Latest news of the domain name industry

Recent Posts

The internet is still working after KSK roll

Kevin Murphy, October 16, 2018, Domain Tech

The first-ever change to the security keys at the top of the DNS tree appears to have been a non-event.

While ICANN received reports of some disruptions after last Thursday’s KSK rollover, the impact appears to have fallen short of the millions of users that had been speculated.

ICANN said yesterday:

After evaluation of the available data, there does not appear to be a significant number of Internet end-users who have been persistently and negatively impacted by the changing of the key.

The few issues that have arisen appear to have been quickly mitigated and none suggested a systemic failure that would approach the threshold (as defined by the ICANN community) to initiate a reversal of the roll. In that context, it appears the rollover to the new Key Signing Key, known as KSK 2017, has been a success.

The KSK, also sometimes called the “trust anchor”, is the ultimate cryptographic key in the chain that secures all DNSSEC queries on the internet.

October 11 was the first time it had been changed since the first version came online in 2010.

While changing the key was broadly considered sound security practice, the roll was delayed by a year after it was discovered that potentially millions of endpoints were using DNS resolvers not properly configured to use the 2017 key.

After much research, outreach and gnashing of teeth, it was decided that the risk posed by rolling the KSK now fell within acceptable parameters of collateral damage.

Experts from the likes of Google and Verisign, and one ICANN director, had urged caution and said perhaps the roll should be delayed further while more data was gathered.

But they were in the minority, ICANN went ahead anyway, and it seems their fears have not come to pass.

The KSK is now likely to be rolled regularly — it could be as little as once every five years, or more frequently.

It also gives ICANN the opportunity to eventually update the system to swap out its current RSA keys for keys based on elliptical curve cryptography, which could reduce the traffic load on the DNS as a whole.

1 Comment Tagged: , , ,

Donuts loses to ICANN in $135 million .web auction appeal

Kevin Murphy, October 16, 2018, Domain Registries

Donuts has lost a legal appeal against ICANN in its fight to prevent Verisign running the .web gTLD.

A California court ruled yesterday that a lower court was correct when it ruled almost two years ago that Donuts had signed away its right to sue ICANN, like all gTLD applicants.

The judges ruled that the lower District Court had “properly dismissed” Donuts’ complaint, and that the covenant not to sue in the Applicant Guidebook is not “unconscionable”.

Key in their thinking was the fact that ICANN has an Independent Review Process in place that Donuts could use to continue its fight against the .web outcome.

The lawsuit was filed by Donuts subsidiary Ruby Glen in July 2016, shortly before .web was due to go to an ICANN-managed last-resort auction.

Donuts and many others believed at the time that one applicant, Nu Dot Co, was being secretly bankrolled by a player with much deeper pockets, and it wanted the auction postponed and ICANN to reveal the identity of this backer.

Donuts lost its request for a restraining order.

The auction went ahead, and NDC won with a bid of $135 million, which subsequently was confirmed to have been covertly funded by Verisign.

Donuts then quickly amended its complaint to include claims of negligence, breach of contract and other violations, as it sought $22.5 million from ICANN.

That’s roughly how much it would have received as a losing bidder had the .web contention set been settled privately and NDC still submitted a $135 million bid.

As it stands, ICANN has the $135 million.

That complaint was also rejected, with the District Court disagreeing with earlier precedent in the .africa case and saying that the covenant not to sue is enforceable.

The Appeals Court has now agreed, so unless Donuts has other legal appeals open to it, the .web fight will be settled using ICANN mechanisms.

The ruling does not mean ICANN can go ahead and delegate .web to Verisign.

The .web contention set is currently “on-hold” because Afilias, the second-place bidder in the auction, has since June been in a so-called Cooperative Engagement Process with ICANN.

CEP is a semi-formal negotiation-phase precursor to a full-blown IRP filing, which now seems much more likely to go ahead following the court’s ruling.

The appeals court ruling has not yet been published by ICANN, but it can be viewed here (pdf).

The court heard arguments from Donuts and ICANN lawyers on October 9, the same day that DI revealed that ICANN Global Domains Division president Akram Atallah had been hired by Donuts as its new CEO.

A recording of the 32-minute hearing can be viewed on YouTube here or embedded below.

Comment Tagged: , , , , , , , , , , , ,

ICANN says it can spend quarter-billion-dollar auction fund however it likes

Kevin Murphy, October 12, 2018, Domain Policy

ICANN can tap into its $236 million new gTLD auction fund whenever it wants, and there’s nothing the community can do about it, according to its board of directors.

The board this week said it has a “legal and fiduciary responsibility” over the money, and would be obliged to spend the cash to meet ICANN’s obligations if it ever needed to.

The statement came in a letter to the leaders of a community working group that this week published a set of preliminary recommendations (pdf) for how the money should be distributed.

The group — a cross-community working group or CCWG — laid out a few options for how the money should be administered, either by ICANN alone or in conjunction with a charitable third party, and distributed.

The money was collected from new gTLD applicants that participated in ICANN’s “last-resort” auctions to settle their contention sets. Over half of the money came from Verisign’s winning bid for .web, which is still being contested.

The CCWG said that the money should be used to:

  • Benefit the development, distribution, evolution and structures/projects that support the Internet’s unique identifier systems;
  • Benefit capacity building and underserved populations, and;
  • Benefit the open and interoperable Internet

But the CCWG could not agree among itself whether ICANN Org or community groups such as the GNSO or GAC should be able to grab some of the cash, which is currently held in a special fund, separated from ICANN’s operational budget.

The group asked the board for its opinion, and the board responded (pdf):

ICANN maintains legal and fiduciary responsibility over the funds, and the directors and officers have an obligation to protect the organization through the use of available resources. In such a case, while ICANN would not be required to apply for the proceeds, the directors and officers would have a fiduciary obligation to use the funds to meet the organization’s obligations.

In other words: it doesn’t matter what rules you put in place, it’s our money and we’re duty-bound to spend it if we have to.

The board added, however, that ICANN Org “currently does not foresee a situation where it would need to apply for the proceeds”.

ICANN is pretty well-funded. It would have to hit hard times indeed before it needed to crack open the auction nest egg.

The board also said that supporting organizations and advisory committees would not be able to apply for funding because they’re not legal entities and wouldn’t pass the due diligence.

The CCWG’s initial report is now open for public comment until November 27.

1 Comment Tagged: , ,

Google abandons its .kid gTLD bid

Kevin Murphy, October 10, 2018, Domain Registries

Google has retreated from the interminable three-way battle for the .kids/.kid gTLDs.

The company this week withdrew its application for .kid, leaving the fight for .kids a two-horse race between Amazon and the not-for-profit DotKids Foundation.

Google’s application was intertwined with the two .kids applications due to a String Confusion Objection, which it won, drawing its bid into contention with DotKids and Amazon.

The contention set was, and arguably still is, due to be settled by an ICANN last-resort auction, but has been repeatedly postponed due to appeals to ICANN by DotKids, which doesn’t think it has the financial clout to beat its rivals.

Most recently, the auction was put on ice again after DotKids asked for ICANN money, then filed a Request for Reconsideration when ICANN refused.

Google’s .kid application had proposed an area for “kid-friendly content”. Registrants would have been vetted in advance of their domains going live to ensure they were established providers of such content.

Comment Tagged: , , , , , , ,

ICANN number two Atallah is new CEO of Donuts

Kevin Murphy, October 9, 2018, Domain Registries

Akram Atallah, head of ICANN’s Global Domains Division, has quit and joined Donuts as its new CEO, DI has learned.

According to multiple sources, Atallah’s last day at ICANN was yesterday.

While neither company has announced the move yet, I gather that ICANN staff were informed by CEO Goran Marby today.

The news comes just a month after private equity firm Abry Partners, which counts former ICANN CEO Fadi Chehade among its partners, acquired Donuts for an undisclosed sum.

While the revolving door between industry and ICANN is pretty much continuous, Atallah is probably the highest-profile example since Kurt Pritz in 2012 and Peter Dengate Thrush in 2011.

As head of ICANN GDD, he was responsible for all things gTLD. Before the creation of the role, he was COO.

He was also interim president and CEO of the organization on two occasions, keeping the seat warm prior to the arrival of Chehade and Marby,

Atallah and Chehade also worked together in their pre-ICANN days in the software industry.

Donuts is of course the largest new gTLD registry in terms of TLDs, with 241 in its stable.

I’ve no word yet on where Bruce Jaffe, Donuts’ current CEO, is going, but I’ll update this post when I do.

Jaffe joined Donuts as chief a little over a year ago, replacing founder Paul Stahura.

Presumably, Jaffe was the turnaround guy and with Donuts’ acquisition secured the new owners figured it was time to hire an ops guy.

UPDATE 2022 UTC: Donuts just issued a press release in which it said that Jaffe will remain a senior adviser during the transition. It also said that Atallah starts in his new job November 12.

UPDATE October 10: ICANN said in a statement overnight that VP of DNS industry engagement Cyrus Namazi will head GDD on an interim basis, with support from CTO David Conrad.

6 Comments Tagged: , ,