VeriSign, critics prepare for ICANN Senate hearing
There's acrimony in the air after Network Solutions accusations
IDG News Service - A VeriSign Inc. official defended its contract to operate the .com domain Monday, after Network Solutions accused the Internet Corporation for Assigned Names and Numbers (ICANN) of not requiring adequate security safeguards in its registry agreements.
Network Solutions, a domain name registrar, released a report (PDF file) last week saying ICANN has "failed" to address security in its latest proposals for the .com, .biz, .info and .org top-level domains. Network Solutions officials also criticized a provision in the proposed contract renewal for the .com domain that would allow VeriSign to raise prices by 7% in four of the contract's six years. The current .com contract expires in late 2007.
VeriSign shouldn't get near-automatic renewals of the .com contract without fulfilling more security requirements, said Jonathan Nevett, Network Solutions' vice president and chief policy counsel. "We're facing a contract that provides for ... permanent monopoly, for fee increases without justification and now without adequate security protections," he said. "It's mind-boggling that the contract has gotten this far."
But Ken Silva, VeriSign's chief security officer, said some price increases will be necessary to keep the .com domain secure. The contract to operate the .com domain allows ICANN to change the agreement through consensus of its two security committees, and ICANN can cancel the contract if it believes VeriSign hasn't performed adequately, Silva said.
VeriSign has warded off several massive attacks on the .com domain, including attacks using more than 30,000 botnet computers in January, Silva said. Meanwhile, the .com domain has been available 100% of the time for the past seven years, he said.
Internet attacks continue to evolve and become larger, and it's difficult to set a security road map that stays relevant for any length of time, Silva said. He praised the proposed .com contract renewal for its flexible pricing.
"The technology we're talking about to keep up with this kind of load is not something you just buy off the shelf," Silva said. "Let's not lose sight of the fact that security continues to be the biggest threat to the growth of the Internet. Supporting that security and stability is going to involve a lot of technology, a lot of talent and a lot of equipment."
The two companies held briefings about the proposed .com contract in advance of a hearing Wednesday on ICANN's future by a subcommittee of the Senate Commerce, Science and Transportation Committee. Besides the top-level domain agreements, the subcommittee is likely to focus on the renewal of the memorandum of understanding between the U.S. Department of Commerce and ICANN, allowing the nonprofit organization to oversee the Internet's technical infrastructure.
A year ago, several countries, including China and Brazil, proposed a new model for Internet governance, with an international body taking responsibility from the U.S. and ICANN. The U.S. government and many U.S. companies oppose such a move.
Network Solutions focused on the top-level domain agreements with its report "DNS -- A System in Crisis." Among its criticisms: The domain agreements do not allow ICANN to audit security practices of domain operators. "This is the backbone of the Internet," wrote report author Jerry Archer. "Without this, there are no signposts."
- Who does NSS Labs "Recommend" for NGFW? In 2012, NSS Labs found that most available NGFW solutions "fell short in performance and security effectiveness." In 2013 NSS Labs noted "marked...
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- What is this "File Sync" Thing and Why Should I Care About It? All of a sudden, getting a file from your work laptop to your iPad became as simple as clicking "Save." So it's no...
- The Keys to Securing Data in a Collaborative Workplace Losing data is costly. IT professionals have spent years learning how to protect their organizations from hackers, but how do you ward off...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Gov't Legislation/Regulation White Papers | Webcasts