Latest news of the domain name industry

Recent Posts

.music and .gay CPE probe could end this month

Kevin Murphy, June 5, 2017, Domain Policy

An ICANN-commissioned investigation into the fairness of its Community Priority Evaluation process for new gTLDs could wind up before the end of June.

In an update Friday, ICANN also finally revealed who is actually conducting the probe, which has been slammed by affected applicants for being secretive.

A tentative timeline sketched out in the update means applicants for gTLDs including .gay and .music could find their applications closer to release from limbo in just a few weeks.

ICANN revealed that FTI Consulting’s Global Risk and Investigations Practice and Technology Practice have been looking into claims ICANN staff meddled in the Economist Intelligence Unit’s supposedly independent CPE reviews for the last several months.

FTI is reviewing how ICANN staff interacted with the EIU during the CPE processes, how the EIU conducted its research and whether the EIU applied the CPE criteria uniformly across different gTLDs.

ICANN said that FTI finished collected material from ICANN in March and hopes to have all the information it has asked the EIU for by the end of this week.

It could deliver its findings to ICANN two weeks after that, ICANN said.

Presumably, there would be little to prevent ICANN publishing these findings very shortly thereafter.

ICANN has been harangued by some of the applicants for .music, .gay, hotel, .cpa, .llc, .inc, .llp and .merck, all of which have been affected by controversial CPE decisions and have been delayed by the investigation, for months.

Time to show ICANN who’s boss!

Kevin Murphy, June 1, 2017, Domain Policy

You are in charge of ICANN.

That statement may sound trite — it is trite — but it’s always been true to some extent.

Even if their individual voices are often lost, members of the ICANN community have always had the ability to influence policy, whether through sporadic responses to public comment periods or long term, soul-crushing working group volunteer work.

ICANN only really has power through community consent.

That’s another trite statement, but one which became more true on October 1 last year, when ICANN separated itself from US government oversight and implemented a new set of community-created bylaws.

The new bylaws created a new entity, the “Empowered Community”, which essentially replaced the USG and is able to wield more power than the ICANN board of directors itself.

Indeed, the Empowered Community can fire the entire board if it so chooses; a nuclear option for the exercise of community control that never existed before.

And the EC is, at the ICANN 59 public meeting in Johannesburg at the end of the month, about to get its first formal outing.

What the EC will discuss is pretty dull stuff. That’s why I had to trick you into reading this post with an outrageous, shameless, sensationalist headline.

Before getting into the substance of the Johannesburg meeting, I’m going to first bore you further for several paragraphs by attempting to answering the question: “What exactly is the Empowered Community?”

The EC exists an an “unincorporated association” under California law, ICANN deputy general counsel Sam Eisner told me.

It doesn’t have shareholders, directors, staff, offices… you wouldn’t find it by searching California state records. But it would have legal standing to take ICANN to court, should the need arise.

It was basically created by the new ICANN bylaws.

It comprises the five major constituencies of ICANN — the Generic Names Supporting Organization, the Country Code Names Supporting Organization, the Governmental Advisory Committee, the At-Large Advisory Committee and the Address Supporting Organization.

They’re called “Decisional Participants” and each is represented on a committee called the EC Administration by a single representative.

Right now, each group is represented on the Administration by its respective chair — GNSO Council chair James Bladel of GoDaddy represents the GNSO currently, for example — but I gather that doesn’t necessarily have to be the case; each group can decide how it appoints its rep.

Bladel tells me that each representative only takes action or casts a vote after being told to do so by their respective communities. As individuals, their power is extremely limited.

When the EC makes decisions, there must always be at least three votes in favor of the decision and no more than one vote against. A 3-1 vote would count as approval, a 3-2 vote would not.

This is to make sure that there is a fairly high degree of consensus among stakeholders while also preventing one community stonewalling the rest for strategic purposes.

The EC’s nine powers are enumerated in article 6.2 of the ICANN bylaws.

It can hire and fire an unlimited number of directors, reject the ICANN budget, file Requests for Reconsideration or Independent Review Process appeals, sue ICANN, and oversee changes to the ICANN bylaws.

Most of these powers are reactive — that is, if the ICANN board did something terrible the EC would have to consciously decide to act upon it in some way.

But one of them — approval of changes to Fundamental Bylaws — places the EC squarely in the legislative pathway. Think of it like the Queen of England’s Royal Assent or the US president’s ability to veto bills before they become law.

That’s the role the EC will adopt in Joburg this month.

The ICANN board recently passed a resolution calling for a new board committee to be created to focus on handling accountability mechanisms such as Reconsideration, removing the function from the overworked Board Governance Committee.

Because this requires a change to a Fundamental Bylaw — those bylaws considered so important they need more checks and balances — the EC has been called upon to give it the community’s formal consent.

To the best of my knowledge, the bylaws amendment is utterly uncontroversial. I haven’t heard of any objections or complaints about what essentially seems to be a probably beneficial tweak in how ICANN’s board functions.

But it will be the EC’s first formal exercise of executive power.

So there will be a session at ICANN 59 in which the EC convenes to discuss the board’s resolution and, probably, hear any input it has not already heard.

The exact format of the session seems to be up in the air at the moment, but I gather an open-mic “public forum” style meeting of about an hour is the most likely choice. It will of course be webcast, with remote participation, as almost all ICANN public meetings are.

No votes will be cast at the session — I’m told the bylaws actually forbid it — but the EC will have only 21 days afterwards to poll their communities and formally deliver their verdict. Assuming at least three of the communities consent to the board resolution and no more than one objects, it will automatically become ICANN law.

The next test of the EC, which would prove to be actually newsworthy enough to write about without a clickbait headline, may well be the ICANN budget. ICANN’s financial year ends at the end of June, and the EC has explicit powers to reject it.

The budget often raises concerns from those parties who actually pay into it, and given the difficulties the industry is in right now there may be more concerns than usual.

Anyway, this is the way ICANN works nowadays. It would make for more interesting reading if a triumvirate of Iran, China and Russia now ran the show, but they don’t. You lot do.

Just be glad Donald Trump isn’t holding the reins.

Sorry, that was also trite, wasn’t it.

Emoji domains get a 👎 from security panel

Kevin Murphy, May 30, 2017, Domain Tech

The use of emojis in domain names has been discouraged by ICANN’s Security and Stability Advisory Committee.

In a paper late last week, SSAC told ICANN that emojis — aka emoticons or smileys — lack standardization, are barred by the relevant domain name technical standards, and could cause user confusion.

Emoji domains, while technically possible, are not particularly prevalent on the internet right now.

They’re implicitly banned in gTLDs due to the contractual requirement to adhere to the IDNA2008 standard, which restricts internationalized domain names to actual spoken human languages, and the only ccTLD I’m aware of actively marketing the names is Samoa’s .ws.

There was a notable example of Coca Cola registering 😀.ws (xn--h28h.ws) for a billboard marketing campaign in Puerto Rico a couple of years ago, but that name has since expired and been registered by an Australian photographer.

The SSAC said that emoji use should be banned in TLDs and discouraged at the second level for several reasons.

Mainly, the problem is that while emojis are described in the Unicode standards, there’s no standardization across devices and applications as to how they are displayed.

A certain degree of creative flair is permitted, meaning a smiling face in one app may look unlike the technically same emoji in another app. On smaller screens and with smaller fonts, technically different emojis may look alike.

This could lead to confusion, which could lead to security problems, SSAC warns:

It is generally difficult for people to figure out how to specify exactly what happy face they are trying to produce, and different systems represent the same emoji with different code points. The shape and color of emoji can change while a user is viewing them, and the user has no way of knowing whether what they are seeing is what the sender intended. As a result, the user is less likely to reach the intended resource and may instead be tricked by a phishing site or other intentional misrepresentation.

SSAC added that it:

strongly discourages the registration of any domain name that includes emoji in any of its labels. The SSAC also advises registrants of domain names with emoji that such domains may not function consistently or may not be universally accessible as expected

The brief paper can be read here (pdf).

Country names to finally be released in new gTLDs

Kevin Murphy, May 24, 2017, Domain Policy

It looks like hundreds of domain names matching the names of countries are to finally get released from ICANN limbo.

The ICANN board last week passed a resolution calling for the organization to clear a backlog of over 60 registry requests to start selling or using country and territory names in their gTLDs.

Some of the requests date back to 2014. They’ve all been stuck in red tape while ICANN tried to make sure members of the Governmental Advisory Committee was cool with the names being released.

The result of these three years of pondering is scrappy, but will actually allow some names to hit the market this year.

The new resolution calls for ICANN to “take all steps necessary to grant ICANN approvals for the release of country and territory names at the second-level”, but only “to the extent the relevant government has indicated its approval”.

And that’s the catch.

Some governments, such as the US and UK, don’t care who registers matching names. Dozens of others want to vet each registry request on a case-by-case basis.

The wishes of each government are record in a GAC database.

The only territories to so far give a blanket waiver over their names are: Denmark, Finland, Ireland, the Netherlands, Norway, Sweden, the UK, the USA, Guernsey and Pitcairn.

Almost 70 other countries have said they need to be told when a registry wants to sell a domain matching their name. Ten others give carte blanche to closed dot-brands, but require notification in the case of open gTLDs.

The majority of countries in the world have yet to officially express a preference one way or the other.

Of the roughly 60 new gTLD registries to request country name releases over the last few years, the vast majority are dot-brands. The number of open gTLDs with such requests appears to be in the single figures, and the only ones with mass-market appeal appear to be .xyz and .global.

Want to be one of the internet’s SEVEN SECRET KEY-HOLDERS? Apply now!

Kevin Murphy, May 22, 2017, Domain Tech

ICANN has put out a call for volunteers, looking for people to become what are sometimes referred to as “the internet’s seven secret key holders”.

Specifically, it needs Trusted Community Representatives, people of standing in the internet community who don’t mind carrying around a small key and getting a free trip to Los Angeles or Virginia once or twice a year.

The TCRs are used in the paranoia-inducing cryptographic key-signing ceremonies that provide DNSSEC at the root of the domain name system.

The ceremonies take place at ICANN data centers four times a year. The ceremonies themselves take hours, involve multiple layers of physical and data security, and the volunteers are expected to hang around for a day or two before and after each.

There’s no compensation involved, but the TCRs are allowed to apply to ICANN for travel reimbursements.

ICANN expects TCRs to stick around for about five years, but the large majority of the 28 people who act as TCRs (yeah, it’s not seven, it’s 28) have been in the role since 2010 and ICANN is probably planning a cull.

Other than knowing what the DNS is and how it works, the primary requirements are “integrity, objectivity, and intelligence, with reputations for sound judgment and open minds”.

If you think you tick those boxes, head here to apply.