Latest news of the domain name industry

Recent Posts

ICANN turns 20 today (or maybe not)

Kevin Murphy, September 18, 2018, Domain Policy

ICANN is expected to celebrate its 20th anniversary at its Barcelona meeting next month, but by some measures it has already had its birthday.

If you ask Wikipedia, it asserts that ICANN was “created” on September 18, 1998, 20 years ago today.

But that claim, which has been on Wikipedia since 2003, is unsourced and probably incorrect.

While it’s been repeated elsewhere online for the last 15 years, I’ve been unable to figure out why September 18 has any significance to ICANN’s formation.

I think it’s probably the wrong date.

It seems that September 16, 1998 was the day that IANA’s Jon Postel and Network Solutions jointly published the organization’s original bylaws and articles of incorporation, and first unveiled the name “ICANN”.

That’s according to my former colleague and spiritual predecessor Nick Patience (probably the most obsessive journalist following DNS politics in the pre-ICANN days), writing in now-defunct Computergram International on September 17, 1998.

The Computergram headline, helpfully for the purposes of the post you are reading, is “IANA & NSI PUBLISH PLAN FOR DNS ENTITY: ICANN IS BORN”.

Back then, before the invention of the paragraph and when ALL CAPS HEADLINES were considered acceptable, Computergram was published daily, so Patience undoubtedly wrote the story September 16, the same day the ICANN proposal was published.

A joint Postel/NetSol statement on the proposal was also published September 17.

The organization was not formally incorporated until September 30, which is probably a better candidate date for ICANN’s official birthday, archived records show.

Birthday meriments are expected to commence during ICANN 63, which runs from October 20 to 25. There’s probably free booze in it, for those on-site in Barcelona.

As an aside that amused me, the Computergram article notes that Jones Day lawyer Joe Sims very kindly provided Postel with his services during ICANN’s creation on a “pro bono basis”.

Jones Day has arguably been the biggest beneficiary of ICANN cash over the intervening two decades, billing over $8.7 million in fees in ICANN’s most recently reported tax year alone.

Van der Laan to leave ICANN board

Kevin Murphy, September 17, 2018, Domain Policy

Former Dutch politician Lousewies van der Laan is to leave the ICANN board of directors next month and be replaced with the former CEO of the Serbian ccTLD.

ICANN said yesterday that Danko Jevtovic, who headed RNIDS from 2013 until July last year, has been selected to occupy van der Laan’s seat following the Annual General Meeting in Barcelona.

Van der Laan, who had been selected by the Nominating Committee for a second term, has had to decline the offer “due to unforeseen family obligations”, ICANN said.

Jevtovic will take his seat at the same time as fellow NomCom appointee, Tripti Sinha of the University of Maryland, who oversees management of the DNS D-root server and replaces term-limited George Sadowsky.

El Salvadorean ccTLD founder Rafael “Lito” Ibarra is the third NomCom appointee this year, starting his second term next month.

Set buttocks to clench! ICANN approves risky KSK rollover

Kevin Murphy, September 17, 2018, Domain Policy

ICANN has approved the first rollover of the domain name system’s master security key, setting the clock ticking on a change that could cause internet access issues for millions.

The so-called KSK rollover, when ICANN deletes the key-signing key that has been used as the trust anchor for the DNSSEC ecosystem since 2011 and replaces it with the new one — will now go ahead as planned on October 11.

The decision was made yesterday at the ICANN board of directors’ retreat in Brussels.

ICANN chief technology officer David Conrad posted this to an ICANN mailing list this morning:

The Board voted to approve the resolution for ICANN org to move forward with the revised KSK rollover plan. So barring unforeseen circumstances, the KSK-2017-signed ZSK will be used to sign the root zone on 11 October 2018.

The rollover was due to happen October 11 last year, but ICANN delayed it when it emerged that many DNS resolvers weren’t yet configured to use the new key.

That’s still a problem, and nobody knows for sure how many endpoints will stop functioning properly when the new KSK goes solo.

While most experts weighing in on the rollover, including Conrad, agreed that the risk of more delay outweighed the risk of rolling now, that feeling was not unanimous.

Five members of the 22-member Security and Stability Advisory Committee — including top guys from Google and Verisign — last month dissented from the majority view and said ICANN should delay again.

The question now is not whether internet users will see a disruption in the days following October 11, but how many users will be affected and how serious their disruptions will be.

Based on current information, as many as two million internet users could be affected.

ICANN is likely to take flak for even relatively minor disruptions, but the alternative was to continue with the delays and risk an even bigger impact, and even more flak, in future.

The text of ICANN’s resolution and the rationale behind it will be published in the next day or so.

Mediators hired as Whois reformers butt heads

Kevin Murphy, September 17, 2018, Domain Policy

ICANN has hired professional mediators to help resolve strong disagreements in the working group tasked with reforming Whois for the post-GDPR world.

Kurt Pritz, chair of the Expedited Policy Development Process for Whois, last week told the group that ICANN has drafted in the Consensus Building Institute, with which it has worked before, to help “narrow issues and reach consensus”.

Three CBI mediators will brief the EPDP group today, and join them when the WG meets face-to-face for the first time at a three-day session in Los Angeles later this month.

Their goal is not to secure any particular outcome, but to help the disparate viewpoints find common ground, Pritz told the group.

It’s been Pritz’s intention to get the mediators in since day one — he knew in advance how divisive Whois policy is — but it’s taken until now to get the contracts signed.

The EPDP WG’s job is to create a new, privacy-conscious, consensus Whois policy that will apply to all gTLD registries and registrars. Its output will replace ICANN’s post-GDPR Temporary Specification for Registration Data, which in turn replaced the longstanding Whois policy attached to all ICANN registry and registrar contracts.

Since the working group first convened in early August — about 500 emails and 24 hours of painful teleconferences ago — common ground has been hard to find, and in fact the EPDP group did not even attempt to find consensus for the first several weeks of discussions.

Instead, they worked on its first deliverable, which was finalized last week, a “triage report” that sought to compile each faction‘s opinion of each section of ICANN’s Temp Spec.

The idea seemed sensible at the time, but with hindsight it’s arguable whether this was the best use of the group’s time.

The expectation, I believe, was that opposing factions would at least agree on some sections of text, which could then be safely removed from future debate.

But what emerged instead was this, a matrix of disagreement in which no part of the Temp Spec did not have have at least one group in opposition: Triage Table

The table is potentially misleading, however. Because groups were presented with a binary yes/no option for each part of the spec, “no” votes were sometimes recorded over minor language quibbles where in fact there was agreement in principle.

By restricting the first few weeks of conversation to the language of the Temp Spec, the debate was arguably prematurely hamstrung, causing precious minutes to trickle away.

And time is important — the EPDP is supposed to deliver its consensus-based Initial Report to the ICANN 63 meeting in Barcelona about five weeks from now.

That’s going to be tough.

What’s becoming increasingly clear to me from the post-triage talks is that the WG’s task could be seen as not much less than a wholesale, ground-up, reinvention of the Whois wheel, recreated with GDPR as the legal framework.

Who is Whois for?

Discussions so far have been quite mind-expanding, forcing some fundamental rethinking of long-held, easy assumptions, at least for this lurker. Here’s an example.

One of the fundamental pillars of GDPR is the notion of “purposes”. Companies that collect private data on individuals have to do so only with specific, enumerated purposes in mind.

The WG has started by discussing registrars. What purpose does a registrar have when it collects Whois data from its registrants?

None whatsoever, it was claimed.

“To execute the contract between the registrant and the registrar, it’s really not necessary for registrars to collect any of this information,” GoDaddy head of policy James Bladel, representing registrars, told the group on its latest call Thursday.

Registrars collect data on their customers (not just contact data, but also stuff like credit card details) for billing and support purposes, but this is not the same as Whois data. It’s stored separately and never published anywhere. While covered by GDPR, it’s not covered by Whois policy.

Whois data is only collected by registrars for third parties’ purposes, whether that third party be a registry, ICANN, a data escrow agent, a cop, or an intellectual property enforcer.

“Other than a few elements such as domain name servers, there is nothing that is collected in Whois that is needed for the registrar to do their business,” At-Large Advisory Committee chair Alan Greenberg told the WG. “All of them are being collected for their availability to third parties, should they need it.”

While this may seem like a trivial distinction, drawing a hard line between the purposes of registries, registrars and ICANN itself on the one hand and law enforcement, cybersecurity and IP lawyers on the other is one of the few pieces of concrete advice ICANN has received from European data protection regulators.

There’s by no means unanimous agreement that the registrars’ position is correct, but it’s this kind of back-to-basics discussion that makes me feel it’s very unlikely that the EPDP is going to be able to produce an Initial Report with anything more than middling consensus by the October deadline.

I may be overly pessimistic, but (mediators or no mediators) I expect its output will be weighted more towards outlining and soliciting public comment on areas of disagreement than consent.

And the WG has not yet even looked in depth at the far thornier issue of “access” — the policy governing when third parties such as IP lawyers will be able to see redacted Whois data.

Parties on the pro-access side of the WG have been champing at the bit to bring access into the debate at every opportunity, but have been

Hey, look, a squirrel!

The WG has also been beset by its fair share of distractions, petty squabbles and internal power struggles.

The issues of “alternates” — people appointed by the various constituencies to sit in on the WG sessions when the principles are unavailable — caused some gnashing of teeth, first over their mailing list and teleconference privileges and then over how much access they should get to the upcoming LA meeting.

Debates about GDPR training — which some say should have been a prerequisite to WG participation — have also emerged, after claims that not every participant appeared clued-in as to what the law actually requires. After ICANN offered a brief third-party course, there were complaints that it was inadequate.

Most recently, prickly Iranian GAC rep Kavouss Arasteh last week filed a formal Ombudsman complaint over a throwaway god-themed pun made by Non-Com Milton Mueller, and subsequently defended by fellow non-resident Iranian Farzaneh Badii, in the Adobe Connect chat room at the September 6 meeting.

Mueller has been asked to apologize.

Donuts gets bought by former ICANN CEO’s firm

Kevin Murphy, September 5, 2018, Domain Registries

Donuts is to be bought by a private equity firm that has a former ICANN CEO as a partner.

The company, which holds the largest portfolio of new gTLDs, has agreed to be acquired by Boston-based private equity firm Abry Partners for an undisclosed sum.

Not much info about the deal has been released, but one senses an ICANN alum’s hand at the wheel.

Former ICANN chief Fadi Chehade is a partner at Abry, having been initially employed as senior advisor on digital strategy back in 2016 after he left ICANN.

Abry, on its web site, says it focuses its investments on profitable companies, adding:

Depending on the type of fund, we target investments from $20 million to $200 million.

Since Abry’s inception, we’ve developed deep industry expertise in Broadband, Business Services, Communications, Cybersecurity, Healthcare IT, Information Services, Insurance Services, Internet-of-Things, Logistics, Media, and Software as a Service.

Since its formation in 1989, Abry has “completed more than $77 billion of transactions, representing investments in more than 650 properties.”

Donuts was founded by domain veterans Paul Stahura, Jon Nevett, Richard Tindal and Daniel Schindler in order to take advantage of ICANN’s new gTLD program..

It was initially funded by $100 million from Austin Ventures, Adams Street Partners, Emergence Capital Partners, TL Ventures, Generation Partners and Stahurricane.

It currently runs over 200 TLDs, the most populous of which I believe is .ltd, with over 400,000 names.

Donuts is the latest of a series of domain companies to exit via the private equity route, notably following Neustar and Web.com.

Chehade was ICANN’s CEO between 2012 and 2015. While he was not involved in the industry during the new gTLD’s program’s inception, he did oversee its early years.