Dan York

Just a guy in Vermont trying to connect all the dots...

Author's posts

FIR #786 – 12/15/14 – For Immediate Release

Quick News: Two airlines go Apple, employees increase your reach, Apple recruits luxury experts for watch debut, Facebook search implications for brands; Ragan promo; News That Fits: Microcopy is a new frontier for communicators, Dan York's Tech Report, Twitter's impact on news, Media Monitoring Minute from CustomScoop, listener comments, agencies need to pay more attention to Glassdoor.com, Igloo Software promo, the past week on the FIR Podcast Network, the Social Media Charter for financial services firms; music from Plastic Sky; and more.

Indonesia And Vanuatu Sign .ID and .VU With DNSSEC

Asia PacificWe were very pleased to learn this morning that both Indonesia’s .ID and Vanuatu’s .VU country-code top-level domains (ccTLDs) had DS records uploaded to the root zone of DNS over the weekend.  What this means is that they have both entered the fourth of five deployment stages that we track as part of the DNSSEC Deployment Maps.

At some point soon, people who have registered domains under .ID and .VU should be able to upload their own DNSSEC records and be able to obtain the higher level of security and trust that comes with having their domain signed with DNSSEC.  We don’t yet know when the registries for .ID and .VU will start accepting DS records from registrants, but hopefully at some point soon.

Given that the records were entered into the root zone of DNS after I had finished updating the database on Friday for the DNSSEC Deployment Maps that were distributed this morning, I took the unusual step of re-generating the maps today after a quick database update.  Subscribers to the public dnssec-maps mailing list have all received a second set of maps for today.  Normally I might have just waited for next week but given Indonesia’s size it adds a nice bit of green to the Asia Pacific map and I wanted that to be shown.

With these two ccTLDs having their DS record in the root zone, this brings us to 97 of the 247 ccTLDs that we track in our database being signed with DNSSEC.  (There are also .EU and .SU which we consider more “regional” TLDs (and are both signed), but other lists count as ccTLDs, so you could say that we show 99 of 249 being signed.)  Given that most of the generic TLDs are signed and all the new gTLDs MUST be signed when they launch, the remaining 150 unsigned ccTLDs are the major area where attention will be focused over the next while in terms of getting TLDs signed.  ICANN’s DNS team is spending a good bit of time traveling to many of these countries to help them get their ccTLDs signed and operational.

Congratulations to the teams at .ID and .VU for getting their domains signed and linked in to the DNSSEC global “chain of trust”.  We look forward to learning that those two ccTLDs become “Operational” and second-level domains can begin uploading DNSSEC records soon.

Note – if you would like to learn more about how you can get started with DNSSEC, please visit our Start Here page to find resources tailored to your role or type of organization.

Two Weeks In… How Is A Blog Post A Day Doing? #Finish2014Strong

So, two weeks after saying I would write at least one blog post a day (and talking about that) for all of December 2014, how am I doing?

Well... so far so good.

  • I posted at least once on the Deploy360 site every work day.
  • I did put something up on my personal sites every day so far.
  • I recorded a new "The Dan York Report" podcast on 10 of the 14 days.

I've had a serious cold/cough that made for really poor audio... so on some of the worst days I skipped it. I didn't think it made sense to record a poor-quality audio podcast just for the sake of saying I did it.

In fact, I'm honestly surprised how much I did write, given how foggy my head has felt and how most days it has seemed like I'm moving through molasses.

Now... the question will be whether I can continue this through the remaining days that include holidays and vacation time!

Here's the list of the month so far:


Monday, December 1

Deploy360 Programme:

Personal Sites:

The Dan York Report audio podcast:

Other:


Tuesday, December 2

Deploy360 Programme:

Personal Sites:

The Dan York Report audio podcast:


Wednesday, December 3

Deploy360 Programme:

Personal Sites:

The Dan York Report audio podcast:


Thursday, December 4

Deploy360 Programme:

DNSSEC Deployment Initiative:

Personal Sites:

The Dan York Report audio podcast:


Friday, December 5

Deploy360 Programme:

Personal Sites:

The Dan York Report audio podcast:

  • (no podcast - too sick)

Saturday, December 6

Deploy360 Programme:

  • (no post)

Personal Sites:

The Dan York Report audio podcast:


Sunday, December 7

Deploy360 Programme:

  • (no post)

Personal Sites:

The Dan York Report audio podcast:

  • (no podcast - too sick)

Monday, December 8

Deploy360 Programme:

Personal Sites:

The Dan York Report audio podcast:

Other:


Tuesday, December 9

Deploy360 Programme:

Personal Sites:

The Dan York Report audio podcast:


Wednesday, December 10

Deploy360 Programme:

Personal Sites:

The Dan York Report audio podcast:

  • (no podcast - too sick)

Thursday, December 11

Deploy360 Programme:

Personal Sites:

The Dan York Report audio podcast:


Friday, December 12

Deploy360 Programme:

Personal Sites:

The Dan York Report audio podcast:

  • (no podcast)

Saturday, December 13

Deploy360 Programme:

  • (no post)

Personal Sites:

The Dan York Report audio podcast:


Sunday, December 14

Deploy360 Programme:

  • (no post)

Personal Sites:

The Dan York Report audio podcast:


Now we'll see what the rest of the month brings...


An audio version of this post is available:


If you found this post interesting or useful, please consider either:


TDYR 197 – Halfway Through December, How Is #Finish2014Strong Doing?

Back on December 1 in episode 187 I said my goal was to write at least one blog post a day for every day in December 2014. Two weeks in... how am I doing? My list of posts in December so far: http://www.disruptiveconversations.com/2014/12/two-weeks-in-how-is-a-blog-post-a-day-doing-finish2014strong.html Original posts: http://www.disruptiveconversations.com/2014/12/a-blog-post-a-day-for-december-2014-finish2014strong.html https://soundcloud.com/danyork/tdyr-187-1-blog-post-a-day-in

TDYR 196 – “Surprise Me, Santa”, A Fascinating Side Effect Of Raising A Child Without Commercial TV

At a "Breakfast with Santa" yesterday, Santa asked our 5-year-old daughter about what she wanted for Christmas...

Video: The Keene Interfaith Community Breakfasts

One of the great changes in my life over the past year has been helping out at the community breakfasts for the homeless that happen now each winter weekday morning at our church in Keene, NH. While they are held in our church building, the teams of volunteers who staff the breakfasts also come from several other churches in our community. (In fact, we're looking for one more church or other community group to step forward and help on the one remaining day that needs coverage.)

It's been quite an eye-opening experience for my wife and I, both in terms of learning about the quantity of people in our region who are homeless... but also in hearing some of the stories and knowing that while often it is very definitely choices that get people into these situations, sometimes it is instead circumstances - job losses, medical expenses, family issues - and that the line between those who have and those who have not can be very thin and fragile.

Recently a local community TV show recorded an episode with several of us who have been involved with the community breakfasts. I represented our church and spoke about some of the changes that being involved has brought about with me and our family.

Give it a listen... and if you are in the Keene, NH, area and interested in helping, we're always looking for people to help during these cold winter months!


What are the "community" breakfasts that take place at the Keene UU Church (KUUC) during the winter months? How did they get started? How are they an example of interfaith service programs? And how can people get more involved? In this episode 501 of her show "My Karma Ran Over My Dogma", Rev. Sandra Whippie explores these topics and much more with a panel including:
  • Rev. Michael Hall, KUUC minister and member of the Interfaith Clergy Association
  • Charlie Gibson, member of the Catholic churches in the Keene area
  • Dan York, member of the Keene Unitarian Universalist Church (KUUC)
  • Marcia Winters, member of the Keene United Church of Christ (UCC)

P.S. For the purpose of including an image for this post in the "carousel" at the top of the site, I'm including this screenshot of me talking:

Danyork interfaith breakfasts

Verizon Launches Voice Cypher Secure VoIP Mobile App… With A Government Backdoor

Verizon Wireless this week did something that initially seemed quite impressive – they launched “Voice Cypher”, an app available for iOS, Android and Blackberry that promises secure end-to-end encryption. It uses VoIP and is an “over-the-top” (OTT) app that works on any carrier.  If you read the marketing material on their web site, it all sounds great!  Indeed their “Learn More” page has all the right buzzwords and security lingo – and says quite clearly: Voice Cypher provides end-to-end encryption between callers, even if the call crosses over multiple networks.” They include the requisite network diagram that shows how it protects against all threats:

Verizon Wireless Voice Cypher

It turns out there’s just one small little detail … as reported by BloombergBusinessweek, the app comes complete with a backdoor so that Verizon could decrypt the phone calls if requested to do so by law enforcement!

As the Businessweek article states:

Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they’re able to prove that there’s a legitimate law enforcement reason for doing so.

Unfortunately, in this post-Snowden era I don’t know that many of us put a great amount of trust in our governments to only access communications with a “legitimate law enforcement reason”.  Or perhaps the concern is that what gets classified as “legitimate” can be widely construed to mean almost anything.

The article does point out that Verizon is bound by CALEA to provide lawful intercept  to the phone networks, but points out an interesting caveat that Verizon could have used:

Phone carriers like Verizon are required by U.S. law to build networks that can be wiretapped. But the legislation known as the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. If Verizon and Cellcrypt had structured their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law.

A Verizon Wireless representative indicated that they believe government agencies looking for ways to protect sensitive information may be  customers of this service, as may be corporate customers concerned about leaking private information.

But… as we continue to hear more and more information about the massive amount of pervasive monitoring and surveillance by government agencies from many different governments around the world, you do have to wonder how safe those agencies and companies will feel with a “secure” solution that already comes with a backdoor.  The problem with a known backdoor is that even if you may trust Verizon Wireless to only allow legitimate law enforcement access… how do you know that some attacker may not be able to penetrate that backdoor?   The “secure end-to-end encryption” isn’t entirely secure.

Given that the service has a higher price tag of $45 per month per device, I do wonder how many businesses or agencies will actually embrace the service.

On reading about this Voice Cypher service, it certainly sounds quite interesting.  We need more secure voice solutions out there – and it’s very cool that Verizon Wireless is delivering this as an OTT mobile app that will work across different carriers.

It’s just too bad that it’s not truly “secure end-to-end”.  :-(

P.S. I also recorded an audio commentary on this same topic.

TDYR 195 – Verizon’s ‘Secure’ Voice Cypher App… With A Government Backdoor

Verizon came out with a new "Voice Cypher" OTT app for iOS, Android and Blackberry which sounds like a very cool way to have secure voice communication across mobile networks... until you realize that it has a government backdoor already built in. :-( http://www.businessweek.com/articles/2014-12-11/verizons-new-encrypted-calling-app-comes-prehacked-for-the-nsa https://www.verizonwireless.com/wcms/business/apps/voice-cypher.html http://business.verizonwireless.com/content/b2b/en/solutions/technology/mobile-security/voice-cypher.html

Emily Taylor’s Must-Read Post: Ofcom in denial over UK IPv6 failure

Emily Taylor about IPv6 and Ofcom

On her blog yesterday, Emily Taylor wrote an outstanding post “Ofcom in denial over UK IPv6 failure” that begins:

For the UK to reap the economic and social benefits of next generation technology, like the Internet of Things, we need plenty of internet address space. The original addresses have run out, and we must implement IPv6. Experts say the UK has been more negative about the adoption of IPv6 than almost any other nation. Various initiatives aimed at stimulating adoption have fizzled out. The big ISPs convey a lack of urgency and Ofcom, rather than pushing industry to adopt, seems more focused on thinking of work-arounds. Why is our regulator failing to show leadership?

I was going to try to summarize her post… but the more I read it, the more I just realized it is brilliantly done as it is.  She weaves together many threads such as the Internet of Things, the problems with Carrier-Grade NAT, the issues with the potential selling of IPv4 addresses…  any summary won’t do it justice.

Please go read her post!

And then once you’ve read that, why don’t you please visit our Start Here page to find resources related to IPv6 to help you get started!

We definitely agree with her final quote from Vint Cerf:

“The Internet needs to keep evolving and there are things that should happen beyond IPv6 but to overcome the present address space exhaustion, we need to implement IPv6 essentially everywhere”.

Let’s make it happen!

Congrats To Norway’s .NO On Over 5,000 DNSSEC-Signed Domains!

Norid logoCongratulations to the Norid team on going live with DNSSEC for the .NO country-code top-level domain (ccTLD) this week!  You may recall we wrote about .NO being signed in the root zone of DNS back on November 18 (and the cake they baked to celebrate!), but this news this week now moves them to the fully “Operational” status in our DNSSEC deployment maps.

As they note on their page about the news, the .NO registry started accepting DNSSEC records from .NO domain registrants on Tuesday, December 9th.  They also indicated that they had 16 registrars (and now today I count 17).

Even better… after the first day, Norid’s Unni Solås reported on Twitter that they had passed 3,000 signed .NO domains:

and on the second day they were over 5,300:

Presumably two days later they will have even more DNSSEC-signed domains!

By the way, the Norid folks have a great DNSSEC project description (in English) that walks through the different stages of their deployment.  This could be very useful for any other ccTLDs looking to deploy DNSSEC.

Anyway… great work by the Norid team and others there in Norway – and we’re looking forward to hearing more about DNSSEC in Norway.

P.S. If you want to sign your domain with DNSSEC or enable DNSSEC validation on your network, please visit our Start Here page to find resources aimed at your type of organization or role.