[registration-issues-wg] [CPWG] [technical-issues] Cyberspies Hijacked the Internet Domains of Entire Countries

sivasubramanian muthusamy 6.internet at gmail.com
Wed Apr 24 10:48:48 UTC 2019


Yes, it is an issue that concerns the domain name User.  ALAC could
initiate the necessary steps on what needs to be done by ICANN.

You mentioned "a "Registry Lock" which many Registries were unwilling to
implement."  As a domain registrant, I am familiar with a Domain Lock, by
whatever name it is called, that the Registrant chooses to lock or unlock,
but most registrants don't frequently login into the Domain Control panel,
or even once. This lock needs to be set by default to "lock", I am not sure
if the domain name is locked when registered, by all Registrars across the
DNS space.

If the "Registry lock" or the "Registrar Lock"
https://en.wikipedia.org/wiki/Registrar-Lock is different from the lock
that is available to the Registrant, then ALAC could examine this with the
required technical advice to examine if it may recommend that all
Registries and Registrars could implement and lock it by default, even if
this leads to a slight delay in the domain transfer process.


Sivasubramanian M <https://www.facebook.com/sivasubramanian.muthusamy>
twitter.com/shivaindia


On Wed, Apr 24, 2019 at 3:59 PM Marita Moll <mmoll at ca.inter.net> wrote:

> There's no denying the potential end user impact.
>
> Marita
> On 4/20/2019 4:24 AM, Holly Raiche wrote:
>
> Hi Olivier
>
> Why isn’t this something that ALAC should take up?
>
> Holly
>
> On Apr 20, 2019, at 3:30 AM, Olivier MJ Crépin-Leblond <ocl at gih.com>
> wrote:
>
> Dear colleagues,
>
> I have just read an article on Wired that speaks of mass scale cyber
> attacks on the DNS:
> https://www.wired.com/story/sea-turtle-dns-hijacking/
>
> This looks very serious indeed. Furthermore, it appears to be happening on
> domains that are not DNSSEC enabled/signed. And of course, this is a known
> vulnerability. But one thing that has somehow shocked me was that one of
> the way to avoid this was using a "Registry Lock" which many Registries
> were unwilling to implement.
>
> Is it time to (a) ask SSAC what this is all about and (b) get the ICANN
> Board to mandate an essential security implementation before the whole DNS
> falls apart for lack of trust? Or is this article way too alarmist? My big
> concern at the moment is that if I was a Government representative, I'd ask
> "who runs this DNS?" and upon being told it's ICANN, I'd think that ICANN
> is incompetent in making the DNS safe from attack. As a result -> DNS is a
> critical resource -> get it run by countries rather than this incompetent
> organisation. (a lose-lose for all of us)
>
> Kindest regards,
>
> Olivier
> _______________________________________________
> Technical-issues mailing list
> Technical-issues at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/technical-issues
>
>
>
> _______________________________________________
> CPWG mailing listCPWG at icann.orghttps://mm.icann.org/mailman/listinfo/cpwg
>
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/registration-issues-wg/attachments/20190424/9b22138f/attachment.html>
-------------- next part --------------
_______________________________________________
CPWG mailing list
CPWG at icann.org
https://mm.icann.org/mailman/listinfo/cpwg


More information about the registration-issues-wg mailing list