Thursday, 15 December 2011

Save America's Internet and American Jobs "Kill SOPA" ACT NOW, Bill Goes To The House

Critics of the bill online piracy stop (HR 3261) have an influence.
A change manager was Lamar Smith, R-Texas, chairman of the Judiciary Committee had been offered.
I was critical of the first version. Here is my opinion on the new version.

This version contains several provisions for security issues in relation to the target version first increases.
The new law requires that this is not to impose terms of technology and it is not interpreted as the security of the Domain Name System or network of an ISP who receives an order may be affected.
And he sculpts the original claim that ISPs need to "block and redirect" visitors to the sites pirates.
Now, ISPs are required to block these efforts, not to redirect the subscriber to another site, which warns against piracy.
ISPs will also receive a safe harbor, which gives them a degree of certainty, they do not need to redesign their networks to allow the application of the blockade.

Unfortunately, the new version still great harm to Internet security, including the development of the obstacles in the way of DNSSEC, a protocol to limit certain types of Internet crime.
Today, it is not uncommon for thieves to take charge of Internet connections in hotels, cafes and airports - and then to direct users to fake websites.
Users sent to a fake banking site will be asked to account information and password, which are used to plunder the account current.
DNSSEC prevents such attacks by each site a signed credentials that must be displayed in the browser using the Domain Name System server before the connection can be terminated.

It's a great idea, but bad is scheduled to try to replace them.
Your best bet is to claim that the site does not have a signed form of accreditation - a claim that is plausible, at least during the transition to DNSSEC. What should a browser if a site says there is still no identification form signed?
The page can tell the truth, or it could be a fake site from a DNS server that has been altered will be guaranteed.
To find out, the browser must ask a second DNS server, and the server is not an answer, a third and a fourth server until it receives a response.
This is the only way to stop the real criminals DNS references and offer to hold their own.

Unfortunately, things that a browser to a site around the same criminal defeat SOPA scheme to block rogue sites. SOPA sees the AG say the ISPs to block address of the www. Piracy.com.
And browsers do not receive information on the server www.piracy.com ISP DNS. Faced with the silence of this server, the browser switches to prevent fraud, to pay on the DNS servers are the others, they find the address.
Ultimately, this is a server, say, Canada.
Free from "the appropriate Attorney General shall provide the address of the server to a dedicated piracy.com, and the browser will take the place of authenticated user.

This is what the browser should do when they have to do with a hacked DNS server. But the code browser can not say the Attorney General's kidnapper, is it at the end of treatment, they are both the same.
And point of view of the AG, the browser efforts to the DNS server is authoritative, as a conscious effort to circumvent the blockade for research.

The latest version of SOPA will see food.
It allows the AG to pursue "any company that knowingly and willfully offer a product ... ... by such entity or by another in conjunction with a device designed to circumvent or defeat the "orders blocking the AG.

It is difficult to conclude that this provision is designed to escape directly to the browser companies.
DNSSEC browser will be implemented to circumvent and avoid criminal blockade, and in the process, they also deal with managing orders and SOPA.
The new law allows the AG to pursue the browser if it is, he cares more confronted with the execution of his orders as a barrier on the security risks of Internet users decide.
In fact, opaque to the language "other entity that, together with a" sense in the context of browser extensions.
It allows the AG is not just a browser, but also add-ons to continue with this function.

OK, it's the law ...

Now, you ask Google or Microsoft or Apple, or Mozilla. DNSSEC guys come to you and ask you to implement DNSSEC.
It will not increase sales, to admit it, but it makes the Internet safer for your users.
Want to be a good citizen to the Internet, if you think maybe you should find some useful code written resources to devote to the cause.
But first, ask your lawyer if they provide no problems.

"Well," they would have to say.
"If you add the code to the browser, DNSSEC implementation, you must code the criminal abduction of DNS manages to add.
And the code may be illegal, said the attorney general rather when he still loves.
You can argue, of course, but if you lose, the GA can stop all the programs of your browser until it is to the satisfaction of its staff and consultants in Hollywood revised. "
Faced with these tips you should implement DNSSEC?

Neither would I.
In fact, I would not even be an extension of the DNSSEC protocol guys who write them implemented.
And so, by weighting the sword of Damocles over the browser companies will kill SOPA DNSSEC.

Hope that the opposition to SOPA has not punched against the first version of the law, because this version is badly in need of a final blow ...