Latest news of the domain name industry

Recent Posts

Could .trust be the next big crypto TLD?

UNR has some big plans for .trust, a gTLD that mysteriously was omitted from its big fire-sale auction last month.

When UNR auctioned 23 of its gTLD portfolio, raising over $40 million over a three-day event, it escaped pretty much everyone’s notice — including mine — that .trust was not among those up for sale.

UNR, the former Uniregistry, acquired the TLD from NCC Group last November. It had been owned before NCC by Deutsche Post.

While it’s technically live, it’s never sold a domain.

It had been expected to launch as a vanilla gTLD around about now, but it seem plans have changed.

Registrars have been told to expect something “innovative” instead, and UNR tells me it has big plans it’s not ready to talk about yet.

My hunch? Crypto.

This is pure speculation based on nothing more than the string being closely associated with the kind of cryptocurrency slash blockchain slash non-fungible token malarkey the interwebs is going barmy for at the moment.

While UNR has not disclosed the identities of its auction winners, it has said at least one buyer is from the blockchain world.

Given UNR’s evident boredom with basic, workaday gTLDs, we’d have to expect its single retained top-level domain to do something a bit special, right?

Could crypto solve the Whois crisis?

Kevin Murphy, July 10, 2018, Domain Tech

Could there be a cryptographic solution to some of the problems caused by GDPR’s impact on public Whois databases? Security experts think so.

The Anti-Phishing Working Group has proposed that hashing personal information and publishing it could help security researchers carry on using Whois to finger abusive domain names.

In a letter to ICANN, APWG recently said that such a system would allow registries and registrars to keep their customers’ data private, but would still enable researchers to identify names registered in bulk by spammers and the like.

“Redacting all registration records which were formerly publicly available has unintended and undesirable consequences to the very citizens and residents that electronic privacy legislation intends to protect,” the letter (pdf) says.

Under the proposed system, each registry or registrar would generate a private key for itself. For each Whois field containing private data, the data would be added to the key and hashed using a standard algorithm such as SHA-512.

For items such as physical addresses, all the address-related fields would be concatenated, with the key, before hashing the combined value.

The resulting hash — a long string of gibberish characters — would then be published in the public Whois instead of the [REDACTED] notice mandated by current ICANN policy.

Security researchers would then be able to identify domains belonging to the same purported registrant by searching for domains containing the same hash values.

It’s not a perfect solution. Because each registry or registrar would have their own key, the same registrant would have different hash values in different TLDs, so it would not be possible to search across TLDs.

But that may not be a huge problem, given that bad guys tend to bulk-register names in TLDs that have special offers on.

The hashing system may also be beneficial to interest groups such as trademark owners and law enforcement, which also look for registration patterns when tracking down abuse registrants.

The proposal would create implementation headaches for registries and registrars — which would actually have to build the crypto into their systems — and compliance challenges for ICANN.

The paper notes that ICANN would have to monitor its contracted parties — not all of which may necessarily be unfriendly to spammers — to make sure they’re hashing the data correctly.