Latest news of the domain name industry

Recent Posts

ICANN, Verisign and NTIA “ready for 100 new gTLDs per week”

Kevin Murphy, November 8, 2012, Domain Tech

The three main entities responsible for managing the domain name system’s root zone have confirmed that they’re ready to add 100 or more new gTLDs to the internet every week.

In a statement, (pdf), ICANN, Verisign and the US National Telecommunications & Information Administration jointly said:

Based on current staffing levels and enhancements that are currently underway to the [Root Zone Management] system, the Root Zone Partners are able to process at least 100 new TLDs per week and will commit the necessary resources to meet all root zone management volume increases associated with the new gTLD program.

The letter was sent in response to a request from ICANN’s Security and Stability Advisory Committee, which asked in July whether ICANN, Verisign and the NTIA were ready for the new gTLD load.

The three-party Root Zone Management procedure used to add TLDs or update existing ones is getting more automation, which is expected to streamline the process.

Trademark Clearinghouse “breakthrough” at private Brussels meeting

Kevin Murphy, November 8, 2012, Domain Tech

ICANN’s various stakeholder groups reached a “breakthrough” agreement on the Trademark Clearinghouse for new gTLDs, according to attendees at a closed-doors meeting last week.

The meeting in Brussels evidently saw attendance from members of the Business Constituency and Intellectual Property Constituency, in addition to the registries and registrars that have been involved in the development of the TMCH implementation model to date.

It was a discussion of nitty-gritty implementation details, according to attendees, rather than reopening the policy discussion on matters such as the mandatory Trademark Claims service period.

Crucially, ICANN appears to have dropped its strong objection to a community-developed proposal that would put the TMCH in the “critical path” for domain registrations.

The community proposal requires a centralized Clearinghouse serving Trademark Claims notices live rather than in a batch fashion, meaning up-time would be paramount.

Senior ICANN executives including chief strategy officer Kurt Pritz were adamant that this model would create an unacceptable single point of failure for the new gTLD program.

But CEO Fadi Chehade, who in Toronto last month appeared to disagree with Pritz, does not appear to have shared these concerns to the same deal-breaking extent.

In a blog post reviewing the meeting’s conclusions last night, Chehade wrote that the community has settled on a “hybrid” solution:

Participants reviewed the features of possible centralized and decentralized systems, and agreed to support a “hybrid” system for Trademark Claims. In this system, a file of domain name labels derived from the trademarks recorded in the Clearinghouse (and hence subject to a Claims Notice) would be distributed to all registries and updated on a regular basis, and a live query system would be used to retrieve the detailed data from the Clearinghouse when necessary to display the Claims Notice to a prospective registrant.

This description appears to closely match the community proposal (pdf) developed by the registries.

ARI Registry Services CTO Chris Wright, one of the key architects of the community TMCH proposal, made no mention of a “hybrid” solution in his update following the Brussels meeting.

According to Wright, “ICANN has tentatively agreed to proceed with the community-developed Trademark Clearinghouse”.

The meeting also concluded that there’s no way to provide blanket privacy protection for trademark data under Trademark Claims, something that has been worrying trademark holders for a while.

At a session in Toronto last month registries observed that the whole point of Trademark Claims is to provide information about trademarks to potential registrants.

That means it can be mined in bulk, and there’s not a heck of a lot registries can do to prevent that even with technical solutions such as throttling access.

Chehade blogged:

There was discussion on implementing an appropriate framework for access and use of the data. The group considered whether measures were necessary specifically to address potential mining of the Clearinghouse database for purposes other than to support the rights protection mechanisms. Given that the Trademark Clearinghouse is designed to provide trademark data for particular purposes, there was agreement that most controls would be ineffective in attempting to control data elements once provided to other parties.

So, how much community support do the Brussels agreements have?

The meeting was not webcast and there does not appear to be a recording or transcript, so it’s difficult to know for sure who was there, what was discussed or what conclusions were reached.

Concerns were expressed by members of the Non-Commercial Stakeholders Group, as well as the Internet Commerce Association, about the fact that ICANN did not widely publicize the meeting, which was first reported in an ICA blog post last week.

The ICA’s Phil Corwin also questioned whether key members of the IPC and BC — based on the US Eastern seaboard — would be able to attend due to Hurricane Sandy’s impact on air travel.

While there seems to be a feeling that solid progress on the Clearinghouse is definitely a positive development for the new gTLD program, the fact that the consensus was apparently reached behind closed doors does not appear to be in lockstep with Chehade’s commitment to increase transparency at ICANN.

ICANN looking for new gTLD testing provider on very tight deadline

Kevin Murphy, October 31, 2012, Domain Tech

ICANN is seeking one or more pre-delegation testing providers for its new gTLD program on a very ambitious timetable.

An RFP issued yesterday calls for a company that can scratch-build a testing suite to put new gTLD applicants through the ringer before they go live, and have it up and running by March 25, 2013.

Pre-delegation testing is the last stage of the new gTLD program’s approval process.

Some new gTLD applicants have recently called on ICANN to begin testing as soon as possible — before even Initial Evaluation has finished — in order to speed up time to market.

The Applicant Guidebook suggests that ICANN itself would be doing the testing, and some applicants had made that assumption, but that’s clearly not the case.

The RFP spells out exactly what is required of the testing providers.

First, they’re expected to build bespoke software to run the tests.

In addition to load-testing and verifying the registry’s compliance with standards such as EPP, DNSSEC and Whois, it also needs a custom-made user interface for applicants and back-end integration with ICANN’s wobbly TLD Application System.

ICANN also wants to be able to open-source the software, which seems to rule out any off-the-shelf testing suites.

RFP respondents also need to be able test 20 applicants’ back-ends per week — potentially scaling up to 100 per week — as soon as ICANN starts signing registry agreements next year.

ICANN does not expect to announce the winning provider(s) until December 5. The deadline for responses is November 20.

In short, it looks like a challenging project on a very tight deadline.

I wonder how much institutional knowledge there is out there of, say, DNSSEC, in companies that are not also involved in new gTLD applications as either applicant or back-end.

The pool of possible RFP respondents is likely very small indeed.

The ability to run tests on the testing suite itself may also be limited by the timetable and the possible shortage of guinea-pig registry back-ends.

Why ICANN has waited until this very late date to issue the RFP is a real head-scratcher.

ICANN is offering a 24-month contract with a possible 12-month extension. The RFP can be downloaded here.

Registries propose PKI-based new gTLD sunrises

Kevin Murphy, September 12, 2012, Domain Tech

Neustar and ARI Registry Services have come up with an alternative to ICANN’s proposed new gTLDs sunrise period process, based on a secure Public Key Infrastructure.

The concept was outlined in a draft paper published today, following an intensive two-day tête-à-tête between domain companies and Trademark Clearinghouse providers IBM and Deloitte last month.

It’s presented as an alternative to the implementation model proposed by ICANN, which would use unique codes and was criticized for being inflexible to the needs of new gTLD registries.

The PKI-based alternative from Neustar and ARI would remove some of the cost and complexity for registries, but may create additional file-management headaches for trademark owners.

Under the ICANN model, which IBM and Deloitte are already developing, each trademark owner would receive a unique code for each of their registered trademarks and each registry would be given the list of codes.

If a trademark owner wanted a Sunrise registration, it would submit the relevant code to their chosen registrar, which would forward it to the registry for validation against the list.

One of the drawbacks of this method is that registries don’t get to see any of the underlying trademark data, making it difficult to restrict Sunrise registrations to certain geographic regions or certain classes of trademark.

If, for example, .london wanted to restrict Sunrise eligibility to UK-registered trademarks, it would have no easy way of doing so using the proposed ICANN model.

But IP interests participating in the development of the Trademark Clearinghouse have been adamant that they don’t want registries and registrars getting bulk access to their trademark data.

They’re worried about creating new classes of scams and have competitive concerns about revealing their portfolio of trademarks.

Frankly, they don’t trust registries/rars not to misuse the data.

(The irony that some of the fiercest advocates of Whois accuracy are so concerned about corporate privacy has not been lost on many participants in the TMCH implementation process.)

The newly proposed PKI model would also protect trademark owners’ privacy, albeit to a lesser extent, while giving registries visibility into the underlying trademark data.

The PKI system is rather like SSL. It used public/private key pairs to digitally sign and verify trademark data.

Companies would submit trademark data to the Clearinghouse, which would validate it. The TMCH would then sign the data with its private key and send it back to the trademark owner.

If a company wished to participate in a Sunrise, it would have to upload the signed data — most likely, a file — to its registrar. The registrar or registry could then verify the signature using the TMCH’s public key.

Because the data would be signed, but not encrypted, registrars/ries would be able to check that the trademark is valid and also get to see the trademark data itself.

This may not present a privacy concern for trademark owners because their data is only exposed to registries and registrars for the marks they plan to register as domains, rather than in bulk.

Registries would be able to make sure the trademark fits within their Sunrise eligibility policy, and would be able to include some trademark data in the Whois, if that’s part of their model.

It would require more file management work by trademark owners, but it would not require a unique code for each gTLD that they plan to defensively register in.

The Neustar/ARI proposal suggests that brand-protection registrars may be able to streamline this for their clients by enabling the bulk upload of trademark Zip files.

The overall PKI concept strikes me as more elegant than the ICANN model, particularly because it’s real-time rather than using batch downloads, and it does not require the TMCH to have 100% availability.

ICANN is understandably worried that about the potentially disastrous consequences for the new gTLD program if it creates a TMCH that sits in the critical registration path and it goes down.

The PKI proposal for Sunrise avoids this problem, as registries and registrars only need a stored copy of the TMCH’s public key in order to do real-time validation.

Using PKI for the Trademark Claims service — the second obligatory rights protection mechanism for new gTLD launches — is a much trickier problem if ICANN is to stick to its design goals, however.

ARI and Neustar plan to publish their Trademark Claims proposal later this week. For now, you can read the Sunrise proposal in PDF format here.

Why domain names need punctuation

Kevin Murphy, August 28, 2012, Domain Tech

ICANN wants to know whether it should formally ban “dotless” domain names in the gTLDs for which it oversees policy.

While the Applicant Guidebook essentially prohibits registries using their new gTLDs without dots, there’s not yet a hard ban in the template Registry Agreement.

But that could change following a new ICANN public comment period.

A dotless domain might appear in a browser address bar as http://tld or, with more modern browsers, more likely just tld. A small number of ccTLDs already have this functionality.

To make it work, TLDs need to place an A record (or AAAA record for IPv6) in the root zone. This is known as an apex A record, which the Applicant Guidebook says ICANN will not permit.

The result, IANA root zone manager Kim Davies told us in July 2011, is a “default prohibition on dotless domains”.

Davies could not rule out apex A/AAAA records entirely, however. Specific requests for such functionality might be entertained, but would likely trigger an Extended Evaluation.

ICANN’s Security and Stability Advisory Committee is of the opinion that dotless gTLDs should not be permitted on various security grounds, including the fact that lots of software out there currently assumes a domain without a dot is a trusted host on the local network.

You can read the SSAC report here.

Dotless domains would also mess up browsers such as Chrome, which have integrated address/search bars; when you type “loreal” do you intend to search for the brand or visit its TLD’s web site?

But a far more intuitive, non-technical argument against dotless domains, as CentralNic’s Joe Alagna noted in his blog over the weekend, is that they do not pass the cocktail party test.

It’s hard enough trying to communicate the address “domainincite.com” across a noisy cocktail party as it is, but at least the dot immediately informs the listener that it’s a domain name.

Without dots, are we even talking about domain names any more?

The first phase of the new comment period runs until September 23. We understand that, depending on responses, a new ban on dotless domains could be introduced to the standard new gTLD registry agreement and possibly even added to legacy registry agreements in future.