Latest news of the domain name industry

Recent Posts

Did Michael Dell just back ICANN’s DNS-CERT?

Kevin Murphy, May 5, 2010, Domain Policy

Michael Dell may have just backed ICANN’s call for a global DNS Computer Emergency Response Center, in a speech at a security conference.

Techworld is reporting that Dell and/or his CIO, Jim Stikeleather, referred to ICANN’s role in security during an address at the EastWest Institute Worldwide Cybersecurity Summit.

It’s not entirely clear whether the following quote is attributable to Stikeleather or Dell himself; my guess is Stikeleather:

ICANN manages the assignment of domain names and IP addresses, headquartered in California, is heavily US centric. There is a need to have more global participation on domain management as well as the future planning and next generation infrastructure needed to address the changes that will affect the Internet usage in years to come.

On the surface, it looks like a criticism of ICANN, but it could quite easily be interpreted as backing ICANN chief Rod Beckstrom’s recent call for the establishment of a global DNS-CERT to coordinate threats to the domain name system.

The quote immediately preceding it in the Techworld article is starkly reminiscent of Hot Rod’s controversial comments at the Governmental Advisory Committee at the Nairobi meeting in March.

“There is a preponderance of evidence that indicates cybercriminals could inflict major outages to portions of our critical infrastructure with minimal effort,” Jim Stikeleather reportedly said.

He was speaking at a session entitled “How do we build international cybersecurity consensus?”, which is a question Beckstrom has been asking in relation to the DNS-CERT idea.

A public comment forum on the DNS-CERT business case ICANN had presented ended a couple of weeks ago.

If I were to go out on a limb, I would say that a rough consensus emerged that such an entity was probably a good idea, and that ICANN could play a role, but that other bodies, such as DNS-OARC, might do a better job of coordinating it.

UDRP of the day: how-to-roll-a-blunt-with-a-swisher-sweet.info

Kevin Murphy, April 28, 2010, Domain Policy

This is mildly amusing. Somebody, presumably the cigar company, has filed a UDRP claim against the owner of how-to-roll-a-blunt-with-a-swisher-sweet.info.

The domain name was registered last month and, sadly, does not appear to have any content yet. It’s registered to “Gregory Bong”.

In the US, a “Swisher Sweet” is your basic bog-standard convenience store panatela cigar.

A “blunt” is what the registrant was probably smoking.

The .com version of the domain is, unsurprisingly, available, so I can only assume price was a big factor in Bong’s choice of TLD.

ICANN picks Colombia for December meeting

Kevin Murphy, April 22, 2010, Domain Policy

ICANN chief Rod Beckstrom has just confirmed via Twitter that Cartagena, Colombia has been picked for the organization’s December meeting.

Judging from US State Department reports, the country is nowadays not nearly as scary as it was when Joan Wilder made a flying visit to rescue her sister in 1984.

Still, I’m guessing we’ll still see a little bit of that nervousness and paranoia that usually rears its head when ICANN heads for cities with a reputation for violent crime.

Terrorism concerns in Kenya caused many US stakeholders to stay at home and brave unreasonably early mornings participating remotely.

Even the choice of Mexico City caused a bit of a stir last year.

Personally, I’d love to see ICANN hold a meeting in Oakland or Baltimore, just to see what the security advisory looks like.

IP address privacy policy killed

Kevin Murphy, April 19, 2010, Domain Policy

A proposal that would have brought the equivalent of domain name proxy registrations to IP addresses in North America has been dropped after its author had a chat with the FBI.

The policy would have allowed ISPs that take their IP addresses from ARIN, the American Regional Internet Registry, to substitute their own contact information in place of their customers’ details.

Proposing the policy, Aaron Wendel of WholesaleInternet.com initially said that the requirement to publish customer lists into a Referral Whois (RWHOIS) database “runs contrary to good business practices” and allows ISPs to poach each other’s customers.

Wendel publicly withdrew his proposal an hour ago at the ARIN meeting in Toronto, shocking some attendees.

He said he was doing so after a late-night session hearing the concerns of an FBI agent who is at the meeting, as well as conversations with members of ARIN staff.

The proposed policy had also been criticized by companies including Paypal, and many security experts.

RWHOIS allows any internet user to identify the user of an IP address in much the same way as Whois allows domain name registrants to be identified.

It is regularly used by law enforcement to track down spammers and other online crooks.

Unlike Whois, RWHOIS has a carve-out protecting residential users.

RapidShare chases cybersquatters

Kevin Murphy, April 19, 2010, Domain Policy

RapidShare, the popular German file-hosting site, has filed six cybersquatting claims against people with the word “rapidshare” in their domains.

The UDRP complaints are either a sign that RapidShare is cracking down on pirated content, or an example of balls-out intellectual property chutzpah.

My guess is it’s the latter, for two reasons.

First, a search reveals dozens of popular sites with “rapidshare” in the domain, all serving RapidShare links to copyrighted content, none of which have had UDRP claims filed against them.

Second, each of the six domains RapidShare has filed claims for seem to provide links only to files hosted by competing services such as Hotfile.com or Uploading.com.

RapidShare.com is currently the 35th most-popular site on the internet, more popular than Craigslist, according to Alexa.

A German court ruled two years ago that it had to start deleting pirate content, and it has been playing whack-a-mole with the bootleggers ever since.

Now, it wants the World Intellectual Property Organization to help it protect its trademark. There’s irony for you.

$10 billion disk-maker wins domain name

Kevin Murphy, April 16, 2010, Domain Policy

Seagate Technology, the world’s biggest hard disk drive maker, has won seagatetechnology.com – the exact match of its company name – at UDRP.

The squatter, identified as Standard Bearer Enterprises, registered the name in 2004. That’s six years of squeezing click revenue from an exact-match name of a multi-billion dollar firm.

Standard Bearer has a track record of losing famous names at UDRP, and was named in a cybersquatting lawsuit filed by Andre Agassi and Steffi Graff last year.

Seagate is a huge company, reporting revenue approaching $10 billion last year. It has been using the Seagate Technology trademark since 1983.

It’s not exactly naive about domain names, either.

Its primary domain, seagate.com, was first registered in 1992 – the Neolithic by internet standards. It beggars belief that its taken 18 years to secure its long-form company name.

ICANN publishes Whois reform wish-list

Kevin Murphy, April 14, 2010, Domain Policy

ICANN’s latest stab at reforming Whois could lead to lots of useful new features, from more comprehensive search to more uniform privacy services.

The organization has released a staff report, “Inventory of WHOIS Service Requirements”, outlining 12 technical areas where Whois could be improved.

If the ideas were implemented, Whois records could one day contain your Twitter address or instant messaging screen name, as well as the current set of data.

The proposals could also lead to registrant search features in Whois as standard, allowing users to pull up a list of all the domains registered by any given individual.

That kind of service is only currently available at a premium price from the likes of DomainTools. The ICANN proposals could bake it into the spec.

The new paper, apparently released yesterday, was designed to outline technical requirements that might be needed to support future policies on Whois.

So while it’s not policy, it’s a good indicator of where ICANN thinks policy may head.

It concludes with a list of 12 “possible requirements” for the GNSO and other stakeholders to consider over the next couple of months before the Brussels meeting.

Here are the highlights: (continue reading)

WIPO’s UDRP market share lead narrows

Kevin Murphy, April 13, 2010, Domain Policy

The number of UDRP cases filed with the National Arbitration Forum dipped slightly last year, according to NAF numbers released today.

The organization said it received 1,759 filings last year, compared to 1,770 in 2008. Only 1,333 of the cases were actually heard; the others were dropped or settled.

While that’s a decline for NAF, it’s not quite as steep as the almost 10% drop experienced by rival arbitrator WIPO over the same period.

That said, WIPO is still the primary choice of companies trying to enforce their trademarks in the domain name system, saying last month that it received 2,107 complaints in 2009.

It was also the year of big multi-domain cases for both outfits.

WIPO handed 1,542 domains to Inter-Continental Hotels in a single case, while NAF transferred a relatively modest 1,017 domains to ConsumerInfo.com.

Politics at play in DNS CERT debate

Kevin Murphy, April 12, 2010, Domain Policy

ICANN chief Rod Beckstrom may have shot himself in the foot when he claimed at the Nairobi meeting that the domain name system is “under attack” and “could stop at any given point in time”.

Beckstrom wants ICANN to create a new CERT, Computer Emergency Response Team, to coordinate DNS security, but he’s now seeing objections from country-code domain managers, apparently connected to his remarks last month.

Chris Disspain of auDA, Australia’s .au registry, has just filed comments on behalf of the ccNSO council, which he chairs, saying it’s not clear whether there’s any need for a DNS CERT, and that ICANN is moving too fast to create one.

It’s pretty clear from the ccNSO statement that Hot Rod’s fairly blunt remarks at the GAC meeting in Nairobi, which I transcribed in full here, have influenced the ccNSO’s thinking on the matter:

the comments of ICANN’s CEO and President, Rod Beckstrom, to governmental representatives in Nairobi, have the potential to undermine the productive relationships established under ICANN’s multi-stakeholder model, cause damage to the effective relationships that many ccTLD operators have developed with their national administrations and discounted the huge efforts of many in the ICANN and broader security community to ensure the ongoing security and stability of the Internet

Disspain had already strongly written to Beckstrom, during the ICANN meeting, calling his comments “inflammatory” and reiterating some of the points made in the latest ccNSO filing.

Beckstrom’s response to Disspain’s first letter is here. I would characterize it as a defense of his position.

It seems pretty crazy that something as important as the DNS has no official security coordination body but, as Disspain points out, there are already some organizations attempting to tackle the role.

DNS-OARC, for example, was set up to fulfill the functions of a DNS CERT. However, as founder Paul Vixie confessed, it has so far failed to do so. Vixie thinks energies would be better spent fixing DNS-OARC, rather than creating a new body.

ICANN’s comments period on its DNS CERT business case is open for another couple of days. It’s so far attracted only a handful of comments, mostly skeptical, mostly filed by ccTLD operators and mostly suggesting that other organizations could handle the task better.

If Beckstrom’s aim in Nairobi was to reignite the debate and Get Stuff Done by scaring stakeholders into action, he may find he’s been successful.

However, if his aim was to place ICANN at the center of the new security initiative, he may ultimately live to regret his remarks.

Either way, I expect DNS security will eventually improve as a result.

Richard Dawkins files UDRP claim for richarddawkins.com?

Kevin Murphy, April 8, 2010, Domain Policy

Biologist Richard Dawkins, perhaps the planet’s most famous and controversial atheist, has apparently filed a UDRP claim for richarddawkins.com.

The domain, which is down, is registered to a New Jersey address. For the last 10 years, up until at least a week ago, it has sold Dawkins’ books via Amazon’s affiliate program.

The UDRP case was filed with the National Arbitration Forum yesterday. The parties to the case are not yet listed.

Dawkins’ official web site is hosted at richarddawkins.net.

Interestingly, richarddawkins.org is owned by the loopy creationist group Access Research Network. ARN’s page incorrectly points visitors to richarddawkins.com if they want the “official” site.

Dawkins may have a struggle on his hands. Celebrity cybersquatting cases are rarely straightforward, and he may have trouble proving both trademark rights and bad faith.

Better knock on wood, Richard.