Latest news of the domain name industry

Recent Posts

Should .com get a thick Whois?

Kevin Murphy, September 23, 2011, Domain Registries

The ICANN community has taken another baby step towards pushing VeriSign into implementing a “thick” Whois database for .com and .net domain names.

The GNSO Council yesterday voted to ask ICANN to prepare an Issue Report exploring whether to require “all incumbent gTLDs” to operate a thick Whois. Basically, that means VeriSign.

The .com and .net registries currently run on a “thin” model, whereby each accredited registrar manages their own Whois databases.

Most other gTLDs today run thick registries, as will all registries approved by ICANN under its forthcoming new gTLDs program.

The thinness of .com can cause problems during inter-registrar transfers, when gaining and losing registrars have no central authoritative database of registrant contact details to rely upon.

In fact, yesterday’s GNSO vote followed the recommendations of a working group that decided after much deliberation that a thick .com registry may help reduce bogus or contested transfers.

Trusting registrars to manage their own Whois is also a frequent source of frustration for law enforcement, trademark interests and anti-spam firms.

Failure to maintain a functional web-based or port 43 Whois interface is an often-cited problem when ICANN’s compliance department terminates rogue registrars.

Now that an Issue Report has been requested by the GNSO, the idea of a thick .com moves closer to a possible Policy Development Process, which in turn can create binding ICANN consensus policies.

There’s already a clause in VeriSign’s .com registry agreement that gives ICANN the right to demand that it creates a centralized Whois database.

Switching to a thick model would presumably not only transfer responsibility to VeriSign, but also cost and liability, which is presumably why the company seems to be resisting the move.

Don’t expect the changes to come any time soon.

Writing the Issue Report is not expected to be a priority for ICANN staff, due to their ongoing chronic resource problems, and any subsequent PDP could take years.

The alternative – for ICANN and VeriSign to come to a bilateral agreement when the .com contract comes up for renewal next year – seems unlikely given that ICANN did not make a similar requirement when .net was renegotiated earlier this year.

VeriSign to raise .com and .net prices again

VeriSign has announced price increases for .com and .net domain name registrations.

From January 15, 2012, .com registry prices will increase from $7.34 to $7.85 and .net fees will go up from $4.65 to $5.11.

That’s a 10% increase for .net and a 7% increase for .com, the maximum allowable under its registry agreements with ICANN.

As ever, registrants have six months to lock down their domains at current pricing by renewing for periods of up to 10 years.

The last time VeriSign raised prices, also by 7% and 10%, the higher prices became effective a year ago, July 2010.

VeriSign’s contract for .net was renewed last month after it was approved by the ICANN board of directors.

Its .com contract comes up for renewal next year.

Feds seize billion-dollar poker domains

Kevin Murphy, April 15, 2011, Domain Policy

Five domain names associated with online poker sites have been seized by the FBI as part of an investigation that has also seen 11 people indicted.

The principals of PokerStars, Absolute Poker and Full Tilt Poker, along with third-party “payment processors”, stand accused of engaging in a massive money laundering scheme in order to accept billions of dollars of payments from American gamblers in violation of US laws.

The charges carry possible maximum sentences of between five and 30 years in prison, along with substantial monetary fines. Two men have been arrested, a third is due to be arraigned, and the remainder are currently outside of the US, according to a press release (pdf).

The US Attorney for the Southern District of New York said five domain names have been seized by the FBI in connection with the prosecutions.

It’s not yet clear which domains have been seized.

From where I’m sitting in London, absolutepoker.com already shows an FBI warning banner, but pokerstars.com and fulltiltpoker.com both resolve normally. I may be receiving cached DNS data.

Blogger Elliot Silver, sitting behind a resolver on the other side of the pond, reports that ub.com is among the seized domains.

Unlike previous recent seizures, which were carried out by the US Immigration and Customs Enforcement agency, this time the FBI appears to be the responsible agency.

And this time, these aren’t two-bit file-sharing forums or Chinese knock-off merchandise sites, we’re talking about businesses that are perfectly legal in many jurisdictions, clearing billions in revenue.

But according to US Attorney’s charges, the companies carried out an elaborate plan to cover up the sources of their revenue through third parties and phoney bank accounts.

The companies are even alleged to have made multi-million dollar investments in failing banks in order to get them to turn a blind eye to the illicit gambling activities.

It appears that the FBI went straight to the .com registry, VeriSign, as some of the affected domains appear to be registered through UK-based corporate registrar Com Laude.

If you’re wondering whether this is yet another confirmation that all .com domains are subject to US jurisdiction, this is your takeaway sentence, from Manhattan US Attorney Preet Bharara:

Foreign firms that choose to operate in the United States are not free to flout the laws they don’t like simply because they can’t bear to be parted from their profits.

The suits seek $3 billion in allegedly ill-gotten gains to be returned.

Domain security arrives in .com

Kevin Murphy, April 1, 2011, Domain Tech

VeriSign announced late yesterday that it has fully implemented DNSSEC in .com, meaning pretty much anyone with a .com domain name can now implement it too.

DNSSEC is a domain-crypto protocol mashup that allows web surfers, say, to trust that when they visit wellsfargo.com they really are looking at the bank’s web site.

It uses validatable cryptographic signatures to prevent cache poisoning attacks such as the Kaminsky Bug, the potential internet-killer that caused panic briefly back in 2008.

With .com now supporting the technology, DNSSEC is now available in over half of the world’s domains, due to the size of the .com zone. But registrants have to decide to use it.

I chatted to Matt Larson, VeriSign’s VP of DNS research, and Sean Leach, VP of technology, this afternoon, and they said that .com’s signing could be the tipping point for adoption.

“I feel based on talking to people that everybody has been waiting for .com,” Larson said. “It could open the floodgates.”

What we’re looking at now is a period of gradual adoption. I expect a handful of major companies will announce they’ve signed their .coms, probably in the second half of the year.

Just like a TLD launch, DNSSEC will probably need a few anchor tenants to raise the profile of the technology. Paypal, for example, said it plans to use the technology at an ICANN workshop in San Francisco last month, but that it will take about six months to test.

“Most people have their most valuable domains in the .com space,” said Leach. “We need some of the big guys to be first movers.”

There’s also the issue of ISPs. Not many support DNSSEC today. The industry has been talking up Comcast’s aggressive deployment vision for over a year now, but few others have announced plans.

And of course application developer support is needed. Judging from comments made by Mozilla representatives in San Francisco, browser makers, for example, are not exactly champing at the bit to natively support the technology.

You can, however, currently download plugins for Firefox that validate DNSSEC claims, such as this one.

According to Leach, many enterprises are currently demanding DNSSEC support when they buy new technology products. This could light a fire under reluctant developers.

But DNSSEC deployment will still be slow going, so registries are doing what they can to make it less of a cost/hassle for users.

Accredited registrars can currently use VeriSign’s cloud-based signing service for free on a trial basis, for example. The service is designed to remove the complexity of managing keys from the equation.

I’m told “several” registrars have signed up, but the only one I’m currently aware of is Go Daddy.

VeriSign and other registries are also offering managed DNSSEC as part of their managed DNS resolution enterprise offerings.

Neither of the VeriSign VPs was prepared to speculate about how many .com domains will be signed a year from now.

I have the option to turn on DNSSEC as part of a Go Daddy hosting package. I probably will, but only in the interests of research. As a domain consumer, I have to say the benefits haven’t really been sold to me yet.

VeriSign’s upcoming battle for the Chinese .com

Kevin Murphy, February 16, 2011, Domain Registries

Could VeriSign be about to face off against China for control of the Chinese version of .com? That’s an intriguing possibility that was raised during the .nxt conference last week.

Almost as an aside, auDA chief Chris Disspain mentioned during a session that he believes there are moves afoot in China to apply to ICANN for “company”, “network” and “organization” in Chinese characters. In other words, .com, .net and .org.

I’ve been unable to find an official announcement of any such Chinese application, but I’m reliably informed that Noises Have Been Made.

VeriSign has for several quarters been open about its plans to apply for IDN equivalents of its two flagship TLDs, and PIR’s new CEO Brian Cute recently told me he wants to do the same for .org.

While neither company has specified which scripts they’re looking at, Chinese is a no-brainer. As of this week, the nation is the world’s second-largest economy, and easily its most populous.

Since we’re already speculating, let’s speculate some more: who would win the Chinese .com under ICANN’s application rules, VeriSign or China?

If the two strings were close enough to wind up in a contention set, could VeriSign claim intellectual property rights, on the basis of its .com business? It seems like a stretch.

Could China leapfrog to the end of the process with a community application and a demand for a Community Priority Evaluation?

That also seems like a stretch. It’s not impossible – there’s arguably a “community” of companies registered with the Chinese government – but such a move would likely stink of gaming.

Is there a technical stability argument to be made? Is 公司. (which Google tells me means “company” in Chinese) confusingly similar to .com?

If these TLDs went to auction, one thing is certain: there are few potential applicants with deeper pockets than VeriSign, but China is one of them.

UPDATE: VeriSign’s Pat Kane was good enough to post a lengthy explanation of the company’s IDN strategy in the comments.