VeriSign, critics prepare for ICANN Senate hearing
There's acrimony in the air after Network Solutions accusations
IDG News Service - A VeriSign Inc. official defended its contract to operate the .com domain Monday, after Network Solutions accused the Internet Corporation for Assigned Names and Numbers (ICANN) of not requiring adequate security safeguards in its registry agreements.
Network Solutions, a domain name registrar, released a report (PDF file) last week saying ICANN has "failed" to address security in its latest proposals for the .com, .biz, .info and .org top-level domains. Network Solutions officials also criticized a provision in the proposed contract renewal for the .com domain that would allow VeriSign to raise prices by 7% in four of the contract's six years. The current .com contract expires in late 2007.
VeriSign shouldn't get near-automatic renewals of the .com contract without fulfilling more security requirements, said Jonathan Nevett, Network Solutions' vice president and chief policy counsel. "We're facing a contract that provides for ... permanent monopoly, for fee increases without justification and now without adequate security protections," he said. "It's mind-boggling that the contract has gotten this far."
But Ken Silva, VeriSign's chief security officer, said some price increases will be necessary to keep the .com domain secure. The contract to operate the .com domain allows ICANN to change the agreement through consensus of its two security committees, and ICANN can cancel the contract if it believes VeriSign hasn't performed adequately, Silva said.
VeriSign has warded off several massive attacks on the .com domain, including attacks using more than 30,000 botnet computers in January, Silva said. Meanwhile, the .com domain has been available 100% of the time for the past seven years, he said.
Internet attacks continue to evolve and become larger, and it's difficult to set a security road map that stays relevant for any length of time, Silva said. He praised the proposed .com contract renewal for its flexible pricing.
"The technology we're talking about to keep up with this kind of load is not something you just buy off the shelf," Silva said. "Let's not lose sight of the fact that security continues to be the biggest threat to the growth of the Internet. Supporting that security and stability is going to involve a lot of technology, a lot of talent and a lot of equipment."
The two companies held briefings about the proposed .com contract in advance of a hearing Wednesday on ICANN's future by a subcommittee of the Senate Commerce, Science and Transportation Committee. Besides the top-level domain agreements, the subcommittee is likely to focus on the renewal of the memorandum of understanding between the U.S. Department of Commerce and ICANN, allowing the nonprofit organization to oversee the Internet's technical infrastructure.
A year ago, several countries, including China and Brazil, proposed a new model for Internet governance, with an international body taking responsibility from the U.S. and ICANN. The U.S. government and many U.S. companies oppose such a move.
Network Solutions focused on the top-level domain agreements with its report "DNS -- A System in Crisis." Among its criticisms: The domain agreements do not allow ICANN to audit security practices of domain operators. "This is the backbone of the Internet," wrote report author Jerry Archer. "Without this, there are no signposts."
- SANS: Next-Generation Datacenters = Next-Generation Security This whitepaper takes a look at some new technology that may allow security teams to implement more flexible and capable protection models in...
- SANS: Protecting Virtual Endpoints with McAfee Server Security Suite Essentials SANS review of McAfees Server Security Suite Essentials that address some of the emerging challenges of securing virtual platforms and cloud environments.
- Safeguarding the Next-Generation Data Center Use of virtual and cloud servers has exploded. Unfortunately, security often lags behind. McAfee recommends looking at innovative solutions in order to erect...
- Aberdeen: Securing the Evolving Datacenter This report highlights ways security technologies and services are evolving to provide the visibility and control needed to deploy workloads flexibly in the...
- Is SQL Server AlwaysOn really as powerful? Tips and Tricks from the field With the introduction of AlwaysOn, Windows Clustering Services is now more critical than ever.
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center... All Gov't Legislation/Regulation White Papers | Webcasts