Latest news of the domain name industry

Recent Posts

Live new gTLDs this month? First four pass to delegation

Kevin Murphy, October 22, 2013, Domain Registries

New gTLDs are on the home stretch, after ICANN sent the first four applications to the final delegation stage of the process.

The four are: .сайт (Russian “.site”) and .онлайн (Russian “.online”) from Core Association, شبكة. (Arabic “.web”) from dotShabaka Registry and .游戏 (Chinese “.games”) from Donuts.

These were also the first four to sign their registry contracts with ICANN — over three months ago — and the first to be given their name collisions mitigation plan, just a few days ago.

Proceeding to delegation means the applications are now in the hands of IANA, the ICANN department with responsibility over changes to the DNS root system.

IANA has its own set of procedures to follow before delegating, which have historically taken a couple of weeks to process. If I recall correctly, .xxx was with IANA for about 10 days before it went live.

It seems possible that the first new gTLDs could be live this month, meaning the first sunrise periods could kick off in early December, with general availability following a month later.

However, the Christmas and New Year holiday period may wind up forcing some registrars to stagger their dates in order to benefit from the best publicity window when they finally go on sale.

What does Neelie Kroes know about multistakeholderism?

Kevin Murphy, October 15, 2013, Domain Policy

European Commission vice president Neelie Kroes wants “your ideas on how the Internet should be governed and what Europe’s role should be.”

In a survey launched last week, Kroes, who has special responsibility for the “digital agenda” in Europe, criticized ICANN’s “multi-stakeholder” process.

She solicited suggestions on how governments should be treated within ICANN, and asked “How can a move from unilateral to multilateral accountability be realised?”

Kroes said on her blog (link in original):

we also must have a clearer view of what we mean when we speak of “multi-stakeholder processes”. I worry that without a clear definition, everyone will claim that their decision processes are inclusive and transparent, when in practice they are not – as was shown recently, when the Governmental Advisory Committee of ICANN pressed on regardless – in spite of the EU’s legitimate concerns on new domain names.

Let’s parse this.

On the one hand, Kroes is stating that ICANN’s process is not “inclusive and transparent”.

On the other, she’s linking to her own demands for special privileges for the European Commission in the debate over whether wine producers need special protections in the new gTLDs .wine and .vin.

I reported on Kroes letter a month ago.

As the letter and the public record makes plain, the GAC had originally asked ICANN for more time in order to consider whether the .wine protections were warranted.

In the end, the GAC was unable to reach a consensus on the matter and advised ICANN accordingly.

With no GAC consensus, ICANN has no mandate to act.

But Kroes wants ICANN to delay the .wine and .vin applications anyway, based on little more than the European Commission’s unilateral demands.

Is her definition of a “multi-stakeholder” process one in which individual governments get to override the consensus of dozens of governments? It certainly looks that way.

And it wouldn’t be the first time Kroes has tried to usurp the multi-stakeholder process in order to get what she wants.

Back in June 2011, she called for ICANN to be reformed because she didn’t like the fact that ICANN did not accept all the GAC’s advice when it approved the new gTLD program.

A month earlier, she privately wrote to the US Department of Commerce — which controls the DNS root server — to ask that it refuse to delegate the recently approved .xxx gTLD.

That would have been an unprecedented and worrying move by Commerce, and naturally it declined.

But the fact that Kroes even asked makes me wonder how serious she is about “multistakeholderism”.

It’s a newish term, poorly defined, but reason dictates that it means you can’t always get what you want.

Kroes blog post is available here. More information about her call for comments can be found here.

Angry gTLD applicants lay into ANA and Verisign “bullshit”

Kevin Murphy, October 2, 2013, Domain Services

They’re as mad as hell and they’re not going to take it any more.

New gTLD applicants yesterday laid into the Association of National Advertisers and Verisign with gusto, accusing them of seeking to delay the program for commercial reasons using security as a smokescreen.

The second TLD Security Forum in Washington DC was marked by a heated public argument between applicants and their back-end providers and the ANA’s representatives at the event.

The question was, of course, name collisions: will new gTLDs cause unacceptable security risks — maybe even threatening life — when they are delegated?

ANA vice president Dan Jaffe and outside counsel Amy Mushahwar had walked into the lion’s den, to their credit, to put forth the view that enterprises may face catastrophic IT failures if new gTLDs show up in the in DNS root.

What they got instead was a predictably hostile audience and a barrage of criticism from event organizer Alex Stamos, CTO of .secure applicant Artemis Internet, and Neustar VP Jeff Neuman.

Stamos was evidently already having a Bad Day before the ANA showed up for the afternoon sessions.

During his morning presentation, he laid the blame for certain types of name collision risks squarely with the “dumb” enterprises that are configuring their internal name servers in insecure ways. He said:

Any company that is using any of these domains, they’re all screwing up. Anyone who’s admitting these collisions is making a mistake. It’s a bad mistake, it’s a common mistake, but that doesn’t make it right. They’re opening themselves up to possible horrible security flaws that have nothing to do with the new gTLD program.

There is a mechanism by which you can split DNS resolution in a secure manner on Windows. But unless you do that, you’re in trouble, you’re creating a security hole for yourself. So stop complaining and delaying the whole new gTLD program, because you’re dumb, honestly. These are people who are going to have a problem whether new gTLDs exist or not. Let’s be realistic about this: it’s not about security, it’s about other commercial interests.

That’s of course a reference to Verisign, which is suspected of pressing the name collisions issue in order to prevent or delay competition to .com, and the ANA, which tried to get the program delayed on trademark grounds before it discovered collisions earlier this year.

Executives from Verisign, which put the ANA onto the name collision scent in the first place, apparently lacked the cojones to show up and defend the company’s position in person.

Stamos was preaching mainly to the choir at this point. The fireworks didn’t start until Jaffe and Mushahwar arrived for their panel a few hours later.

The ANA’s point of view, which they both made pretty clearly, is that there seems to be a risk that things could go badly wrong for enterprises if they’re running internal names that clash with applied-for gTLDs.

They’ve got beef with ICANN for running a “not long enough” comment period on the topic primarily during the vacation month of August, which didn’t give big companies enough time to figure out whether they’re at risk and obtain the necessary sign-off on disclosing this fact.

In short, the ANA wants more time — many more months — for its members and others to look at the issue before new gTLDs are delegated.

Mushahwar dismissed the argument that the event-free launches of .asia, .xxx and others showed that gTLD delegations don’t cause any problems, saying:

Let me admit right now: DNS collision is not new, it’s been around since the beginning of the internet… what is new is the velocity of change expected within the next year to 18 months.

I really dismiss the arguments that people are making on the public record saying we’ve dealt with this issue before, we’ve dealt with these issues, view the past TLDs as your test runs. We have never had this velocity of change happening.

The ANA seems to believe that the risk and the consequences are substantial, talking about people dying because their voice over IP fails or electricity supply gets cut off.

But other speakers weren’t buying it.

Stamos was first to the mic to challenge Mushahwar and Jaffe, saying their concerns are “mostly about IP and other commercial interests”, rather than sound technical analysis.

He pointed to letters sent to ICANN’s comment periods in support of the ANA’s position that were largely signed by IP lawyers. Security guys at these companies were not even aware of the letters, he said.

The internet is this crazy messy place where all kinds of weird things happen… if this is the mode that the internet goes forward — you have to prove everything you do has absolutely no risk of impacting anyone connected to the internet — then that’s it, we might as well call it done. We might as well freeze the internet as it is right now.

If you want to stall the program because you have a problem with IP rights or whatever I think that’s fine, but don’t try to grab hold of this thing and blow it up under a microscope and say “needs more study, needs more study”. For anything we do on the internet we can make that argument.

Any call for “we need to study every single possible impact for all several billion devices connected to the internet” is honestly kinda bullshit… it really smacks to me of lawyers coming in and telling engineers how to do their job.

Mushahwar pointed out in response that she’s a “security attorney, not an IP attorney” and that her primary concern is business continuity for large business, not trademark protection.

A few minutes later Neustar’s Neuman was equally passionate at the mic, clashing with Mushahwar more than once.

It all got a bit Fox News, with frequent crosstalk and “if you’d let me continue” and “I’ll let you finish” raising tempers. Neuman at one point accused Mushahwar of “condescending to the entire audience”.

His position, like Stamos before him, was that new gTLD applicants have looked at the same data as Interisle Consulting in its original report, and found that with the exception of .home, .corp and .mail, the risks posed by new gTLDs are minor and can be easily mitigated.

He asked the ANA to present some concrete examples of things that could go wrong.

“You guys have come to the table with a bunch of rhetoric, not supported by facts,” Neuman said.

He pointed to Neustar’s own research into the name collisions, which used the same data (more or less) as Interisle and Verisign and concluded that the risk of damaging effects is low.

The two sides of the debate were never going to come to any agreements yesterday, and they didn’t. But in many respects the ANA and applicants are on the same page.

Stamos, Neuman and others demanded examples of real-world problems that will be encountered when specific gTLDs are delegated and the ANA said basically: “Sure, but we need more time to do that”.

But more time means more delay, of course, which isn’t what the domain name industry wants to hear.

Donuts’ trademark block list goes live, pricing revealed

Kevin Murphy, September 25, 2013, Domain Registries

Donuts’ Domain Protected Marks List, which gives trademark owners the ability to defensively block their marks across the company’s whole portfolio of gTLDs, has gone live.

The service goes above and beyond what new gTLD registries are obliged to offer by ICANN.

As a “block” service, in which names will not resolve, it’s reminiscent of the Sunrise B service offered by ICM Registry at .xxx’s launch, which was praised and cursed in equal measure.

But with DPML, trademark owners also have the ability to block “trademark+keyword” names, for example, so Pepsi could block “drinkpepsi” or “pepsisucks”.

It’s not a wildcard, however. Companies would have to pay for each trademark+keyword string they wanted blocking.

DPML covers all of the gTLDs that Donuts plans to launch, which could be as many as 300. It currently has 28 registry agreements with ICANN and 272 applications remaining in various stages of evaluation.

Trademark owners will only be able to sign up to DPML if their marks are registered with the Trademark Clearinghouse under the “use” standard required to participate in Sunrise periods.

Donuts is also excluding an unspecified number of strings it regards as “premium”, so the owners of marks matching those strings will be out of luck, it seems.

Blocks will be available for a minimum of five years an maximum of 10 years. After expiration, they can be renewed with minimum terms of one year.

The company has not disclose its wholesale pricing, but registrars we’ve found listing the service on their web sites so far (101domain and EnCirca) price it between $2,895 and $2,995 for a five-year registration.

It looks pricey, but it’s likely to be extraordinarily good value compared to the alternative of Sunrise periods.

If Donuts winds up with 200 gTLDs in its portfolio, a $3,000 price tag ($600 per year) works out to a defensive registration cost of $3 per domain per gTLD per year.

If it winds up with all 300, the price would be $2.

That’s in line (if we’re assuming non-budget pricing comparisons and registrars’ DPML markup), with Donuts co-founder Richard Tindal’s statement earlier this year: that DPML would be 5% to 10% the cost of a regular registration.

Tindal also spoke then about a way for rival trademark owners to “unblock” matching names, so Apple the record company could unblock a DPML on apple.music obtained by Apple the computer company, for example.

Donuts is encouraging trademark owners to participate before its first gTLDs goes live, which it expects to happen later this year.

.sex and two other gTLD pass evaluation

Kevin Murphy, September 14, 2013, Domain Registries

Three new gTLD applications passed Initial Evaluation this week, including one of the two applications for .sex.

The approved .sex bid belongs to Internet Marketing Solutions, which is competing with .xxx operator ICM Registry.

The other applications passing IE this week are .leclerc, a French dot-brand, and .aquitaine, a French geographic region.

There are only 20 applications left without results, almost all of which — apart from a generic bid for .bar and Google’s controversial “dotless” .search — appear to be dot-brands.