Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
IAB gives dotless domains the thumbs down
The Internet Architecture Board believes dotless domain names would be “inherently harmful to Internet security.”
The IAB, the oversight committee which is to internet technical standards what ICANN is to domain names, weighed into the debate with an article apparently published yesterday.
In it, the committee states that over time dotless domains have evolved to be used only on local networks, rather than the internet, and that to start delegating them at the top level of the DNS would be dangerous:
most users entering single-label names want them to be resolved in a local context, and they do not expect a single name to refer to a TLD. The behavior is specified within a succession of standards track documents developed over several decades, and is now implemented by hundreds of millions of Internet hosts.
…
By attempting to change expected behavior, dotless domains introduce potential security vulnerabilities. These include causing traffic intended for local services to be directed onto the global Internet (and vice-versa), which can enable a number of attacks, including theft of credentials and cookies, cross-site scripting attacks, etc. As a result, the deployment of dotless domains has the potential to cause significant harm to the security of the Internet
The article also says (if I understand correctly) that it’s okay for browsers to interpret words entered into address bars without dots as local resources and/or search terms rather than domain names.
It’s pretty unequivocal that dotless domains would be Bad.
The article was written because there’s currently a lot of talk about new gTLD applicants — such as Google, Donuts and Uniregistry — asking ICANN to allow them to run their TLDs without dots.
There’s a ban in the Applicant Guidebook on the “apex A records” that would be required to make dotless TLDs work, but it’s been suggested that applicants could apply to have the ban lifted on a case by case basis.
More recently, ICANN’s Security and Stability Advisory Committee has stated almost as unequivocally as the IAB that dotless domains should not be allowed.
But for some reason ICANN recently commissioned a security company to look into the issue.
This seems to have made some people, such as the At Large Advisory Committee, worried that ICANN is looking for some wiggle room to give its new gTLD paymasters what they want.
Alternatively, ICANN may just be looking for a second opinion to wave in the faces of new gTLD registries when it tells them to take a hike. It was quite vague about its motives.
It’s not just a technical issue, of course. Dotless TLDs would shake up the web search market in a big way, and not necessarily for the better.
Donuts CEO Paul Stahura today published an article on CircleID that makes the case that it is the browser makers, specifically Microsoft, that are implementing DNS all wrong, and that they’re objecting to dotless domains for competitive reasons. The IAB apparently disagrees, but it’s an interesting counterpoint nevertheless.
Microsoft objects to Google’s dotless domains plan
Microsoft has strongly urged ICANN to reject Google’s plan for a “dotless” .search gTLD.
In a letter sent a couple of weeks ago and published last night, the company says that Google risks putting the security and stability of the internet at risk if its .search idea goes ahead.
David Tennenhouse, corporate vice president of technology policy, wrote:
Dotless domains are currently used as intranet addresses controlled by private networks for internal use. Google’s proposed amendment would interfere with that private space, creating security vulnerabilities and impacting enterprise network and systems infrastructure around the globe.
It’s a parallel argument to the one going on between Verisign and everyone else with regards to gTLD strings that may conflict with naming schemes on internal corporate networks.
While they’re subtly different problems, ICANN recently commissioned a security study into dotless domains (announced 11 days after Microsoft’s letter was sent) that links the two.
As Tennenhouse says in his letter, ICANN’s Security and Stability Advisory Committee, which has Google employees on it, has already warned about the dotless name problem in SAC053 (pdf).
He also claims that Google had submitted follow-up comments to SAC053 saying dotless domains would be “actively harmful”, but this is slightly misleading.
One Google engineer did submit such a comment, but it limited itself to talking about clashes with internal name certificates, a slightly different issue, and it’s not clear it was an official Google Inc comment.
The new gTLD Applicant Guidebook currently outlaws dotless domains through its ban on “apex A records”, but that ban can be circumvented if applicants can convince a registry services evaluation panel that their dotless domain plans don’t pose a stability risk.
While Google’s original .search application envisaged a single-registrant “closed generic”, it later amended the proposal to make it “open” and include the dotless domain proposal.
This is the relevant bit of the amended application:
Charleston Road Registry will operate a service that allows users to easily perform searches using the search functionality of their choice. This service will operate on the “dotless” search domain name (http://search/) and provide a simple web interface. This interface operates in two modes:
1) When the user has not set a preference for a search engine, they will be prompted to select one. The user will be provided with a simple web form that will allow them to designate a search engine by entering the second level label for any second level domain registered with in the TLD (e.g., if “foo.search” was a valid second level domain name, the user could indicated that their preferred search engine was “foo”). The user can also elect to save this preference, in which case a cookie will be set in the userʹs browser. This cookie will be used in the second mode, as described below. If the user enters an invalid name, they will be prompted again to provide a valid response.
2) If the user has already set a preferred search engine, the redirect service will redirect the initial query to the second level domain name indicated by the userʹs preference, including any query string provided by the user. For example, if the user had previously selected the “foo” search engine and had issued a query for http://search/?q=bar, the server would issue a redirect to http://foo.search/?q=bar. In this manner, the userʹs query will be consistently redirected to the search engine of their choice.
While Google seems to have preempted some concerns about monopolistic practices in the search engine market, approval of its dotless search feature would nevertheless have huge implications.
Make no mistake, dotless domains are a Big Deal and it would be a huge mistake for ICANN to treat them only as a security and stability issue.
What’s weird about Google’s proposal is that by asking ICANN to open up the floodgates for dotless domains, it risks inviting the domain name industry to eat its breakfast, lunch and dinner.
If ICANN lets registries offer TLDs domains without dots, the new gTLD program will no longer be about delegating domain names, it will be about auctioning exclusive rights to search terms.
Today, if you type “beer” into your browser’s address bar (which in all the cases I’m aware of are also search bars) you’ll be directed to a page of search results for the term “beer”.
In future, if “beer” is a domain name, what happens? Do you get search or do you get a web page, owned by the .beer registry? Would that page have value, or would it be little better than a parking page?
If browser makers decided to implement dotless domains — and of course there are plenty of reasons why they wouldn’t — every borderline useful dictionary word gTLD would be sold off in a single round.
Would that be good for the internet? I’d lean toward “no”.
Apple, Google and Microsoft still don’t understand new TLDs
The world’s most-popular web browsers are still failing to recognize new top-level domains, many months after they go live on the internet.
The version of the Safari browser that ships with the Mountain Lion iteration of Apple’s OS X appears to have even gone backwards, removing support for at least one TLD.
The most recent versions of Google’s Chrome and Microsoft’s Internet Explorer also both fail to recognize at least two of the internet’s most recently added TLDs.
According to informal tests on multiple computers this week, Safari 6 on Mountain Lion and the Windows 7 versions of Internet Explorer 9 and Chrome v24 all don’t understand .post and .cw addresses.
Remarkably, it appears that Safari 6 also no longer supports .sx domains, despite the fact that version 5 does.
Typing affected domain names into the address bars of these browsers will result in surfers being taken to a search page (usually Google) instead of their intended destination.
If you want to test your own browser, registry.sx, una.cw and ems.post are all valid, resolving domain names you can try.
The gTLD .post was entered into the DNS root last August and the first second-level domain names went live in October.
The ccTLDs .sx and .cw are for Sint Maarten (Dutch part) and Curacao respectively, two of three countries formed by the breakup of the Netherlands Antilles in 2010.
ICANN approved the delegation of .cw in October 2011 and second-level domains there have been live since at least July 2012 (that’s when the registry’s site, una.cw, went live).
SX Registry’s .sx was delegated in December 2011 and sites there have been live since early 2012. It went into general availability in November.
Safari v5 on Windows and OS X recognizes .sx as a TLD, but v6 on Mountain Lion does not.
The problems faced by .post and .cw on Chrome appear to be mostly due to the fact that neither TLD is included on the Public Suffix List, which Google uses to figure out what a TLD looks like.
A few days after we reported last May that .sx didn’t work on Chrome, SX Registry submitted its details to the PSL, which appears to have solved its problems with that browser.
It’s not at all clear to me why .sx is borked on newer versions of Safari but not the older ones.
If the problem sounds trivial, believe me: it’s not.
The blurring of the lines between search and direct navigation is one of the biggest threats to the long-term relevance of domain names, so it’s vital to the industry’s interests that the problem of universal acceptance is sorted out sooner rather than later.
Microsoft, Yahoo and others involved in new dot-brand gTLD group
HSBC, Microsoft, Yahoo and jewelry maker Richemont have told ICANN they plan to form a new GNSO stakeholder group just for single-registrant gTLD registries.
The group would comprise dot-brand registries and — potentially — other types of single-user gTLD manager.
A letter (pdf) to ICANN chair Steve Crocker, signed by executives from the four companies, reads in part:
As a completely new type of contracted party, we do not have a home to represent our unique community. In addition, the existence of conflicts with other contracted parties makes it challenging for us to reside within their stakeholder group.
Combined, the companies have applied for about 30 single-registrant gTLDs, mostly corresponding to brands.
Richemont, which is applying for dot-brands including .cartier, is also applying for the keywords .jewelry and .watches as single-user spaces.
The group plans to discuss formalizing itself at the next ICANN meeting, in Toronto this October.
During the just-concluded Prague meeting, the GNSO’s existing registries stakeholder group accepted several new gTLD applicants — I believe mainly conventional registries — into the fold as observers.
How the influx of new gTLD registries will affect the GNSO’s structure was a hot topic for the Governmental Advisory Committee during the meeting too. I guess now it has some of the answers it was looking for.
dotFree settles Microsoft botnet lawsuit
One of the companies that plans to apply for the .free top-level domain next year has settled a lawsuit filed by Microsoft over claims it was involved in running the Kelihos botnet.
The suit, filed in late September, had alleged that Czech-based dotFree Group and its CEO, Dominique Piatti, were behind dozens of domains used to spread malware.
dotFree already runs the free .cz.cc subdomain service, which isn’t what you’d call a trustworthy namespace. The whole .cz.cc zone appears to be currently banned from Google’s index.
This week, Microsoft has dropped its claims against the company and Piatti, saying it will instead work with the company to try to help clean up the free .cz.cc space.
Microsoft said on its official blog:
Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFREE Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet. Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti’s cz.cc domain.
As part of the settlement, Mr. Piatti has agreed to delete or transfer all the subdomains used to either operate the Kelihos botnet, or used for other illegitimate purposes, to Microsoft. Additionally, Mr. Piatti and dotFREE Group have agreed to work with us to create and implement best practices to prevent abuse of free subdomains and, ultimately, apply these same best practices to establish a secure free Top Level Domain as they expand their business going forward.
Expect this issue to be raised if and when .free becomes a contested gTLD application.
Windows 8 and the emotional reaction to new gTLDs
Watching videos and reading reports about the Windows 8 demos at Build 2011 yesterday, I found myself experiencing a quite overwhelming feeling of despair.
I’m not usually what you’d call an early adopter.
I did buy my current laptop on the day Windows 7 was released. Not because I’m a Microsoft fanboy; I just needed a new laptop and figured I may as well wait for the new OS to come out.
I resisted buying a mobile phone until 2006. The one I have now cost me £5. I have literally no idea if it does internet or not. The thing I thought was a camera lens turned out to be a flashlight.
I bought an iPod once, but the only reason I haven’t stamped it to pieces yet is because it’s full of photos of loved ones I cannot retrieve because it’s “synched” to a PC that I did stamp to pieces.
I’ve never owned a touch-screen device, and I don’t really want to.
I’m not interested in gestural interfaces or chrome-free environments; I want menus that tell me what the software does and let me click on the thing I want it to do.
Hence my despair at Windows 8, which appears to be doing away with useful stuff in favor of, I dunno, looking nice or something. Microsoft appears to be trying to appeal to (shudder) Apple users.
I felt the same about Google+, which I have yet to join. Apparently it’s quite good, but my initial reaction to its launch earlier this year was “For god’s sake, why?” and “Do we really need more shit to update?”
I fear change…
(tenuous link alert)
…and I feel certain I’m having exactly the same emotional reaction to Windows 8 as many people are having to ICANN’s new gTLD program.
Just as I don’t want to have to think about typing onto a screen (a screen, for crying out loud!) there are millions of people just as pissed right now that they’re being forced to think about new gTLDs.
“But we don’t need them!” they wail. “Everything works just fine as it is!”
Yeah, well that’s how I feel about all the shiny shiny fondlelabs everybody else in the world seems to be currently obsessing over.
I share your pain, Bob Liodice.
But sometimes technology companies come out with new stuff because they think that’s the way to innovate and (of course) make more money.
It’s just the way it is. You’ve got to accept it and move on. If you’re smart, you’ll figure out a way to turn the thing to your advantage.
Everybody currently using Windows 7, Vista or XP will eventually upgrade to Windows 8, even if it’s probably going to be a prettier but less useful version of its predecessors.
If you still buy DVDs, one day you’ll probably be forced to buy a Blu-ray player, just the same as you were forced to upgrade from VHS.
And if you think VeriSign’s mindshare monopoly on the domain name system is the way things should stay forever, new gTLDs are going to make you think again.
Lego overtakes Microsoft in cybersquatting cases
Lego has now filed more complaints against cybersquatters than Microsoft.
The maker of the popular building block toys has filed 236 cases using the Uniform Dispute Resolution Policy since 2006, the vast majority of them since July 2009.
That’s one more than Microsoft, about 50 more than Google and twice as many as Viagra maker Pfizer.
Lego has been particularly aggressive recently. As I’ve previously blogged, Lego lately files a UDRP complaint on average every three days.
The company is usually represented in these cases by Melbourne IT Digital Brand Services, the online trademark enforcement arm of the Aussie registrar.
The 236 cases equates to over $350,000 in WIPO fees alone. I’d be surprised if Lego has spent less than $1 million on UDRP cases over the last few years.
Lego has annual revenue of about $1.8 billion.
It has never lost a case. The company either wins the dispute, or the complaint is terminated before a finding is made.
It’s picked up some oddities along the way, notably including legogiraffepenis.com and legoporn.com.
Yet Lego does not appear to have the most UDRP cases under its belt. I believe that honor may go to AOL, which has filed at least 277 cases over the last decade.
NetSol to alert cops over domain hijacking
Network Solutions intends to “notify the proper authorities” after a high-profile customer had his account hijacked over the weekend.
Stephen Toulouse, head of policy and enforcement for Microsoft’s Xbox LIVE, lost access to stepto.com, including his web site and email, for several hours yesterday, after a disgruntled teenaged gamer persuaded a member of NetSol’s support staff to hand over the account.
In a statement published on its blog, the domain name registrar said it was an “isolated incident directed at a specific customer account”, adding:
We maintain a well developed processes to ensure that Social Engineering attempts or any identified security concerns are immediately alerted to a Supervisor, who will expedite the investigation, usually with the help of the Network Solutions Security team. In this case, the procedure was not followed, and we apologize for any trouble caused to our customer.
Our Security team continues to investigate this matter. Additionally, because we take this matter very seriously, we intend to notify the proper authorities with the evidence that we have gathered, so that they may investigate the person(s) responsible for the fraud.
According to a new YouTube video released by the person claiming responsibility for the attack, “Predator”, he’s 15. He blamed Toulouse for his frequent Xbox LIVE bannings.
While he said he perpetrated the attack to highlight insecurities in Xbox LIVE, he also offered to hijack other gamers’ accounts for up to $250.
Comments posted in response to his first post-attack video claim to reveal his true identity, but of course comments on YouTube are not what you’d call reliable evidence.
The video itself does reveal a fair bit of information, however, so I can’t imagine tracking him down will be too difficult, especially if Microsoft has his parents’ credit card number on file.
His YouTube channel also has videos of him operating a botnet. That’s a whole lot more serious.
Xbox security chief gets domain hijacked
The head of Xbox Live policy and enforcement at Microsoft has had his domain name compromised by a disgruntled gamer using a social engineering attack on Network Solutions
Stephen Toulouse, who goes by the screen name “Stepto” and has the domain stepto.com, seems to have also lost his email, hosting and, as a result, his Xbox Live account.
He tweeted earlier today: “Sigh. please be warned. Network solutions has apparently transferred control of Stepto.com to an attacker and will not let me recover it.”
Somebody claiming to be the attacker has uploaded a video to YouTube showing him clicking around Toulouse’s Xbox account, whilst breathlessly describing how he “socialed his hosting company”.
It’s a bit embarrassing for Toulouse. He was head of communications for Microsoft Security Response Center for many years, handling comms during worm outbreaks such as Blaster and Slammer.
Now at Xbox Live, he is, as the attacker put it, “the guy who’s supposed to be keeping us safe”.
But it’s probably going to be much more embarrassing for Network Solutions. When the tech press gets on the story tomorrow, difficult questions about NSI’s security procedures will no doubt be asked.
Toulouse has already made a few pointed remarks about the company on his Twitter feed today.
Social engineering attacks against domain name registrars exploit human, rather than technological, vulnerabilities, involving calling up tech support and trying to convince them you are your victim.
In this case, hijacking the domain seems to have been a means to control Toulouse’s email account, enabling the attacker to reset his Xbox Live password and take over his “gamer tag”.
The same technique was used to compromise the Chinese portal Baidu.com, that time via Register.com, in late 2009. That resulted in a lawsuit, now settled.
The attacker, calling himself Predator, was apparently annoyed that Toulouse had “console banned” him 35 times, whatever that means.
He seems to have left a fair bit of evidence in his wake, and he appears to be North American, so I expect he’ll be quite easy to track down.
Predator’s video, which shows the immediate aftermath of the attack, is embedded below. It may not be entirely safe for work, due to some casually racist language.
UPDATE (April 5): The video has been removed due to a “violation of YouTube’s policy on depiction of harmful activities”. I snagged a copy before it went, so if anybody is desperate to see it, let me know.
Microsoft spends $7.5 million on IP addresses
It’s official, IP addresses are now more expensive than domain names.
Nortel Networks, the bankrupt networking hardware vendor, has sold 666,624 IPv4 addresses to Microsoft for $7.5 million, according to Delaware bankruptcy court documents (pdf).
That’s $11.25 per address, more than you’d expect to pay for a .com domain name. Remember, there’s no intellectual property or traffic associated with these addresses – they’re just routing numbers.
This, I believe, is the first publicly disclosed sale of an IP address block since ICANN officially announced the depletion of IANA’s free pool of IPv4 blocks last month.
The deal came as part of Nortel’s liquidation under US bankruptcy law, which has been going on since 2009. According to a court filing:
Because of the limited supply of IPv4 addresses, there is currently an opportunity to realize value from marketing the Internet Numbers, which opportunity will diminish over time as IPv6 addresses are more widely adopted.
Nortel contacted 80 companies about the sale a year ago, talked to 14 potential purchasers, and eventually received four bids for the full block and three bids for part of the portfolio.
Microsoft’s bid was the highest.
The Regional Internet Registries, which allocate IP addresses, do not typically view IP as an asset that can be bought and sold. There are processes being developed for assignees to return unused IPv4 to the free pool, for the good of the internet community.
But this kind of “black market” – or “gray market” – for IP addresses has been anticipated for some time. IPv4 is now scarce, there are costs and risks associated with upgrading to IPv6, and the two protocols are expected to co-exist for years or decades to come.
In fact, during ICANN’s press conference announcing the emptying of the IPv4 pool last month, the only question I asked was: “What is the likelihood of an IPv4 black market emerging?”.
In reply, Raul Echeberria, chair of ICANN’s Number Resource Organization, acknowledged the possibility, but played down its importance:
There is of course the possibility of IPv4 addresses being traded outside of the system, but I am very confident it will be a very small amount of IPv4 addresses compared to those transferred within the system. But it is of course a possibility this black market will exist, I’m not sure that it will be an important one. If the internet community moves to IPv6 adoption, the value of the IPv4 addresses will decrease in the future.
I doubt we’ll hear about many of these sales in future, unless they come about due to proceedings such as Nortel’s bankruptcy sale, but I’m also confident they will happen.
The total value of the entire IPv4 address space, if the price Microsoft is willing to pay is a good guide, is approximately $48.3 billion.
Recent Comments