The new gTLD .web seems set to go to auction next week after ICANN rejected an 11th-hour delay attempt by two applicants.
ICANN’s Board Governance Committee said yesterday that there is no evidence that applicant Nu Dot Co has been taken over by a deep-pocketed third party.
The BGC therefore rejected Donuts’ and Radix’s joint attempt to have the July 27 “last resort” auction delayed.
Donuts and Radix had argued in a Request for Reconsideration earlier this week that Nu Dot Co has changed its board of directors since first applying for .web, which would oblige it to change the application.
Its failure to do so meant they auction should be delayed, they said.
They based their beliefs on an email from NDC director Jose Ignacio Rasco, in which he said one originally listed director was no longer involved with the application but that “several others” were.
There’s speculation in the contention set that a legacy gTLD operator such as Verisign or Neustar might now be in control of NDC.
But the BGC said ICANN had already “diligently” investigated these claims:
in response to the Requesters’ allegations, ICANN did diligently investigate the claims regarding potential changes to Nu Dot’s leadership and/or ownership. Indeed, on several occasions, ICANN staff communicated with the primary contact for Nu Dot both through emails and a phone conversation to determine whether there had been any changes to the Nu Dot organization that would require an application change request. On each occasion, Nu Dot confirmed that no such changes had occurred, and ICANN is entitled to rely upon those representations.
ICANN staff had asked Rasco via email and then telephone whether there had been any changes to NDC’s leadership or control, and he said there had not.
He is quoted by he BGC as saying:
[n]either the ownership nor the control of Nu Dotco, LLC has changed since we filed our application. The Managers designated pursuant to the company’s LLC operating agreement (the LLC equivalent of a corporate Board) have not changed. And there have been no changes to the membership of the LLC either.
The RfR has therefore been thrown out.
Unless further legal action is taken, the auction is still scheduled for July 27. The deadline for all eight applicants (seven for .web and one for .webs) to post deposits with ICANN passed on Wednesday.
As it’s a last resort auction, all funds raised will go into an ICANN pot, the purpose of which has yet to be determined. The winning bid will also be publicly disclosed.
Had the contention set been settled privately, all losing applicants would have made millions of dollars of profit from their applications and the price would have remained a secret.
NDC is the only applicant refusing to go to private auction.
The applicants for .web are NDC, Radix, Donuts, Schlund, Afilias, Google and Web.com. Vistaprint’s bid for .webs is also in the auction.
The RfR decision can he read here (pdf).
ICANN is about to embark on a year-long effort to warn the internet that it plans to replace the top-level cryptographic keys used in DNSSEC for the first time.
CTO David Conrad told DI today that ICANN will rotate the so-called Key Signing Key that is used as the “trust anchor” for all DNSSEC queries that happen on the internet.
Due to the complexity of the process, and the risk that something might go wrong, the move is to be announced in the coming days even though the new public key will not replace the existing one until October 2017.
The KSK is a cryptographic key pair used to sign the Zone Signing Keys that in turn sign the DNS root zone. It’s basically at the top of the DNSSEC hierarchy — all trust in DNSSEC flows from it.
It’s considered good practice in DNSSEC to rotate keys every so often, largely to reduce the window would-be attackers have to compromise them.
The Zone Signing Key used by ICANN and Verisign to sign the DNS root is rotated quarterly, and individual domain owners can rotate their own keys as and when they choose, but the same KSK has been in place since the root was first signed in 2010.
Conrad said that ICANN is doing the first rollover partly to ensure that the procedures in has in place for changing keys are effective and could be deployed in case of emergency.
That said, this first rotation is going to happen at a snail’s pace.
Key generation is a complex matter, requiring the physical presence of at least three of seven trusted key holders.
These seven individuals possess physical keys to bank-style strong boxes which contain secure smart cards. Three of the seven cards are needed to generate a new key.
Each of the quarterly ZSK signing ceremonies — which are recorded and broadcast live over the internet — takes about five hours.
The first step in the rollover, Conrad said, is to generate the keys at ICANN’s US east coast facility in October this year. A copy will be moved to a facility on the west coast in February.
The first time the public key will appear in DNS will be July 11, 2017, when it will appear alongside the current key.
It will finally replace the current key completely on October 11, 2017, by which time the DNS should be well aware of the new key, Conrad said.
There is some risk of things going wrong, which could affect domains that are DNSSEC-signed, which is another reason for the slowness of the rollover.
If ISPs that support DNSSEC do not start supporting the new KSK before the final switch-over, they’ll fail to correctly resolve DNSSEC-signed domains, which could lead to some sites going dark for some users.
There’s also a risk that the increased DNS packet sizes during the period when both KSKs are in use could cause queries to be dropped by firewalls, Conrad said.
“Folks who have things configured the right way won’t actually need to do anything but because DNSSEC is relatively new and this software hasn’t really been tested, we need to get the word out to everyone that this change is going to be occurring,” said Conrad.
ICANN will conduct outreach over the coming 15 months via the media, social media and technology conferences, he said.
It is estimated that about 20% of the internet’s DNS resolvers support DNSSEC, but most of those belong to just two companies — Google and Comcast — he said.
The number of signed domains is tiny as a percentage of the 326 million domains in existence today, but still amounts to millions of names.
US Republicans have endorsed hitherto fringe views on the IANA transition as official party policy.
Yesterday delegates at the Republican National Convention approved the party’s 2016 Platform of the party, which “declares the Party’s principles and policies”.
Internet policy takes up just half a page of the 66-page document, but it’s half a page straight out of the paranoid mind of former presidential candidate Senator Ted Cruz.
It talks of the transition of the US government from its involvement in DNS root zone management (what the GOP calls “web names”) as an “abandonment” of internet freedoms to Russia, China and Iran, which are ready to “devour” them.
Here’s the relevant passage in (almost) full.
Protecting Internet Freedom
The survival of the internet as we know it is at risk. Its gravest peril originates in the White House, the current occupant of which has launched a campaign, both at home and internationally, to subjugate it to agents of government. The President… has unilaterally announced America’s abandonment of the international internet by surrendering U.S. control of the root zone of web names [sic] and addresses. He threw the internet to the wolves, and they — Russia, China, Iran, and others — are ready to devour it.
We salute the Congressional Republicans who have legislatively impeded his plans to turn over the Information Freedom Highway to regulators and tyrants. That fight must continue, for its outcome is in doubt. We will consistently support internet policies that allow people and private enterprise to thrive, without providing new and expanded government powers to tax and regulate so that the internet does not become the vehicle for a dramatic expansion of government power.
The internet’s independence is its power. It has unleashed innovation, enabled growth, and inspired freedom more rapidly and extensively than any other technological advance in human history. We will therefore resist any effort to shift control toward governance by international or other intergovernmental organizations. We will ensure that personal data receives full constitutional protection from government overreach. The only way to safeguard or improve these systems is through the private sector. The internet’s free market needs to be free and open to all ideas and competition without the government or service providers picking winners and losers.
Previously, such views had been expressed by just a handful of elected Republicans, notably Cruz, who has introduced a bill to block the IANA transition until Congress passes law specifically allowing it.
The irony in the latest GOP statement is that the transition is actually a transfer of power away from governments (specifically, the US government) into the private sector.
The current plan for a post-US ICANN, which was put together over two years by hundreds of participants mostly from the private sector, would see Governmental Advisory Committee advice carry less weight unless it receives full consensus.
In other words, if Iran, China and Russia want to destroy freedom of speech, they’ll have to persuade over 150 other governments to their cause.
Should that ever happen, a new multi-stakeholder (and in this example, government free) “Empowered Community” would have the power to put a stop to it.
The goal is to have the transition completed shortly after the current IANA contract between ICANN and the US Department of Commerce expires at the end of September.
That’s before the US presidential elections, of course, which take place in November.
ICANN ships a quite staggering amount of equipment to its thrice-yearly public meetings, equivalent to more than 12 mid-sized cars at the recent Helsinki meeting.
That’s one of the interesting data points in ICANN’s just published “Technical Report” — a 49-page data dump — for ICANN 56.
It’s the second meeting in a row the organization has published such a report, the first for a so-called “Meeting B” or “Policy Forum” which run on a reduced-formality, more focused schedule.
The Helsinki report reveals that 1,436 people showed up in person, compared to 2,273 for March’s Marrakech meeting, which had a normal ICANN meeting agenda.
The attendees were 61% male and 32% female. Another 7% did not disclose their gender. No comparable numbers were published in the Marrakech report.
I’m going to go out on a limb and guess that the Helsinki numbers show not a terrible gender balance as far as tech conferences go. It’s a bit better than you’d expect from anecdotal evidence.
Not many big tech events publish their male/female attendee ratios, but Google has said attendees at this year’s Google IO were 23% female.
Europeans accounted for most of the Helsinki attendees, as you might expect, at 43%. That compared to 20% in Marrakech.
The next largest geographic contingent came from North America — 27%, compared to just 18% in Marrakech.
The big surprise to me is how much equipment ICANN ships out to each of its meetings.
In March, it moved 93 metric tonnes (103 American tons) of kit to Marrakech. About 19 metric tonnes of that was ICANN-owned gear, the rest was hired. That weighs as much as 3.5 African elephants, the report says.
For Helsinki, that was up to 19.7 metric tonnes, more than 12 cars’ worth. Shipped equipment includes stuff like 412 microphones, 73 laptops and 28 printers.
In both reports, ICANN explains the shipments like this:
Much like a touring band, ICANN learned over time that the most cost-effective method of ensuring that meeting participants have a positive experience is to sea freight our own equipment to ICANN meetings. We ship critical equipment, then rent the remaining equipment locally to help promote the economy.
The Helsinki report, which reveals more data than anyone could possibly find useful, can be downloaded as a PDF here.
The fiercely contested .web gTLD is being forced into a last-resort auction and some people seem to think a major registry player is behind it.
They said the sale should be delayed to give applicants time “to investigate whether there has been a change of leadership and/or control” at rival applicant Nu Dot Co LLC.
Nu Dot Co is a new gTLD investment vehicle headed up by Juan Diego Calle, who launched and ran .CO Internet until it was sold to Neustar a couple of years ago.
I gather that some applicants believe that Nu Dot Co’s .web application is now being bankrolled by a larger company with deeper pockets.
The two names I’ve heard bandied around, talking to industry sources this week, are Verisign and Neustar.
Nobody I’ve talked to has a shred of direct evidence either company is involved and Calle declined to comment.
So is this paranoia or not?
There are a few reasons these suspicions may have come about.
First, the recent revelation that successful .blog applicant Primer Nivel, a no-name Panama entity with a Colombian connection, was actually secretly being bankrolled by WordPress, has opened eyes to the possibility of proxy bidders.
It was only after the .blog contention set was irreversibly settled that the .blog contract changed hands and the truth become known.
Some applicants may have pushed the price up beyond the $19 million winning bid — making the rewards of losing the private auction that much higher — had they known they were bidding against a richer, more motivated opponent.
Second, sources say the .web contention set had been heading to a private auction — in which all losing applicants get a share of the winning bid — but Nu Dot Co decided to back out at the last minute.
Under ICANN rules, if competing applicants are not able to privately resolve their contention set, an ICANN last-resort auction must ensue.
Third, this effective vetoing of the private auction does not appear to fit in with Nu Dot Co’s strategy to date.
It applied for 13 gTLDs in total. Nine of those have already gone to auctions that Nu Dot Co ultimately lost (usually reaping the rewards of losing).
The other four are either still awaiting auction or, in the case of .corp, have been essentially rejected for technical reasons.
It usually only makes sense to go to an ICANN last-resort auction — where the proceeds all go to ICANN — if you plan on winning or if you want to make sure your competitors do not get a financial windfall from a private auction.
Nu Dot Co isn’t actually an operational registry, so it doesn’t strictly have competitors.
That suggests to some that its backer is an operational registry with a disdain for new gTLD rivals. Verisign, in other words.
Others think Neustar, given the fact that its non-domains business is on the verge of imploding and its previous acquisition of .CO Internet from Calle.
I have no evidence either company is involved. I’m just explaining the thought process here.
According to its application, two entities own more than 15% of Nu Dot Co. Both — Domain Marketing Holdings, LLC and NUCO LP, LLC — are Delaware shell corporations set up via an agent in March 2012, shortly before the new gTLD application filing deadline.
Many in the industry are expecting .web to go for more than the $41.5 million GMO paid for .shop. Others talk down the price, saying “web” lacks the cultural impact it once had.
But it seems we will all find out later this month.
Responding to the letters from Schlund and Radix, ICANN yesterday said that it had no plans to postpone the July 27 last-resort auction.
All seven applicants had to submit a postponement form by June 12 if they wanted a delay, ICANN informed them in a letter (pdf), and they missed that deadline.
They now have until July 20 to either resolve the contention privately or put down their deposits, ICANN said.
The applicants for .web, aside from Nu Dot Co, are Google, Donuts, Radix, Schlund, Web.com and Afilias.
Due to a string confusion ruling, .webs applicant Vistaprint will also be in the auction.