Latest news of the domain name industry

Recent Posts

VeriSign launches free cloud domain security service

Kevin Murphy, December 2, 2010, Domain Tech

VeriSign is to offer registrars a hosted DNSSEC signing service that will be free for names in .com and the company’s other top-level domains.

The inventively named VeriSign DNSSEC Signing Service offloads the tasks associated with managing signed domains and is being offered for an “evaluation period” that runs until the end of 2011.

DNSSEC is an extension to DNS that allows domains to be cryptographically signed and validated. It was designed to prevent cache poisoning attacks such as the Kaminsky Bug.

It’s also quite complex, requiring ongoing secure key management and rollover, so I expect the VeriSign service, and competing services, will be quite popular among registrars reluctant to plough money into the technology.

While some gTLDs, including .org, and dozens of ccTLDs, are already DNSSEC-enabled, VeriSign doesn’t plan on bringing the technology online in .com and .net until early next year.

The ultimate industry plan is for all domain names to use DNSSEC before too many years.

One question I’ve never been entirely clear on was whether the added costs of implementing DNSSEC would translate into premium-priced services or price increases at the registrar checkout.

A VeriSign spokesperson told me:

The evaluation period is free for VeriSign-managed TLDs and other TLDs. After that period, the VeriSign-managed TLDs will remain free, but other TLDs will have $2 per zone annual fee.

In other words, registrars will not have to pay to sign their customers’ .com, .net, .tv etc domains, but they will have to pay if they choose to use the VeriSign service to sign domains in .biz, .info or any other TLD.

Comment Tagged: , , , ,

.CO publishes domain seizure policy

Kevin Murphy, December 1, 2010, Domain Registries

.CO Internet reserves the right to shut down your .co domain name if you’re being naughty.

That’s pretty much what the company has said today with the announcement of its Rapid Domain Compliance Process.

the Rapid Domain Compliance Process gives the .CO Registry the ability to quickly lock, cancel, transfer or take ownership of any .CO domain name, either temporarily or permanently, if the domain name is being used in a manner that appears to threaten the stability, integrity or security of the .CO Registry, or any of its registrar partners – and/or that may put the safety and security of any registrant or user at risk.

While the company has not published full details of how the system works, it seems to be based on security monitoring carried out by Neustar, the registry’s back-end provider, rather than a complaints-driven procedure.

Verboten activities include, as you might expect given .co’s vulnerability to typos, phishing, as well as distributing malware and child pornography.

What’s surprising about this is that .CO Internet is being “proactive” about shutting down sites, rather than waiting to receive complaints to its abuse@ address.

While the announcement is undoubtedly good for the registry’s corporate responsibility image, it also has the potential to backfire horribly if mistakes are made.

Initiatives to block web sites considered security risks almost always lead to false positives.

Even when genuinely criminal sites are taken down, it can lead to loud (if spurious) claims of “censorship”, as we discovered this week with the .com seizures in the US – and they had a court order.

.CO Internet’s policy does not explicitly place piracy or selling counterfeit goods on its naughty list, but it doesn’t rule them out either.

Not to be too cynical, but I give it six months before the first “seized” domain owner cries foul.

2 Comments Tagged: , ,

Porn industry “ready for war” with .xxx

Kevin Murphy, December 1, 2010, Domain Registries

The Free Speech Coalition and ICM Registry are poised to do battle over the .xxx top-level domain at next week’s ICANN meeting in Cartagena, Colombia.

The FSC, which has opposed the porn-only domain for years, is trying to rally its troops with a flyer declaring it’s “Ready For War”, illustrated with a photograph apparently of Cartagena’s battlements.

(Apropos, really, given the city’s history fighting off the British and ICM’s habit of recruiting Brits for key positions.)

The FSC said on its blog:

the majority of adult Internet business owners and webmasters do not support being categorized in an Internet ghetto that will cost them millions in extra fees annually and also make it easier for anti-adult entities to censor and block their sites.

The trade group will be represented at the meeting by executive director Diane Duke and chair Jeffrey Douglas.

But ICM will have them out-gunned almost 10-to-1. President Stuart Lawley tells me the company is sending 19 people to the meeting.

Discussion of the .xxx TLD is on the ICANN board’s agenda for its meeting Friday December 10. I think it’s quite likely to be approved at that time.

The main stumbling block for ICM is ICANN’s Governmental Advisory Committee, which has expressed reservations about the domain over the years and is firmly opposed to “controversial” TLDs.

Which way the vote swings will depend greatly on what the GAC has to say, and how the power struggle it’s currently engaged in with ICANN pans out.

Here’s part of the FSC’s flyer.

Free Speech Coaltion declares war

Comment Tagged: , , , , ,

.SO extends sunrise, delays landrush

Kevin Murphy, November 30, 2010, Domain Registries

.SO Registry, the company behind the newly launched Somalian top-level domain, has added an extra month to its sunrise period and delayed its landrush accordingly.

The trademark-holders-only sunrise was due to run for the month of November. Instead, it will now end December 31.

The registry said on Thursday that the changes were made “due to the high demand” for sunrise registrations.

The landrush, which will be open to all, is now scheduled to launch January 11.

10 Comments Tagged: , , ,

File-sharers try to create .p2p domain

Kevin Murphy, November 30, 2010, Domain Registries

A move to create a .p2p top-level domain outside of the regular DNS root is under way.

Following the outcry over the US government’s seizure of 82 .com domain names this weekend, a group of coders have decided to create a namespace not overseen by ICANN (which had nothing to do with it).

It’s not entirely clear to me how many projects have launched.

There’s a blog over here that talks about a “distributed DNS” that would be “decentralized”, but this new wiki seems to be limited to the idea of launching .p2p as a TLD.

(Interestingly, dot-p2p.org appears to have been registered several days prior to the weekend’s domain name seizures)

The .p2p project plans to create an application that would intercept all DNS requests for .p2p domains and route them via a peer-to-peer network rather than the user’s regular DNS servers.

This presumably means that the entire .p2p zone file could wind up being stored on endpoints, which sounds like a scalability challenge to me.

More problematic is the the issue of “decentralization”, which is of course critical when you’re talking about trustworthy DNS. It can be summed up in this sentence:

“Hello, I’m bankofamerica.com.”

If anybody can claim to own any domain name, you need to be able to figure out who’s telling the truth.

The .p2p initiative seems to be dealing with this by, um, centralizing control over .p2p domain assignments to a free “registrar” at nic.p2p.

To prevent warehousing, registrants would need to prove they already own the string in another TLD in order to register the equivalent .p2p domain.

The project is obviously in its very early stages, as demonstrated by this wiki page, which tries to figure out the problem of decentralization using some kind of trust/voting system.

Here’s an example of the lack of thought that seems to have gone into it so far:

A small conflict, not malicious

1. Alice assigns fbi.p2p -> 1.1.1.1.
2. Bob propagates the assignment to his node, because he trusts Alice.
3. Dave assigns fbi.p2p -> 2.2.2.2. Conflict created.
4. Carol sees the conflict and:
– Decides to just follow the decision of her trustees and assigns fbi.p2p -> 2.2.2.2, or
– Does not create any assignment. There will be a warning and she will try to work out the problem with others.
5. Everyone will try to agree on a solution.

The page also currently includes this beauty:

Botnet-driven attack

1. Chuck owns a botnet and uses 10^6+ zombies to game the system.
2. Shitload of fake request need to be disproved
3. …
4. Problem? :U

The project seems like a heck of a lot of wheel-reinventing in order to solve a problem that doesn’t exist.

1 Comment Tagged: , , , , ,