Latest news of the domain name industry

Recent Posts

Registries rebel against ICANN’s Whois upgrade decree

Kevin Murphy, August 23, 2016, Domain Services

Registry operators are challenging an ICANN decision to force them to launch a new Whois-style service, saying it will cost them too much money.

The Registries Stakeholder Group has filed a Request for Reconsideration — a low-level appeal — of a decision asking them to launch RDAP services to complement their existing Whois.

RDAP, Registration Data Access Protocol, is being broadly touted as the successor to Whois.

It offers the same functionality — you can query who owns a domain — but the data returned is more uniformly structured. It also enables access control, so not every user would have access to every field.

The RySG now claims that ICANN is trying to sneak an obligation to implement RDAP into its registry agreements through a “backdoor” in the form of the new Consistent Labeling and Display Policy.

That policy, which originated in a formal, community-driven GNSO Policy Development Process, seeks to normalize Whois (or Registration Data Services, in its generic not protocol-specific wording) output to make it easier to machine-read.

It applies to all gTLDs except .com, .net and .jobs (which are “thin” registries) and would come into effect February 1 next year.

Registries appear happy to implement the CL&D policy, but not as currently written. It now contains, almost as an aside, this requirement:

The implementation of an RDAP service in accordance with the “RDAP Operational Profile for gTLD Registries and Registrars” is required for all gTLD registries in order to achieve consistent labeling and display.

The RySG argues in its RfR (pdf) that implementing RDAP was never part of the community-endorsed plan, and that it is not “commercially feasible” to do so right now.

The 2012 new gTLD Registry Agreement specifies that implementation of the protocol now known as RDAP be commercially feasible before it’s required. The RySG can’t even respond as to whether it’s feasible or not since no reasoning to that regard was provided in the notice to implement such services.

Furthermore, some of our members are on record stating that since the RDAP profile replicates the known deficiencies of WHOIS – which is currently being studied by a PDP WG – so it’s not commercially feasible to deploy it to mimic a flawed system.

The introduction of RDAP represents an additive requirement for Registries to operate a new (additive) service. As there are no provisions for the sunset of the legacy Whois service, it’s unclear how this additional requirement can be considered commercially feasible.

In other words, the registries think it could be too costly to deploy RDAP and Whois at the same time, especially given that RDAP is not finished yet.

It’s yet another case of domain companies accusing ICANN the organization of slipping in requirements without community support.

Whether the RfR will be successful is debatable. There’s only been a few Reconsideration requests that have been approved by the ICANN board in the history of the mechanism.

However, the board may be feeling especially diligent when it comes to look at this particular RfR, due to the spotlight that was recently shone on the Reconsideration process by an Independent Review Process panel, which determined that the board just rubber-stamped decisions written by house lawyers.

Afilias set to get .hotel despite hacking claims

Kevin Murphy, August 19, 2016, Domain Registries

Afilias is back on the path to becoming the registry for .hotel, after ICANN decided claims of hacking by a former employee of the applicant did not warrant a rejection.

The ICANN board of directors decided last week that HOTEL Top-Level Domain Sarl, which was recently taken over by Afilias, did not gain any benefit when employee Dirk Krischenowski accessed competing applicants’ confidential documents via an ICANN web site.

Because HTLD had won a Community Priority Evaluation, it should now proceed to contracting, barring any further action from the other six applicants.

ICANN’s board said in its August 9 decision:

ICANN has not uncovered any evidence that: (i) the information Mr. Krischenowski may have obtained as a result of the portal issue was used to support HTLD’s application for .HOTEL; or (ii) any information obtained by Mr. Krischenowski enabled HTLD’s application to prevail in CPE.

It authorized ICANN staff to carry on processing the HTLD application.

The other applicants — Travel Reservations, Famous Four Media, Radix, Minds + Machines, Donuts and Fegistry — had called on ICANN in April to throw out the application, saying that to decline to do so would amount to “acquiescence in criminal acts”.

That’s because an ICANN investigation had discovered that Dirk Krischenowski, who ran a company with an almost 50% stake in HTLD, had downloaded hundreds of confidential documents belonging to competitors.

He did so via ICANN’s new gTLD applicants’ portal, which had been misconfigured to enable anyone to view any attachment from any application.

Krischenowski has consistently denied any wrongdoing, telling DI a few months ago that he simply used the tool that ICANN made available with the understanding that it was working as intended.

ICANN has now decided that because the unauthorized access incidents took place after HTLD had already submitted its CPE application, it could not have gained any benefit from whatever data Krischenowski managed to pull.

The board reasoned:

his searches relating to the .HOTEL Claimants did not occur until 27 March, 29 March and 11 April 2014. Therefore, even assuming that Mr. Krischenowski did obtain confidential information belonging to the .HOTEL Claimants, this would not have had any impact on the CPE process for HTLD’s .HOTEL application. Specifically, whether HTLD’s application met the CPE criteria was based upon the application as submitted in May 2012, or when the last documents amending the application were uploaded by HTLD on 30 August 2013 – all of which occurred before Mr. Krischenowski or his associates accessed any confidential information, which occurred from March 2014 through October 2014. In addition, there is no evidence, or claim by the .HOTEL Claimants, that the CPE Panel had any interaction at all with Mr. Krischenowski or HTLD during the CPE process, which began on 19 February 2014.

The HTLD/Afilias .hotel application is currently still listed on ICANN’s web site as “On Hold” while its rivals are still classified as “Will Not Proceed”.

It might be worth noting here — to people who say ICANN always tries to force contention sets to auction so it possibly makes a bit of cash — that this is an instance of it not doing so.

Industry lays into Verisign over .com deal renewal

Kevin Murphy, August 15, 2016, Domain Registries

Some of Verisign’s chickens have evidently come home to roost.

A number of companies that the registry giant has pissed off over the last couple of years have slammed the proposed renewal of its .com contract with ICANN.

Rivals including XYZ.com (sued over its .xyz advertising) and Donuts (out-maneuvered on .web) are among those to have filed comments opposing the proposed new Registry Agreement.

They’re joined by business and intellectual property interests, concerned that Verisign is being allowed to carry on without implementing any of the IP-related obligations of other gTLDs, and a dozens of domainers, spurred into action by a newsletter.

Even a child protection advocacy group has weighed in, accusing Verisign of not doing enough to prevent child abuse material being distributed.

ICANN announced last month that it plans to renew the .com contract, which is not due to expire for another two years, until 2024, to bring its term in line with Verisign’s contracts related to root zone management.

There are barely any changes in the proposed new RA — no new rights protection mechanisms, no changes to how pricing is governed, and no new anti-abuse provisions.

The ensuing public comment period, which closed on Friday, has attracted slightly more comments than your typical ICANN comment period.

That’s largely due to outrage from readers of the Domaining.com newsletter, who were urged to send comments in an article headlined “BREAKING: Verisign doubles .COM price overnight!”

That headline, for avoidance of doubt, is not accurate. I think the author was trying to confer the idea that the headline could, in his opinion, be accurate in future.

Still, it prompted a few dozen domainers to submit brief comments demanding “No .com price increases!!!”

The existing RA, which would be renewed, says this about price:

The Maximum Price for Registry Services subject to this Section 7.3 shall be as follows:

(i) from the Effective Date through 30 November 2018, US $7.85;

(ii) Registry Operator shall be entitled to increase the Maximum Price during the term of the Agreement due to the imposition of any new Consensus Policy or documented extraordinary expense resulting from an attack or threat of attack on the Security or Stability of the DNS, not to exceed the smaller of the preceding year’s Maximum Price or the highest price charged during the preceding year, multiplied by 1.07.

The proposed amendment (pdf) that would extend the contract through 2024 does not directly address price.

It does, however, contain this paragraph:

Future Amendments. The parties shall cooperate and negotiate in good faith to amend the terms of the Agreement (a) by the second anniversary of the Effective Date, to preserve and enhance the security and stability of the Internet or the TLD, and (b) as may be necessary for consistency with changes to, or the termination or expiration of, the Cooperative Agreement between Registry Operator and the Department of Commerce.

The Cooperative Agreement is the second contract in the three-way relationship between Verisign, ICANN and the US Department of Commerce that allows Verisign to run not only .com but also the DNS root zone.

It’s important because Commerce exercised its powers under the agreement in 2012 to freeze .com prices at $7.85 a year until November 2018, unless Verisign can show it no longer has “market power”, a legal term that plays into monopoly laws.

So what the proposed .com amendments mean is that, if the Cooperative Agreement changes in 2018, ICANN and Verisign are obligated to discuss amending the .com contract at that time to take account of the new terms.

If, for example, Commerce extends the price freeze, Verisign and ICANN are pretty much duty bound to write that extension into the RA too.

There’s no credible danger of prices going up before 2018, in other words, and whether they go up after that will be primarily a matter for the US administration.

The US could decide that Verisign no longer has market power then and drop the price freeze, but would be an indication of a policy change rather than a reflection of reality.

The Internet Commerce Association, which represents high-volume domainers, does not appear particularly concerned about prices going up any time soon.

It said in its comments to ICANN that it believes the new RA “will have no effect whatsoever upon the current .Com wholesale price freeze of $7.85 imposed on Verisign”.

XYZ.com, in its comments, attacked not potential future price increases, but the current price of $7.85, which it characterized as extortionate.

If .com were put out to competitive tender, XYZ would be prepared to reduce the price to $1 per name per year, CEO Daniel Negari wrote, saving .com owners over $850 million a year — more than the GDP of Rwanda.

ICANN should not passively go along with Verisign’s selfish goal of extending its unfair monopoly over the internet’s most popular top-level domain name.

Others in the industry chose to express that the proposed contract does not even attempt to normalize the rules governing .com with the rules almost all other gTLDs must abide by.

Donuts, in its comment, said that the more laissez-faire .com regime actually harms competition, writing:

It is well known that new gTLDs and now many other legacy gTLDs are heavily vested with abuse protections that .COM is not. Thus, smaller, less resource-rich competitors must manage gTLDs laden (appropriately) with additional responsibilities, while Verisign is able to operate its domains unburdened from these safeguards. This incongruence is a precise demonstration of disparate treatment, and one that actually hinders effective competition and ultimately harms consumers.

It points to numerous statistics showing that .com is by far the most-abused TLD in terms of spam, phishing, malware and cybersquatting.

The Business Constituency and Intellectual Property Constituency had similar views about standardizing rules on abuse and such. The IPC comment says:

The continued prevalence of abusive registrations in the world’s largest TLD registry is an ongoing challenge. The terms of the .com registry agreement should reflect that reality, by incorporating the most up-to-date features that will aid in the detection, prevention and remediation of abuses.

The European NGO Alliance for Child Safety Online submitted a comment with a more narrow focus — child abuse material and pornography in general.

Enasco said that 41% of sites containing child abuse material use .com domains and that Verisign should at least have the same regulatory regime as 2012-round gTLDs. It added:

Verisign’s egregious disinterest in or indolence towards tackling these problems hitherto hardly warrants them being rewarded by being allowed to continue the same lamentable
regime.

I couldn’t find any comments that were in unqualified support of the .com contract renewal, but the lack of any comments from large sections of the ICANN community may indicate widespread indifference.

The full collection of comments can be found here.

ICANN lawyers slam “fire him” story “blogger”

Kevin Murphy, August 15, 2016, Domain Policy

ICANN lawyers have launched an extraordinary attack on a “blogger” who recently wrote an article headlined “ICANN’s general counsel should lose his job over this”.

Early Friday, ICANN’s board of directors issued its response to the recent Independent Review Process case in which new gTLD applicant Dot Registry managed to show that the board had breached its transparency and accountability bylaws.

The board resolution did not say what is going to happen to Dot Registry’s four new gTLD applications, due to lack of guidance from the IRP panel.

But it did contain a surprising retaliation against Chris Williams, a reporter for online news site The Register, referring to “factual inaccuracies that have been reported in online blogged reports”.

(Before going any further, some disclosure: I freelanced for The Register for several months about five years ago, when Williams was the copy editor I sometimes had to work with. I also worked directly under its current group editor for about five years at a different publication in the early-mid 2000s.)

In the rationale accompanying its resolution last week, the board said:

the Board also notes that there have been online blogged reports about what the [IRP] Final Declaration actually says, yet many of the items reported on have been factual inaccuracies

I immediately grew worried that the resolution was having a pop at this site. But it actually refers to The Register, a news site with millions of readers that, despite its tabloid style, is not usually described as a “blog”.

The board ordered the simultaneous release of their staff-prepared briefing notes (pdf) for the meeting at which the resolution was passed, which contain an 800-word rebuttal of Williams’ August 3 article “Simply not credible: The extraordinary verdict against the body that hopes to run the internet”.

The article covers the Dot Registry IRP decision in a tone that is harshly critical of ICANN.

It is particularly critical of ICANN’s legal team and specifically general counsel John Jeffrey and notes that he makes a tonne of cash due to his regular, generous pay rises.

I compared each point in the rebuttal to the original article and I think ICANN is generally on fairly safe ground in some of what it says are inaccuracies.

In other cases, the rebuttal instead takes issue with the opinion of a third party quoted in the piece, or with a different, but in my view fair, characterization of the IRP declaration.

It seems the Reg article did incorrectly conflate “ICANN staff” and the “ICANN legal team” in at least one instance, as the ICANN rebuttal claims.

It also does in fact quote sections of “the [IRP] Panel’s recitation of Dot Registry’s claims as if they are the Panel’s own finding” as the rebuttal says it does.

But the actual findings of the panel were arguably much harsher than the text the Reg quoted.

So why is the ICANN board of directors passing a resolution addressing the veracity of a news report rather than the real concerns raised by the IRP declaration?

Column yards of horseshit are written about ICANN on a daily basis — I’m probably responsible for an inch or two myself — so why has ICANN zeroed in on this particular piece?

Could it be because Williams’ follow-up piece, August 4, leads with Dot Registry CEO Shaul Jolles calling for the head of Jeffrey? Jolles is quoted as saying:

ICANN’s general counsel should lose his job for this. The advice that he gives, everything was processed through him. It’s shocking.

There’s a rich irony at work here.

The main takeaway from the IRP’s declaration was that the ICANN board sometimes rubber-stamps resolutions drafted by ICANN staff without doing its due diligence.

The Reg then reported that fact.

In response, ICANN staff drafted a resolution designed to shoot the messenger, deflecting attention from the IRP’s findings, which the board then approved without amendment.

If somebody over at ICANN is chagrined about inaccurate reporting, I can’t help but feel that the best way to deal with that would be to request a correction or publish a rebuttal in the form of a blog post or some other kind of statement.

Using the very method under scrutiny — staff drafts, board approves — to issue a rebuttal simply serves to highlight the failings outlined by the IRP panel.

Compounding this, the only reason we’re able to see the full rebuttal today is that the board approved a (staff-drafted) resolution authorizing the concurrent publishing of staff briefing materials.

Usually, briefing materials are published alongside formal minutes when they are approved many weeks later.

If the ICANN board is able to publish briefing materials just a couple of days after passing its resolutions, why on Earth does it not do so as a matter of course?

Did any member of the ICANN board raise her or his hand to ask why these materials had to be published with such haste?

Can ICANN only be transparent in a timely fashion when its lawyers have been criticized in the press?

Next new gTLD round could start sooner than expected

Kevin Murphy, August 11, 2016, Domain Policy

The ICANN board of directors is wondering whether the next new gTLD application round should kick off sooner than expected.

Chair Steve Crocker reached out to the Generic Names Supporting Organization this week to ask whether the next round could start before all GNSO policy work has been completed.

Or, he asked, are there any “critical issues” that need to be resolved before ICANN starts accepting more applications.

Akram Atallah, head of ICANN’s Global Domains Division, said in May that 2020 is the earliest the next round could feasibly begin, but Crocker’s letter this week (pdf) suggests that that date could be brought forward.

Crocker asked “whether a future application process could proceed while policy work continues”.

There are a number of reviews that ICANN has committed to carry about before the next round starts.

There’s a consumer choice, competition and trust survey to be completed, for example, and a review of trademark protection mechanisms.

Atallah said in may that these would likely be complete by the end of 2017.

But the GNSO is also conducting policy work designed to highlight flaws and inefficiencies in the current 2012 and recommend changes and improvements.

It’s this so-called GNSO Policy Development Process (PDP) Working Group on New gTLD Subsequent Procedures (or NewgTLD-WG) that Crocker is interested in. He wrote:

assuming all other review activities are completed, it would be helpful to understand whether the GNSO believes that the entirety of the current Subsequent Procedures PDP must be completed prior to advancing a new application process under the current policy recommendations. The Board is cognizant that it may be difficult to provide a firm answer at this stage of the process as the reviews are still underway and the PDP is in its initial stages of work, but if any consideration has been given in relation to whether a future application process could proceed while policy work continues and be iteratively applied to the process for allocating new gTLDs, or that a set of critical issues could be identified to be addressed prior to a new application process, the Board would welcome that input.

The current plan for the NewgTLD-WG is to wrap up two years from now, in the third quarter of 2018 (though this may be optimistic).

Members of the group seem to think that we’re looking at a post-2020 next round with 10,000 to 15,000 applications.

It’s difficult to imagine a second round (or fourth, if you’re a pedant) beginning a whole lot earlier than 2020, given the snail’s pace ICANN and its community moves at.

The WG was chartered over half a year ago and the conversations going on are still at a depressingly high level.

Perhaps Crocker’s letter is an early indication that board will not be the significant drag factor on the process.