Recent Posts
- Strickling says ICANN needs a stronger bottom
- ICM offers free .xxx domains to porn stars
- Nominet confirmed for .wales gTLD bid
- ICANN gets 100 applicants for CEO job
- ARI wins three Aussie geo-gTLD contracts
- M+M registers for another 20 gTLD applications
- Rogue registrar suspended over “stolen” domain
- Watch ICANN approve some new gTLDs
- Tucows co-founder takes hard line on .club gTLD
- CentralNic working with .mls new gTLD bidder
- Details of new gTLD batching process revealed
- Seven ICANN directors have new gTLD conflicts
- ICANN won’t say who rejected Bulgarian IDN
- Thick .com Whois policy delayed
- Twitter typosquatters fined £100,000
- AFL to apply for dot-brand gTLD
- ICM and YouPorn in antitrust settlement talks
- ICANN has 100 new gTLD applicants
- First .xxx cybersquatting complaint filed by porn site
- Parked domain pun wins “Funniest Joke” award
Thick .com Whois policy delayed
ICANN’s GNSO Council has deferred a decision on whether Verisign should have to thicken up the Whois database for .com and its other gTLDs.
A motion to begin an official Policy Development Process on thick Whois was kicked down the road by councilors this afternoon at the request of the Non-Commercial Users Constituency.
It will now be discussed at the Council’s face-to-face meeting in Costa Rica in March. But there were also calls from registries to delay a decision for up to a year, calling the PDP a “distraction”.
Verisign’s .com registry contract and the standard Registrar Accreditation Agreement are currently being renegotiated by ICANN, both of which could address Whois in some way.
Today, all contracted gTLD registries have to operate a thick Whois, except Verisign with its .com, .net, .jobs, etc, where the registrars manage the bulk of the Whois data.
Verisign: our DNS was not hacked
Verisign today reiterated that the recently revealed 2010 security breaches on its corporate network did not affect its production domain name system services.
In a statement, Verisign said:
After a thorough analysis of the attacks, Verisign stated in 2011, and reaffirms, that we do not believe that the operational integrity of the Domain Name System (DNS) was compromised.
We have a number of security mechanisms deployed in our network to ensure the integrity of the zone files we publish. In 2005, Verisign engineered real-time validation systems that were designed to detect and mitigate both internal and external attacks that might attempt to compromise the integrity of the DNS.
The statement followed several news reports that covered the hacks and speculated about the mayhem that could ensue if Verisign’s root or .com zone systems were ever breached.
The information the company has released so far suggests that the attacks were probably against back-office targets, such as user desktops, rather than its sensitive network operations centers.
.com passed 100 million mark in October
Verisign’s .com registry passed the 100 million domains under management milestone in October, the company’s monthly ICANN registry report revealed today.
The exact number of domains under management in .com on October 31 was 100,540,971, having increased by a net 690,243 registrations over the course of the month.
That’s a pretty big deal, but for some reason Verisign didn’t make any announcements about it at the time.
ICANN registry reports, which all contracted gTLDs must submit, are filed three months after the fact, for competitive reasons.
The number of domains in the .com zone file – which is what most people track to follow the fortunes of TLD operators — differs from the total number in the registry.
Domains which do not have name servers or are in special registry status codes such as Pending Delete do not show up in the zone file.
Today, RegistrarStats reports 100,052,046 domains in the .com zone, while HosterStats’ count yesterday was 100,045,666. The registry is likely to have about 1.5 million more, however.
Verisign to apply for a dozen new gTLDs
Verisign plans to apply to ICANN for about 12 new generic top-level domains, according to the executive in charge of registry services.
“We intend to do about 12. Most of those will be transliterations of .com,” senior vice president Pat Kane said on the company’s fourth-quarter earnings call yesterday.
This does not mark a significant change of strategy – the company has been open about its intention to apply for internationalized domain name variants of .com for over a year – but I believe it’s the first time it’s put a number on it.
It will be interesting to see which gTLDs – if any – Verisign will go for which are not .com IDNs.
My view is that it would make more sense for the company to apply for potentially high-volume .com competitors, such as .web or .blog. It has the capacity, the channel and the cash.
Smaller niche gTLDs may not be worth the distraction and risk, and would be better suited to dedicated registries that can concentrate on more focused marketing.
In any event, we’re going to see some major consolidation in the new gTLD space four or five years from now, and Verisign could well vacuum up cash-making registries at that time.
CEO Jim Bidzos also said on the call that Verisign has been retained to provide the registry for “several” dot-brand applications, but that it will not see any material revenue until 2013.
The major event for 2012, he noted, is the renewal of the .com Registry Agreement with ICANN, which expires at the end of November.
Verisign is already “engaging” with ICANN on this, Bidzos said.
This contract will be posted for public comment and sent to the US Department of Commerce for approval.
I’m expecting controversy, particularly if the contract continues to allow Verisign to increase prices.
It’s going to be harder for Verisign to argue that it needs the extra cash to invest in its infrastructure if it’s also leveraging that infrastructure to win lucrative dot-brand contracts.
Fight brewing over thick .com Whois
This year is likely to see a new fight over whether Verisign should be forced to create a “thick” Whois database for .com and its other generic top-level domains.
While Verisign has taken a deliberately ambivalent position on whether ICANN policy talks should kick off, the community is otherwise split on whether a mandatory thick Whois is a good idea.
Currently, only .com, .net, .name and .jobs – which are all managed on Verisign’s registry back-end – use a thin Whois model, in which domain name registrars store their customers’ data.
Other gTLDs all store registrant data centrally. Some “sponsored” gTLD registries have an even closer relationship with Whois data — ICM Registry for example verifies .xxx registrants’ identities.
But in a Preliminary Issue Report published in November, ICANN asked whether it should kick off a formal Policy Development Process that could make thick Whois a requirement in all gTLDs.
In comments filed with ICANN last week, Verisign said:
As the only existing registry services provider impacted by any future PDP on Thick Whois, Verisign will neither advocate for nor against the initiation of a PDP.
…
Verisign believes the current Whois model for .com, .net, .name and .jobs is effective and that the proper repository of registrant data is with registrars — the entities with direct connection to their customers. However, if the community, including our customers, determines through a PDP that “going thick” is now the best approach, we will respect and implement the policy decision.
Thick Whois services make it easier to find out who owns domain names. Currently, a Whois look-up for a .com domain can require multiple queries at different web sites.
While Whois aggregation services such as DomainTools can simplify searches today, they still face the risk of being blocked by dominant registrars.
The thin Whois model can also make domain transfers trickier, as we witnessed just last week when NameCheap ran into problems processing inbound transfers from Go Daddy.
ICANN’s Intellectual Property Constituency supports the transition to a thick Whois. It said in its comments:
Simplifying access to this information through thick Whois will help prevent abuses of intellectual property, and will protect the public in many ways, including by reducing the level of consumer confusion and consumer fraud in the Internet marketplace. Thick Whois enables quicker response and resolution when domain names are used for illegal, fraudulent or malicious purposes.
However, Verisign noted that a thicker Whois does not mean a more accurate Whois database – registrars will still be responsible for collecting and filing customer contact records.
There are also concerns that a thick Whois could have implications for registrant privacy. Wendy Seltzer of the Non-Commercial Users Constituency told ICANN:
Moving all data to the registry could facilitate invasion of privacy and decrease the jurisdictional control registrants have through their choice of registrar. Individual registrants in particular may be concerned that the aggregation of data in a thick WHOIS makes it more attractive to data miners and harder to confirm compliance with their local privacy laws.
This concern was echoed to an extent by Verisign, which noted that transitioning to a thick Whois would mean the transfer of large amounts of data between legal jurisdictions.
European registrars, for example, could face a problem under EU data protection laws if they transfer their customer data in bulk to US-based Verisign.
Verisign also noted that a transition to a thick Whois would dilute the longstanding notion that registrars “own” their customer relationships. It said in its comments:
As recently as the June 2011 ICANN meeting in Singapore, Verisign heard from several registrars that they are still not comfortable with Verisign holding their customers’ data. Other registrars have noted no concern with such a transition
ICANN staff will now incorporate these and other comments into its final Issue Report, which will then be sent to the GNSO Council to decide whether a PDP is required.
If the Council votes in favor of a PDP, it would be many months, if at all, before a policy binding on Verisign was created.
