EuroDNS sun rises….

Never converted to the metric system? CM are the new metre of measure in the EuroDNS world. The launch of .CM has successfully started with a significant number of trademark names registered during the Sunrise period at www.eurodns.com.

The hefty .CM price is a two-fer, as the domain extension .CM is not only the country code top-level domain (ccTLD) for the Republic of Cameroon, but also corresponds to the .COM typo. That’s a free typo with purchase.

Common practices the world over when typing a .COM domain name, people often forget to type in the ‘o’. The Cameroon real estate can guard against a loss of traffic and also lead to association hijacking/squatting.   The .CM sunrise conditions allow all trademark owners to register at the earliest stage,  running until July 15th.

The expansion launch of Cameroon’s domain universe is mounted as a economic stimulus to both e-commerce development and Internet growth in the African territory. The .CM registry will issue  percentage of fees toward the “Flowers in the Desert”foundation.

“Flowers in the Desert” will help cobat African poverty with a certain percentage for each domain name sold. The structure is 10% from the landrush auction and registration during sunrise and open registration Euro  2.5 per domain and (annual) year (sold)”.

Cameroon’s launch minimum registration period is 2 years and applicants must hold a valid and issued trademark at the time of application. If there is more than one valid Sunrise application for the same domain name, the name will be awarded to the registrant with the oldest registered trademark. Each domain application costs 360 EUR with a non-refundable fee of 60 EUR, including a two years term.

The registry will then open the Landrush period from July 15th, 2009, 0:00:01 UTC until July 31st, 2009, 0:00:01 UTC, during which all applications will be subjected to a premium fee and an auction system, with a minimum registration time of 2 years. Indeed, in case there is more than one application per domain, the domain will go into an auction system that will be held shortly after the end of the Landrush period. The price for each domain name application will be 260 EUR, including a two years term.

The Go Live will begin on August 1st, 2009 at 0:00:01 UTC. At this point .CM domains can be registered on a first come, first served basis. The minimum registration term is 1 year and the price will be announced soon. The price for the each Go Live registration is 80 EUR.

To have more information and register your .CM now, just go to: www.eurodns.com, and stay tuned

ICANN schism nears…

The Great Divide between ICANN and government may predate the end of the world, a thought once unthinkable to Internet hardliners. The Number Resource Organization (NRO), formed by the world’s five Regional Internet Registries, has expressed its support to end the collaboration agreement between the Internet Corporation of Assigned Names and Numbers (ICANN) and the US Department of Commerce. 

This is a big shakeup in the formal architecture of historical Web management. The NRO has also made recommendations for the management of the Domain Name System (DNS) to ensure its future stability.

The DNS is currently managed by ICANN and the US Department of Commerce under an agreement set to expire on 30 September 2009. The NRO recommends that stability, competition, bottom-up coordination and representation remain the guiding principles for the governance of ICANN after this agreement expires

DNSSEC finally gains traction

It has been more than 15 years in the making, but DNSSEC is finally gaining some traction: The .gov and .org top-level domains have begun to adopt the Domain Name Service (DNS) security protocol, and during the past few days, some commercial activity was associated with it.

HP last week announced it will resell Secure64′s DNS software, while registrar and managed DNS provider Dynamic Network Services Inc. (Dyn Inc.), announced it has gone live with DNSSEC. DNS product vendor NeuStar, meanwhile, rolled out its own DNS security appliance to protect DNS servers from getting hit with the DNS cache poisoning flawuncovered last year by researcher Dan Kaminsky.

Momentum for a DNSSEC began gradually in the wake of Kaminsky’s finding and the subsequent patches vendors deployed. First, the federal government expanded its plans for global adherence to a DNSSEC after at first only recommending it for some systems.

Now all federal agencies must adopt DNSSEC by December 2009. And most recently, a federal official said publicly that the updated FISMA regulations will require federal agencies to also sign their intranet “zones” with DNSSEC by the middle of next year.

Kaminsky in February at Black Hat DC officially threw his support behind DNSSEC after mostly dismissing the protocol as a solution for securing DNS after studying the specification more closely.

“I am relatively new to the pro-DNSSEC cause. I just don’t see another way to address the endemic cross-organizational authentication and bootstrapping issues we have today,” Kaminsky says. “DNS has fixed everyone else’s cross-organizational issues for 25 years. It can fix security’s as well.

“We are definitely making progress.”

Cricket Liu, vice president of architecture for Infoblox and author of several DNS books, says while the latest commercial announcements are interesting, the biggest news for DNSSEC this year was the signing of .org, and that the Department of Commerce’s National Telecommunications and Information Administration (NTIA) said it would sign the .gov root within a year. “These have a bearing on the infrastructure — that’s a huge deal,” Liu says.

And now the feds are planning to add to the FISMA the requirement that federal agencies sign their internal zones — their intranets — with DNSSEC by mid-2010, Liu says. “And that’s a lot more name space,” he says.

ICANN earlier this month announced it will work with the NTIA, the National Institute of Standards and Technology (NIST), and VeriSign to ensure that the Internet’s root zone is digitally signed with DNSSEC this year for security reasons. “ICANN has agreed to work with VeriSign and the Department of Commerce to first test, and then have production deployment of DNS Security Extensions (DNSSEC) as soon as feasible without prejudice to any proposals that may be made for long-term signing processes” Paul Twomey, President and CEO of ICANN said in a statement.

The announcement earlier this month that the .org top-level domain had successfully DNSSEC-signed its zone was a major milestone for the security protocol, security experts say. But there’s still plenty of work to do at all levels of the Internet infrastructure.

Enterprises, meanwhile, are facing some challenges in adopting DNSSEC. Kaminsky says businesses must look at DNSSEC as not just a DNS security solution, but also as “an answer for PKI’s failings.” DNSSEC will “enable a new generation of security solutions that actually work and scale,” he says. “Resources should be assigned now to deal with the DNSSEC dependencies of those solutions.

Infoblox’s Liu says most of the tools available today for managing signed zones are rudimentary. BIND, the most pervasive DNS server, has command-line controls for DNSSEC. “They are relatively difficult to use, and difficult to integrate into” other management tools, he says.

Kaminsky concurs: “The biggest challenges will be getting DNSSEC automated. BIND is just not where it needs to be for automation, and neither is MSDNS. There are third-party products that help, but we need the standard implementations to get better,” he says.