Feeds

ICANN Blog: Fear and redemption

Have I really only been here three days?

  • alert
  • submit to reddit

Top three mobile application threats

I’m in Luxembourg attending the 23rd ICANN conference in a big tin can in the sun.

I spoke to someone from the outside world last night and was surprised to find I’d only been here two days. After another day in the can, I may have to call them back to make sure it’s now only three.

How could I have written two blogs and not mentioned the self-cleaning toilets? It would be overdoing it to say they are a highlight of the day but I defy anyone here not to have taken a certain secret pleasure as the white arm stretches out from the back of the toilet, clamps its cleaning claws on the top of the lift-up seat and proceeds to remove any trace of your presence. The seat itself rotates, but, despite my efforts, not with you still on it. I may try standing next time.

Winter wonderland

I have also located a dirty secret - the cold room - Salle C. If anyone wants a big attendance this week, just announce to the world it’s in room C (opposite the secretive GAC in room A) and tell them it’s air-conditioned. Suddenly the minutiae of registering domains won’t seem quite so dull.

And it was in the Cold Room that I embarked on a rollercoaster of despair and joy. Despair as I realised just how important it had been for ICANN not to give the .net registry back to VeriSign; joy as I was forced to remember how wonderful the internet is.

Just half an hour before my blissful plunge into Salle C, ICANN’s security experts had warned that registrars were not doing enough to protect domains from being hijacked. One of the things they could do, the report said, was introduce an element of the EPP protocol called AuthInfo, which would make sure that people were who they said they were.

Enter Pat Kane, helping keep the registrars informed about what VeriSign had decided it might do to the internet, at some point, if it is so minded. Pat is asked about why VeriSign still hasn’t taken on the EPP protocol - despite its superiority and everyone wanting it to. With startling confidence, usually called arrogance, Pat informed the attended: “Currently the only thing we haven’t introduced out of EPP is AuthInfo.” AuthInfo of course being the very reason the question was asked.

A well meaning registrar followed up: When will you be able to deal with the traffic over EPP? Pat - after a length pause to demonstrate consideration - replied: “I will let you know.”

That elicited at least three blasts of laughter. I immediately suffered the vision of Pat rebuking the self-cleaning toilet for having the cheek to imply his efforts were as others.

He was on a roll though. Asked about another serious infrastructure question and whether VeriSign was planning to introduce it and would it do it in such-and-such way, Pat gave an even longer pause. “We’ll see.”

Chancellor Schroeder

But dear Pat has got nothing on another remarkable character stalking the halls in Luxembourg. As ICANN head, Paul Twomey has always been far too approachable, far too pleasant - there was clearly a powerhouse hiding in the shadows. And by god it’s Diane Schroeder - a woman that were she born in England would be proudly heralded as a British Battleaxe.

I had scribbled her name down in my notepad yesterday during the big open meeting of the ICANN Board and representatives of the world’s governments. Whether you like it or not, there is something humbling about entering a quiet but very large meeting room where all the people that will decide the future of the Internet are sat. Diane strode in like she owned the place. Quietly, yes, but leaving no-one who noticed in any doubt that if she chose she would have us all lined up outside to check our hands weren’t dirty.

Starring at the name-tag we are made to carry round our necks, I noted down: “Schroeder Diane:.. Strolled into GAC confidently. Clearly dangerous. But who?” Before I’d done my research though, I came across her again this morning as she ushered me, ICANN Board member and security chief Steve Crocker, security committee member Dave Piscitello and an ICANN PR man, out of a large room because she wanted it for a lunch meeting.

“So it’s *she* who runs the show?” I asked the three ICANNers outside the room as we tried to find another spot. They offered nothing, but the dilated pupils said it all.

Even more incredibly, Diane, it turns out, is ICANN’s Chief Financial Officer. It’s no wonder ICANN staff and Board are unwilling to accept any criticism at all of its accelerating budget - they’d have to answer to Ms. Schroeder. It’s amazing that with the soaring costs of ICANN a big bone of contention that the organisation’s CFO has managed to stay so firmly out the limelight.

I am going to formally ask for an interview with her tomorrow. If I don’t make it back, you’ll know why.

The internet returns to its roots

I should get around to explaining the joy that I also found in the Cold Room. It came in the form of Edward Viltz head of PIR, and Ram Mohan, CTO of Afilias. Edward and PIR run the non-profit .org domain, and Ram runs their back-end as tech head of Afilias.

With the sort of commanding presence that reminds you of James Earl Jones, Viltz was strikingly up-front, helpful and in control as only a person with a clear mission can be. And that mission is to spread the Internet to the world, in particular the places where others won’t because there’s no money in it. There’s was no preaching though as Viltz outlined to domain sellers PIR’s new plans and how it would benefit them. Among those plans: the creation of domains in eight new languages so people outside of North America and “Old Europe” can have their own piece of the internet. PIR gives all its excess proceeds to projects helping to build the internet and educate people about it in the developing world. Ram Mohan has the same sentiments while at the same time running rings round VeriSign and stealing all the internet business that VeriSign hasn’t nailed down.

After days of fights and scraps over basically the same thing - getting as much money out of the Internet as possible - it was supremely refreshing to be reminded of the internet’s roots and to see the dream living on.

That’s enough of that - Ed

But back to the fireworks. The registrars aren’t happy over the .Net contract. In fact, they went so far today as to read out a statement which said, among many other things: “Registrars consider there to be a breach of trust by the ICANN Board and the ICANN staff in approving a contract with Verisign regarding .net that contains significant changes from the draft .net agreement posted on the ICANN website, without public consultation.” It was greeted, I am told, with applause.

This is terrific. It is clear to anyone that the process to decide who took over control of the .Net registry was deeply and suspiciously flawed, and demonstrably bent in VeriSign’s favour.

But, I am afraid, it simply isn’t good enough. I, for one, spent a significant amount of effort, and upset quite a lot of people, to put pertinent questions about the process out there. Others did too. The difference is we did it *before* the decision had been made and while the process was still ongoing.

There's no reason to believe that, if lobbied effectively, Board members couldn't have been persuaded to vote differently. The yes voters were mostly NomCom members but then one NomCom member voted against (Vanda Scartezini) and one abstained (Joichi Ito). One ASO voted for (Mouhamet Diop), one against (Raimundo Beca). Demi Getschko of the ccNSO and Michael Palage of the GNSO both abstained. The maths could very easily have changed if enough people had made their feelings known at the time.

But to complain weeks afterwards smacks of the Judean People’s Front convening to decide how best to approach the call for immediate action.

Love note to VeriSign

I have come to the horrible realisation that VeriSign is never going to like me. This, as you can imagine, is a heavy weight on anyone’s shoulders. As such, I would like to extend a sincere offer to this internet giant to provide me with just one example of its action that I can agree with and I will proudly write about it.

In the meantime however I will just have to enjoy the perverse pleasure of writing this blog from the VeriSign booth in the conference’s sponsors area. I even turned the presentation TV off because it was breaking my train of thought.®

Previous blogs

Monday: I don't like Mondays
Sunday: De Lux appointment

Top three mobile application threats

More from The Register

next story
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.