Latest news of the domain name industry

Recent Posts

ICANN, Verisign and NTIA “ready for 100 new gTLDs per week”

Kevin Murphy, November 8, 2012, Domain Tech

The three main entities responsible for managing the domain name system’s root zone have confirmed that they’re ready to add 100 or more new gTLDs to the internet every week.

In a statement, (pdf), ICANN, Verisign and the US National Telecommunications & Information Administration jointly said:

Based on current staffing levels and enhancements that are currently underway to the [Root Zone Management] system, the Root Zone Partners are able to process at least 100 new TLDs per week and will commit the necessary resources to meet all root zone management volume increases associated with the new gTLD program.

The letter was sent in response to a request from ICANN’s Security and Stability Advisory Committee, which asked in July whether ICANN, Verisign and the NTIA were ready for the new gTLD load.

The three-party Root Zone Management procedure used to add TLDs or update existing ones is getting more automation, which is expected to streamline the process.

Trademark Clearinghouse “breakthrough” at private Brussels meeting

Kevin Murphy, November 8, 2012, Domain Tech

ICANN’s various stakeholder groups reached a “breakthrough” agreement on the Trademark Clearinghouse for new gTLDs, according to attendees at a closed-doors meeting last week.

The meeting in Brussels evidently saw attendance from members of the Business Constituency and Intellectual Property Constituency, in addition to the registries and registrars that have been involved in the development of the TMCH implementation model to date.

It was a discussion of nitty-gritty implementation details, according to attendees, rather than reopening the policy discussion on matters such as the mandatory Trademark Claims service period.

Crucially, ICANN appears to have dropped its strong objection to a community-developed proposal that would put the TMCH in the “critical path” for domain registrations.

The community proposal requires a centralized Clearinghouse serving Trademark Claims notices live rather than in a batch fashion, meaning up-time would be paramount.

Senior ICANN executives including chief strategy officer Kurt Pritz were adamant that this model would create an unacceptable single point of failure for the new gTLD program.

But CEO Fadi Chehade, who in Toronto last month appeared to disagree with Pritz, does not appear to have shared these concerns to the same deal-breaking extent.

In a blog post reviewing the meeting’s conclusions last night, Chehade wrote that the community has settled on a “hybrid” solution:

Participants reviewed the features of possible centralized and decentralized systems, and agreed to support a “hybrid” system for Trademark Claims. In this system, a file of domain name labels derived from the trademarks recorded in the Clearinghouse (and hence subject to a Claims Notice) would be distributed to all registries and updated on a regular basis, and a live query system would be used to retrieve the detailed data from the Clearinghouse when necessary to display the Claims Notice to a prospective registrant.

This description appears to closely match the community proposal (pdf) developed by the registries.

ARI Registry Services CTO Chris Wright, one of the key architects of the community TMCH proposal, made no mention of a “hybrid” solution in his update following the Brussels meeting.

According to Wright, “ICANN has tentatively agreed to proceed with the community-developed Trademark Clearinghouse”.

The meeting also concluded that there’s no way to provide blanket privacy protection for trademark data under Trademark Claims, something that has been worrying trademark holders for a while.

At a session in Toronto last month registries observed that the whole point of Trademark Claims is to provide information about trademarks to potential registrants.

That means it can be mined in bulk, and there’s not a heck of a lot registries can do to prevent that even with technical solutions such as throttling access.

Chehade blogged:

There was discussion on implementing an appropriate framework for access and use of the data. The group considered whether measures were necessary specifically to address potential mining of the Clearinghouse database for purposes other than to support the rights protection mechanisms. Given that the Trademark Clearinghouse is designed to provide trademark data for particular purposes, there was agreement that most controls would be ineffective in attempting to control data elements once provided to other parties.

So, how much community support do the Brussels agreements have?

The meeting was not webcast and there does not appear to be a recording or transcript, so it’s difficult to know for sure who was there, what was discussed or what conclusions were reached.

Concerns were expressed by members of the Non-Commercial Stakeholders Group, as well as the Internet Commerce Association, about the fact that ICANN did not widely publicize the meeting, which was first reported in an ICA blog post last week.

The ICA’s Phil Corwin also questioned whether key members of the IPC and BC — based on the US Eastern seaboard — would be able to attend due to Hurricane Sandy’s impact on air travel.

While there seems to be a feeling that solid progress on the Clearinghouse is definitely a positive development for the new gTLD program, the fact that the consensus was apparently reached behind closed doors does not appear to be in lockstep with Chehade’s commitment to increase transparency at ICANN.

ICANN looking for new gTLD testing provider on very tight deadline

Kevin Murphy, October 31, 2012, Domain Tech

ICANN is seeking one or more pre-delegation testing providers for its new gTLD program on a very ambitious timetable.

An RFP issued yesterday calls for a company that can scratch-build a testing suite to put new gTLD applicants through the ringer before they go live, and have it up and running by March 25, 2013.

Pre-delegation testing is the last stage of the new gTLD program’s approval process.

Some new gTLD applicants have recently called on ICANN to begin testing as soon as possible — before even Initial Evaluation has finished — in order to speed up time to market.

The Applicant Guidebook suggests that ICANN itself would be doing the testing, and some applicants had made that assumption, but that’s clearly not the case.

The RFP spells out exactly what is required of the testing providers.

First, they’re expected to build bespoke software to run the tests.

In addition to load-testing and verifying the registry’s compliance with standards such as EPP, DNSSEC and Whois, it also needs a custom-made user interface for applicants and back-end integration with ICANN’s wobbly TLD Application System.

ICANN also wants to be able to open-source the software, which seems to rule out any off-the-shelf testing suites.

RFP respondents also need to be able test 20 applicants’ back-ends per week — potentially scaling up to 100 per week — as soon as ICANN starts signing registry agreements next year.

ICANN does not expect to announce the winning provider(s) until December 5. The deadline for responses is November 20.

In short, it looks like a challenging project on a very tight deadline.

I wonder how much institutional knowledge there is out there of, say, DNSSEC, in companies that are not also involved in new gTLD applications as either applicant or back-end.

The pool of possible RFP respondents is likely very small indeed.

The ability to run tests on the testing suite itself may also be limited by the timetable and the possible shortage of guinea-pig registry back-ends.

Why ICANN has waited until this very late date to issue the RFP is a real head-scratcher.

ICANN is offering a 24-month contract with a possible 12-month extension. The RFP can be downloaded here.

Registries propose PKI-based new gTLD sunrises

Kevin Murphy, September 12, 2012, Domain Tech

Neustar and ARI Registry Services have come up with an alternative to ICANN’s proposed new gTLDs sunrise period process, based on a secure Public Key Infrastructure.

The concept was outlined in a draft paper published today, following an intensive two-day tête-à-tête between domain companies and Trademark Clearinghouse providers IBM and Deloitte last month.

It’s presented as an alternative to the implementation model proposed by ICANN, which would use unique codes and was criticized for being inflexible to the needs of new gTLD registries.

The PKI-based alternative from Neustar and ARI would remove some of the cost and complexity for registries, but may create additional file-management headaches for trademark owners.

Under the ICANN model, which IBM and Deloitte are already developing, each trademark owner would receive a unique code for each of their registered trademarks and each registry would be given the list of codes.

If a trademark owner wanted a Sunrise registration, it would submit the relevant code to their chosen registrar, which would forward it to the registry for validation against the list.

One of the drawbacks of this method is that registries don’t get to see any of the underlying trademark data, making it difficult to restrict Sunrise registrations to certain geographic regions or certain classes of trademark.

If, for example, .london wanted to restrict Sunrise eligibility to UK-registered trademarks, it would have no easy way of doing so using the proposed ICANN model.

But IP interests participating in the development of the Trademark Clearinghouse have been adamant that they don’t want registries and registrars getting bulk access to their trademark data.

They’re worried about creating new classes of scams and have competitive concerns about revealing their portfolio of trademarks.

Frankly, they don’t trust registries/rars not to misuse the data.

(The irony that some of the fiercest advocates of Whois accuracy are so concerned about corporate privacy has not been lost on many participants in the TMCH implementation process.)

The newly proposed PKI model would also protect trademark owners’ privacy, albeit to a lesser extent, while giving registries visibility into the underlying trademark data.

The PKI system is rather like SSL. It used public/private key pairs to digitally sign and verify trademark data.

Companies would submit trademark data to the Clearinghouse, which would validate it. The TMCH would then sign the data with its private key and send it back to the trademark owner.

If a company wished to participate in a Sunrise, it would have to upload the signed data — most likely, a file — to its registrar. The registrar or registry could then verify the signature using the TMCH’s public key.

Because the data would be signed, but not encrypted, registrars/ries would be able to check that the trademark is valid and also get to see the trademark data itself.

This may not present a privacy concern for trademark owners because their data is only exposed to registries and registrars for the marks they plan to register as domains, rather than in bulk.

Registries would be able to make sure the trademark fits within their Sunrise eligibility policy, and would be able to include some trademark data in the Whois, if that’s part of their model.

It would require more file management work by trademark owners, but it would not require a unique code for each gTLD that they plan to defensively register in.

The Neustar/ARI proposal suggests that brand-protection registrars may be able to streamline this for their clients by enabling the bulk upload of trademark Zip files.

The overall PKI concept strikes me as more elegant than the ICANN model, particularly because it’s real-time rather than using batch downloads, and it does not require the TMCH to have 100% availability.

ICANN is understandably worried that about the potentially disastrous consequences for the new gTLD program if it creates a TMCH that sits in the critical registration path and it goes down.

The PKI proposal for Sunrise avoids this problem, as registries and registrars only need a stored copy of the TMCH’s public key in order to do real-time validation.

Using PKI for the Trademark Claims service — the second obligatory rights protection mechanism for new gTLD launches — is a much trickier problem if ICANN is to stick to its design goals, however.

ARI and Neustar plan to publish their Trademark Claims proposal later this week. For now, you can read the Sunrise proposal in PDF format here.

Why domain names need punctuation

Kevin Murphy, August 28, 2012, Domain Tech

ICANN wants to know whether it should formally ban “dotless” domain names in the gTLDs for which it oversees policy.

While the Applicant Guidebook essentially prohibits registries using their new gTLDs without dots, there’s not yet a hard ban in the template Registry Agreement.

But that could change following a new ICANN public comment period.

A dotless domain might appear in a browser address bar as http://tld or, with more modern browsers, more likely just tld. A small number of ccTLDs already have this functionality.

To make it work, TLDs need to place an A record (or AAAA record for IPv6) in the root zone. This is known as an apex A record, which the Applicant Guidebook says ICANN will not permit.

The result, IANA root zone manager Kim Davies told us in July 2011, is a “default prohibition on dotless domains”.

Davies could not rule out apex A/AAAA records entirely, however. Specific requests for such functionality might be entertained, but would likely trigger an Extended Evaluation.

ICANN’s Security and Stability Advisory Committee is of the opinion that dotless gTLDs should not be permitted on various security grounds, including the fact that lots of software out there currently assumes a domain without a dot is a trusted host on the local network.

You can read the SSAC report here.

Dotless domains would also mess up browsers such as Chrome, which have integrated address/search bars; when you type “loreal” do you intend to search for the brand or visit its TLD’s web site?

But a far more intuitive, non-technical argument against dotless domains, as CentralNic’s Joe Alagna noted in his blog over the weekend, is that they do not pass the cocktail party test.

It’s hard enough trying to communicate the address “domainincite.com” across a noisy cocktail party as it is, but at least the dot immediately informs the listener that it’s a domain name.

Without dots, are we even talking about domain names any more?

The first phase of the new comment period runs until September 23. We understand that, depending on responses, a new ban on dotless domains could be introduced to the standard new gTLD registry agreement and possibly even added to legacy registry agreements in future.

DI PRO offers full-text new gTLD comment search

Kevin Murphy, August 9, 2012, Domain Tech

With ICANN today saying that it is “very inclined” to extend the public comment period on new gTLD applications, I thought it timely to announce a new feature for DI PRO subscribers.

If you’ve used ICANN’s web site to try to read some of the 4,000+ comments received to date, you might have noticed that it’s not always particularly easy to find what you’re looking for.

So I thought I’d write something a bit more functional.

These are some features of the new DI PRO new gTLD public comment search engine that I don’t think the ICANN site currently offers:

Search the full text of the comments. This is useful for, say, figuring out which comments discuss particular themes or issues, or are part of organized astroturf campaigns.

Search and sort by commenter affiliation. Want to see every comment filed by Tiffany or Lego or Heinz? If the commenter has disclosed his or her affiliation, you can do that.

Search by partial commenter name. There’s no need to remember the full name of the commenter you’re looking for. First name, last name, or just a few letters will suffice.

Search by alternate applicant name. The DI PRO database understands which applications originate from the likes of Google and Donuts and Famous Four Media, even if the application has been filed by a subsidiary with a different name.

The database is updated at least twice daily, rather than in real-time, so users may find a small delay between the time a comment appears on the ICANN site and the time it is indexed by DI.

Subscribers can start searching here.

ICANN trademark tech summit confirmed for Brussels in just two weeks

Kevin Murphy, August 8, 2012, Domain Tech

ICANN has confirmed that it will hold a technical summit to discuss the forthcoming Trademark Clearinghouse in Brussels less than two weeks from now.

The two-day meeting will be held at the offices of Deloitte, which along with IBM has been contracted as the TMCH provider, from August 20 to 21.

As you might expect by now from the new gTLD program, the summit’s organization wasn’t particularly timely or well-communicated, leaving parts of the community fuming.

The meeting was demanded by registries and registrars at the Prague meeting in June — they want a chance for their technical guys to get into the nitty-gritty of the TMCH implmentation.

But confirmation that it’s actually going ahead only arrived in the last couple of days, leaving companies in the US and Asia-Pacific regions facing steep last-minute air fares or the less-ideal option of remote participation at ungodly hours.

I get the impression that the TMCH providers, which have been less than communicative with the registrars and registries they will soon be servicing, might be as much to blame as ICANN this time.

The TMCH is a repository for trademark data that new gTLD registries will be obliged to use in their sunrise and immediate post-launch periods.

While the policy argument has ostensibly been settled, many technical details that still need to be ironed out could have huge implications.

For example, if the registration process flow requires live queries to the TMCH, downtime could be devastating for registries if, as is expected, several gTLDs wind up launching simultaneously.

And if the TMCH protocols prove to be too complex and costly for registrars to implement, many may not bother, potentially leading to a bunch of damp squib gTLD launches.

So it’s important stuff. DI may even be in attendance, hotel prices and/or Belgian vagrancy laws permitting.

ICANN shuts down new gTLD portal after finding more security bugs

Kevin Murphy, July 19, 2012, Domain Tech

ICANN has closed down part of its new generic top-level domain portal after finding “potential vulnerabilities” that put “confidential applicant information” at risk.

The shutdown — which has been going on for at least 30 hours — affects the Customer Service and Knowledge Base parts of the site, but ICANN said it is so far not aware of any attacks against the system.

While it’s waiting for a patch, ICANN has decided to move the affected areas behind the unpopular Citrix remote terminal software used previously in the TLD Application System.

This notice was posted on the site:

ICANN performs ongoing monitoring and analysis of our systems, including the Customer Service system. As part of this work, we recently identified potential vulnerabilities in the system used for Customer Service and the Knowledge Base (containing new gTLD articles and information).

Patches are being provided to ICANN to address these issues.

In the mean time, given that use of the Customer Service system was recently expanded, and now includes confidential applicant information, the decision was taken to move the system behind Citrix. This will provide for additional security for applicant information.

We are now testing the installation. This should be completed in the next few days. This decision is a proactive measure. There have been no known compromises to the data, attacks or other actions by third parties (other than our own analysis).

Off the top of my head — and I may be under-counting — this is the fifth significant technical glitch to hit the new gTLD program since April.

There was the notorious TAS bug, which took the system offline entirely for six weeks while ICANN fixed a data leakage vulnerability and upgraded its system capacity.

There was the Reveal Day screw-up, during which Arab community members noticed that all the applied-for Arabic gTLDs were broadcast back-to-front in a presentation.

Then ICANN accidentally published the home addresses of many applicants’ officers and directors, something it had promised not to do. This was probably human error and it has since apologized.

Then the “digital archery” batching system was yanked, after it emerged that TAS performance still wasn’t up to the task and that the scoring results were unreliable.

Former new gTLD program director Michael Salazar resigned a month ago; it is widely believed that he was taking the fall for the gTLD system bugs to that point.

While the latest bug appears — so far — to have not compromised any data, some applicants have nevertheless been frustrated by the fact that the customer service portal has been offline for over a day.

Is this why digital archery is borked?

Kevin Murphy, June 24, 2012, Domain Tech

Another possible explanation has been put forward for ICANN’s suspension of digital archery, this time by one of the third-party digital archery service providers.

The ambitiously named Digital Archery Experts says it alerted ICANN to the presence of a technical problem a week ago.

Chief technology officer Dirk Bhagat described it thus:

Instead of generating the timestamp immediately, we believe the TAS timestamp generation process may be delayed by increases in system load…

Since most applicants are aiming for the 000 millisecond variance at the minute mark, this can introduce varying timestamps since applicants are shooting for the exact same second on the minute. We have also noted that our results were a lot more consistent when attempts were made to hit the target at various offsets after the minute mark, for example, aiming for 15:32:07 instead of 15:32:00.

It’s not exactly rocket science. In short, he’s saying that the TAS can’t handle too many applicants logging in and shooting at the same time; more load equals poorer performance.

This won’t be news to many applicants, some of whom saw downtime last week that seemed to be caused by a meltdown of the sluggish Citrix virtual machine software.

It also seems to be consistent with the hypothesis that the massive amount of calibration going on — much of it by digital archery service providers themselves — has caused more load than TAS can handle.

With only 20% of applications currently assigned a timestamp, and only a week left on the clock, the situation could only have been exacerbated by lots of last-minute arrows being fired.

While digital archery may be conceptually similar to grabbing a dropping domain or hitting a landrush, it seems pretty clear that TAS is not as redundantly provisioned as the typical registry SRS.

Bhagat said that ICANN could mitigate the impact of the problem by separating timestamp generation as much as possible from the parts of the infrastructure impacted most by system load.

This might all be academic, however.

ICANN suspended digital archery yesterday, a day after new gTLD program director Michael Salazar quit for reasons unknown.

Digital archery and batching are high on the agenda here at ICANN 44 in Prague, and many attendees hope that the controversial system may be gone for good before the week is out.

That includes some members of the Governmental Advisory Committee, which in an open meeting yesterday seemed to be coming to the conclusion that it would advise ICANN to ditch digital archery.

The GAC and the ICANN’s board’s new gTLD program committee are having their first public facetime this afternoon at 1630 local time, at which a better sense of how both plan to proceed might emerge.

DI launches new gTLD application tracker with built-in string similarity checker

Kevin Murphy, June 15, 2012, Domain Tech

I’m excited to announce the launch of a comprehensive new gTLD application tracking service, featuring a unique built-in string similarity checker, right here on DI.

The service will provide the foundation for all of DI’s new gTLD program analysis over the coming months and years, and is designed to bring together all the best information about each application under one roof.

DI PRO subscribers can start playing with it now here.

All 1,930 applications can currently be searched and sorted by applicant, string, back-end registry provider, and status.

New gTLD application database

Users can also cross-reference applications in contention sets and read salient extracts from each application.

The gTLD application database will shortly be linked to the existing PROfile service, meaning DI PRO subscribers will have access to a database of over 3,000 domain name industry companies.

More features and bid-by-bid analysis will be added as the program progresses, but the feature I’m most excited about today is the string similarity checker, which is already built into every application profile.

This tool checks for visual and phonetic similarity with other applications, existing gTLDs and ccTLDs, as well as strings that are specially protected by the ICANN Applicant Guidebook.

Semantic similarity functionality will be added in the next few days.

Similarity is important for two reasons:

1) the String Similarity Panel, which will create new contention sets based on similar but not identical strings in a couple of months, and

2) the String Confusion Objection, which enables applicants to force rivals into the same contention set based on visual, aural or semantic similarity.

In testing, it’s already thrown up some possible future objections and contention sets that I had not previously considered, and early beta testers — applicants themselves — tell me they think it’s fantastic.

Here’s a screenshot from one of the .sex applications, to give you a taste.

New gTLD Database

Note that, unfortunately, the string similarity feature does not currently support the relatively small number of IDN string applications.

If you’re not already a DI PRO subscriber, you can sign up instantly here using PayPal. If you have any questions about the service, please email subs@domainincite.com.