ICANN has stepped up the pace of its Initial Evaluation results schedule, this evening publishing the results of 92 new gTLD applications.
Applications for the following strings have passed IE this week:
.fishing, .casa, .gop, .home, .love, .budapest, .book, .kiwi, .llc, .iselect, .audible, .wedding, .cpa, .earth, .delivery, .tickets, .msd, .neustar, .ski, .lease, .salon, .monster, .immo, .oldnavy, .pin, .design, .pets, .berlin, .eco, .movistar, .rocher, .graphics, .art, .cam, .health, .wien, .technology, .pioneer, .lancia, .reviews, .grainger, .news, .deals, .mov, .solutions, .genting, .pizza, .smile, .hotmail, .pramerica, .memorial, .music, .icbc, .media, .law, .travelchannel, .akdn, .spot, .game, .wedding, .ltd, .merck, .llc, .tickets, .nyc, .lawyer, .aws, .mrmuscle, .poker, .ltd, .realestate, .fujixerox, .microsoft, .realty, .kim, .chesapeake, .gifts, .flowers, .caravan, .mini, .band, .autos, .afamilycompany, .review, .fashion, .shop, .city, .gallery, .toray, .youtube, .kindle and .now.
There were no failures, neither have there been any withdrawals this week.
This week’s batch is notable for including over a dozen applications with Minds + Machines back-ends, which had been delayed in some cases for over a month.
It also contains the first “corporate identifier” strings to pass.
ICANN’s evaluators have now passed 433 applications and failed three. We’re up to priority number 500 in the publication running order.
Bill Sweetman, who recently resigned as head of Tucows’ domain portfolio business, has reemerged with his own “boutique” consulting firm, Name Ninja.
Sweetman said in a press release that the new company “will focus on domain name acquisition (buyer broker), domain name rescue, domain name protection, corporate domain name strategy, and domain name portfolio management.”
He also hopes to help new gTLD registries with their premium name allocation strategies.
You can find the new firm at NameNinja.com.
PimpRoll, a pornography publisher and owner of porn.com, has bought the domain name porn.xxx from registry manager ICM Registry, it has just been announced.
The domain is already live. The site appears to be distinct from porn.com, but PimpRoll said it plans to build another “tube” site there.
The price of the domain was not disclosed, but PimpRoll is known to have paid $9.5 million for its .com address.
I’d guess we’re talking about low six figures for the .xxx, which was reserved by ICM as a “premium” name.
ICM said in a press release that the buyer will also automatically qualify for porn.sex, porn.porn and porn.adult under ICM’s Grandfathering Program, should it be awarded those gTLDs by ICANN.
ICANN has set up a study into whether certain applied-for new gTLD strings pose a security risk to the internet, admitting that some gTLDs may be rejected as a result.
Its board of directors on Saturday approved new research into the risk of new gTLD clashes with “internal name certificates”, saying that the results could kill off some gTLD applications.
In its rationale, the board stated:
it is possible that study might uncover risks that result in the requirement to place special safeguards for gTLDs that have conflicts. It is also possible that some new gTLDs may not be eligible for delegation.
Internal name certificates are the same digital certificates used in secure, web-based SSL transactions, but assigned to domain names in private, non-standard namespaces.
Many companies have long used non-existent TLDs such as .corp, .mail and .home on their private networks and quite often they obtain SSL certs from the usual certificate authorities in order to enable encryption between corporate resources and their internal users.
The problem is that browsers and other applications on laptops and other mobile devices can attempt to access these private namespaces from anywhere, not only from the local network.
If ICANN should set these TLD strings live in the authoritative DNS root, registrants of clashing domain names might be able to hijack traffic intended for secure resources and, for example, steal passwords.
That’s obviously a worry, but it’s one that did not occur to ICANN’s Security and Stability Advisory Committee until late last year, when it immediately sought out the help of the CA/Browser Forum.
It turned out the the CA/Browser forum, an alliance of certificate authorities and browser makers, was already on the case. It has put in new rules that state certificates issued to private TLDs that match new gTLDs will be revoked 120 days after ICANN signs a contract with the new gTLD registry.
But it’s still not entirely clear whether this will sufficiently mitigate risk. Not every CA is a member of the Forum, and some enterprises might find 120 day revocation windows challenging to work with.
Verisign recently highlight the internal certificate problem, along with many other potential risks, in an open letter to ICANN.
But both ICANN CEO Fadi Chehade and the chair of SSAC, Patrick Falstrom, have said that the potential security problems are already being addressed and not a reason to delay new gTLDs.
The latest board resolution appears to modify that position.
The board has now asked CEO Fadi Chehade and SSAC to “consider the potential security impacts of applied-for new-gTLD strings in relation to this usage.”
The Root Server Stability Advisory Committee and the CA/Browser Forum will also be tapped for data.
While the study will, one assumes, not be limited to any specific applied-for gTLD strings, it’s well known that some strings are more risky than others.
The root server operators already receive vast amounts of erroneous DNS traffic looking for .home and .corp, for example. If any gTLD applications are at risk, it’s those.
There are 10 remaining applications for .home and five for .corp.
ICANN has approved a new UDRP resolution provider, the first to be based in the Arab region, despite the objections of domainers.
The Arab Center for Dispute Resolution will now be able to service UDRP complaints. But it won’t be bound to an ICANN contract, as had been demanded by the Internet Commerce Association and others.
The ACDR was approved by the ICANN board last week, almost three years after it originally applied for the privilege.
The board said in its rationale that the move would be good for geographic diversity and that its rigorous community review process highlighted community accountability.
On the issue of UDRP provider contracts, it merely noted:
commenters suggested that ICANN develop contracts with each of its UDRP providers as a means to require uniformity among providers. Contracts have never been required of UDRP providers.
the proposal now includes an affirmative recognition that if ICANN imposes further requirements on providers, the ACDR will follow those requirements
The ACDR will come as a knock to the ICA, which recently celebrated the fact that ICANN intends to have formal contracts with providers of Uniform Rapid Suspension services.