Recent Articles
Roll Over and Die?
February 2010
It is considered good security practice to treat cryptographic keys with a healthy level of respect. As RFC4641 states: "the longer a key is in use, the greater the probability that it will have been compromised through carelessness, accident, espionage, or cryptanalysis." Even though the risk is considered slight if you have chosen to use a decent key length, RFC 4641 recommends, as good operational practice, that you should "roll" your key at regular intervals. What could possibly go wrong? more...
Addressing 2009
January 2010
It's January again, and being the start of another year, it's as good a time as any to look at the last 12 months and see what the Internet has up to in 2009. The Internet's continuing growth can be viewed using many forms of metrics, including number of connected customers, the count of web pages, or selected measures of network traffic. One perspective comes from an examination of the records of address allocations that were made by the five Regional Internet Registries (RIRs). more...
NXDOMAIN?
December 2009
Who would buy non-existent DNS names? Well, it should come as no surprise that in a world where there is already a large and valuable market for selling DNS names that are not Internet-visible as service endpoints, there is also a valuable market in identifying yet more names that users are using in their applications that are not even visible to the DNS. There is value in catching the NXDOMAIN responses from a DNS resolver and substituting a page impression. There is value in the so-called practice of "typosquatting". more...
Stateless and DNSperate!
November 2009
I've often heard it said that the world is full of bad ideas. But no matter how many bad ideas there may be, the good news is that there is always room for one more! So in the spirit of "more is better" I'd like to offer the following as yet another Bad Idea (http://bert.secret-wg.org/BIF/index.html). There is also the intriguing possibility that this flawed concept could be made to work, making this a thoroughly Useless Tool (http://bert.secret-wg.org/Tools/index.html) at the same time! more...
RIPE at 59!
October 2009
RIPE, or Réseaux IP Européens, is a collaborative forum open to all parties interested in wide area IP networks in Europe and beyond. The objective of RIPE is to ensure the administrative and technical coordination necessary to enable the operation of a pan-European IP network. RIPE has been a feature of the European Internet landscape for some twenty years now, and it continues to be a progressive and engaged forum. These days RIPE meets twice a year, and the most recent meeting was held at Lisbon, Portugal, from the 5th to the 9th of October 2009. In this column I'd like to share some of my impressions of this meeting. more...
Is the Transition to IPv6 a "Market Failure?"
September 2009
Many views of the transition to IPv6 assume that the combination of the factors of the imminent exhaustion of the unallocated pool of IPv4 addresses and the conventional dynamics of an open competitive marketplace in the ISP sector will be sufficient to propel the transition to IPv6. The question I would like to pose here is: Is this an appropriate view of the transition to IPv6? An alternative view is that this transition to IPv6 has already stalled over the past decade, and we should be prepared to view the current situation as an instance of a "market failure" in economic terms, where the transition will require the impetus of some form of response associated with the distribution of a "public good", and that conventional market dynamics are in and of themselves incapable of sustaining such a transition. more...
