Verisign has been given approval to start restricting who can and cannot register .com and .net domain names in various countries.
Customers of Chinese registrars are the first to be affected by the change to the registry’s back-end system, which was made last year.
ICANN last week gave Verisign a “free to deploy” notice for a new “Verification Code Extension” system that enables the company to stop domains registered via selected registrars from resolving unless the registrant’s identity has been verified and the name is not on China’s banned list.
It appears to be the system Verisign deployed in order to receive its Chinese government license to operate in China.
Under Verification Code Extension, Verisign uses ICANN records to identify which registrars are based in countries that have governmental restrictions. I believe China is currently the only affected country.
Those registrars are able to register domains normally, but Verisign will prevent the names from resolving (placing them in serverHold status and keeping them out of the zone file) unless the registration is accompanied by a verification code.
These codes are distributed to the affected registrars by at least two verification service providers. Verisign, in response to DI questions, declined to name them.
Under its “free to deploy” agreement with ICANN (pdf), Verisign is unable to offer verification services itself. It must use third parties.
The company added the functionality to its .com and .net registry as an option in February 2016, according to ICANN records. It seems to have been implemented last July.
A Verisign spokesperson said the company “has implemented” the system.
The Verification Code Extension — technically, it’s an extension to the EPP protocol pretty much all registries use — was outlined in a Registry Services Evaluation Process request (pdf) last May, and approved by ICANN not long after.
Verisign was approved to operate in China last August in the first wave of gTLD registries to obtain government licenses.
Under Chinese regulations, domain names registered in TLDs not approved by the government may not resolve. Registrars are obliged to verify the identities of their registrants and names containing certain sensitive terms are not permitted.
Other gTLDs, including .vip, .club, .xyz .site and .shop have been granted approval over the last few months.
Some have chosen to work with registration gateway providers in China to comply with the local rules.
Apart from XYZ.com and Verisign, no registry has sought ICANN approval for their particular implementation of Chinese law.
Because Chinese influence over ICANN is a politically sensitive issue right now, it should be pointed out that the Verification Code Extension is not something that ICANN came up with in response to Chinese demands.
Rather, it’s something Verisign came up with in response to Chinese market realities. ICANN has merely rubber-stamped a service requested by Verisign.
This, in other words, is a case of China flexing market muscle, not political muscle. Verisign, like many other gTLD registries, is over-exposed to the Chinese market.
It should also be pointed out for avoidance of doubt that the Chinese restrictions do not apply to customers of non-Chinese registrars.
However, it appears that Verisign now has a mechanism baked into its .com and .net registries that would make it much easier to implement .com restrictions that other governments might choose to put into their own legislation in future.