Latest news of the domain name industry

Recent Posts

Chehade says “no delay” as Verisign drops a security bomb on ICANN

Kevin Murphy, March 29, 2013, Domain Policy

Verisign today said that the new gTLD program presents risks to the security of the internet, but ICANN CEO Fadi Chehade told DI that he’s not expecting any new delays.

The .com behemoth tonight delivered a scathing review of the security and stability risks of launching new gTLDs on ICANN’s current timetable.

The new Verisign report catalogs the myriad ways in which ICANN is not ready to start approving new gTLDs, and the various security problems they could cause if launched without due care.

It strongly suggests that ICANN should delay the program until its concerns are addressed.

But Chehade, in an exclusive interview with DI tonight, rebutted the already-emerging conspiracy theories and said: “There’s nothing new here that would cause me to predict a new delay.”

What does the Verisign report say?

It’s a 21-page document, and it covers a lot of ground.

The gist of it is that ICANN is rushing to launch new gTLDs without paying enough attention to the potential security and stability risks that a vast influx of new gTLDs could cause.

It covers about a dozen main points, but here are the highlights:

  • Certificate authorities and browser makers are not ready. CAs have long issued certificates for use on organizations’ internal networks. In many cases, these certs will use TLDs that only exist on that internal network. A company might have a private .mail TLD, for example, and use certs to secure those domains for its users. The CA/Browser Forum, which coordinates CAs and browser makers, has decided (pdf) to deprecate these certs, but not until October 2016. This, Verisign says, creates a “vulnerability window” of three years during which attackers could exploit clashes between certs on internal TLDs and new gTLDs.
  • Root server operators are not ready. The organizations that run the 13 DNS root servers do not currently coordinate their performance metrics, Verisign said. This makes it difficult to see what impact new gTLDs will have on root server stability. “The current inability to view the root server system’s performance as a whole presents a risk when combined with the impending delegation of the multitude of new gTLDs,” Verisign said.
  • Root zone automation isn’t done yet. ICANN, Verisign and the US Department of Commerce are responsible for adding new gTLDs to the root zone, and work on automating the “TLD add” process is not yet complete. Verisign reckons this could cause “data integrity” problems at the root.
  • The Trademark Clearinghouse is not ready. Delays in finalizing the TMCH technical specs mean registries haven’t had sufficient time to build their interfaces and test them, and the TMCH itself is a potential single point of failure with an unknown attack profile.
  • Universal acceptance of new TLDs. Verisign points out that new gTLDs won’t be immediately available to users when they go live due to lack of software support. It points specifically to the ill-maintained Public Suffix List, used by browsers to set cookie boundaries, as a potential risk factor.
  • A bunch of other stuff. The report highlights issues such as zone file access, data escrow, Whois and pre-delegation testing where Verisign reckons ICANN has not given registries enough time to prepare.

Basically, Verisign has thrown pretty much every risk factor it can think of into the document.

Some of the issues of concern have been well-discussed in the ICANN community at large, others not so much.

Yeah, yeah, but what did Fadi say?

Chehade told DI this evening that he was surprised by the report. He said he’s been briefed on its contents today and that there’s “nothing new” in it. The program is “on track”, he said.

“What is most surprising here is that there is nothing new,” he said. “I’m trying to get my finger on what is new here and I can’t find it.”

“It was very surprising to see this cornucopia of things put together,” he said. “I’m struggling to see how the Trademark Clearinghouse has a security impact, for example.”

He added that some of Verisign’s other concerns, such as the fact that the Emergency Back-End Registry Operator is not yet up and running, are confusing given that existing TLDs don’t have EBEROs.

The report could be divided into two buckets, he said: those things related to ICANN’s operational readiness and those things related to the DNS root.

“Are these operational issues really security and stability risks, and given that we can only launch TLDs when these things are done… what’s the issue there?” he said.

On the DNS root issues, he pointed to a November 2012 report, signed by Verisign, that said the root is ready to take 1,000 new gTLDs a year or 100 a week.

So the Conspiracy Theory is wrong?

ICANN timelineWhen ICANN held a webinar for new gTLD applicants earlier this week, Chehade spent an inordinate amount of time banging home the point that security and stability concerns underpin every stage of the new gTLD program’s timetable.

As this slide from his presentation (click to enlarge) illustrates, security, stability and resiliency or “SSR” is the foundation of every timing assumption.

He said during the webinar:

Nothing will trump the gTLD process, nothing, but the SSR layer. The SSR layer is paramount. It is our number one responsibility to the internet community. Nothing will be done that jeopardizes the security and stability of the internet, period.

At any time if we as a community do not believe that all relevant security and stability matters have been addressed, if we do not believe that’s the case, the program freezes, period.

There is too much riding on the DNS. Hundreds of billions of dollars of commerce. Some may say livelihoods. We will not jeopardize it, not on my watch, not during my administration.

During the webinar, I was lurking on an unofficial chat room of registries, registrars and others, where the mood at that point could be encapsulated by: “Shit, what does Chehade know that he’s not telling us?”

Most people listening to the webinar were immediately suspicious that Chehade was expecting to receive some last-minute security and stability advice and that he was preparing the ground for delay.

The Verisign report was immediately taken as confirmation that their suspicions were correct.

It seemed quite likely that ICANN knew in advance that the report was coming down the pike and was not-so-subtly readying applicants for a serious SSR discussion in Beijing a little over a week from now.

When I asked Chehade a few times whether he knew the Verisign report was coming in advance, he declined to give a straight answer.

My feeling is he probably did, though he may not have known precisely what it was going to say. The question is perhaps less relevant given what he said about its contents.

But what Chehade thinks right now is probably not the biggest concern for new gTLD applicants.

The GAC’s reaction is now critical

The Verisign document could be seen as pure GAC fodder. How the Governmental Advisory Committee reacts to the report, which was CC’d to the US Department of Commerce, is now key.

The GAC has been banging on about root system stability for years and will, in my view, lap up anything that seems to prove that it was right all along.

The GAC will raise the Verisign report with ICANN in Beijing and, if it doesn’t like what it hears, it might advise delay. GAC advice is a lot harder for ICANN’s board to ignore than a self-serving Verisign report.

What’s Verisign playing at?

So why did Verisign issue the report now? I’ve been unable to get the company on the phone at this late hour, but I’ve asked some other industry folk for their responses.

Verisign’s super-lucrative .com contract is the obvious place to start theorizing.

Even though the company has over 200 new gTLD back-end contracts — largely with dot-brand applicants — .com is its cash cow and new gTLDs are a potential threat to that business.

The company has sounded a little more aggressive — talking about enforcing its patents and refusing to comply with ICANN’s audits — since the US Department of Commerce ordered a six-year .com price freeze last November.

But Chehade would not speculate too much about Verisign’s motives.

“I can’t read why this report and why now,” Chehade said. “Especially when there’s nothing new in it. That’s not for me to figure out. It’s for me to look at this report with a critical eye and understand if there’s something we’re not addressing. If there is, and we find it, we’ll address it.”

He pointed to a flurry of phone calls and emails to his desk after the Initial Evaluation results started getting published last week for a possible reason for the report’s timing.

“I think the real change that’s happened in the last few months is that the new gTLD program is now on track and for the first time people are seeing it coming,” he said.

Competitors were more blunt.

“It’s a bloody long report,” said ARI Registry Services CEO Adrian Kinderis. “Had they put the same amount of effort into working with ICANN, we’d be a lot better off on the particular issues.”

13 Comments Tagged: , , , ,

Mystery web site proposes new gTLD “string change” system

Kevin Murphy, March 27, 2013, Domain Registries

Somebody out there is bummed that they can’t afford to win their new gTLD contention set.

A new web site, StringChange.org, is planning to petition ICANN to allow new gTLD applicants to change the string they’ve applied for, for an extra $100,000 fee.

It’s not clear who’s behind the proposal, which was sent to every new gTLD applicant via email today. The page is unsigned and the domain is registered behind Whois privacy.

The site states:

We are proposing that ICANN allow the option of a “String Change” to applicants in contention, allowing these applicants, if they so choose, to change their string to another string and rewrite the appropriate parts of their applications. In doing so, these applicants would relinquish the right to their original string that is in contention, and be assessed a reevaluation fee of $100,000.

Many applicants would choose this over going to auction, being outbid, and never having the opportunity to launch a TLD and implement their business models. This also creates fairness for smaller groups to have the opportunity to launch and operate a TLD, especially when they are currently up against corporate giants such as Amazon or Google.

It goes on to say that a special “String Change round” of applications would begin in 2014, restricted to applicants who don’t fancy their chances punching it out with Google at auction in 2013.

The system would enable applicants that do not want to change their strings to get to market earlier, the site reckons.

It’s soliciting email addresses for its ICANN petition.

Good idea? Bad idea? Mediocre satire? Cheap attempt to see which applicants have gotten cold feet?

11 Comments Tagged: , ,

Loophole gives trademark owners unlimited Clearinghouse records

Kevin Murphy, March 27, 2013, Domain Policy

Trademark owners will be able to add potentially thousands of strings to the Trademark Clearinghouse due to a recently introduced loophole, it emerged last night.

ICANN recently said that it will allow mark holders to add up to 50 strings related to their trademarks to their TMCH records, if the strings have been abused in the past.

It was one of the controversial “strawman” proposals that ICANN decided to adopt earlier this month.

Companies would be able to get protection for “mark+keyword” strings, for example, if a UDRP decision or court ruling had previously found that the strings had been cybersquatted.

The 50-string cap appeared to have been picked rather arbitrarily, but it turns out it’s more-or-less irrelevant anyway.

ICANN confirmed on its webinar for new gTLD applicants last night that the limit is 50 additional strings per entry in the Clearinghouse, not 50 strings per trademarked string.

What this means is that a company that has registered its trademark in multiple jurisdictions will be able to get 50 extra strings for each of those marks it enters into the Clearinghouse.

If Apple had a registered mark for “Apple” in the US and a registered mark for “Apple” in Bolivia, it would be able to submit both to the Clearinghouse and get an additional 100 “apple+keyword” records.

If it had the mark registered in 100 countries, it could put up to 5,000 more strings in the Clearinghouse.

Each string could be used to generate Trademark Claims notices, but not to secure registrations during Sunrise periods.

The apparent loophole and its implications were raised by Reg Levy of Minds + Machines during last night’s ICANN call.

In practice, the number of additional strings mark holders would qualify for would be capped by the number of trademark jurisdictions in the world and/or the number of UDRP decisions they’d won.

Few companies have secured more than a few hundred domains at UDRP to date, meaning it won’t be too difficult for trademark owners to get Trademark Claims protection for basically any previously cybersquatted string.

6 Comments Tagged: , , , , ,

ICANN to pay $2 million to keep Trademark Clearinghouse “free” for registrars

Kevin Murphy, March 27, 2013, Domain Registrars

ICANN is putting its money where its mouth is when it comes to helping new gTLDs be successful, committing $2 million to keep Trademark Clearinghouse access “free” for registrars.

While TMCH pricing for trademark owners is now well-publicized, ICANN COO Akram Attalah last night revealed some of the fees for new gTLD registries and registrars.

Registries will have to pay a one-time fee of $5,000 per TLD to access the TMCH, he said.

That was reduced from $10,000 during talks with TMCH back-end provider IBM after ICANN promised to handle billing and administration, he said.

There’s also going to be a $0.30 fee for each domain that matches a TMCH record registered during Sunrise and Trademark Claims periods, he added. The specifics on this fee were a little fuzzy.

But registrars won’t have to pay a penny, it seems. Attalah said that ICANN will pay IBM $2 million to make sure the Clearinghouse is accessible and free for registrars.

“ICANN will pay $400,000 per year for five years to keep the TMCH up and running and that provides free access to all registrars,” he said on last night’s new gTLDs update webinar.

It won’t be completely free for registrars, of course.

Registrars will have to do some implementation work to support the new Trademark Claims and Sunrise specs, but the absence of fees gives them one less excuse to avoid the two rights protection periods.

2 Comments Tagged: , , , , , ,

ICANN to water down contract powers with “Public Interest Amendments”

Kevin Murphy, March 27, 2013, Domain Registries

ICANN has made a few tweaks to its proposed unilateral-right-to-amend powers in order to fend off open hostility from registries, registrars and new gTLD applicants.

The organization is set to announce “Public Interest Amendments”, a rebadged version of its hugely unpopular proposals for the Registry Agreement and Registrar Accreditation Agreement.

As previously reported, ICANN wants to be able to change both contracts in future, if there’s a “substantial and compelling need”, even if it does not have the majority support of the affected companies.

CEO Fadi Chehade has reportedly indicated that he won’t be budged on the need for some method for ICANN to make emergency changes to the contracts.

And during last night’s new gTLD applicants webinar, he made it clear that the RA and RAA will delay the launch of new gTLDs if registries and registrars cannot agree to ICANN’s terms.

But according to documentation seen by DI today — actually a flowchart of how the amendment process would work — these terms are going to be watered down, giving more power to commercial stakeholders.

Apart from the new Pubic Interest Amendment name, there appear to be three big changes.

First, there would be a way for registrars and/or registries to make a late-stage counter-proposal to the ICANN board if they didn’t like the look of a proposed amendment.

Second, any issues that fell within the so-called “picket fence” — the list of pre-agreed topics for which ICANN is allowed to make binding policy — would have to go into a formal GNSO Policy Development Process first.

Only if the PDP failed to reach consensus would the ICANN board of directors be able to step in and attempt to legislate unilaterally.

A practical effect of that would be to give contracted parties ample opportunity to delay amendments — possibly by years — that they weren’t happy with.

Third, PIAs would only cover changes designed to “ensure competition & consumer choice and promote consumer access to fair business practices” and explicitly “not to change ICANN fees, Consensus Policy Spec., or mechanism to change PIA process”.

This would prevent ICANN unilaterally amending the contract to make its amendment powers even stronger in future, which had been one criticism of the proposed process.

“The board’s ability to introduce an amendment is very tightly defined and limited in scope, so it’s only used in extreme cases and under very strict conditions,” Chehade said last night.

It appears — though I can’t be certain — that ICANN has also decided that the full board of directors, including those with identified conflicts of interest, would be able to participate in votes on PIAs.

That would mean registry and registrar representatives to the board would get to vote on amendments affecting their stakeholder groups.

Chehade is currently explaining all of this to a cautiously optimistic Registry Stakeholder Group on a conference call, and I believe more information is due to be published later this week.

2 Comments Tagged: , , , ,

ICANN: about 274 new gTLD objections filed

Kevin Murphy, March 27, 2013, Domain Policy

There have been roughly 274 formal objections against new gTLD applications, ICANN said last night.

During a webinar with applicants, new gTLD program manager Christine Willet broke down the numbers. There have been:

  • 67 String Confusion Objections — these are of the “your TLD looks like my TLD” variety.
  • 71 Legal Rights Objections — “Your TLD looks like my trademark”
  • 23 Limited Public Interest Objections — “Your TLD infringes human rights”
  • 113 Community Objections — “Your TLD screws over my community”

Willett stressed that the numbers are based on ICANN’s non-comprehensive insight and subject to a couple of caveats.

The number could be higher if ICANN was not copied in on some objections sent to arbitration panels, or lower if the panels throw some out for not passing baseline administrative checks.

Judging by the small number of objections to be revealed by the World Intellectual Property Organization — which is handling trademark disputes for ICANN — most LROs so far are applicant versus applicant.

The International Chamber of Commerce has not yet published any information about Community Objections or Limited Public Interest Objections.

The International Center for Dispute Resolution has only revealed one String Confusion Objection so far, which we reported on a couple weeks ago.

Comment Tagged: , , , , ,

Tucows, Directi and Namecheap to combine .online gTLD bids

Kevin Murphy, March 27, 2013, Domain Registries

Three applicants for the .online gTLD appear to have settled their differences in what I believe is the first public example of new gTLD contention set consolidation.

Tucows, Directi and Namecheap said today that that they plan to “work together to manage the .online registry.” From the press release:

applicants for the same TLDs have begun to compete, negotiate, and, in some cases, join forces to ultimately produce one winning bid.

The first such alliance was revealed today, when domain industry veterans Directi, Tucows and Namecheap announced that they would work together to manage the .online registry.

The companies are of course three of the most successful domain name registrars out there.

The press release does not specify how the combination will be carried out. Under ICANN rules, two of the applicants would have to drop their applications. It’s not possible to resubmit as a joint venture.

It also does not acknowledge that there are three other applicants for .online — Donuts and smaller portfolio applicants Dot Online LLC and I-REGISTRY Ltd — which are not party to the agreement.

5 Comments Tagged: , , , , ,

Chutzpah alert! “Tube” domainer objects to Google’s .tube gTLD bid

Kevin Murphy, March 27, 2013, Domain Registries

Remember the “mystery gTLD applicant” that had promised to campaign against Google’s closed generic gTLD applications?

It turns out the company behind the campaign is actually Latin American Telecom, one of the three applicants for .tube, and that part of its strategy is a Legal Rights Objection.

According to a copy of the LRO kindly provided to DI this week, LAT claims that if Google gets to run .tube it would harm its Tube brand, for which it has a US trademark.

If you haven’t heard of Latin American Telecom, it, despite the name, appears to be primarily a domainer play. Founded in Mexico and based in Pittsburgh, its main claim to fame seems to be owning Mexico.com.

The company says it has also been building a network of roughly 1,500 video sites, all of which have a generic word or phrase followed by “tube.com” in their domains, since 2008.

It owns, for example, the domains IsraelTube.com, MozartTube.com, LabradorTube.com, AmericanWaterSpanielTube.com, DeepSeaFishingTube.com… you get the idea.

They’re all cookie-cutter microsites that pull their video content from Vimeo. Most or all of them appear to be hosted on the same server.

I’d be surprised if some of LAT’s domains, such as BlockbusterTube.com, PlaymateTube.com, FortyNinersTube.com and NascarTube.com, didn’t have trademark issues of their own.

But LAT was also granted a US trademark for the word TUBE almost a year ago, following a 2008 application, which gives it a basis to bring an LRO against Google.

According to its LRO:

The proposed purposes of and registrant limitations proposed for .TUBE by Google demonstrate that the intended purpose of Google’s .TUBE acquisition is to deprive other potential registry operators of an opportunity to build gTLD platforms for competition and innovation that challenge YouTube’s Internet video dominance. It is clear that Google’s intended use for .TUBE is identical to Objector’s TUBE Domain Channels and directly competes with Objector’s pre-existing trademark rights

There’s quite a lot of chutzpah being deployed here.

Would LAT’s ramschackle collection of –tube domains have any meaning at all were YouTube not so phenomenally successful? Who’s leveraging whose brand here, really?

For LAT to win its objection it has to show, among other things, that its TUBE trademark is famous and that Google being awarded .tube would impair its brand in some way.

But the company’s LRO is vague when it come to answering “Whether and to what extent there is recognition in the relevant sector of the public of the sign corresponding to the gTLD”.

It relies surprisingly heavily on its Twitter accounts — which have fewer followers than, for example, DI — rather than usage of its web sites, to demonstrate the success of the TUBE brand.

I don’t think its objection to Google’s .tube application is a sure thing by any stretch of the imagination.

There is a third .tube gTLD applicant, Donuts, but it has not yet received any LROs, according to WIPO’s web site.

1 Comment Tagged: , , , , , , ,

Neustar leading the new gTLD back-end scores so far

Kevin Murphy, March 25, 2013, Domain Registries

New gTLD applications backed by registry service provider Neustar scored the highest results in the first batch of Initial Evaluation results.

All 27 of the applications that have had their IE results revealed by ICANN so far have easily passed the 22 out of 30 points threshold required for a passing score on the technical evaluation.

In most cases, each application had its technical questions answered by the applicant’s chosen back-end provider.

Eight different back-ends are involved in the first 27 bids, some with more applications than others.

Here’s the average score out of 30 for each company.

Back-EndNumber of AppsAverage Score
Neustar529.6
KSregistry129
Demand Media Europe129
Verisign729
ARI Registry Services527.6
Knet427.5
CORE227
CentralNic226

Only Neustar and Verisign scored the full 30 points in an application with their name on it, but their averages were reduced by applications in which they fared less well.

It’s very early days, of course, with the full set of IE results not due to be completely published until August.

We’ll be tracking these scores as more results are released on DI PRO.

6 Comments Tagged: , ,

Directi sells 4,000 .pw domains in first half hour

Kevin Murphy, March 25, 2013, Domain Registries

PW Registry, the Direci unit looking after the .pw registry, said it received orders for 4,000 domain names in its first 30 minutes of general availability today.

Disappointing? It’s certainly not up to the standard of, say, .co, which was well into six figures in the same period when it launched a few years ago.

But .pw’s ambitions weren’t quite as lofty as .co’s. It’s the ccTLD for Palau, and its chosen meaning of “professional web” isn’t nearly as intuitive or valuable as .co’s “company”.

Still, it’s early days, and Directi says it saw a reasonable amount of domainer action during its landrush phase.

Landrush and sunrise period numbers have not been disclosed, but the company said that Apple, Pfizer, Volkswagen and Nokia obtained their trademarks during sunrise.

PW Registry has 110 registrars, including many of the big ones, selling its names.

4 Comments Tagged: , , , ,