Latest news of the domain name industry

Recent Posts

ICANN looking for new gTLD testing provider on very tight deadline

Kevin Murphy, October 31, 2012, Domain Tech

ICANN is seeking one or more pre-delegation testing providers for its new gTLD program on a very ambitious timetable.

An RFP issued yesterday calls for a company that can scratch-build a testing suite to put new gTLD applicants through the ringer before they go live, and have it up and running by March 25, 2013.

Pre-delegation testing is the last stage of the new gTLD program’s approval process.

Some new gTLD applicants have recently called on ICANN to begin testing as soon as possible — before even Initial Evaluation has finished — in order to speed up time to market.

The Applicant Guidebook suggests that ICANN itself would be doing the testing, and some applicants had made that assumption, but that’s clearly not the case.

The RFP spells out exactly what is required of the testing providers.

First, they’re expected to build bespoke software to run the tests.

In addition to load-testing and verifying the registry’s compliance with standards such as EPP, DNSSEC and Whois, it also needs a custom-made user interface for applicants and back-end integration with ICANN’s wobbly TLD Application System.

ICANN also wants to be able to open-source the software, which seems to rule out any off-the-shelf testing suites.

RFP respondents also need to be able test 20 applicants’ back-ends per week — potentially scaling up to 100 per week — as soon as ICANN starts signing registry agreements next year.

ICANN does not expect to announce the winning provider(s) until December 5. The deadline for responses is November 20.

In short, it looks like a challenging project on a very tight deadline.

I wonder how much institutional knowledge there is out there of, say, DNSSEC, in companies that are not also involved in new gTLD applications as either applicant or back-end.

The pool of possible RFP respondents is likely very small indeed.

The ability to run tests on the testing suite itself may also be limited by the timetable and the possible shortage of guinea-pig registry back-ends.

Why ICANN has waited until this very late date to issue the RFP is a real head-scratcher.

ICANN is offering a 24-month contract with a possible 12-month extension. The RFP can be downloaded here.

Registries propose PKI-based new gTLD sunrises

Kevin Murphy, September 12, 2012, Domain Tech

Neustar and ARI Registry Services have come up with an alternative to ICANN’s proposed new gTLDs sunrise period process, based on a secure Public Key Infrastructure.

The concept was outlined in a draft paper published today, following an intensive two-day tête-à-tête between domain companies and Trademark Clearinghouse providers IBM and Deloitte last month.

It’s presented as an alternative to the implementation model proposed by ICANN, which would use unique codes and was criticized for being inflexible to the needs of new gTLD registries.

The PKI-based alternative from Neustar and ARI would remove some of the cost and complexity for registries, but may create additional file-management headaches for trademark owners.

Under the ICANN model, which IBM and Deloitte are already developing, each trademark owner would receive a unique code for each of their registered trademarks and each registry would be given the list of codes.

If a trademark owner wanted a Sunrise registration, it would submit the relevant code to their chosen registrar, which would forward it to the registry for validation against the list.

One of the drawbacks of this method is that registries don’t get to see any of the underlying trademark data, making it difficult to restrict Sunrise registrations to certain geographic regions or certain classes of trademark.

If, for example, .london wanted to restrict Sunrise eligibility to UK-registered trademarks, it would have no easy way of doing so using the proposed ICANN model.

But IP interests participating in the development of the Trademark Clearinghouse have been adamant that they don’t want registries and registrars getting bulk access to their trademark data.

They’re worried about creating new classes of scams and have competitive concerns about revealing their portfolio of trademarks.

Frankly, they don’t trust registries/rars not to misuse the data.

(The irony that some of the fiercest advocates of Whois accuracy are so concerned about corporate privacy has not been lost on many participants in the TMCH implementation process.)

The newly proposed PKI model would also protect trademark owners’ privacy, albeit to a lesser extent, while giving registries visibility into the underlying trademark data.

The PKI system is rather like SSL. It used public/private key pairs to digitally sign and verify trademark data.

Companies would submit trademark data to the Clearinghouse, which would validate it. The TMCH would then sign the data with its private key and send it back to the trademark owner.

If a company wished to participate in a Sunrise, it would have to upload the signed data — most likely, a file — to its registrar. The registrar or registry could then verify the signature using the TMCH’s public key.

Because the data would be signed, but not encrypted, registrars/ries would be able to check that the trademark is valid and also get to see the trademark data itself.

This may not present a privacy concern for trademark owners because their data is only exposed to registries and registrars for the marks they plan to register as domains, rather than in bulk.

Registries would be able to make sure the trademark fits within their Sunrise eligibility policy, and would be able to include some trademark data in the Whois, if that’s part of their model.

It would require more file management work by trademark owners, but it would not require a unique code for each gTLD that they plan to defensively register in.

The Neustar/ARI proposal suggests that brand-protection registrars may be able to streamline this for their clients by enabling the bulk upload of trademark Zip files.

The overall PKI concept strikes me as more elegant than the ICANN model, particularly because it’s real-time rather than using batch downloads, and it does not require the TMCH to have 100% availability.

ICANN is understandably worried that about the potentially disastrous consequences for the new gTLD program if it creates a TMCH that sits in the critical registration path and it goes down.

The PKI proposal for Sunrise avoids this problem, as registries and registrars only need a stored copy of the TMCH’s public key in order to do real-time validation.

Using PKI for the Trademark Claims service — the second obligatory rights protection mechanism for new gTLD launches — is a much trickier problem if ICANN is to stick to its design goals, however.

ARI and Neustar plan to publish their Trademark Claims proposal later this week. For now, you can read the Sunrise proposal in PDF format here.

Why domain names need punctuation

Kevin Murphy, August 28, 2012, Domain Tech

ICANN wants to know whether it should formally ban “dotless” domain names in the gTLDs for which it oversees policy.

While the Applicant Guidebook essentially prohibits registries using their new gTLDs without dots, there’s not yet a hard ban in the template Registry Agreement.

But that could change following a new ICANN public comment period.

A dotless domain might appear in a browser address bar as http://tld or, with more modern browsers, more likely just tld. A small number of ccTLDs already have this functionality.

To make it work, TLDs need to place an A record (or AAAA record for IPv6) in the root zone. This is known as an apex A record, which the Applicant Guidebook says ICANN will not permit.

The result, IANA root zone manager Kim Davies told us in July 2011, is a “default prohibition on dotless domains”.

Davies could not rule out apex A/AAAA records entirely, however. Specific requests for such functionality might be entertained, but would likely trigger an Extended Evaluation.

ICANN’s Security and Stability Advisory Committee is of the opinion that dotless gTLDs should not be permitted on various security grounds, including the fact that lots of software out there currently assumes a domain without a dot is a trusted host on the local network.

You can read the SSAC report here.

Dotless domains would also mess up browsers such as Chrome, which have integrated address/search bars; when you type “loreal” do you intend to search for the brand or visit its TLD’s web site?

But a far more intuitive, non-technical argument against dotless domains, as CentralNic’s Joe Alagna noted in his blog over the weekend, is that they do not pass the cocktail party test.

It’s hard enough trying to communicate the address “domainincite.com” across a noisy cocktail party as it is, but at least the dot immediately informs the listener that it’s a domain name.

Without dots, are we even talking about domain names any more?

The first phase of the new comment period runs until September 23. We understand that, depending on responses, a new ban on dotless domains could be introduced to the standard new gTLD registry agreement and possibly even added to legacy registry agreements in future.

DI PRO offers full-text new gTLD comment search

Kevin Murphy, August 9, 2012, Domain Tech

With ICANN today saying that it is “very inclined” to extend the public comment period on new gTLD applications, I thought it timely to announce a new feature for DI PRO subscribers.

If you’ve used ICANN’s web site to try to read some of the 4,000+ comments received to date, you might have noticed that it’s not always particularly easy to find what you’re looking for.

So I thought I’d write something a bit more functional.

These are some features of the new DI PRO new gTLD public comment search engine that I don’t think the ICANN site currently offers:

Search the full text of the comments. This is useful for, say, figuring out which comments discuss particular themes or issues, or are part of organized astroturf campaigns.

Search and sort by commenter affiliation. Want to see every comment filed by Tiffany or Lego or Heinz? If the commenter has disclosed his or her affiliation, you can do that.

Search by partial commenter name. There’s no need to remember the full name of the commenter you’re looking for. First name, last name, or just a few letters will suffice.

Search by alternate applicant name. The DI PRO database understands which applications originate from the likes of Google and Donuts and Famous Four Media, even if the application has been filed by a subsidiary with a different name.

The database is updated at least twice daily, rather than in real-time, so users may find a small delay between the time a comment appears on the ICANN site and the time it is indexed by DI.

Subscribers can start searching here.

ICANN trademark tech summit confirmed for Brussels in just two weeks

Kevin Murphy, August 8, 2012, Domain Tech

ICANN has confirmed that it will hold a technical summit to discuss the forthcoming Trademark Clearinghouse in Brussels less than two weeks from now.

The two-day meeting will be held at the offices of Deloitte, which along with IBM has been contracted as the TMCH provider, from August 20 to 21.

As you might expect by now from the new gTLD program, the summit’s organization wasn’t particularly timely or well-communicated, leaving parts of the community fuming.

The meeting was demanded by registries and registrars at the Prague meeting in June — they want a chance for their technical guys to get into the nitty-gritty of the TMCH implmentation.

But confirmation that it’s actually going ahead only arrived in the last couple of days, leaving companies in the US and Asia-Pacific regions facing steep last-minute air fares or the less-ideal option of remote participation at ungodly hours.

I get the impression that the TMCH providers, which have been less than communicative with the registrars and registries they will soon be servicing, might be as much to blame as ICANN this time.

The TMCH is a repository for trademark data that new gTLD registries will be obliged to use in their sunrise and immediate post-launch periods.

While the policy argument has ostensibly been settled, many technical details that still need to be ironed out could have huge implications.

For example, if the registration process flow requires live queries to the TMCH, downtime could be devastating for registries if, as is expected, several gTLDs wind up launching simultaneously.

And if the TMCH protocols prove to be too complex and costly for registrars to implement, many may not bother, potentially leading to a bunch of damp squib gTLD launches.

So it’s important stuff. DI may even be in attendance, hotel prices and/or Belgian vagrancy laws permitting.