Latest news of the domain name industry

Recent Posts

Browser makers brush me off on DNSSEC support

Kevin Murphy, July 29, 2010, Domain Tech

A couple of weeks back, I emailed PR folk at Microsoft, Mozilla, Google and Opera, asking if they had any plans to provide native support for DNSSEC in their browsers.

As DNS uber-hacker Dan Kaminsky and ICANN president Rod Beckstrom have been proselytizing this week at the Black Hat conference, support at the application layer is the next step if DNSSEC is to quickly gain widespread traction.

The idea is that one day the ability to validate DNSSEC messages will be supported by browsers in much the same way as SSL certificates are today, maybe by showing the user a green address bar.

CZ.NIC has already created a DNSSEC validator plugin for Firefox that does precisely that, but as far as I can tell there’s no native support for the standard in any browser.

These are the responses I received:

Mozilla: “Our team is heads down right now with Firefox 4 beta releases so unfortunately, I am not going to be able to get you an answer.”

Microsoft:
“At this stage, we’re focusing on the Internet Explorer 9 Platform Preview releases. The platform preview is a developer and designer scoped release of Internet Explorer 9, and is not feature complete, we will have more to share about Internet Explorer 9 in the future.”

Google: No reply.

Opera: No reply.

In 11 years of journalism, Apple’s PR team has never replied to any request for information or comment from me, so I didn’t bother even trying this time around.

But the responses from the other four tell us one of two things:

  • Browser makers haven’t started thinking about DNSSEC yet.

Or…

  • Their PR people were just trying to brush me off.

I sincerely hope it’s the former, otherwise this blog post has no value whatsoever.

ICANN threatens to shut down registrar flipper

ICANN has said it will terminate one of its registrars for non-payment of fees, the thirteenth such threatening letter the organization has sent out this year.

The unfortunate recipient is #1 Host Brazil, which has just a couple hundred domains under its belt in the generic top-level domains.

I may be wrong, but based on some cursory research I’m inferring that the registrar is basically a shell accreditation, acquired in order to flip to a larger registrar.

There are 10 other “‘#1 Host” registrars, such as #1 Host Australia and #1 Host Canada, listed on ICANN’s list of accredited registrars, almost all of which were awarded in late 2005 to the same Texan.

They all use the same logos and, due to the hash sign, all appear at the top of alphabetical lists of ICANN-accredited registrars.

Apart from the Brazil and Israel variants, most of the other “#1” accreditations have been acquired by Moniker at various times over the last few years, according to Internic and Whois records.

#1 Host Brazil faces de-accreditation (pdf) on August 24 unless it pays almost $9,000 in ICANN fees and provides evidence of $500,000 in commercial liability insurance.

ICANN chief to address hackers at Black Hat

Kevin Murphy, July 27, 2010, Domain Tech

Globe-trotting ICANN president Rod Beckstrom is heading to Vegas this week, to participate in a panel discussion on DNS security at the Black Hat conference at Caesar’s Palace.

He’ll be joined by Dan Kaminsky, discoverer of the notorious DNS vulnerability that bears his name, and is expected to sing the praises of the new DNSSEC security standard.

Also on tomorrow’s panel, entitled “Systemic DNS Vulnerabilities and Risk Management” are DNS inventor Paul Mockapetris, VeriSign CTO Ken Silva and NERC CSO Mark Weatherford.

ICANN and VeriSign recently signed the DNS root using DNSSEC standard. The challenge they face now is persuading everybody else in the world to jump on the bandwagon.

It’s likely to be slow going. DNSSEC has more than its fair share of skeptics, and even fierce proponents of the standard sometimes acknowledge that there’s not a heck of a lot in the way of a first mover advantage.

I’ll be interested to see if the subject of a DNS-CERT – a body to coordinate DNS security efforts – is raised either during the panel or the subsequent press conference.

From a policy point of view, DNSSEC is pretty much a done deal, whereas a DNS-CERT is still very much a matter for debate within the ICANN community.

I believe this is the first time ICANN has talked publicly at Black Hat. Beckstrom himself has taken the stage under his previous roles in government, but not as ICANN’s top dog.

Despite its name, Black Hat is a pretty corporate event nowadays. In my experience, the proper black/gray hats show up (or swap their lime green corporate polo shirts for Metallica T-shirts) at the weekend for Def Con, which is usually held at a cheaper venue around the corner.

Yes, .co domains are subject to the UDRP

I’ve been getting a fair bit of search traffic over the last few days from people evidently wondering whether .co domain names are subject to the same UDRP rules as .com, so I thought I’d answer the question directly.

Yes, they are.

For avoidance of doubt, I’ve just talked to .CO Internet’s director of marketing, Lori Anne Wardi, who had just talked to the registry’s policy people.

She told me that .co domains are subject to the exact same ICANN UDRP as .com.

If you’re a .co registrant, you’re bound to the policy the same as you are in .com. If you’re a trademark holder, you file a complaint in the same way.

The only difference at the moment is that .CO Internet has contracted with only one UDRP provider, WIPO, but Wardi said that more providers may be signed up in future.

Isn’t it about time for ICANN Las Vegas?

Kevin Murphy, July 23, 2010, Domain Policy

ICANN is now almost 12 years old, it’s held almost 40 public meetings in diverse cities all over the planet, and it’s never been to Vegas. Not once.

That’s got to change.

The organization is currently looking for a North American city in which to hold its fortieth public meeting, slated for next March. It’s the perfect opportunity for a company to put in a Las Vegas bid.

It’s about time ICANN headed to The Strip. It’s got to be the only industry organization in the world to never convene there. If the International Beverage Dispensing Equipment Association gets to have a Vegas convention, why can’t we?

Vegas is the conference center of North America, if not the world. There’s literally dozens of venues capable of handling a thousand or less beardy domain types, all within walking distance of each other.

If the conference facility prices are anything like the hotel room prices, ICANN and its sponsor should be able to find a real bargain.

For overseas visitors on a budget, flights to and hotels in Vegas can be very reasonable – rooms are generally subsidized by the money lost in the casinos downstairs.

The ICANN Fellowship Program would be massively oversubscribed. Live in the developing world? Fancy a free trip to Vegas? ICANN will be fighting off applicants with the proverbial stick.

But who would sponsor such a meeting?

Let me think… we’d be looking for a domain name company with deep pockets, something to sell, and no particular queasiness about sponsoring a Sin City event.

Can you think of anyone like that?

By March 2011, ICM Registry will very likely be in the pre-launch stages of the .xxx TLD.

The company will be looking for registrar partners, trying to assure IP interests that it’s not going to screw them, preparing for its sunrise and landrush periods… perfect timing.

Plus, we could have strippers at the Gala Event.

The stars are aligning on Las Vegas for ICANN 40.

ICANN, ICM – let’s make this happen.