If there was any doubt in your mind that Verisign is trying to delay the launch of new gTLDs, its latest letter to ICANN and the Governmental Advisory Committee advice should settle it.
The company has ramped up its anti-expansion rhetoric, calling on the GAC to support its view that launching new gTLDs now will put the security and stability of the internet at risk.
People might die if some strings are delegated, Verisign says.
Among other things, Verisign is now asking for:
- Each new gTLD to be individually vetted for its possible security impact, with particular reference to TLDs that clash with widely-used internal network domains (eg, .corp).
- A procedure put in place to throttle the addition of new gTLDs, should a security problem arise.
- A trial period for each string ICANN adds to the root, so that new gTLDs can be tested for security impact before launching properly.
- A new process for removing delegated gTLDs from the root if they cause problems.
In short, the company is asking for much more than it has to date — and much more that is likely to frenzy its rivals — in its ongoing security-based campaign against new gTLDs.
Verisign has provided one of the most detailed responses to the GAC advice of any ICANN has received to date, discussing how each item could be resolved and/or clarified.
In general, it seems to support the view that the advice should be implemented, but that work is needed to figure out the details.
In many cases, it’s proposing ICANN community working groups. In others, it says each affected registry should negotiate individual contract terms with ICANN.
But much of the 12-page letter talks about the security problems that Verisign suddenly found itself massively concerned about in March, a week after ICANN started publishing Initial Evaluation results.
The letter reiterates the potential problem that when a gTLD is delegated that is already widely used on internal networks, security problems such as spoofing could arise.
Verisign says there needs to be an “in-depth study” at the DNS root to figure out which strings are risky, even if the volume of traffic they receive today is quite low.
It also says each string should be phased in with an “ephemeral root delegation” — basically a test-bed period for each new gTLD — and that already-delegated strings should be removed if they cause problems:
A policy framework is needed in order to codify a method for braking or throttling new delegations (if and when these issues occur) either in the DNS or in dependent systems that provides some considerations as to when removing an impacting string from the root will occur.
While it’s well-known that strings such as .home and .corp may cause issues due to internal name clashes and their already high volume of root traffic, Verisign seems to want every string to be treated with the same degree of caution.
Lives may be on the line, Verisign said:
The problem is not just with obvious strings like .corp, but strings that have even small query volumes at the root may be problematic, such as those discussed in SAC045. These “outlier” strings with very low query rates may actually pose the most risks because they could support critical devices including emergency communication systems or other such life-supporting networked devices.
We believe the GAC, and its member governments, would undoubtedly share our fundamental concern.
The impact of pretty much every recommendation made in the letter would be to delay or prevent the delegation of new gTLDs.
A not unreasonable interpretation of this is that Verisign is merely trying to protect its $800 million .com business by keeping competitors out of the market for as long as possible.
Remember, Verisign adds roughly 2.5 million new .com domains every month, at $7.85 a pop.
New gTLDs may well put a big dent in that growth, and Verisign doesn’t have anything to replace it yet. It can’t raise prices any more, and the patent licensing program it has discussed has yet to bear fruit.
But because the company also operates the primary DNS root server, it has a plausible smokescreen for shutting down competition under the guise of security and stability.
If that is what is happening, one could easily make the argument that it is abusing its position.
If, on the other hand, Verisign’s concerns are legitimate, ICANN would be foolhardy to ignore its advice.
ICANN CEO Fadi Chehade has made it clear publicly, several times, that new gTLDs will not be delegated if there’s a good reason to believe they will destabilize the internet.
The chair of the SSAC has stated that the internal name problem is largely dealt with, at least as far as SSL certificates go.
The question now for ICANN — the organization and the community — is whether Verisign is talking nonsense or not.
The weekly batch of new gTLD Initial Evaluation results has just been published, revealing 81 passes and one failure — the first failure that isn’t a dot-brand.
DOTPAY SA, a Swiss company, only scored 7 out of the necessary 8 points on its financial evaluation and is therefore now categorized as “Eligible for Extended Evaluation”.
That might be bad news for the other .pay applicant, Amazon, which will now have to wait some months for extended evaluation to take place before the contention set can be resolved.
DOTPAY’s .pay bid is the fourth application to fail Initial Evaluation.
The 81 passing applications this week are (links are to DI PRO):
.salon .music .loft .creditunion .careers .polo .vip .homedepot .mrporter .sarl .observer .dance .forsale .blue .game .market .fashion .tour .iwc .george .pink .fox .spiegel .reise kinder .hoteis .nike .arab .dev .diamonds .nico .cloud .law .tickets .photography .pay .channel .java .academy .nexus zippo .plus .enterprises .goog .apartments .supplies .gmbh .krd .fan .company .wow .spot .travelers .love .joburg .exchange .basketball .directory .art .today .money .kitchen .read .jot .vodka .icu .doha .hospital .chat .theguardian .jetzt .capital .natura .camp .protection .wow .gcc .pizza .supply .amex .wed .ott
There are now 514 passing applications. We’re up to 600 in the priority number queue.
After badgering ICANN for a few weeks, I’ve finally got a firm “no comment” on the question of how new gTLD applicant Demand Media managed to pass its background checks.
The question of whether it’s possible for serial cybersquatters to bypass ICANN screening and be awarded new gTLDs just by setting up shell companies is still open, it seems.
As DI and other blogs have been reporting for the past few years, there was a question mark over Demand Media’s eligibility for the new gTLD program due to its history of cybersquatting.
Under ICANN rules, any company that lost three or more UDRP decisions with at least one loss in the last three years would not pass its background screening. The Applicant Guidebook states:
In the absence of exceptional circumstances, applications from any entity with or including any individual with convictions or decisions of the types listed in (a) – (m) below will be automatically disqualified from the program.
m. has been involved in a pattern of adverse, final decisions indicating that the applicant or individual named in the application was engaged in cybersquatting as defined in the Uniform Domain Name Dispute Resolution Policy (UDRP), the Anti-Cybersquatting Consumer Protection Act (ACPA), or other equivalent legislation, or was engaged in reverse domain name hijacking under the UDRP or bad faith or reckless disregard under the ACPA or other equivalent legislation. Three or more such decisions with one occurring in the last four years will generally be considered to constitute a pattern.
Demand Media subsidiary Demand Domains has lost over 30 UDRP cases, most recently in 2011, but its United TLD Holdco subsidiary has sailed through its Initial Evaluations.
Technically, shouldn’t it have failed screening and therefore IE?
Domain Name Wire speculated in November 2010 that ICANN had deliberately introduced loopholes in order to let Demand — and, at the time, Go Daddy — into the new gTLD program.
At that time, ICANN had just removed references to “any person or entity owning (or beneficially owning) fifteen percent or more of the applicant” in the background screening section of the Guidebook.
That might have introduced a loophole allowing subsidiaries of cybersquatters to apply.
But Demand Media seemed to think it was still at risk, asking ICANN in December 2010 to change the background check rules.
ICANN did. In the next version of the Guidebook, published in April 2011, it added the “In the absence of exceptional circumstances” qualifying language.
It’s also possible that this was the loophole that allowed Demand to pass screening.
Judging by the UDRP complaints it was involved in in the past, the company usually argued against the “bad faith” element of the policy. It often said it didn’t know about the complainant’s trademark and/or said it had offered to transfer the domain at no charge.
But more than 30 UDRP panelists didn’t buy that argument and still found against Demand. The company lost far more complaints than it won.
The fact that the company apparently managed to clean its act up a few years ago — not being hit with any complaints since 2011 — suggests that its act wasn’t all that clean to begin with.
Either way, neither ICANN nor Demand wants to talk about how the company passed screening, so I guess we’re still left wondering whether this section of the Guidebook is worth the PDF it’s written on.
The first new gTLD auctions to be held by Innovative Auctions is set to take place on Monday, but we won’t know which applicants took part until after the fact.
Innovative, which is managing the auction process designed by Cramton Associates, told DI it might announce the participants next week, after the auctions are over.
Failing that, we’ll have to infer the winners from which applications are subsequently formally withdrawn from contention with ICANN.
The only companies to publicly announce their participation so far are Donuts and Demand Media — which as partners are obviously not in any contention sets with each other — and .Club Domains.
Donuts has previously announced that it would submit 63 applications to auction, but 17 of those probably won’t go ahead because Uniregistry, which doesn’t like the private auction idea, has declined to take part.
Demand Media’s applicant, United TLD Holdco has committed its bids for .fishing, .green, .mom, .rip and .wow to the auction. Unless Uniregistry has changed its mind, the .mom one won’t be happening.
It also seems unlikely many winning bids will be disclosed.
Under the terms designed by Cramton, if only one applicant in an auction decides it wants to keep the outcome private, the other applicants will be contractually bound to keep schtum.
Private auctions will see money flow to losing applicants, some of which will also face ICANN-managed auctions at a later date. They may not want to reveal their wedge by having their pay-off public knowledge.
The Chinese government-controlled news agency Xinhua has dropped out of the race for the new gTLD .广东 — the local name of Guangdong, China’s most populous province.
The withdrawal clears a path for the only other applicant for the string, Guangzhou Yu Wei Information Technology, to pass more quickly through the ICANN approval process.
Guangzhou Yu Wei is affiliated with Zodiac Holdings, the Cayman Islands-based portfolio applicant founded by James Seng, but it also has backing from the Guangdong provincial government.
As a formally designated Geographic string, government backing is necessary for approval.
Xinhua had not appeared especially enthusiastic about its bid. Its prioritization number of 1772 means it didn’t bother to participate in ICANN’s lottery last December.
Zodiac, on the other hand, took advantage of the IDN bias in the process and wound up with a priority of 79. It passed Initial Evaluation in early April.
The company filed a Community application, but a Community Priority Evaluation will obviously no longer be required. It intends to restrict .广东 to registrants that can prove a local presence.
Zodiac is using .cn registry CNNIC as its back-end registry provider.