Re: [ga] On Its Way: One of the Biggest Changes to the Internet

[jwkckid1@xxxxxxxxxxxxx]

Chris and all,

  The answer is yes very easily.  The vulnerability will be
higest durring the early testing phase and some brief
time after full implimentation given that full implimentation
occurs.  I am relitively sure some undisclosed Chinese
IT hackers, perhaps working for the Chinese Govt. are
already prepaired to proceed accordingly.

  Frankly I believe a seperate zone should have been built for
the testing phase, and for security reasons down the road
I would have insisted that a seperate zone for segmenting
off IDN's be maintained indefinately.  Seems the IANA/ICANN
is not that concerned for user's security, nor privacy
and potential damage which will insue accordingly.

-----Original Message-----
>From: "Prophet Partners Inc." <Domains@xxxxxxxxxxxxxxxxxxx>
>Sent: Oct 12, 2007 12:38 AM
>To: ga@xxxxxxxxxxxxxx
>Subject: Re: [ga] On Its Way: One of the Biggest Changes to the Internet
>
>
>Hi Karl,
>
>With the potential problems from long IDN names, could poorly configured DNS 
>applications possibly create situations of DNS instability? Could criminal 
>or terrorist organizations launch DoS attacks in this manner?
>
>Sincerely,
>Ted
>Prophet Partners Inc.
>http://www.ProphetPartners.com
>http://www.Premium-Domain-Names.com
>
>
>----- Original Message ----- 
>From: "Karl Auerbach" <karl@xxxxxxxxxxxx>
>To: "Ram Mohan" <rmohan@xxxxxxxxxxxx>
>Cc: <ga@xxxxxxxxxxxxxx>
>Sent: Thursday, October 11, 2007 9:40 PM
>Subject: Re: [ga] On Its Way: One of the Biggest Changes to the Internet
>
>
>>
>> Ram Mohan wrote:
>>
>>> Numerous other usability issues exist, including some interesting ones 
>>> such as searchability of IDN names and IDN TLDs.
>>
>> It's been a while since I last scanned SIP VoIP implementations for DNS 
>> vulnerabilities.
>>
>> But when I last did it, I found that a lot of VoIP phones had weak DNS 
>> resolving engines that could be easily confused/killed by long names (and 
>> IDN names can get long) and long or strange CNAMEs.
>>
>> (It is amazing the devices than can be sent into the weeds by giving 'em a 
>> SIP or HTTP URI/URL that contains a domain name that gets mapped via a 
>> CNAME into something that is either very long or contains the full variety 
>> of 8-bit characters without honoring the "hostname" character set 
>> constraint.)
>>
>> Again, as you say, at the DNS layer, it's all just ASCII labels.  And the 
>> problems I saw weren't IDN problems, just weak DNS implementations.
>>
>> --karl-- 
>
=======

'Regards,
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@xxxxxxxxxxxxx