Latest news of the domain name industry

Recent Posts

Jeff Neuman quits Neustar for Valideus

Kevin Murphy, January 23, 2015, Domain Registries

Neustar’s top domain name guy is moving to UK new gTLD consultancy Valideus.

Jeff Neuman, who’s been with Neustar for over 15 years, will become Valideus’ senior vice president for North America, starting this coming Monday, according to Valideus managing director Nick Wood.

I don’t know who’s replacing him at Neustar, where he’s been in charge of the company’s domain name business for the last couple of years, overseeing the company’s business as a registry back-end provider and registry for New York’s .nyc new gTLD.

Neuman was previously Neustar’s longstanding VP of policy, a role which also saw him heavily involved in ICANN’s GNSO Council and Neustar’s application for and launch of .biz, back in 2000.

He’s been quite a pivotal and sometimes outspoken figure over the years.

Valideus is the new gTLD service provider sister company to Com Laude, the brand-focused registrar. It provides application consulting and ongoing registry/registrar management for dot-brand gTLD applicants and registries, Amazon among them.

I gather that Neuman will remain based in the US, as his new job title implies.

10 Comments Tagged: , , , ,

.gay is gay enough after all? ICANN overturns community panel decision

Kevin Murphy, January 22, 2015, Domain Registries

One of the applicants for .gay has won a significant battle in the fight for the controversial new gTLD.

In a shock move, a committee of ICANN’s board of directors has overturned the rejection of dotgay LLC’s Community Priority Evaluation, ordering that the case should be re-examined by a new panel of experts.

As you may recall, dotgay’s CPE was kicked out in October after the Economist Intelligence Unit panel decided that the company’s defined community was too broad to be described by “gay” as it included a lot of people who aren’t gay, such as straight people.

The decision — which I thought was probably correct — caused an uproar from dotgay’s myriad supporters, which include dozens of international equal rights and gay community organizations.

dotgay filed a Request for Reconsideration, ICANN’s cheapest but least reliable form of appeal, and today found out it actually won.

ICANN’s Board Governance Committee, which handles the RfR process, this week ruled (pdf):

The BGC concludes that, upon investigation of Requester’s claims, the CPE Panel inadvertently failed to verify 54 letters of support for the Application and that this failure contradicts an established procedure. The BGC further concludes that the CPE Panel’s failure to comply with this established CPE procedure warrants reconsideration. Accordingly, the BGC determines that the CPE Panel Report shall be set aside, and that the EIU shall identify two different evaluators to perform a new CPE for the Application

The successful RfR appears to be based on a technicality, and may have no lasting impact on the .gay contention set.

Under the EIU’s process rules: “With few exceptions, verification emails are sent to every entity that has sent a letter(s) of support or opposition to validate their identity and authority”.

It seems that the EIU was sent a bundle of 54 letters of support for dotgay, but did not email the senders to verify they were legit. The BCG wrote:

Over the course of investigating the claims made in Request 14-44, ICANN learned that the CPE Panel inadvertently did not verify 54 of the letters of support it reviewed. All 54 letters were sent by the Requester in one correspondence bundle, and they are publicly posted on ICANN’s correspondence page.36 The 54 letters were deemed to be relevant by the EIU, but the EIU inadvertently failed to verify them.

If an applicant wins a CPE it means all the other applicants are automatically excluded, and the door is now open for the EIU to rethink its earlier decision.

So do competing applicants Rightside, Minds + Machines and Top Level Design now have genuine cause for concern? Not necessarily.

CPE applicants need to score at least 14 out of 16 available points in order to win, and dotgay only scored 10 points in its original evaluation.

Crucially, the EIU panel said that because the “community” as defined by dotgay included transgender, intersex, asexual and straight “allies” of equal rights, it was too broad to score any of the available four points on the “Nexus” criteria.

The BCG could find no fault with the EIU’s determination on Nexus, so even if dotgay’s letters of support are verified according to procedure, it would not necessarily lead to dotgay picking up any more Nexus points.

The BCG wrote on Nexus: “Requester’s substantive disagreement with the CPE Panel’s conclusion does not support reconsideration”.

However, given that the EIU is going to do the entire CPE all over again with new panelists, it seems entirely possible that dotgay could win this time.

4 Comments Tagged: , , , , , , ,

Domain hijacking bug found in Go Daddy

Kevin Murphy, January 22, 2015, Domain Registrars

Go Daddy has rushed out a fix to a security bug in its web site that could have allowed attackers to steal valuable domain names.

Security engineer Dylan Saccomanni found several “cross site request forgery” holes January 17, which he said could be used to “edit nameservers, change auto-renew settings and edit the zone file entirely”.

He reported it to Go Daddy (evidently with some difficulty) and blogged it up, with attack code samples, January 18. Go Daddy reportedly patched its site the following day.

A CSRF vulnerability is where a web site fails to adequately validate data submitted via HTTP POST. Basically, in this case Go Daddy apparently wasn’t checking whether commands to edit name servers, for example, were being submitted via the correct web site.

Mitigating the risk substantially, attackers would have to trick the would-be victim domain owner into filling out a web form on a different site, while they were simultaneously logged into their Go Daddy accounts, in order to exploit the vulnerability, however.

In my experience, Go Daddy times out logged-in sessions after a period, reducing the potential attack window.

Being phishing-aware would also reduce your chance of being a victim.

I’m not aware of any reports of domains being lost to this attack.

Comment Tagged: , ,

NCC buys Open Registry for up to $22.6m — a gTLD registry now owns part of the TMCH

Kevin Murphy, January 20, 2015, Domain Registries

NCC Group has acquired registry back-end provider Open Registry in a deal that could be worth as much as £14.9 million ($22.6 million).

The deal means that NCC, which runs the new gTLD .trust via subsidiary Artemis Internet, now owns a back-end, a registrar and a piece of the Trademark Clearinghouse, in addition to its original core domain business of providing data escrow services to registries.

According to NCC, the acquisition is for a minimum of £7.9 million ($12 million), with the rest to be paid over three years if Open Registry meets performance targets.

Open Registry had revenue of €3.7 million ($4.3 million) in 2014, turning a profit of €15,000 ($17,300).

Its core business is as a back-end provider for new gTLD applicants. It has about 20 on its books, mostly European dot-brands and cities.

Part of the company’s business is CHIP, the Clearinghouse of Intellectual Property, which along with IBM and Deloitte runs the ICANN-sanctioned TMCH, which all new gTLD registries must use in their Sunrise and Trademark Claims launch periods.

It also owns a small registrar, Nexperteam, which has about 8,000 domains under management.

The Benelux company employs eight people.

Open Registry’s founding CEO Jean-Christophe Vignes joined Artemis as head of domain operations in 2013.

3 Comments Tagged: , , , , ,

ICANN audit claims two more registrar scalps

Kevin Murphy, January 20, 2015, Domain Registrars

Two tiny registrars — WebZero and Black Ice Domains — have had their registrar accreditations terminated for a failure to respond to a routine ICANN audit.

Israel-based Black Ice had just a couple thousands gTLD domains under management; US-based WebZero had fewer than 100.

Both registrars stood accused of not providing documents to ICANN in response to an audit, per their Registrar Accreditation Agreements.

ICANN will now look for a registrar or registrars to take over these registrars’ domains.

Comment Tagged: , , , ,