Latest news of the domain name industry

Recent Posts

ICANN Brussels trending topics: security and control

Kevin Murphy, June 21, 2010, Domain Policy

Security and politicking over control of the domain name system’s critical functions emerged as key memes during the opening ceremony of ICANN’s 38th public meeting this morning, here in Brussels.

In a speech that addressed a few controversial topics, ICANN president Rod Beckstrom responded unapologetically to those who had criticised the fairly alarmist tone of his remarks about DNS security at ICANN 37, three months ago.

Directly addressing his Nairobi comments, Beckstrom said:

You may disagree with what I said, and openness to different viewpoints is what makes our community strong. Some have asked why I said what I did. Simple. I said it because I believe it is the truth. And more than twenty years of experience in risk management have taught me that in addressing highly complex systems, it is better to be more concerned about risk than less.

The ccTLD constituency – led by .uk and .au – had been concerned about Beckstrom’s warning in Nairobi, which was made at a meeting of the Governmental Advisory Committee, because they risked giving governments reason to interfere with their country’s ccTLD.

Beckstrom’s keynote addressed the risk of too much government control over the DNS, embodied currently in rumblings about another International Telecommunications Union power grab, with a call to action for all those who support ICANN’s model.

We must face the fact that governments control these institutions. Given the serious proposals for an alternative to our bottom-up, multi-stakeholder model, we must redouble our efforts to support it if we are to protect the global public interest. All our stakeholders must step up to the plate and defend our common interest.

We will of course work closely with the Governmental Advisory Committee. But we need the active involvement of all stakeholders. We need your help, through every means available to you, to counter the misinformation and ensure that governments understand what is at stake when these issues are debated in the UN General Assembly later this year.

Beckstrom’s sentiments on security were echoed by both European Council President Herman Van Rompuy and, in a recorded address, European Commissioner for competition Neelie Kroes.

Kroes, in particular, seemed keen to marry the ideas of security risks and control over the internet’s crucial policy-making functions.

I am hopeful that the expiry of the IANA contract next year will be turned into an opportunity for more international cooperation servicing the global public interests.

But don’t misunderstand me. The internet’s day to day functioning works well, and I’m the first to say that if it isn’t broken don’t fix it. We all have an interest that this wonderful platform for innovation, entrepreneurship and free expression works perfectly well at a technical level. It is a great adventure that must continue to flourish. Yet, does it mean all is well in the cyber world?

Take the issue of security and resilience. We need to fight against spam, identity theft, phishing and other evolving types of crime on the internet. Both the public and private sectors have a joint obligation to act. And that approach has to go hand in hand with ensuring the internet itself is not vulnerable to any large-scale failure, whether as a result of an accident of a deliberate attack.

As I type, Beckstrom is hosting a panel discussion with Whit Diffie, Paul Mockapetris, Steve Crocker and Dan Kaminsky on DNS vulnerabilities in front of a packed audience.

Comment Tagged: , , , , , , , ,

The ICANN Brussels schwag bag – full details

Kevin Murphy, June 20, 2010, Gossip

I’ve just landed at ICANN 38, in the really rather lovely setting of the Mont des Arts in Brussels.

Either I’m lost, or it’s a bit quiet at the moment, so I thought I’d get the most important news out of the way first – what’s in the schwag bag?

A heck of a lot more than the last ICANN meeting I attended, in Mar Del Plata, Argentina three five years ago.

Consider this a disclosure statement – I am now forever beholden to all of these companies, in no particular order:

  • T-shirt (Hanes) from ICANN.
  • T-shirt (Fruit of the Loom) from RegistryPro.
  • Empty Belgian chocolate bag from Iron Mountain (visit the booth for the choccie, presumably).
  • Fan with party invite printed on it from GMO (dotShop).
  • Pen from .CO Internet.
  • Keyring (foam) from
  • Pen from
  • Belgian chocolate box (full) from Centr.
  • Keyring (metal) from PIR (slogan: “”)
  • Badge/button (small) from .quebec.
  • Badge/button (huge) from ICM Registry (slogan: “Yes to .XXX”)
  • Bumper sticker from .quebec.
  • Notebook from PIR (.org “Celebrating 25 years”)
  • Playing cards (one-way backs) from Ausregistry.
  • “Multi-purpose retractable lock” from SIDN.
  • USB Flash drive (4GB) from Afnic.
  • Notebook from .eu.
  • A good-sized tree’s worth of flyers, booklets and sales pitches from the meeting’s sponsors – very strong contingent of new TLD players and consultancies.
  • The bag itself is sponsored by Afilias.

I heard a rumor that ICM was giving away .xxx vuvuzelas, but if they were they appear to have already run out.

Comment Tagged: , , , sold at a $65 million loss has been acquired by web hosting company for $135 million, substantially less than the $200 million Vector Capital paid for it five years ago. said the acquisition will help it access new small business customers for lead generation, to cross-sell its existing products.

The company’s customer base will increase by over 400% to more than one million customers, said. The combined firm will have annual revenue of $180 million. was one of the first five ICANN-accredited registrars. It failed as a public company, and after years of financial wrangling was finally taken private by Vector in 2005.

Vector specializes in buying up troubled companies and turning them around, but it doesn’t appear to have increased the value of this particular asset over the last five years.

7 Comments Tagged: , , ,

Will ICANN punt .xxx in Brussels?

Is ICANN set to delay approval of the proposed .xxx top-level domain – again – in Brussels?

That’s my reading of ICANN’s latest document concerning ICM Registry’s long-running and controversial battle for a porn-only TLD.

This week, ICANN submitted its summary of the public comment period that ran to May 10. It’s a fair bit shorter than the one Kieren McCarthy compiled for ICM last month.

As usual, it’s written in a fairly neutral tone. But, if you’re feeling conspiratorial, the mask does slip on occasion, perhaps giving a sense of where the .xxx application could head next.

The ICANN summary occasionally breaks from reporting what a commenter actually said in order to highlight a potential problem they did not address.

Example (my emphasis):

Only two commenters directly addressed the question of further interaction with the Governmental Advisory Committee (GAC) on the .XXX sTLD Application. Both of those commenters were against seeking any further input from the GAC outside of any public comment period. Neither of these commenters – nor any other – addressed the potential violation of the ICANN Bylaws that could result from the Board’s failure to properly consider the advice of the GAC

This suggests, to me, that the ICANN board will be receiving advice to the effect that further GAC input needs to be forthcoming before it can move forward with .xxx.

If this is the case, the GAC might have to produce some advice before next Friday’s board meeting if ICM has any hope of getting back around the negotiating table prior to Cartagena in December.

That’s not the only reason to believe ICANN may punt .xxx again, however. Elsewhere in the report, we read (my emphasis again):

For those in favor of proceeding with the .XXX sTLD Application, many created an alternative option – that ICM and ICANN should proceed to a contract right away. There was substantial discussion on this point in the ICM submissions. Few commenters addressed the technical realities identified within the Process Report ‐ that prompt execution of the agreement negotiated in 2007 is not feasible.

The Process Report referenced says that it is not possible to go straight into contract talks because ICM first applied for .xxx more than six years ago.

This has been a bone of contention. ICM points to .post, which was applied for at the same time as .xxx and only approved late last year, as proof that the passage of time should be no barrier.

But ICANN president Rod Beckstrom doesn’t buy that comparison. He wrote to ICM (pdf) at the end of March noting that .post was backed by the International Postal Union, whereas .xxx is “sponsored” by IFFOR, an organization created by ICM purely to act as its sponsor.

In that letter, Beckstrom talks about due diligence to make sure ICM and IFFOR still satisfy financial and technical criteria, and a review of whether .xxx “can still satisfy the requisite sponsorship criteria”.

I’ll admit that I’m breaking out the crystal ball a bit here, and I’ve been wrong before, but I don’t think it’s looking great for ICM in Brussels.

4 Comments Tagged: , , , , , ,

ICANN creates DNSSEC root keys

Kevin Murphy, June 17, 2010, Domain Tech

ICANN took the penultimate step towards adding DNSSEC to the root of the domain name system, during in a lengthy ceremony in Virginia yesterday.

The move means we’re still on track to have the DNSSEC “trust anchor” go live in the root on July 15, which will make end-to-end validation of DNS answers feasible for the first time.

DNSSEC is an extension to the DNS protocol that enables resolvers to validate that the DNS answers they receive come from the true owner of the domain.

Yesterday, ICANN generated the Key Signing Key for the root zone. That’s one of two keys required when adding DNSSEC to a zone.

The KSK is used to sign the DNSKey record, the public half of a key pair used to validate DNS responses. It has a longer expiration date than the Zone Signing Key used to sign other records in the zone, so its security is more important.

The videotaped ceremony, held at a facility in Culpeper, Virginia, was expected to take six hours, due to a lengthy check-list of precautions designed to instil confidence in the security of the KSK.

ICANN said:

During the ceremony, participants were present within a secure facility and witnessed the preparations required to ensure that the so-called key-signing-key (KSK) was not only generated correctly, but that almost every aspect of the equipment, software and procedures associated with its generation were also verified to be correct and trustworthy.

Ten hand-picked independent observers were present to bear witness.

ICANN expects to perform the ceremony four times a year. The second will be held at a backup facility in California next month.

Comment Tagged: , , , ,