GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Untitled attachment

Download link

Notices where this attachment appears

  1. Embed this notice
    Rob Ricci (ricci@discuss.systems)'s status on Monday, 28-Apr-2025 07:32:29 JST Rob Ricci Rob Ricci

    I was asked a really interesting question about whether the US government (or others, but we all know why people are worried about the US right now) could seize domain names, and what would happen if they did.

    This is:

    * An excellent question
    * Quite important to answer
    * Probably impossible to answer in practice

    :thread: 1/?

    Let's dig in, based on what I know (which to be clear is mostly on the technical side, I don't know a lot on the legal side; I invite additional information added or corrected by people with more knowledge):

    The question here is about the vulnerability of the DNS to government-level attacks. I am going to limit the scope of this post to the DNS; there are plenty of potential nation-state attacks on the Internet, I can't talk about all of them nor am I qualified to.

    The good news is that this is, in fact, the kind of attack that people have thought about quite a bit when designing and deploying these systems. That does not, however, mean that they are invulnerable to or that there are not hidden dependencies or vulnerabilities - and honestly the reason why this question is impossible to answer is that there are probably enough hidden dependencies that we just don't know what will fail until (if) somebody tries it.

    If someone tries to seize domain names, either one at a time or in bulk, the direct point of attack would be against the domain registrars; these are the entities who you pay to register the name, and who maintain the top-level information about them, such as whose name they are registered in, the contact information for those parties, and which DNS servers are authoritative for providing further information about those domains. Note that those DNS servers *may* be provided by the registrar, but they don't have to be. More about domain name registrars here: https://en.wikipedia.org/wiki/Domain_name_registrar

    So what's the attack? The government tries to force the registrar to either de-register the names, or re-register them to another party. They would do so by applying legal pressure on the registrar.

    This is one place where there is probably a very thorny legal question: who *owns* the domain name, really? Does the registrar own it? Does the registrant own it? There may be law on this, but I'm not aware of it; I do know that there have been cases regarding trademark law to reassign domain names, some of which have been successful. I'd love (for some definition of "love") to learn more here if folks have good sources to contribute.

    The good news on this front is that there are lots of registrars. Tons. One would assume that a government would have the most leverage, by far, against registrars in their own jurisdiction. Registrars are, however, spread out all across the world, and most domains are portable across registrars - you can move your domain to a different registrar just like you can move your mobile phone number to a different carrier in many (most?) countries. Most TLDs (the last bit in the domain name, such as .com. .org, .social, etc.) are handled by a large number of registrars. So, for most domain names, there is a fairly straightforward step to take for protection: transfer the domain to a registrar outside the jurisdiction you are concerned about. There is, for example, no registrar one can go to in order to seize all .com domains for a given country. (Some TLDs have different rules, but I'm not going to get into that here.)

    Basically, attacking this at a large scale is not impossible, but it would require a lot of resources and can only move so fast, giving domain name owners a chance to try to take proactive steps. It could certainly be disruptive, and targeted attacks against certain domains are possible, but there is enough resiliency that it's very, very hard to snatch the whole thing in one go.

    So, let's go deeper: who gives the registrars the ability to register individual domain names?

    In fact, let's go straight to the root: IANA: https://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority . This is the standards organization that administers the list of TLDs and the information in the root DNS servers. It is international; that probably makes it hard for individual governments to assert control over it, though it's hard to say, maybe it means any member is a point of vulnerability instead. IANA more or less delegates responsibility to administering specific TLDs to other organizations; for example, .com is administered right now by Verisign: https://en.wikipedia.org/wiki/.com . Those organizations are themselves a potential point of vulnerability for seizing individual domain names; the system overall does have enough resiliency built in that if one domain name is seized, this does not prevent the person or organization that registered it from getting a new domain name in a different TLD: this is commonly done by sites that are not legal in certain jurisdictions, for example.

    In conversation about 21 days ago from discuss.systems permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.