Latest news of the domain name industry

Recent Posts

Cops say new gTLDs shouldn’t launch without a Big Brother RAA

Law enforcement agencies are not happy with the proposed 2013 Registrar Accreditation Agreement, saying it doesn’t go far enough to help them catch online bad guys.

Europol and the FBI told ICANN’s Governmental Advisory Committee yesterday that people need to have their full identities verified before they’re allowed to register domain names.

They added that new gTLDs shouldn’t be allowed to launch until a tougher RAA is agreed to and signed by registrars.

The draft 2013 RAA would force registrars to validate their customers’ email addresses or phone numbers after selling them a domain, but law enforcement thinks this is not enough.

“We need a bit more in this area,” Troels Oerting, head of Europol’s European Cybercrime Centre, told the GAC during a Sunday session. “We need a bit more to be verified in addition to the phone or email.”

“It’s very, very important that we are able to identify perpetrators able, to identify the originators, and it’s not enough that you just put in the email or phone,” he said.

He added that there should also be re-verification procedures and ongoing compliance monitoring from ICANN, and said that only registrars signing the 2013 RAA should be allowed to sell new gTLD domains.

Europol has sent a letter to ICANN (not yet published, it seems) outlining four areas it wants to see the RAA “improved”, Oerting said.

Given that many GAC members, including the US, seem to support this position, it’s yet another threat to ICANN’s new gTLD launch timetable, not to mention privacy and anonymous speech in general.

The law enforcement recommendations are not new, of course. They’ve been in play and GAC-endorsed for many years, but were watered down during ICANN’s RAA talks with registrars.

5 Comments Tagged: , , , , , , , , ,

Verisign’s security angst no reason to delay new gTLDs, says expert

Kevin Murphy, April 7, 2013, Domain Tech

Potential security vulnerabilities recently disclosed by Verisign and PayPal are well in hand and not a reason to delay the launch of new gTLDs, according to the chair of ICANN’s security committee.

Patrick Falstrom, chair of the Security and Stability Advisory Committee, said today that the risk of disastrous clashes between new gTLDs and corporate security certificates has been taken care of.

Talking to the GNSO Council at the ICANN public meeting in Beijing, he gave a definitive “no” when asked directly if the SSAC would advise ICANN to delay the delegation of new gTLDs for security reasons.

Falstrom had given a presentation on “internal name certificates”, one of the security risks raised by Verisign in a paper last week.

These are the same kinds of digital certificates given out by Certificate Authorities for use in SSL transactions on the web, but to companies for their own internal network use instead.

The SSAC, judging by Falstrom’s presentation, had a bit of an ‘oh-shit’ moment late last year when a member raised the possibility of new gTLDs clashing with the domain names on these certificates.

Consider the scenario:

A company has a private namespace on its LAN called .corp, for example, where it stores all of its sensitive corporate data. It uses a digital certificate, issued by a reputable CA, to encrypt this data in transit.

But today we have more than a few applicants for .corp that would use it as a gTLD accessible to the whole internet.

Should .corp get delegated by ICANN — which of course is by no means assured — then there could be the risk of CAs issuing certificates for public domains that clash with private domains.

That might enable, for example, a hacker on a Starbucks wifi network to present his evil laptop as a secured, green-padlocked, corporate server to an unlucky road warrior sitting in the same cafe.

According to Falstrom, at least 157 CAs have issued certificates that clash with applied-for new gTLDs. The actual number is probably much higher.

This risk was outlined in Verisign’s controversial security report to ICANN, which recommended delay to the new gTLD program until security problems were resolved, two weeks ago.

But Falstrom told the GNSO Council today that recent secretive work by the SSAC, along with ICANN security staff and the CA/Browser Forum, a certificate industry authority, has mitigated this risk to the point that delay is not needed.

Falstrom said that after the SSAC realized that there was a potential vulnerability, it got it touch with the CA/Browser Forum to share its concerns. But as it turned out, the Forum was already on the case.

The Forum decided in February, a couple of weeks after an SSAC briefing, that member CAs should stop issuing internal name certificates that clash with new gTLDs within 30 days of ICANN signing a registry contract for that gTLD.

It has also decided to revoke any already-issued internal domain certificate that clashes with a new gTLD within 120 days of contract signing.

This means that the vulnerability window will be much shorter, should the vulnerability start getting exploited in wild.

But only if all CAs conform to the CA/Browser Forum’s guidelines.

Much of this is detailed in a report issued by SSAC last month (pdf). The CA/Browser Forum’s guidance is here (pdf). Falstrom’s PowerPoint is available here (pdf)

Comment Tagged: , , ,

Pritz resurfaces with consulting gigs for Donuts and Architelos

Kevin Murphy, April 6, 2013, Domain Services

Former ICANN chief strategy officer and new gTLDs head honcho Kurt Pritz is doing a spot of industry work, following the expiration of his post-resignation consulting gig with ICANN.

Pritz, we understand, has developed consulting relationships with new gTLD portfolio applicant Donuts and consulting firm Architelos while he looks for a more permanent position.

As you may recall, he quit ICANN last November after disclosing a personal conflict of interest.

While there are no rules preventing ICANN staff going into the domain industry, Pritz’s is prohibited from sharing confidential information he learned while at ICANN, we’re told.

Given his background, we understand he’ll be focusing mainly on policy-related work at both companies.

Comment Tagged: , ,

Trademark Clearinghouse to get tested out on three existing TLDs

Kevin Murphy, April 6, 2013, Domain Services

Three already-live TLDs are going to use the Trademark Clearinghouse to handle sunrise periods, possibly before the first new gTLDs launch.

BRS Media is set to use the TMCH, albeit indirectly, in its launch of third-level domains under .radio.am and .radio.fm, which it plans to launch soon as a budget alternative to .am and .fm.

The company has hired TM.Biz, the trademark validation firm affiliated with EnCirca, to handle its sunrise, and TM.biz says it will allow brand owners to leverage Clearinghouse records.

Trademark owners will be able to submit raw trademarks for validation as in previous sunrises, but TM.Biz will also allow them to submit Signed Mark Data (SMD) files, if they have them, instead.

Encrypted SMD files are created by the TMCH after validation, so the trademarks and the strings they represent are pre-validated.

There’ll presumably be some cost benefit of using SMD files, but pricing has not yet been disclosed.

Separately, Employ Media said today that it’s getting ready to enter the final stage of its .jobs liberalization, opening up the gTLD to essentially any string and essentially any registrant.

The company will also use the TMCH for its sunrise period, according to an ICANN press release, though the full details and timing have not yet been announced.

Unusually, .jobs is a gTLD that hasn’t already had a sunrise — its original business model only allowed vetted company-name registrations.

The TMCH is already accepting submissions from trademark owners, but it’s not yet integrated with registries and registrars.

4 Comments Tagged: , , , , , , , , , , , , , ,

Six big reasons we won’t see any new gTLD launches until Q3

Kevin Murphy, April 5, 2013, Domain Policy

ICANN’s announcement of a big media bash in New York on April 23, to announce the launch of new gTLDs, has gotten many people thinking the first launches are imminent.

Wrong.

We’re not going to see any new gTLD domains on sale until the third quarter at the earliest, in my view, and here are a few good reasons why.

April 23 is just a PR thing

ICANN has said that April 23 is primarily about awareness-raising.

Not only does it hope to garner plenty of column inches talking about new gTLDs — helping the marketing efforts of their registries — it also hopes to ceremonially sign the first Registry Agreements.

I think CEO Fadi Chehade’s push to make the industry look more respectable will also play a part, with the promotion of the Registrant Rights and Responsibilities document.

But there’s never been any suggestion that any strings will be delegated at that time, much less go live.

The contracts are still hugely controversial

If ICANN wants to sign a Registry Agreement on April 23, it’s going to need a Registry Agreement to sign.

Right now, applicants are up in arms about ICANN’s demand for greater powers to amend the contract in future.

While ICANN has toned down its proposals, they may still be unacceptable to many registries and gTLD applicants.

Applicants have some impetus to reach agreement quickly — because they want to launch and start making money as soon as possible.

But ICANN wants the same powers added to the 2013 Registrar Accreditation Agreement, and registrars are generally less worried about the speedy approval of new gTLDs.

ICANN has tied the approval of the RA and the RAA together — only registrars on the new RAA will be able to sell domains in new gTLDs.

Chehade has also made it clear that agreement on the new RAA is a gating issue for new gTLD launches.

If registries, registrars and ICANN can’t settle these issues in Beijing, it’s hard to see how any contracts could be signed April 23. The first launch would be delayed accordingly.

GAC Advice might not be what we’re expecting

GAC Advice on New gTLDs is, in my view, the biggest gating issue applicants are facing right now.

GAC Advice is an integral part of the approval process outlined in the Applicant Guidebook and ICANN has said many times that it cannot and will not sign any contracts until the GAC has spoken.

But what does that mean from a process and timing point of view?

According to the Applicant Guidebook, if an application receives GAC Advice, it gets shunted from the main evaluation track to the ICANN board of directors for consideration.

It’s the only time the ICANN board has to get directly involved with the approval process, according to the Guidebook’s rather complex flow-charts.

GAC Advice is not an automatic death sentence, but any application the GAC is unanimously opposed to stands a very slim chance of getting approved by the board.

Given that ICANN is has said it will not sign contracts until it has received GAC Advice, and given that it has said it wants to sign the first contract April 23, it’s clearly expecting to know which applications are problematic and which are not during the next three weeks.

But I don’t think that’s necessarily going to happen. The GAC moves slowly and it has a track record of missing ICANN-imposed deadlines, which it often seems to regard as irksome.

Neither ICANN nor the GAC have ever said GAC Advice on New gTLDs will be issued during next week’s public meeting in Beijing. If a time is given it’s usually “after” or “following” Beijing.

And I don’t think the GAC, which decided against holding an inter-sessional meeting between Toronto and Beijing, is remotely close to providing a full list of specific applications of concern.

I do think a small number of slam-dunk bad applications – such as DotConnectAfrica’s .africa bid – will get Advised against during or after the Beijing meeting.

But I also think the GAC is likely to issue Advice that is much broader, and which may not provide the detail ICANN needs to carry the process forward for many applicants.

The GAC, in its most recent (delayed) update, is still talking about “categories” of concern – such as “consumer protection” and “geographical names” – some of which are very broad indeed.

Given the limited amount of time available to it in Beijing, I think it’s quite likely that the GAC is going to produce advice about categories as well as about individual applications.

And, crucially, I don’t think it’s necessarily going to give ICANN a comprehensive list of which specific applications fall into which categories.

If the GAC decides to issue Advice under the banner of “consumer protection”, for example, somebody is going to have to decide which applications are captured by that advice.

Is that just strings that relate to regulated industries such as pharmaceuticals or banking? Or is it any string that relates to selling stuff? What about .shop and .car? Shops and cars are “regulated” by consumer protection and safety laws in most countries.

Deciding which Advice covered which applications would not be an easy task, nor would it be a quick one. I don’t think the GAC has done this work yet, nor do I think it will in Beijing.

For the GAC to reach consensus advice against specific applications will in some cases require GAC representatives to return to their capitals for guidance, which would add delay.

There is, in my view, a very real possibility of more discussions being needed following Beijing, just in order to make sense of what the GAC comes up with.

The new gTLD approval process needs the GAC to provide a list of specific applications or strings with which it has concerns, and we may not see that before April 23.

ICANN may get a short list of applications that definitely do have Advice by then, but it won’t necessarily know which applications do not, which may complicate the contract-signing process.

The Trademark Clearinghouse still needs testing

The Trademark Clearinghouse is already, in one sense, open for business. Trademark owners have been able to submit their marks for validation for a couple of weeks now.

But the hard integration work has not been done yet, because the technical specifications the registries and registrars need to interface with IBM’s TMCH database have not all been finalized.

When the specs are done (it seems likely this will happen in the next few weeks), registries and registrars will need to finish writing their software and start production testing.

ICANN’s working timetable has the TMCH going live July 1, but companies that know much more than me about the technical issues at play here say it’s unlikely that they’ll be ready to go live with Sunrise and Trademark Claims services before August.

It’s in everyone’s interests to get all the bugs ironed out before launch.

For new gTLD registries, a failure of the centralized TMCH database could mean embarrassing bugs and downtime during their critical launch periods.

Trademark owners and domain registrants may also be concerned about the potential for loopholes.

For example, it’s still not clear to some how Trademark Claims – which notifies registrants when there’s a clash between a trademark and a domain they want – will interact with landrush periods.

Does the registrant only get a warning when they apply for the domain, which could be some weeks before a landrush auction? If so, what happens if a mark is submitted to the TMCH between the application and the auction and ultimate registration?

Is that a loophole to bypass Trademark Claims? Could a registrant get hit by a Claim after they’ve just spent thousands to register a domain?

These are the kinds of things that will need to be ironed out before the TMCH goes fully live.

There’s a sunrise notice period

The sunrise period is the first stage of launch in which customers get to register domain names.

Lest we forget, ICANN recently decided to implement a mandatory 30-day notice period for every new gTLD sunrise period. This adds a month to every registry’s go-live runway.

Because gTLD sunrise periods from now on all have to use the TMCH, registries may have to wait until the Clearinghouse is operational before announcing their sunrise dates.

If the TMCH goes live in July, this would push the first launch dates out until August.

Super-eager registries may of course announce their sunrise period as soon as they are able, and then delay it as necessary to accommodate the TMCH, but this might carry public relations risks.

Verisign’s security scare

It’s still not clear how Verisign’s warning about the security risks of launching new gTLDs on the current timetable will be received in Beijing.

If the GAC reckons Verisign’s “concerns” are valid, particularly on the issue of root zone stability, ICANN will have to do a lot of reassuring to avoid being advised to delay its schedule.

Could ICANN offer to finish off its work of root zone automation, for example, before delegating new gTLDs? To do so would add months to the roll-out timetable.

3 Comments Tagged: , , , , , , , , , ,

Right Of The Dot gets legal opinion: new gTLD auctions not illegal

Kevin Murphy, April 4, 2013, Domain Services

Right Of The Dot, one of the companies hoping to offer contention set resolution services to new gTLD applicants, has published a legal opinion arguing that auctions are not inherently illegal.

The document was issued in response to Uniregistry’s claim that the US Department of Justice has refused to give auctions a green light under antitrust law.

ROTD hired the law firm Lewis Brisbois Bisgaard & Smith, including a partner with DoJ experience, to draft the statement.

It’s aimed at lawyers, primarily, but the gist of it is that simply participating in an auction is not illegal in and of itself — participants would have to collude in some other way too.

It states:

The finding of an antitrust violation necessarily would depend on a showing that the private auction unreasonably restrained interstate trade or commerce.

The question comes down to the conduct of the parties to an auction, be it a private auction or an ICANN Last Resort Auction.

If the parties to an auction, engage in collusion such as price fixing and/or bid rigging, it constitute per se violations of Section 1 of the Sherman Act.

It’s not the auction provider that creates a violation it’s the action of the parties to an auction and those actions can take place in an ICANN Last Resort auction.

In other words, there’s no difference between an ICANN-run auction, in which ICANN gets paid, and a private auction in which the participants and the auctioneer get paid, according to these lawyers.

Uniregistry’s argument as I understand it, on the other hand, is that simply participating in an action that could constitute illegal collusion, because ICANN ends up out of pocket.

Who’s right? Who’s wrong?

I think the only person who could answer that, in light of the DoJ’s refusal to intervene, would be a judge. We’re unlikely to get an answer unless somebody sues somebody.

2 Comments Tagged: , , , , , ,

ANA calls for new gTLDs delay, again

Kevin Murphy, April 3, 2013, Domain Policy

The Association of National Advertisers has seized upon Verisign’s recent report into the security risks of ICANN’s new gTLD timetable to call for delays to the program.

In a blog post yesterday, ANA vice president Dan Jaffe said ICANN’s dismissal of the surprising Verisign letter is “like the Captain of the Titanic before the crash saying that the dangers of icebergs had been discussed for years.”

The post highlights the lack of finalized Trademark Clearinghouse specs as “one of the greatest concerns”, saying “millions of customers are the ones who will face harm”.

That’s not strictly true, of course. New gTLD registries are contractually unable to launch until the TMCH is ready, so the risk of registrants being harmed by the lack of specs today is a non-starter.

The ANA also points to ongoing concerns about proposed TLDs such as .corp and .home, which run the risk of clashing with existing private TLDs used on internal corporate and ISP networks.

It’s on much firmer ground here. If a user tries to access a LAN resource on a .corp domain while roaming, what’s to stop them sending sensitive data to a third-party web site instead?

I’ve yet to see a compelling reason why this is not a problem, but it’s not yet known whether the many applications for .corp, .home and similar strings have passed their ICANN technical evaluations.

The ICANN application form asked applicants to disclose potential operational problems such as these, but some applicants that were very familiar with the problem decided not to do so.

But the ANA’s main concern is its belief that new gTLDs will increase cybersquatting and increase the cost of defensive registrations, of course.

“Adequate steps have not been taken to protect Internet users, and we are headed toward uncharted waters with major danger to consumers, brandholders, and the Internet itself,” Jaffe wrote.

“The only prudent action for ICANN now is to delay this arbitrary domain name roll-out until it has fixed these very serious problems.”

Comment Tagged: , , , , , , ,

NameJet and Afternic sign another gTLD launch

Kevin Murphy, April 3, 2013, Domain Services

NameJet and Afternic will provide launch auctions and premium name distribution for the .build gTLD, should it be approved, the two companies have announced.

The deal was inked with applicant Plan Bee LLC, which is affiliated with Minardos Group, a construction company.

The two companies will handle auctions under the sunrise and landrush phases, according to a press release.

It’s the second such deal to be announced by the Afternic/Namejet partnership to date, after WhatBox’s .menu. The companies are also working with Directi’s .pw registry.

Plan Bee has also applied for .expert and .construction, but these are both contested so there’s less certainty that they’ll end up approved.

The applicant reckons it will be able to bring .build to market in the fourth quarter of this year.

With a prioritization number of 1,049 in ICANN’s queue, this may prove optimistic, depending on how the remaining portions of the program — such as predelegation testing and contracting — pan out.

3 Comments Tagged: , , , , , , , ,

ICANN selects new gTLD backup providers

Neustar, Nominet and CNNIC have been picked to provide backup registry services for new gTLDs that fail.

ICANN has named the three companies as Emergency Back-End Registry Operators for the new gTLD program.

They’ll be responsible for taking over the management of any new gTLD that goes out of business, putting registrants at risk of losing DNS resolution and registry functions.

The idea is that the EBERO(s) would be paid out of funds placed in escrow by gTLD applicants, in order to gracefully wind down any failed TLD over the space of a few years.

In reality, I doubt there’s going to be much call for their services; M&A activity is a more likely outcome for gTLDs that fail to meet their sales expectations.

ICANN highlighted the geographic diversity of the three companies (Nominet is British, Neustar American and CNNIC Chinese) as a stability benefit of its selections.

The three were chosen from 14 respondents to an RFI published last year.

The absence of an EBERO was one of the shortfalls of the new gTLD program highlighted by Verisign in its recent letter warning ICANN about perceived security and stability risks.

While ICANN has acknowledged that the EBEROs are unlikely to be ready to roll before the first new gTLDs start to launch, it has noted that they don’t need to be.

If any new gTLD catastrophically fails during the first few months of launch, it will reflect extremely poorly on the financial and technical evaluations applicants have been undergoing for the last nine months.

Comment Tagged: , , , , ,

Go Daddy hires CTO from Yahoo

Go Daddy has made its third top-level hire from CEO Blake Irving’s alma mater, Yahoo.

Elissa Murphy, formerly vice president of engineering, will join the registrar as chief technology officer and head of platform, All Things D reports.

Go Daddy has reportedly confirmed the move, saying she’s due to start next month.

The news comes just a few weeks after the company recruited James Carroll from Yahoo to head its international business.

Irving joined Go Daddy in January.

Comment Tagged: ,