RIPE 74

RIPE 74 was held in May in Budapest, and as usual it was a meeting that mixed a diverse set of conversations and topics into a very busy week. Here are my impressions of the meeting drawn from a number of presentations that I found to be of personal interest.…


NANOG 69

NANOG 69 was held in Washington DC in early February. Here’s my notes from the meeting. It would not be Washington without a keynote opening talk about the broader political landscape and NANOG certainly ticked this box with a talk on international politics and cyberspace. I did learn a new…


Let’s Encrypt with DANE

There is a frequently quoted adage in communications that goes along the lines of “Good, Fast, Cheap: pick any two!” It may well be applied to many other forms of service design and delivery, but the basic idea is that high quality, high speed services are costly to obtain, and…


DNS DDOS

The recent attacks on the DNS infrastructure operated by DYN in October 2016 have generated a lot of comment in recent days. Indeed, it’s not often that the DNS itself has been prominent in the mainstream of news commentary, and in some ways this DNS DDOS prominence is for all…


DNSSEC and ECDSA

Two years ago I reported on the use of the elliptical curve cryptographic algorithm in generating digital signatures for securing the DNS (DNSSEC) (http://www.potaroo.net/ispcol/2014-10/ecdsa.html). The conclusion at the time was hardly encouraging: “Will ECDSA ever be useful tool for DNS and DNSSEC? As good as ECDSA is in presenting strong…


DDOS Attackers – Who and Why?

Bruce Schneier’s recent blog post, “Someone is Learning How to Take Down the Internet”, reported that the incidence of DDOS attacks is on the rise. And by this he means that these attacks are on the rise both in the number of attacks and the intensity of each attack. A…


Hosts vs Networks

There are a number of ways to view the relationship between hosts and the network in the Internet. One view is that this is an example of two sets of cooperating entities that share a common goal: hosts and the network both want content to be delivered. Both have an…


DNS Privacy

The DNS is normally a relatively open protocol that smears its data (which is your data and mine too!) far and wide. Little wonder that the DNS is used in many ways, not just as a mundane name resolution protocol, but as a data channel for surveillance and as a…


DNS OARC 24

DNS OARC held a two day workshop in Buenos Aires prior to IETF 95 at the end of March 2016. Here are my impressions of this meeting. For a supposedly simply query response protocol that maps names to IP addresses there a huge amount going on under the hood with…


Rolling Roots

In the world of public key cryptography, it is often observed that no private key can be a kept as an absolute secret forever. This does not mean that a private key remains a secret for a limited time and then the underlying cryptography spontaneously breaks apart and the key…