Latest news of the domain name industry

Recent Posts

Donuts files $10 million lawsuit to stop .web auction

Donuts has sued ICANN in an attempt to block the auction of the .web gTLD this Wednesday.

The gTLD portfolio registry filed a lawsuit in California on Friday, seeking over $10 million in damages and a temporary restraining order to stop the auction going ahead.

The complaint alleges breach of contract, negligence and unfair competition and seeks a court declaration that the covenant not to sue signed by all new gTLD applicants is unenforceable.

According to Donuts, ICANN breached its duties by not fully investigating the allegation that rival .web applicant Nu Dot Co has undergone a change of control and has a new, wealthier owner.

NDC is the only applicant in the eight-strong .web/.webs contention set that refuses to resolve the contest privately.

A private auction would enrich all losing applicants to the tune of many millions of dollars.

By forcing a “last resort” ICANN auction, NDC has ensured that ICANN will be the only party to benefit from the auction proceeds.

Last-resort auction funds are placed in a separate ICANN account, currently worth over $100 million, which will be spent according to a currently undecided policy created by the ICANN community.

But Donuts’ complaint strongly implies that ICANN is forcing the auction to go ahead because it stands to benefit financially.

Donuts repeats the allegation from its recent joint Request for Reconsideration with Radix that NDC should be forced to disclose to ICANN, via a gTLD application change, the names of its alleged new directors.

It cites again a redacted email from NDC director Jose Ignacio Rasco which talks about fellow listed director Nicolai Bezsonoff no longer being involved with the application but that “several” new directors were.

It adds a quote about Rasco talking about “powers that be”, which Donuts takes to mean he is answering to someone else.

NDC is not listed in the lawsuit, which focuses on ICANN’s obligations under the new gTLD program application contract.

Donuts alleges, for example, that ICANN has a duty to fully investigate whether NDC has indeed changed directors.

ICANN’s Board Governance Committee said last week that ICANN staff had talked to and emailed Rasco about the allegations. Donuts says it should have at least talked to Bezsonoff too.

Donuts also claims that ICANN is not allowed to go ahead with a last-resort auction while there are still outstanding “accountability mechanisms” — including the RfR, which has not yet been formally closed out by the full ICANN board.

The lawsuit also reveals that Donuts simultaneously filed a complaint using ICANN’s less legally formal Independent Review Process, though documentation for that is not yet available.

ICANN’s most recent statement on .web, which just confirms that the .web auction will go ahead this coming Wednesday, was also posted on Friday. It’s not clear if that was posted before or after ICANN became aware of the lawsuit.

All new gTLD applicants had to agree not to sue ICANN when they applied, but Donuts argues that this is unfair and unenforceable.

DotConnectAfrica has had some success with this argument, though Donuts does not cite that case in its own complaint.

There’s been some speculation about the motives of Donuts and others in trying to delay the auction.

The lawsuit will not force NDC into a private auction, but it might buy Donuts and the other applicants more time to consider their strategies.

I’m getting into speculative territory here, but if NDC’s strategy is to win the .web auction as a Trojan horse for its alleged new owner, perhaps revealing the identity of that new owner would make it less likely to insist on a last-resort auction.

If NDC’s alleged new owner has a time-sensitive need for the revenue .web could bring (which could be the case if, for example, the owner was Neustar) perhaps the prospect of a long lawsuit and IRP case could make it more likely to accept a private auction.

If the alleged new owner was revealed to be Verisign — a company more likely than most to acquire .web simply in order to bury it — perhaps that revelation could spur remaining applicants into pooling their resources to defeat it.

It it was a big tech firm from outside the domain industry, perhaps that would strengthen Google’s resolve to win the auction.

That’s all just me talking off the top of my head, of course.

I have no idea whether or not NDC even has new backers, though its behavior in avoiding private auction goes against character and certainly raises eyebrows.

The Donuts complaint, filed as its subsidiary Ruby Glen LLC, can be read here (pdf).

.web auction to go ahead after ICANN denies Donuts/Radix appeal

The new gTLD .web seems set to go to auction next week after ICANN rejected an 11th-hour delay attempt by two applicants.

ICANN’s Board Governance Committee said yesterday that there is no evidence that applicant Nu Dot Co has been taken over by a deep-pocketed third party.

The BGC therefore rejected Donuts’ and Radix’s joint attempt to have the July 27 “last resort” auction delayed.

Donuts and Radix had argued in a Request for Reconsideration earlier this week that Nu Dot Co has changed its board of directors since first applying for .web, which would oblige it to change the application.

Its failure to do so meant they auction should be delayed, they said.

They based their beliefs on an email from NDC director Jose Ignacio Rasco, in which he said one originally listed director was no longer involved with the application but that “several others” were.

There’s speculation in the contention set that a legacy gTLD operator such as Verisign or Neustar might now be in control of NDC.

But the BGC said ICANN had already “diligently” investigated these claims:

in response to the Requesters’ allegations, ICANN did diligently investigate the claims regarding potential changes to Nu Dot’s leadership and/or ownership. Indeed, on several occasions, ICANN staff communicated with the primary contact for Nu Dot both through emails and a phone conversation to determine whether there had been any changes to the Nu Dot organization that would require an application change request. On each occasion, Nu Dot confirmed that no such changes had occurred, and ICANN is entitled to rely upon those representations.

ICANN staff had asked Rasco via email and then telephone whether there had been any changes to NDC’s leadership or control, and he said there had not.

He is quoted by he BGC as saying:

[n]either the ownership nor the control of Nu Dotco, LLC has changed since we filed our application. The Managers designated pursuant to the company’s LLC operating agreement (the LLC equivalent of a corporate Board) have not changed. And there have been no changes to the membership of the LLC either.

The RfR has therefore been thrown out.

Unless further legal action is taken, the auction is still scheduled for July 27. The deadline for all eight applicants (seven for .web and one for .webs) to post deposits with ICANN passed on Wednesday.

As it’s a last resort auction, all funds raised will go into an ICANN pot, the purpose of which has yet to be determined. The winning bid will also be publicly disclosed.

Had the contention set been settled privately, all losing applicants would have made millions of dollars of profit from their applications and the price would have remained a secret.

NDC is the only applicant refusing to go to private auction.

The applicants for .web are NDC, Radix, Donuts, Schlund, Afilias, Google and Web.com. Vistaprint’s bid for .webs is also in the auction.

The RfR decision can he read here (pdf).

ICANN to flip the secret key to the internet

Kevin Murphy, July 20, 2016, Domain Tech

ICANN is about to embark on a year-long effort to warn the internet that it plans to replace the top-level cryptographic keys used in DNSSEC for the first time.

CTO David Conrad told DI today that ICANN will rotate the so-called Key Signing Key that is used as the “trust anchor” for all DNSSEC queries that happen on the internet.

Due to the complexity of the process, and the risk that something might go wrong, the move is to be announced in the coming days even though the new public key will not replace the existing one until October 2017.

The KSK is a cryptographic key pair used to sign the Zone Signing Keys that in turn sign the DNS root zone. It’s basically at the top of the DNSSEC hierarchy — all trust in DNSSEC flows from it.

It’s considered good practice in DNSSEC to rotate keys every so often, largely to reduce the window would-be attackers have to compromise them.

The Zone Signing Key used by ICANN and Verisign to sign the DNS root is rotated quarterly, and individual domain owners can rotate their own keys as and when they choose, but the same KSK has been in place since the root was first signed in 2010.

Conrad said that ICANN is doing the first rollover partly to ensure that the procedures in has in place for changing keys are effective and could be deployed in case of emergency.

That said, this first rotation is going to happen at a snail’s pace.

Key generation is a complex matter, requiring the physical presence of at least three of seven trusted key holders.

These seven individuals possess physical keys to bank-style strong boxes which contain secure smart cards. Three of the seven cards are needed to generate a new key.

Each of the quarterly ZSK signing ceremonies — which are recorded and broadcast live over the internet — takes about five hours.

The first step in the rollover, Conrad said, is to generate the keys at ICANN’s US east coast facility in October this year. A copy will be moved to a facility on the west coast in February.

The first time the public key will appear in DNS will be July 11, 2017, when it will appear alongside the current key.

It will finally replace the current key completely on October 11, 2017, by which time the DNS should be well aware of the new key, Conrad said.

There is some risk of things going wrong, which could affect domains that are DNSSEC-signed, which is another reason for the slowness of the rollover.

If ISPs that support DNSSEC do not start supporting the new KSK before the final switch-over, they’ll fail to correctly resolve DNSSEC-signed domains, which could lead to some sites going dark for some users.

There’s also a risk that the increased DNS packet sizes during the period when both KSKs are in use could cause queries to be dropped by firewalls, Conrad said.

“Folks who have things configured the right way won’t actually need to do anything but because DNSSEC is relatively new and this software hasn’t really been tested, we need to get the word out to everyone that this change is going to be occurring,” said Conrad.

ICANN will conduct outreach over the coming 15 months via the media, social media and technology conferences, he said.

It is estimated that about 20% of the internet’s DNS resolvers support DNSSEC, but most of those belong to just two companies — Google and Comcast — he said.

The number of signed domains is tiny as a percentage of the 326 million domains in existence today, but still amounts to millions of names.

Cruz’s ICANN paranoia is now official Republican policy

Kevin Murphy, July 20, 2016, Domain Policy

US Republicans have endorsed hitherto fringe views on the IANA transition as official party policy.

Yesterday delegates at the Republican National Convention approved the party’s 2016 Platform of the party, which “declares the Party’s principles and policies”.

Internet policy takes up just half a page of the 66-page document, but it’s half a page straight out of the paranoid mind of former presidential candidate Senator Ted Cruz.

It talks of the transition of the US government from its involvement in DNS root zone management (what the GOP calls “web names”) as an “abandonment” of internet freedoms to Russia, China and Iran, which are ready to “devour” them.

Here’s the relevant passage in (almost) full.

Protecting Internet Freedom

The survival of the internet as we know it is at risk. Its gravest peril originates in the White House, the current occupant of which has launched a campaign, both at home and internationally, to subjugate it to agents of government. The President… has unilaterally announced America’s abandonment of the international internet by surrendering U.S. control of the root zone of web names [sic] and addresses. He threw the internet to the wolves, and they — Russia, China, Iran, and others — are ready to devour it.

We salute the Congressional Republicans who have legislatively impeded his plans to turn over the Information Freedom Highway to regulators and tyrants. That fight must continue, for its outcome is in doubt. We will consistently support internet policies that allow people and private enterprise to thrive, without providing new and expanded government powers to tax and regulate so that the internet does not become the vehicle for a dramatic expansion of government power.

The internet’s independence is its power. It has unleashed innovation, enabled growth, and inspired freedom more rapidly and extensively than any other technological advance in human history. We will therefore resist any effort to shift control toward governance by international or other intergovernmental organizations. We will ensure that personal data receives full constitutional protection from government overreach. The only way to safeguard or improve these systems is through the private sector. The internet’s free market needs to be free and open to all ideas and competition without the government or service providers picking winners and losers.

Previously, such views had been expressed by just a handful of elected Republicans, notably Cruz, who has introduced a bill to block the IANA transition until Congress passes law specifically allowing it.

The irony in the latest GOP statement is that the transition is actually a transfer of power away from governments (specifically, the US government) into the private sector.

The current plan for a post-US ICANN, which was put together over two years by hundreds of participants mostly from the private sector, would see Governmental Advisory Committee advice carry less weight unless it receives full consensus.

In other words, if Iran, China and Russia want to destroy freedom of speech, they’ll have to persuade over 150 other governments to their cause.

Should that ever happen, a new multi-stakeholder (and in this example, government free) “Empowered Community” would have the power to put a stop to it.

The goal is to have the transition completed shortly after the current IANA contract between ICANN and the US Department of Commerce expires at the end of September.

That’s before the US presidential elections, of course, which take place in November.

How many elephants did ICANN send to Helsinki?

Kevin Murphy, July 18, 2016, Domain Policy

ICANN ships a quite staggering amount of equipment to its thrice-yearly public meetings, equivalent to more than 12 mid-sized cars at the recent Helsinki meeting.

That’s one of the interesting data points in ICANN’s just published “Technical Report” — a 49-page data dump — for ICANN 56.

It’s the second meeting in a row the organization has published such a report, the first for a so-called “Meeting B” or “Policy Forum” which run on a reduced-formality, more focused schedule.

The Helsinki report reveals that 1,436 people showed up in person, compared to 2,273 for March’s Marrakech meeting, which had a normal ICANN meeting agenda.

The attendees were 61% male and 32% female. Another 7% did not disclose their gender. No comparable numbers were published in the Marrakech report.

I’m going to go out on a limb and guess that the Helsinki numbers show not a terrible gender balance as far as tech conferences go. It’s a bit better than you’d expect from anecdotal evidence.

Not many big tech events publish their male/female attendee ratios, but Google has said attendees at this year’s Google IO were 23% female.

Europeans accounted for most of the Helsinki attendees, as you might expect, at 43%. That compared to 20% in Marrakech.

The next largest geographic contingent came from North America — 27%, compared to just 18% in Marrakech.

The big surprise to me is how much equipment ICANN ships out to each of its meetings.

In March, it moved 93 metric tonnes (103 American tons) of kit to Marrakech. About 19 metric tonnes of that was ICANN-owned gear, the rest was hired. That weighs as much as 3.5 African elephants, the report says.

For Helsinki, that was up to 19.7 metric tonnes, more than 12 cars’ worth. Shipped equipment includes stuff like 412 microphones, 73 laptops and 28 printers.

In both reports, ICANN explains the shipments like this:

Much like a touring band, ICANN learned over time that the most cost-effective method of ensuring that meeting participants have a positive experience is to sea freight our own equipment to ICANN meetings. We ship critical equipment, then rent the remaining equipment locally to help promote the economy.

Rock on.

The Helsinki report, which reveals more data than anyone could possibly find useful, can be downloaded as a PDF here.