I'm running for CIRA election!

Regular readers will know I've almost always got something to say about digital politics. Whether Net Neutrality or Domain Seizures, DNSSEC, or SSL certificates I've always got an opinion on how we should be moving forward in Canada.

For a number of years now I've directly advocated change within Canada's institutions. As a result, and due to the encouragement of some very awesome people, I've decided to run in the CIRA elections this year. I don't know if I can win, and there's definitely some strong competition -- but I think its worth trying and hopefully enough folks will hear about my message and elect me to the CIRA board.

So without further introduction:

Go to https://www.kevinforcira.ca and sign up for the mailing list, CIRA membership and tweet your support.

I'm excited for this challenge as I think we need to move towards making CIRA more influential in Canada's digital policy debate. Unlike the CRTC, CIRA is a directly democratic institution and every dot-ca owner can become a member for free and vote in CIRA's elections.

I have been mulling running for CIRA for several years now, what finally pushed me to run is three big ideas which I hope to immediately work on.

1) We must deploy the new technologies of DNSSEC, IPv6 and ENUM.

CIRA's has traditionally been very timid about change, and as such its usually behind the curve. On DNSSEC a number of other registries worldwide have completed their DNSSEC implementation. The root is signed and the trust technologies are mature. CIRA is on-track to deploy DNSSEC soon, but the fact remains that we were not the first registry to do so. If elected I'll do my best to make sure Canada leads the deployment of new technologies and paves the way for the world when it comes to Internet innovation. During the tenure of the next board, CIRA will also have to deploy changes to their API that allows for the publishing of DS records, and define the rules and eligibility for such publications -- as a developer, I'm exceptionally qualified to help shape the implementation of this deployment.

On IPv6 CIRA has been a big advocate, but like most Canadian organizations has not embraced IPv6 itself. If elected, I'll make sure CIRA leads on IPv6 and direct that all public websites and API's are accessible directly on IPv6 at CIRA. I'll work to make sure CIRA and the CRTC are seen as partnering organizations and where Internet policy is involved, that CIRA lead the way as Canada's primary Internet stakeholder.

On ENUM, (also known as e164) we need to stop waiting for global consensus and go ahead with a domestic deployment of e164.ca while we wait for the global e164.arpa. Consumers want to be able to link the various internet services they pay for with their telephone numbers. ENUM allows consumers to chose how they want to be contacted, define priorities for service providers and disconnect the 1:1 relationship between a number and a provider allowing for better pricing and increased competition. With ENUM deployed not only will we have lower prices, but we'll see increased redundancy and availability by being able to purchase service from multiple providers and have those services degrade in a predictable and reliable way. Imagine being able to give out two land lines [primary and backup],  a cell phone, an email address and a website all by simply sharing one phone number -- that's the power of ENUM and we need to deploy it now.

2) It's all about trust.

CIRA works closely with the Government of Canada, and it has a proven verification process that offers exceptionally reliable validation of individuals and businesses. It just makes sense that in addition to dot-ca domains, that CIRA should be issuing dot-ca SSL certificates with identities authoritatively verified by the Government of Canada. If elected, I'll work to ensure that the next time you visit a Canadian website securely that the site's SSL certificate clearly states who it is run by and that it tells the user it is 'Verified by Government of Canada'. Further, because CIRA works best with its reseller organizations, I'll make sure that CIRA certified registrars can sell these certificates and handle identity document collection.

The process would look as follows:

1. User buys a EV SSL Certificate product from a reseller.

2. The reseller collects the necessary identity documents and submits them to CIRA for verification. Upon submission the registrar will provide a registrar challenge code to the user.

3. CIRA, now integrated with the corporate registries and vital statistics agencies across the country, will verify the individual or organization exists.

4. CIRA will send a registered letter to the legal address for the Individual or organization, the letter will contain a CIRA challenge code.

5. The user provides final identification to their local postman, or visits a Canada Post distribution office to receive their registered letter.

6. The user then verifies both the registrar challenge code and the CIRA challenge code with the CIRA website and a certificate is issued.

Customers of these verified websites can now be assured that the person or organization on the other end has been properly verified by the government and that their website can be trusted. This proposal preserves the relationship and trust that resellers have with their users and increases the security of the dot-ca domain name by creating one clear point of authority for SSL trust. Browser makers would be free to restrict dot-ca domains to dot-ca SSL certificates and in the process reduce the number of authoritative organizations from hundreds to one. Compromise of a CA, like we saw with Comodo, should become a thing of the past and CIRA is uniquely situated to deploy the most advanced security technologies known today to protect its private key. Its a clear plan that will restore trust in the dot-ca ssl certificate system, ensure that users can trust dot-ca websites more than any other registry and define Canada as the secure place to do business online.

3) Domain Seizures and the role of Canada in Internet Governance.

We are a sovereign nation of laws and so too should the Internet be. Recently, we've seen unilateral seizure of various domain names by the US government and while some might be well-deserved examples of copyright infringement others clearly are not. What is clear however is that globally, Internet governance is severely broken when one foreign country, absent of any due process, can decide what websites Canadians can visit.

I've taken action on this issue and called on CIRA and the Government of Canada to develop a plan to correct this injustice. You can read that call to action here [pdf].

I will put Canadian interests first and I am not afraid to break from US and ICANN Internet governance if they cannot or will not route around the global damage being caused by US court-ordered domain seizures. I will advocate that CIRA run its own resolvers (similar to Google Public DNS) and that we restore illegitimately seized websites until such time as there is a legally recognised finding of guilt under our sovereign laws. I will advocate that Canada participate only in democratic internet governance and that if it is ultimately necessary, that we can chart our own course. I will not cede the dot-com or dot-net registries as owned property of the United States.


In conclusion, if you're looking for a strong board member who will stand up for your rights, deploy the latest technologies and make the Canadian internet the most secure in the world -- then elect me to the CIRA board and I'll do my very best.

Visit https://www.kevinforcira.ca today.