ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] On Its Way: One of the Biggest Changes to the Internet

  • To: ga DNSO <ga@xxxxxxxxxxxxxx>
  • Subject: Re: [ga] On Its Way: One of the Biggest Changes to the Internet
  • From: Andy Gardner <andy@xxxxxxxxxxxxxxx>
  • Date: Fri, 12 Oct 2007 01:12:37 -0500



Please explain how a long idn domain beginning with xn-- is somehow more dangerous to the DNS than any other ascii domain name of the same limited character length?

Is xn-- some magical character sequence that terrorists came up with?

Sheesh. This will be on Fox "News" next.



On Oct 12, 2007, at 12:27 AM, jwkckid1@xxxxxxxxxxxxx wrote:


Chris and all,

  The answer is yes very easily.  The vulnerability will be
higest durring the early testing phase and some brief
time after full implimentation given that full implimentation
occurs.  I am relitively sure some undisclosed Chinese
IT hackers, perhaps working for the Chinese Govt. are
already prepaired to proceed accordingly.

  Frankly I believe a seperate zone should have been built for
the testing phase, and for security reasons down the road
I would have insisted that a seperate zone for segmenting
off IDN's be maintained indefinately.  Seems the IANA/ICANN
is not that concerned for user's security, nor privacy
and potential damage which will insue accordingly.

-----Original Message-----
From: "Prophet Partners Inc." <Domains@xxxxxxxxxxxxxxxxxxx>
Sent: Oct 12, 2007 12:38 AM
To: ga@xxxxxxxxxxxxxx
Subject: Re: [ga] On Its Way: One of the Biggest Changes to the Internet


Hi Karl,

With the potential problems from long IDN names, could poorly configured DNS applications possibly create situations of DNS instability? Could criminal
or terrorist organizations launch DoS attacks in this manner?

Sincerely,
Ted
Prophet Partners Inc.
http://www.ProphetPartners.com
http://www.Premium-Domain-Names.com


----- Original Message -----
From: "Karl Auerbach" <karl@xxxxxxxxxxxx>
To: "Ram Mohan" <rmohan@xxxxxxxxxxxx>
Cc: <ga@xxxxxxxxxxxxxx>
Sent: Thursday, October 11, 2007 9:40 PM
Subject: Re: [ga] On Its Way: One of the Biggest Changes to the Internet



Ram Mohan wrote:

Numerous other usability issues exist, including some interesting ones
such as searchability of IDN names and IDN TLDs.

It's been a while since I last scanned SIP VoIP implementations for DNS
vulnerabilities.

But when I last did it, I found that a lot of VoIP phones had weak DNS resolving engines that could be easily confused/killed by long names (and
IDN names can get long) and long or strange CNAMEs.

(It is amazing the devices than can be sent into the weeds by giving 'em a SIP or HTTP URI/URL that contains a domain name that gets mapped via a CNAME into something that is either very long or contains the full variety
of 8-bit characters without honoring the "hostname" character set
constraint.)

Again, as you say, at the DNS layer, it's all just ASCII labels. And the
problems I saw weren't IDN problems, just weak DNS implementations.

--karl--

=======

'Regards,
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@xxxxxxxxxxxxx





<<< Chronological Index >>>    <<< Thread Index >>>