Latest news of the domain name industry

Recent Posts

Angry gTLD applicants lay into ANA and Verisign “bullshit”

Kevin Murphy, October 2, 2013, 17:00:25 (UTC), Domain Services

They’re as mad as hell and they’re not going to take it any more.

New gTLD applicants yesterday laid into the Association of National Advertisers and Verisign with gusto, accusing them of seeking to delay the program for commercial reasons using security as a smokescreen.

The second TLD Security Forum in Washington DC was marked by a heated public argument between applicants and their back-end providers and the ANA’s representatives at the event.

The question was, of course, name collisions: will new gTLDs cause unacceptable security risks — maybe even threatening life — when they are delegated?

ANA vice president Dan Jaffe and outside counsel Amy Mushahwar had walked into the lion’s den, to their credit, to put forth the view that enterprises may face catastrophic IT failures if new gTLDs show up in the in DNS root.

What they got instead was a predictably hostile audience and a barrage of criticism from event organizer Alex Stamos, CTO of .secure applicant Artemis Internet, and Neustar VP Jeff Neuman.

Stamos was evidently already having a Bad Day before the ANA showed up for the afternoon sessions.

During his morning presentation, he laid the blame for certain types of name collision risks squarely with the “dumb” enterprises that are configuring their internal name servers in insecure ways. He said:

Any company that is using any of these domains, they’re all screwing up. Anyone who’s admitting these collisions is making a mistake. It’s a bad mistake, it’s a common mistake, but that doesn’t make it right. They’re opening themselves up to possible horrible security flaws that have nothing to do with the new gTLD program.

There is a mechanism by which you can split DNS resolution in a secure manner on Windows. But unless you do that, you’re in trouble, you’re creating a security hole for yourself. So stop complaining and delaying the whole new gTLD program, because you’re dumb, honestly. These are people who are going to have a problem whether new gTLDs exist or not. Let’s be realistic about this: it’s not about security, it’s about other commercial interests.

That’s of course a reference to Verisign, which is suspected of pressing the name collisions issue in order to prevent or delay competition to .com, and the ANA, which tried to get the program delayed on trademark grounds before it discovered collisions earlier this year.

Executives from Verisign, which put the ANA onto the name collision scent in the first place, apparently lacked the cojones to show up and defend the company’s position in person.

Stamos was preaching mainly to the choir at this point. The fireworks didn’t start until Jaffe and Mushahwar arrived for their panel a few hours later.

The ANA’s point of view, which they both made pretty clearly, is that there seems to be a risk that things could go badly wrong for enterprises if they’re running internal names that clash with applied-for gTLDs.

They’ve got beef with ICANN for running a “not long enough” comment period on the topic primarily during the vacation month of August, which didn’t give big companies enough time to figure out whether they’re at risk and obtain the necessary sign-off on disclosing this fact.

In short, the ANA wants more time — many more months — for its members and others to look at the issue before new gTLDs are delegated.

Mushahwar dismissed the argument that the event-free launches of .asia, .xxx and others showed that gTLD delegations don’t cause any problems, saying:

Let me admit right now: DNS collision is not new, it’s been around since the beginning of the internet… what is new is the velocity of change expected within the next year to 18 months.

I really dismiss the arguments that people are making on the public record saying we’ve dealt with this issue before, we’ve dealt with these issues, view the past TLDs as your test runs. We have never had this velocity of change happening.

The ANA seems to believe that the risk and the consequences are substantial, talking about people dying because their voice over IP fails or electricity supply gets cut off.

But other speakers weren’t buying it.

Stamos was first to the mic to challenge Mushahwar and Jaffe, saying their concerns are “mostly about IP and other commercial interests”, rather than sound technical analysis.

He pointed to letters sent to ICANN’s comment periods in support of the ANA’s position that were largely signed by IP lawyers. Security guys at these companies were not even aware of the letters, he said.

The internet is this crazy messy place where all kinds of weird things happen… if this is the mode that the internet goes forward — you have to prove everything you do has absolutely no risk of impacting anyone connected to the internet — then that’s it, we might as well call it done. We might as well freeze the internet as it is right now.

If you want to stall the program because you have a problem with IP rights or whatever I think that’s fine, but don’t try to grab hold of this thing and blow it up under a microscope and say “needs more study, needs more study”. For anything we do on the internet we can make that argument.

Any call for “we need to study every single possible impact for all several billion devices connected to the internet” is honestly kinda bullshit… it really smacks to me of lawyers coming in and telling engineers how to do their job.

Mushahwar pointed out in response that she’s a “security attorney, not an IP attorney” and that her primary concern is business continuity for large business, not trademark protection.

A few minutes later Neustar’s Neuman was equally passionate at the mic, clashing with Mushahwar more than once.

It all got a bit Fox News, with frequent crosstalk and “if you’d let me continue” and “I’ll let you finish” raising tempers. Neuman at one point accused Mushahwar of “condescending to the entire audience”.

His position, like Stamos before him, was that new gTLD applicants have looked at the same data as Interisle Consulting in its original report, and found that with the exception of .home, .corp and .mail, the risks posed by new gTLDs are minor and can be easily mitigated.

He asked the ANA to present some concrete examples of things that could go wrong.

“You guys have come to the table with a bunch of rhetoric, not supported by facts,” Neuman said.

He pointed to Neustar’s own research into the name collisions, which used the same data (more or less) as Interisle and Verisign and concluded that the risk of damaging effects is low.

The two sides of the debate were never going to come to any agreements yesterday, and they didn’t. But in many respects the ANA and applicants are on the same page.

Stamos, Neuman and others demanded examples of real-world problems that will be encountered when specific gTLDs are delegated and the ANA said basically: “Sure, but we need more time to do that”.

But more time means more delay, of course, which isn’t what the domain name industry wants to hear.

Comments (14)

  1. Andrew says:

    Indeed, it reminded me much of a Fox News show. Which is actually kind of good. There’s too much beating around the bush in most of these conversations. Great to see people show their passion, regardless of which side they’re on.

    Good coverage here Kevin.

  2. Rubens Kuhl says:

    I saw Verisign’s Chuck Gomes in the video, so Verisign was there…

  3. Colin says:

    I attended the event and learned quite from the all of the speakers. I was especially impressed with the deep analysis provided by Google, Neustar, Artemis and others in the morning.

    I was quite frankly shocked to see ANA come in and lecture the community with little to no facts after missing the morning session. I have to say the audience listened without one interruption for their long presentation.

    I am certain their tone would have been different if they had attended the morning session as they would have seen the irrefutable evidence that domain collisions are for the vast majority of names are a non-issue.

    Colin.club

    • Rubens Kuhl says:

      ANA should have participated in enough debate clubs or lawsuits to know that when you are arguing a technical subject, you hire subject matter experts. Verisign has internal technical capacity to argue on its behalf, but if ANA doesn’t, they could hire it.

      • John Berryhill says:

        Why ANA is presumed to have any relevant expertise in the subject is indeed a mystery.

        They strenuously opposed the program on other grounds for a long time, and their newfound concern here just cannot be taken at face value. It is simply their new toy, and they have no serious interest in the underlying facts.

  4. Alex says:

    “Any call for “we need to study every single possible impact for all several billion devices connected to the internet” is honestly kinda bullshit…”

    Totally agree!!!

    I understand the technical problem, but why dont they simply block .home, .corp, .mail and .local and move on???

  5. Alexa Raad says:

    The conference’s AM session was very informative, with the panel discussing the domain collision issue, the analysis NTAG did, their own conclusions etc.

    Dan Jaffe and Amy Mushawar did themselves a disservice by not attending the AM session. Had they done that, I am sure they would have seen fit to revise pitch and their presentation. The key to any successful presentation is knowing your audience. Even though they thought that the audience would be new gTLD applicants and back-end providers (and yes many were) they underestimated the sophistication and level of understanding of the audience, which unfortunately for them, made their presentation come across as condescending.

    Alex and the Artemis team did a great job organizing the conference and getting a great mix of people both in the audience and as presenters (offering different points of view).

    I am glad that Dan Jaffe of ANA and Amy Mushawar attended. Despite the divergent views, it was still good to see both sides air them in person as opposed to via PR campaigns.

  6. Kiran Malancharuvil says:

    In my personal capacity, I think the rudest thing that Alex said was: “I don’t mean to be rude to a pregnant lady.” Can someone please tell me what her being pregnant has to do with ANYTHING??

Add Your Comment