Latest news of the domain name industry

Recent Posts

NCC sells Open Registry at huge discount

Kevin Murphy, January 6, 2017, Domain Registries

NCC Group has followed through on its promise to divest parts of its domain business, selling the Open Registry collection of companies at a huge discount to the original purchase price.

KeyDrive and a mysterious entity called Terrain.com SA have together acquired the companies for €3.75 million ($3.97 million).

That’s compared to the minimum of £7.9 million ($12 million) NCC originally paid just two years ago.

NCC said in a statement that the sold companies are:

  • Open Registry SA, a registry back-end provider with a handful of new gTLD clients.
  • ClearingHouse for Intellectual Property SA, aka CHIP, which provides software and billing support for the Trademark Clearinghouse.
  • Nexperteam CVBA, a tiny registrar.
  • Sensirius CVBA, the original Open Registry company, a new gTLD consultancy.

Missing from that list is Artemis, the new gTLD registry for .trust, which NCC separately acquired from Deutsche Post for an undisclosed sum in February 2014.

NCC is also keeping hold of its data escrow business, which is widely used by gTLD registries to comply with ICANN rules.

It’s not clear how the sold companies are being divided up between the two buyers.

KeyDrive is the Luxembourg-based holding company for the registrars Key-Systems and Moniker and other domain firms.

Terrain.com appears to belong to EuroDNS chair Xavier Buck, who was chair of Open Registry until NCC bought it, but the domain itself doesn’t seem to resolve right now.

NCC said that €2 million will be paid up front and €1.75 million will be deferred for 18 months.

As .trust opens for sunrise, Artemis dumps .secure bid

Kevin Murphy, December 16, 2014, Domain Registries

Amazon is now the proud owner of the .secure new gTLD, after much smaller competing applicant Artemis Internet withdrew its bid.

Coincidentally, the settlement of the contention set came just yesterday, the day before Artemis took its .trust — which I’ve described as a “backup plan” — to sunrise.

I assume .secure was settled with a private deal. I’ve long suspected Artemis — affiliated with data escrow provider NCC Group — had its work cut out to win an auction against Amazon.

It’s a shame, in a way. Artemis was one of the few new gTLD applicants that had actually sketched out plans for something quite technologically innovative.

Artemis’ .secure was to be a “trust mark” for a high-priced managed security service. It wasn’t really about selling domain names in volume at all.

The company had done a fair bit of outreach work, too. As long ago as July 2013, around 30 companies had expressed their interest in signing up as anchor tenants.

But, after ICANN gave Amazon a get-out-of-jail-free card by allowing it to amend its “closed generic” gTLD applications, it looked increasingly unlikely Artemis would wind up owning the gTLD it was essentially already pre-selling.

In February this year, it emerged that it had acquired the rights to .trust from Deutsche Post, which had applied for the gTLD unopposed.

This Plan B was realized today when .trust began its contractually mandated sunrise period.

Don’t expect many brands to apply for their names during sunrise, however — .trust’s standard registration policies are going to make cybersquatting non-existent.

Not only will .trust registrants have their identities manually vetted, but there’s also a hefty set of security standards — 123 pages (pdf) of them at the current count — that registrants will have to abide by on an ongoing basis in order to keep their names.

As for Amazon, its .secure application, as amended, is just as vague as all of its other former bids for closed, single-registrant generic strings (to the point where I often wonder if they’re basically still just closed generics).

It’s planning to deploy a small number of names to start with, managed by its own intellectually property department. After that, its application all gets a bit hand-wavey.

.secure applicant loses CTO to Yahoo!

Yahoo has reportedly hired a new chief information security officer in the form of Alex Stamos, outspoken CTO of .secure new gTLD applicant Artemis Internet.

The news of Stamos’ departure was first reported by Re/code, citing unnamed sources, a week ago.

Stamos did not respond to a DI request for comment but I gather he’s been flagging up his departure from Artemis on ICANN mailing lists.

According to Re/code, he’s going to be Yahoo’s first CISO for a year.

Stamos’ departure will be a blow for Artemis, which is owned by escrow provide NCC Group. He has been, I think, I pretty good front man for the company over the last couple of years.

I also wonder whether he sensed which way the wind is blowing in the .secure contention set, in which Artemis is in a two-horse race with the much wealthier Amazon.

NCC also recently bought the .trust application from Deutsche Post, which looked a bit to me like a backup plan.

NCC buys .trust new gTLD from Deutsche Post

Kevin Murphy, February 17, 2014, Domain Registries

NCC Group, owner of .secure applicant Artemis, has bought the rights to .trust from Deutsche Post, which has an uncontested bid for the new gTLD but decided it doesn’t want it.

The price tag of the deal was not disclosed.

NCC, which is also one of the two major data escrow providers supporting new gTLD applicants, said in a statement:

Deutsche Post originally obtained the gTLD through ICANN’s new gTLD allocation process during 2013 but has now chosen not to utilise it.

NCC Group will use .trust as the primary vehicle for launching its Artemis internet security service, which aims to create global internet safety through a secure and trusted environment for selected customers.

The Group remains in the contention stage with its application to ICANN for the .secure gTLD. It believes that there will be a benefit in having a number of complementary named gTLDs, all of which offer the same high levels of internet security.

While Artemis has applied for .secure, it’s facing competition from the much richer Amazon.

Its initial hope that Amazon’s bid would be rejected due to the controversy over “closed generics” seems to have been dashed after Amazon was allowed to change its application.

NCC may be characterizing .trust as an “additional” security TLD, but it’s quite possible it will be its “only” one.

Deutsche Post, which as owner of DHL is the world’s largest courier service, has passed Initial Evaluation on .trust but has not yet signed its ICANN contract.

ICANN’s web site still shows Deutsche Post as the applicant for .trust and it’s not clear from NCC’s statement how the transfer would be handled.

Crocker to speak at second gTLD collisions summit

Kevin Murphy, September 28, 2013, Domain Tech

ICANN chair Steve Crocker is among a packed line-up of speakers for an event on Tuesday that will address the potential security risks of name collisions in the new gTLD program.

It’s the second TLD Security Forum, which are organized by new gTLD applicants unhappy with ICANN’s proposal to delay hundreds of “uncalculated risk” applied-for gTLDs.

The first event, held in August, was notable for statements playing down the risk from the likes of Google and Digicert.

While Crocker is scheduled to speak on Tuesday, anyone expecting insight into the ICANN board’s thinking on name collisions is likely to be disappointed.

The title of his talk is “The Current State of DNSSEC Deployment”, which isn’t directly relevant to the issue.

Crocker, due to conflicts of interest protections, is also not a member of ICANN’s New gTLD Program Committee, which is tasked with making decisions about the collision problem.

While Crocker’s views may wind up remaining private, we can’t say the same for Amy Mushahwar and Dan Jaffe, representing the Association of National Advertisers, both of whom are also speaking.

The ANA is firmly in the Verisign camp on this issue, claiming that gTLD name collisions create unacceptable security risks for organizations on the internet.

Also on the line-up for Tuesday are Laureen Kapin of the US Federal Trade Commission and Gabriel Rottman of the American Civil Liberties Union, both of whom could bring new perspectives to the debate.

The TLD Security Forum begins at 9am at the Washington Hilton and Heights Meeting Center in Washington, DC. It’s free to attend and will be webcast for those unable to show up in person.

Vignes joins Artemis

Kevin Murphy, September 24, 2013, Domain Registries

Former OpenRegistry CEO Jean-Christophe Vignes has joined new gTLD applicant Artemis as director of domain operations, according to Artemis.

Artemis, which is one of the hopeful applicants for .secure, said “he will be in charge of building our Registry and Registrar capabilities for .secure”.

Vignes, a lawyer by trade, helped found registry service provider OpenRegistry a few years ago but left in July 2012 to go into private practice in Paris. He formerly worked for EuroDNS.

Artemis still needs to beat Amazon at auction or through some other means if it wants to win .secure, which Amazon wants to operate as a closed generic.

Artemis plans name collision conference next week

Kevin Murphy, August 16, 2013, Domain Tech

Artemis Internet, the NCC Group subsidiary applying for .secure, is to run a day-long conference devoted to the topic of new gTLD name collisions in San Francisco next week.

Google, PayPal and DigiCert are already lined up to speak at the event, and Artemis says it expects 60 to 70 people, many of them from major new gTLD applicants, to show up.

The free-to-attend TLD Security Forum will discuss the recent Interisle Consulting report into name collisions, which compared the problem in some cases to the Millennium Bug and recommended extreme caution when approving new gTLDs.

Brad Hill, head of ecosystem security at PayPal, will speak to “Paypal’s Concerns and Recommendations on new TLDs”, according to the agenda.

That’s notable because PayPal is usually positioned as being aligned with the other side of the debate — it’s the only company to date Verisign has been able to quote from when it tries to show support for its own concerns about name collisions.

The Interisle report led to ICANN recommending months of delay for hundreds of new gTLD strings — basically every string that already gets more daily root server error traffic than legitimate queries for .sj, the existing TLD with the fewest look-ups.

The New TLD Applicants Group issued its own commentary on these recommendations, apparently drafted by Artemis CTO Alex Stamos, earlier this week, calling for all strings except .home and .corp to be treated as low risk.

NTAG also said in its report that it has been discussing with SSL certificate authorities ways to potentially speed up risk-mitigation for the related problem of internal name certificate collisions, so it’s also notable that DigiCert’s Dan Timpson is slated to speak at the Forum.

The event may be webcast for those unable to attend in person, according to Artemis. If it is, DI will be “there”.

On the same topic, ICANN yesterday published a video interview with DNS inventor Paul Mockapetris, in which he recounted some name collision anecdotes from the Mesolithic period of the internet. It’s well worth a watch.

“Risky” gTLDs could be sacrificed to avoid delay

Kevin Murphy, July 20, 2013, Domain Tech

Google and other members of the New gTLD Applicant Group are happy to let ICANN put their applications on hold in response to security concerns raised by Verisign.

During the ICANN 46 Public Forum in Durban on Thursday, NTAG’s Alex Stamos — CTO of .secure applicant Artemis — said that agreement had been reached that about half a dozen applications could be delayed:

NTAG has consensus that we are willing to allow these small numbers of TLDs that have a significant real risk to be delayed until technical implementations can be put in place. There’s going to be no objection from the NTAG on that.

While he didn’t name the strings, he was referring to gTLDs such as .home and .corp, which were highlighted earlier in the week as having large amounts of error traffic at the DNS root.

There’s a worry, originally expressed by Verisign in April and independent consultant Interisle this week, that collisions between new gTLDs and widely-used internal network names will lead to data leakage and other security problems.

Google’s Jordyn Buchanan also took the mic at the Public Forum to say that Google will gladly put its uncontested application for .ads — which Interisle says gets over 5 million root queries a day — on hold until any security problems are mitigated.

Two members of the board described Stamos’ proposal as “reasonable”.

Both Stamos and ICANN CEO Fadi Chehade indirectly criticised Verisign for the PR campaign it has recently built around its new gTLD security concerns, which has led to somewhat one-sided articles in the tech press and mainstream media such as the Washington Post.

Stamos said:

What we do object to is the use of the risk posed by a small, tiny, tiny fraction — my personal guess would be six, seven, eight possible name spaces that have any real impact — to then tar the entire project with a big brush. For contracted parties to go out to the Washington Post and plant stories about the 911 system not working because new TLDs are turned on is completely irresponsible and is clearly not about fixing the internet but is about undermining the internet and undermining new gTLDs.

Later, in response to comments on the same topic from the Association of National Advertisers, which suggested that emergency services could fail if new gTLDs go live, Chehade said:

Creating an unnecessary alarm is equally irresponsible… as publicly responsible members of one community, let’s measure how much alarm we raise. And in the trademark case, with all due respect it ended up, frankly, not looking good for anyone at the end.

That’s a reference to the ANA’s original campaign against new gTLDs, which wound up producing not much more than a lot of column inches about an utterly pointless Congressional hearing in late 2011.

Chehade and the ANA representative this time agreed publicly to work together on better terms.

Artemis signs 30 anchor tenants for .secure gTLD

Artemis, the NCC Group subsidiary applying for .secure, says it has signed up 30 big-name customers for its expensive, high-security new gTLD offering.

CTO Alex Stamos said that the list includes three “too big to fail” banks and three of the four largest social networking companies. They’ve all signed letters of intent to use .secure domains, he said.

He was speaking at a small gathering of customers and potential customers in London yesterday, to which DI was invited on the condition that we not report the name of anyone else in attendance.

Artemis is doing this outreach despite the facts that a) .secure is still in a two-way contention set and b) deep-pocketed online retailer Amazon is the other applicant.

Stamos told DI he’s confident that Artemis will win .secure one way or the other — hopefully Amazon’s single-registrant bid will run afoul of ICANN’s current rethink of “closed generics”.

He expects to launch .secure in the second or third quarter of next year with a few dozen registrants live from pretty much the start.

The London event yesterday, which was also attended by executives from a few household names, was the second of three the company has planned. New York was the first and there’ll soon be one in California.

I’m hearing so many stories about new gTLD applicants that still haven’t figured out their go-to-market strategies recently that it was refreshing to see one that seems to be on the ball.

Artemis’ vision for .secure is also probably the most technologically innovative proposed gTLD that I’m currently aware of.

As the name suggests, security is the order of the day. Registrants would be vetted during the lengthy registration process and the domain names themselves would be manually approved.

Not only will there not be any typosquatting, but there’s even talk of registering common typos on behalf of registrants.

Registrants would also be expected to adhere to levels of security on their web sites (mandatory HTTPS, for example) and email systems (mandatory TLS). Domains would be scanned daily for malware and would have manual penetration testing at least annually.

Emerging security standards would be deployed make sure that browsers would only trust SSL certificates provided by Artemis (or, more likely, its CA partner) when handling connections to .secure sites.

Many of the policies are still being worked out, sometimes in conversation with an emerging “community” of the aforementioned anchor tenants, but there’s one thing that’s pretty clear:

This is not a domain name play.

If you buy a .secure domain name, you’re really buying an NCC managed security service that allows you to use a domain name, as opposed to an easily-copied image, as your “trust mark”.

Success for .secure, if it goes live as planned, won’t be measured in registration volume. I wouldn’t expect it to be much bigger than .museum, the tiniest TLD today, within its first few years.

Prices for .secure have not yet been disclosed, but I’m expecting them to be measured in the tens of thousands of dollars. If “a domain” costs $50,000 a year, don’t be surprised.

Artemis’ .secure would however be available to any enterprise that can afford it and can pass its stringent security tests, which makes it more “open” than Amazon’s vaguely worded closed generic bid.

Other ICANN accredited registrars will technically be allowed to sell .secure domains, but the Registry-Registrar Agreement will be written in such a way as to make it economically non-viable for them to do so.

Overall, the company has a bold strategy with some significant challenges.

I wonder how enthusiastic enterprises will be about using .secure if their customers start to assume that their regular domain name (which may even be a dot-brand) is implicitly insecure.

Artemis is also planning to expose some information about how well its registrants are complying with their security obligations to end users, which may make some potential registrants nervous.

Even without this exposure, simply complying appears to be quite a resource-intensive ongoing process and not for the faint-hearted.

However, that’s in keeping with the fact that it’s a managed security service — companies buy these things in order to help secure their systems, not cover up problems.

Stamos also said that its eligibility guidelines are being crafted with its customers in such a way that registrants will only ever be kicked out of .secure if they’re genuinely bad actors.

Artemis’ .secure is a completely new concept for the gTLD industry, and I wouldn’t like to predict whether it will work or not, but the company seems to be going about its pre-sales marketing and outreach in entirely the correct way.

Demand Media slates GAC’s new gTLDs demands

Kevin Murphy, May 9, 2013, Domain Policy

Demand Media has become the first new gTLD applicant to put its head above the parapet and tell ICANN that its latest batch of Governmental Advisory Committee advice is unworkable.

While its comment on the GAC’s Beijing communique is very diplomatically worded, it’s obvious that Demand reckons most of the “safeguard” advice it contains would be difficult, if not impossible, to implement.

The company has urged ICANN to refuse to adopt the advice, saying:

the spirit and actual letter of the GAC Advice related to these additional safeguards comes in a manner and form that is completely antithetical and contrary to ICANN’s bottom-up, multi-stakeholder, consensus-driven policy development process. Because the proposed safeguards, if implemented, would effectively change how new gTLDs are managed, sold, distributed, registered, operated, and used in the marketplace, the GAC Advice is tantamount to making “top-down,” dictatorial, non-consensus, policy which undermines the entire ICANN model. If ICANN chose to adopt any one of these three safeguards, ICANN itself would lose all legitimacy.

Demand seems to agree with many of the points raised in this DI post from a few weeks ago related to the GAC’s demand that hundreds of new gTLD registries should compel their registrants to stick to data security standards when they handle sensitive financial or healthcare data.

The GAC’s advice is extremely broad here and pays scant attention to the innumerable implementation questions raised. As such, Demand says in its comment (filed by applying subsidiary United TLD Holdco):

United TLD believes applicable laws and recognized industry standards should be developed and implemented by appropriate legislative, law enforcement and industry expert bodies and should not be developed by the registry operator.

It also takes issue with the GAC’s demand for registry operators to “establish a working relationship with the relevant regulatory body including developing a strategy to mitigate abuse.”

The company points out that many TLDs listed in the Beijing communique will have multiple uses, and even if there is a regulatory body for a subsection of registrants, it may not cover all.

For example, should a software engineer (an unregulated profession) have to agree to abide by rules developed for civil engineers when they register a .engineer domain name?

it would be inappropriate, and impossible, to find a “relevant regulatory body” with whom to establish a relationship related to the use of .ENGINEER. Additionally, what if the relevant regulatory body simply declined to work with a registry operator or does not respond to requests for collaboration?

The Demand comment is full of examples of problems such as this.

In broader terms, however, the registrar and applicant is utterly opposed to the GAC’s insistence that “certain” unspecified gTLDs representing regulated sectors should be forced, in effect, to transform into tightly restricted sponsored gTLDs.

The GAC wants these applicants to forge tight links with regulatory and self-regulatory bodies and vet each registrant’s credentials before allowing domains to be registered.

Demand said:

applicants, including United TLD, submitted their new gTLD applications believing that that they would be operating, managing and distributing generic TLDs. These three Safeguards completely change the nature of the new TLDs from being generic and widely available, to being “sponsored” TLDs restricted only to those individuals who must prove their status or credentials entitling them to register domain names with certain extensions. These three Safeguards are patently adverse to the core purpose of the new gTLD program and ICANN’s mission generally which is to promote consumer choice and competition.

While Demand is the first application to slam the GAC advice as a whole (a few others have submitted preliminary comments on specific subsets of advice), I’m certain it won’t be the last.

That said, .secure applicant Artemis Internet submitted what is possibly the most amusing example of “sucking up” I’ve ever seen in an ICANN public comment period.

The company actually requests to be added to the list of strings covered by the GAC advice on the grounds that its application was so gosh-darn wonderful it already planned to do all that stuff anyway.

I expect, by the time the comment period closes next Tuesday the prevailing mood from applicants will be more Demand and less Artemis.

  • Page 1 of 2
  • 1
  • 2
  • >