="moz-txt-link-freetext"
href="https://www.wired.com/story/sea-turtle-dns-hijacking/"
moz-do-not-send="true">https://www.wired.com/story/sea-turtle-dns-hijacking/</a><br
class="">
<br class="">
This looks very serious indeed. Furthermore, it appears
to be happening on domains that are not DNSSEC
enabled/signed. And of course, this is a known
vulnerability. But one thing that has somehow shocked me
was that one of the way to avoid this was using a
"Registry Lock" which many Registries were unwilling to
implement.<br class="">
<br class="">
Is it time to (a) ask SSAC what this is all about and
(b) get the ICANN Board to mandate an essential security
implementation before the whole DNS falls apart for lack
of trust? Or is this article way too alarmist? My big
concern at the moment is that if I was a Government
representative, I'd ask "who runs this DNS?" and upon
being told it's ICANN, I'd think that ICANN is
incompetent in making the DNS safe from attack. As a
result -> DNS is a critical resource -> get it run
by countries rather than this incompetent organisation.
(a lose-lose for all of us)<br class="">
<br class="">
Kindest regards,<br class="">
<br class="">
Olivier<br class="">
</div>
_______________________________________________<br
class="">
Technical-issues mailing list<br class="">
<a href="mailto:Technical-issues@atlarge-lists.icann.org"
class="" moz-do-not-send="true">Technical-issues@atlarge-lists.icann.org</a><br
class="">
<a class="moz-txt-link-freetext" href="https://atlarge-lists.icann.org/mailman/listinfo/technical-issues">https://atlarge-lists.icann.org/mailman/listinfo/technical-issues</a></div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br>
</body>
</html>