ICANN has brought its new gTLD program customer service portal back online after about five days of patching-related downtime.
A recent, proactive review of the CSC system identified potential vulnerabilities. To address these vulnerabilities, the CSC portal was taken offline while vendor-provided patches were applied. There have been no known compromises to any data.
New gTLD applicants will now have to log in to their TLD Application System accounts, which use the Citrix remote terminal software, to use their customer service tools.
Non-applicants will be able to ask customer service questions via email.
The Knowledge Base — essentially a program FAQ — is still offline, but ICANN said it hopes to bring it back up within a few days.
ICANN’s Governmental Advisory Committee has let it be known that it’s open to receiving communications from new gTLD applicants.
But the GAC will only hear briefings from applicants at the request of GAC members, according to a notice posted on the GAC’s web site recently.
The GAC has strong powers to recommend the rejection of new gTLD applications, so naturally enough some applicants have already been lobbying to reinforce their positions.
Applicants are now being asked to send information to a specific email address or — implicitly — to lobby GAC representatives individually.
The new statement reads:
It is important to bear in mind that GAC members are still in the process of analysing the list of applications and applicants for new gTLDs. However, there have been a number of requests from applicants or other interested stakeholders to brief or provide briefing material to the GAC.
Briefings for the GAC will only be scheduled on a best-efforts basis and entirely at the request of GAC members.
An internal process for handling requests and tracking materials is being put in place, but those wanting to make their interest or availability known or to express an interest in providing written materials to the GAC can contact the GAC via email@example.com. A list of those expressing interest or availability or that have provided materials will be made available to the GAC membership.
The GAC caused controversy last month when it accepted the European Broadcasting Union’s application for Observer status on the committee.
The EBU is also an applicant for .radio, which is contested by Donuts, Afilias and BRS Media.
Is this the first “confusing similarity” fight to emerge from ICANN’s new gTLD program?
Two new UK outfits are involved in a dispute about their very similar company names, it has emerged.
TLD Registry Services seems to have come first. It’s an offshoot of Island Networks, the registry manager for the Channel Islands country-code TLDs .gg and .je.
According to co-founder Nigel Roberts, the company plans to offer registry services to existing TLDs using the CoCCA platform and has already made headway with a few potential clients.
TLD Registrar Services, on the other hand, is affiliated with CentralNic, the relatively successful new gTLD registry back-end provider.
Judging by its placeholder web site, this company plans to offer white-label registrar services to new gTLD operators such as dot-brands.
Roberts is irked that CentralNic picked a name for its company so similar to his own, particularly given that “registry” and “registrar” are often used interchangeably outside of the domain industry.
“We’ve recently asked the Secretary of State to look into how this situation came to pass,” he said. “It’s less than ideal for both parties. We are sure they are just as keen not to be confused with us, as we are keen not to be confused with them.”
Ben Crawford, CEO of CentralNic and chairman of TLD Registrar Services, said he was not aware of a dispute over the name.
“One of our employees was approached at Prague by someone from a company called TLD Registry Services – a company nobody in our business had ever heard of before,” he said.
“They expressed concern that our company names are too similar to each others’. We will consider their concerns and our options in due course.”
With both companies barely out of stealth mode, it’s probably something of a squall in a teacup at the moment, but it does highlight how tricky it can be to find a descriptive company name in this industry.
We could of course just be looking at a profound lack of imagination here, and I’m just as guilty as the rest.
DI is published by TLD Research Ltd, which appears directly after TLD Registrar Services Ltd and TLD Registry Services LLP in the UK’s Companies House register of companies.
ICANN has closed down part of its new generic top-level domain portal after finding “potential vulnerabilities” that put “confidential applicant information” at risk.
The shutdown — which has been going on for at least 30 hours — affects the Customer Service and Knowledge Base parts of the site, but ICANN said it is so far not aware of any attacks against the system.
While it’s waiting for a patch, ICANN has decided to move the affected areas behind the unpopular Citrix remote terminal software used previously in the TLD Application System.
This notice was posted on the site:
ICANN performs ongoing monitoring and analysis of our systems, including the Customer Service system. As part of this work, we recently identified potential vulnerabilities in the system used for Customer Service and the Knowledge Base (containing new gTLD articles and information).
Patches are being provided to ICANN to address these issues.
In the mean time, given that use of the Customer Service system was recently expanded, and now includes confidential applicant information, the decision was taken to move the system behind Citrix. This will provide for additional security for applicant information.
We are now testing the installation. This should be completed in the next few days. This decision is a proactive measure. There have been no known compromises to the data, attacks or other actions by third parties (other than our own analysis).
Off the top of my head — and I may be under-counting — this is the fifth significant technical glitch to hit the new gTLD program since April.
There was the notorious TAS bug, which took the system offline entirely for six weeks while ICANN fixed a data leakage vulnerability and upgraded its system capacity.
There was the Reveal Day screw-up, during which Arab community members noticed that all the applied-for Arabic gTLDs were broadcast back-to-front in a presentation.
Then ICANN accidentally published the home addresses of many applicants’ officers and directors, something it had promised not to do. This was probably human error and it has since apologized.
Then the “digital archery” batching system was yanked, after it emerged that TAS performance still wasn’t up to the task and that the scoring results were unreliable.
Former new gTLD program director Michael Salazar resigned a month ago; it is widely believed that he was taking the fall for the gTLD system bugs to that point.
While the latest bug appears — so far — to have not compromised any data, some applicants have nevertheless been frustrated by the fact that the customer service portal has been offline for over a day.
BRS Media, one of the four applicants for the .radio generic top-level domain, claims ICANN’s Governmental Advisory Committee has a “direct conflict of interest” over the gTLD.
As DI reported two weeks ago, the European Broadcasting Union, another .radio applicant (the others are Afilias and Donuts), joined the GAC during ICANN’s public meeting in Prague.
While the EBU only has Observer status, and may not vote, it’s still able to participate in discussions. Whether these include discussions about GAC objections to new gTLDs is unclear.
BRS Media, which already runs the radio-themed .fm and .am ccTLDs, is not taking any chances, however. In a letter to GAC chair Heather Dryden, company CEO George Bundy wrote (pdf):
We believe these activities to be a direct Conflict of Interest, by the European Broadcasting Union within the New TLD Application process.
Optimistically, to say the least, BRS requests that the EBU “recuse itself from the New TLD process by withdrawing its applications immediately”.
While I can’t see that happening, it seems to me that the GAC does have to formally address the conflicts issue if it wants to avoid looking like a bunch of hypocrites.
The GAC does not appear to have a formal conflicts of interest policy, even though it pushed hard for similar provisions in the ICANN board.
Now that it has its hard-fought veto rights over new gTLD applications, some sort of safeguards seem appropriate.