Recent Posts
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
- Domain universe grows despite .com drag
Should .com get a thick Whois?
The ICANN community has taken another baby step towards pushing VeriSign into implementing a “thick” Whois database for .com and .net domain names.
The GNSO Council yesterday voted to ask ICANN to prepare an Issue Report exploring whether to require “all incumbent gTLDs” to operate a thick Whois. Basically, that means VeriSign.
The .com and .net registries currently run on a “thin” model, whereby each accredited registrar manages their own Whois databases.
Most other gTLDs today run thick registries, as will all registries approved by ICANN under its forthcoming new gTLDs program.
The thinness of .com can cause problems during inter-registrar transfers, when gaining and losing registrars have no central authoritative database of registrant contact details to rely upon.
In fact, yesterday’s GNSO vote followed the recommendations of a working group that decided after much deliberation that a thick .com registry may help reduce bogus or contested transfers.
Trusting registrars to manage their own Whois is also a frequent source of frustration for law enforcement, trademark interests and anti-spam firms.
Failure to maintain a functional web-based or port 43 Whois interface is an often-cited problem when ICANN’s compliance department terminates rogue registrars.
Now that an Issue Report has been requested by the GNSO, the idea of a thick .com moves closer to a possible Policy Development Process, which in turn can create binding ICANN consensus policies.
There’s already a clause in VeriSign’s .com registry agreement that gives ICANN the right to demand that it creates a centralized Whois database.
Switching to a thick model would presumably not only transfer responsibility to VeriSign, but also cost and liability, which is presumably why the company seems to be resisting the move.
Don’t expect the changes to come any time soon.
Writing the Issue Report is not expected to be a priority for ICANN staff, due to their ongoing chronic resource problems, and any subsequent PDP could take years.
The alternative – for ICANN and VeriSign to come to a bilateral agreement when the .com contract comes up for renewal next year – seems unlikely given that ICANN did not make a similar requirement when .net was renegotiated earlier this year.
VeriSign to raise .com and .net prices again
VeriSign has announced price increases for .com and .net domain name registrations.
From January 15, 2012, .com registry prices will increase from $7.34 to $7.85 and .net fees will go up from $4.65 to $5.11.
That’s a 10% increase for .net and a 7% increase for .com, the maximum allowable under its registry agreements with ICANN.
As ever, registrants have six months to lock down their domains at current pricing by renewing for periods of up to 10 years.
The last time VeriSign raised prices, also by 7% and 10%, the higher prices became effective a year ago, July 2010.
VeriSign’s contract for .net was renewed last month after it was approved by the ICANN board of directors.
Its .com contract comes up for renewal next year.
VeriSign’s .net contract renewed
VeriSign has been given the nod to continue to run the .net domain registry after a vote by ICANN’s board of directors today.
The vote was 14-0, with director Bertrand De La Chappelle abstaining without explanation.
The renewal is hardly surprising – nobody thought for a second that VeriSign would fail to retain the contract – but the deal was controversial anyway, due to a Boing-Boing misunderstanding.
The contract still allows VeriSign to carry on raising prices, by up to 10% in any given year, and it still calls for ICANN to receive $0.75 per domain, which currently adds up to over $10 million a year.
The money is still ostensibly earmarked for special projects including extending ICANN’s outreach into developing nations and DNS security, and the resolution passed by the board today says:
ICANN commits to provide annual reporting on the use of these funds from .NET transaction fees.
This is presumably designed to address criticisms that it basically ignored its commitment under the 2006 .net agreement to set up two “special restricted funds” to manage .net cash, as I reported on here.
Hot topics for ICANN Singapore
ICANN’s 41st public meeting kicks off in Singapore on Monday, and as usual there are a whole array of controversial topics set to be debated.
As is becoming customary, the US government has filed its eleventh-hour saber-rattling surprises, undermining ICANN’s authority before its delegates’ feet have even touched the tarmac.
Here’s a high-level overview of what’s going down.
The new gTLD program
ICANN and the Governmental Advisory Committee are meeting on Sunday to see if they can reach some kind of agreement on the stickiest parts of the Applicant Guidebook.
They will fail to do so, and ICANN’s board will be forced into discussing an unfinished Guidebook, which does not have full GAC backing, during its Monday-morning special meeting.
It’s Peter Dengate Thrush’s final meeting as chairman, and many observers believe he will push through some kind of new gTLDs resolution to act as his “legacy”, as well as to fulfill the promise he made in San Francisco of a big party in Singapore.
My guess is that the resolution will approve the program in general, lay down some kind of timetable for its launch, and acknowledge that the Guidebook needs more work before it is rubber-stamped.
I think it’s likely that the days of seemingly endless cycles of redrafting and comment are over for good, however, which will come as a relief to many.
Developing nations
A big sticking point for the GAC is the price that new gTLD applicants from developing nations will have to pay – it wants eligible, needy applicants to get a 76% discount, from $185,000 to $44,000.
The GAC has called this issue something that needs sorting out “as a matter of urgency”, but ICANN’s policy is currently a flimsy draft in desperate need of work.
The so-called JAS working group, tasked with creating the policy, currently wants governmental entities excluded from the support program, which has made the GAC, predictably, unhappy.
The JAS has proven controversial in other quarters too, particularly the GNSO Council.
Most recently, ICANN director Katim Touray, who’s from Gambia, said the Council had been “rather slow” to approve the JAS’s latest milestone report, which, he said:
might well be construed by many as an effort by the GNSO to scuttle the entire process of seeking ways and means to provide support to needy new gTLD applicants
This irked Council chair Stephane Van Gelder, who rattled off a response pointing out that the GNSO had painstakingly followed its procedures as required under the ICANN bylaws.
Watch out for friction there.
Simply, there’s no way this matter can be put to bed in Singapore, but it will be the topic of intense discussions because the new gTLD program cannot sensibly launch without it.
The IANA contract
The US National Telecommunications and Information Administration wants to beef up the IANA contract to make ICANN more accountable to the NTIA and, implicitly, the GAC.
Basically, IANA is being leveraged as a way to make sure that .porn and .gay (and any other TLD not acceptable to the world’s most miserable regimes) never make it onto the internet.
If at least one person does not stand up during the public forum on Thursday to complain that ICANN is nothing more than a lackey of the United States, I’d be surprised. My money’s on Khaled Fattal.
Vertical integration
The eleventh hour surprise I referred to earlier.
The US Department of Justice, Antitrust Division, informed ICANN this week that its plan to allow gTLD registries such as VeriSign, Neustar and Afilias to own affiliated registrars was “misguided”.
I found the letter (pdf) utterly baffling. It seems to say that the DoJ would not be able to advise ICANN on competition matters, despite the fact that the letter itself contains a whole bunch of such advice.
The letter has basically scuppered VeriSign’s chances of ever buying a registrar, but I don’t think anybody thought that would happen anyway.
Neustar is likely to be the most publicly annoyed by this, given how vocally it has pursued its vertical integration plans, but I expect Afilias and others will be bugged by this development too.
The DoJ’s position is likely to be backed up by Europe, now that the NTIA’s Larry Strickling and European Commissioner Neelie Kroes are BFFs.
Cybercrime
Cybercrime is huge at the moment, what with governments arming themselves with legions of hackers and groups such as LulzSec and Anonymous knocking down sites like dominoes.
The DNS abuse forum during ICANN meetings, slated for Monday, is usually populated by pissed-off cops demanding stricter enforcement of Whois accuracy.
They’ve been getting louder during recent meetings, a trend I expect to continue until somebody listens.
This is known as “engaging”.
Geek stuff
IPv6, DNSSEC and Internationalized Domain Names, in other words. There are sessions on all three of these important topics, but they rarely gather much attention from the policy wonks.
With IPv6 and DNSSEC, we’re basically looking at problems of adoption. With IDNs, there’s impenetrably technical stuff to discuss relating to code tables and variant strings.
The DNSSEC session is usually worth a listen if you’re into that kind of thing.
The board meeting
Unusually, the board’s discussion of the Guidebook has been bounced to Monday, leading to a Friday board meeting with not very much to excite.
VeriSign will get its .net contract renewed, no doubt.
The report from the GAC-board joint working group, which may reveal how the two can work together less painfully in future, also could be interesting.
Anyway…
Enough of this blather, I’ve got a plane to catch.
What happened to ICANN’s .net millions?
Questions have been raised about how ICANN accounts for the millions of dollars it receives in fees from .net domain name registrations.
The current .net registry agreement between ICANN and VeriSign was signed in June 2005. It’s currently up for renewal.
Both the 2005 and 2011 versions of the deal call for VeriSign to pay ICANN $0.75 for every .net registration, renewal and transfer.
Unlike .com and other TLDs, the .net contract specifies three special uses for these fees (with my emphasis):
ICANN intends to apply this fee to purposes including:
(a) a special restricted fund for developing country Internet communities to enable further participation in the ICANN mission by developing country stakeholders,
(b) a special restricted fund to enhance and facilitate the security and stability of the DNS, and
(c) general operating funds to support ICANN’s mission to ensure the stable and secure operation of the DNS.
However, almost six years after the agreement was executed, it seems that these two “special restricted funds” have never actually been created.
ICANN’s senior vice president of stakeholder relations Kurt Pritz said:
To set up distinctive organizations or accounting schemes to track this would have been expensive, complex and would have served no real value. Rather — it was intended that the ICANN budget always include spending on these important areas — which it clearly does.
He said that ICANN has spent money on, for example, its Fellowships Program, which pays to fly in delegates from developing nations to its thrice-yearly policy meetings.
He added that ICANN has also paid out for security-related projects such as “signing the root zone and implementing DNSSEC, participating in cross-industry security exercises, growing the SSR organization, conducting studies for new gTLDs”.
These initiatives combined tally up to an expenditure “in excess of the amounts received” from .net, he said.
It seems that while ICANN has in fact been spending plenty of cash on the projects called for by these “special restricted funds”, the money has not been accounted for in that way.
Interestingly, when the .net contract was signed in 2005, ICANN seemed to anticipate that the developing world fund would not be used to pay for internal ICANN activities.
ICANN’s 2005-2006 budget, which was approved a month after the .net deal, reads, with my emphasis:
A portion of the fees paid by the operator of the .NET registry will become part of a special restricted fund for developing country Internet communities to enable further participation in the ICANN mission by developing country stakeholders. These monies are intended to fund outside entities as opposed to ICANN staff efforts.
That budget allocated $1.1 million to this “Developing Country Internet Community Project”, but the line item had disappeared by time the following year’s budget was prepared.
Phil Corwin from the Internet Commerce Association estimates that the $0.75 fees added up to $6.8 million in 2010 alone, and he’s wondering how the money was spent.
“We believe that ICANN should disclose to the community through a transparent accounting exactly how these restricted funds have actually been utilized in the past several years,” Corwin wrote.
He points out that the contract seems to clearly separate the two special projects from “general operating funds”, which strongly suggests they would be accounted for separately.
Given that .net fees have been lumped in with general working capital for the last six years, it seems strange that the current proposed .net registry agreement still calls for the two special restricted funds.
The oddity has come to the attention of the ICA and others recently because the new proposed .net contract would allow VeriSign for the first time to offer differential pricing to registrars in the developing world.
The agreement allows VeriSign to “provide training, technical support, marketing or incentive programs based on the unique needs of registrars located in such geographies to such registrars”, and specifically waives pricing controls for such programs.
It seems probable that this amendment was made possible due to the .net contract’s existing references to developing world projects.
Corwin said ICA has nothing against such programs, but is wary that existing .net registrants may wind up subsidizing registrants in the developing world.
ICANN gets Boing-Boinged over URS
Boing-Boing editor Cory Doctorow caused a storm in a teacup yesterday, after he urged his legions of readers to complain to ICANN about copyright-based domain name seizures and the abolition of Whois privacy services in .net.
Neither change has actually been proposed.
The vast majority of the comments filed on VeriSign’s .net contract renewal now appear to have been sent by Boing-Boing readers, echoing Doctorow’s concerns.
Doctorow wrote: “Among the IPC’s demands are that .NET domains should be subject to suspension on copyright complaints and that anonymous or privacy-shielded .NET domains should be abolished.”
Neither assertion is accurate.
Nobody has proposed abolishing Whois privacy services. Nobody has proposed allowing VeriSign to seize domain names due to copyright infringement complaints.
What has happened is that ICANN’s Intellectual Property Constituency has asked ICANN to make the Uniform Rapid Suspension policy part of VeriSign’s .net contract.
URS is a variation of the long-standing UDRP cybersquatting complaints procedure.
It was created for the ICANN new gTLD Program and is intended to be cheaper and quicker for trademark holders than UDRP, designed to handle clear-cut cases.
While the URS, unlike UDRP, has a number of safeguards against abusive complaints – including an appeals mechanism and penalties for repeat reverse-hijacking trolls.
But the domainer community is against its introduction in .net because it has not yet been finalized – it could still be changed radically before ICANN approves it – and it is currently completely untested.
The IPC also asked ICANN and VeriSign to transition .net to a “thick” Whois, whereby all Whois data is stored at the registry rather than with individual registrars, and to create mechanisms for anybody to report fake Whois data to registrars.
Not even the IPC wants Whois privacy services abolished – chair Steve Metalitz noted during the Congressional hearing on new gTLDs last week that such services do often have legitimate uses.
VeriSign to offer different prices to different registrars?
VeriSign may be able to offer differential pricing for .net domain names under the just-published draft .net registry contract.
The current .net agreement expires at the end of June, but VeriSign has a presumptive right of renewal.
The newly negotiated contract has a new “Special Programs” clause would enable VeriSign to offer pricing incentives to registrars in “underserved geographies” not available to other registrars.
Here’s the meat of the paragraph:
Registry Operator may for the purpose of supporting the development of the Internet in underserved geographies provide training, technical support, marketing or incentive programs based on the unique needs of registrars located in such geographies to such registrars, so long as Registry Operator does not treat similarly situated registrars differently or apply such programs arbitrarily. Registry Operator may implement such programs with respect to registrars within a specific geographic region, provided, that (i) such region is defined broadly enough to allow multiple registrars to participate and (ii) such programs do not favor any registrar in which Registry Operator may have an ownership interest over other similarly situated registrars within the same region.
Later, the part of the contract that limits VeriSign’s registry fee and requires uniform pricing among all registrars has been amended to specifically exclude these special programs.
The contract does seem to envisage differential registrar pricing, within certain geographic parameters, perhaps enabling VeriSign to stimulate growth in low-penetration markets.
It’s probably too early to speculate, given that we don’t know what incentives VeriSign has in mind, but it’s not difficult to imagine a scenario where particularly attractive pricing could cause a bunch of shell companies to emerge in, say, Africa or Asia.
For now, the provision would only apply to .net domains, but VeriSign has been known to use .com as a venue for dry runs of services it wants to offer in .com. The .com contract is up for renewal next year.
The proposed .net contract (pdf) contains a number of other changes (pdf), some of which mirror language found in other registry contracts, some of which are new.
There’s a provision for VeriSign to be able to “prevent” the registration of certain names, such as those that would have led to the Conficker worm spreading, in order to protect the security of the internet.
Some of the things that have not changed are also quite interesting.
With ICANN’s recent “vertical integration” decision, which will allow registries and registrars to own each other, you’d think the .net contract renegotiation would be the perfect opportunity for VeriSign to signal its intentions to get into the registrar business, as Neustar already has.
But it has not. The contract contains the same prohibitions on cross ownership as the earlier version.
And as Domain Name Wire noted, the new contract would allow VeriSign to continue to increase its prices by 10% every year until 2017.
That could lead to a maximum of about $9 per domain per year, including ICANN fees, by the time the deal is next up for renewal, if VeriSign exercised the option every year.
There’s an ICANN public comment period, open until May 10.
VeriSign’s upcoming battle for the Chinese .com
Could VeriSign be about to face off against China for control of the Chinese version of .com? That’s an intriguing possibility that was raised during the .nxt conference last week.
Almost as an aside, auDA chief Chris Disspain mentioned during a session that he believes there are moves afoot in China to apply to ICANN for “company”, “network” and “organization” in Chinese characters. In other words, .com, .net and .org.
I’ve been unable to find an official announcement of any such Chinese application, but I’m reliably informed that Noises Have Been Made.
VeriSign has for several quarters been open about its plans to apply for IDN equivalents of its two flagship TLDs, and PIR’s new CEO Brian Cute recently told me he wants to do the same for .org.
While neither company has specified which scripts they’re looking at, Chinese is a no-brainer. As of this week, the nation is the world’s second-largest economy, and easily its most populous.
Since we’re already speculating, let’s speculate some more: who would win the Chinese .com under ICANN’s application rules, VeriSign or China?
If the two strings were close enough to wind up in a contention set, could VeriSign claim intellectual property rights, on the basis of its .com business? It seems like a stretch.
Could China leapfrog to the end of the process with a community application and a demand for a Community Priority Evaluation?
That also seems like a stretch. It’s not impossible – there’s arguably a “community” of companies registered with the Chinese government – but such a move would likely stink of gaming.
Is there a technical stability argument to be made? Is 公司. (which Google tells me means “company” in Chinese) confusingly similar to .com?
If these TLDs went to auction, one thing is certain: there are few potential applicants with deeper pockets than VeriSign, but China is one of them.
UPDATE: VeriSign’s Pat Kane was good enough to post a lengthy explanation of the company’s IDN strategy in the comments.
VeriSign launches free cloud domain security service
VeriSign is to offer registrars a hosted DNSSEC signing service that will be free for names in .com and the company’s other top-level domains.
The inventively named VeriSign DNSSEC Signing Service offloads the tasks associated with managing signed domains and is being offered for an “evaluation period” that runs until the end of 2011.
DNSSEC is an extension to DNS that allows domains to be cryptographically signed and validated. It was designed to prevent cache poisoning attacks such as the Kaminsky Bug.
It’s also quite complex, requiring ongoing secure key management and rollover, so I expect the VeriSign service, and competing services, will be quite popular among registrars reluctant to plough money into the technology.
While some gTLDs, including .org, and dozens of ccTLDs, are already DNSSEC-enabled, VeriSign doesn’t plan on bringing the technology online in .com and .net until early next year.
The ultimate industry plan is for all domain names to use DNSSEC before too many years.
One question I’ve never been entirely clear on was whether the added costs of implementing DNSSEC would translate into premium-priced services or price increases at the registrar checkout.
A VeriSign spokesperson told me:
The evaluation period is free for VeriSign-managed TLDs and other TLDs. After that period, the VeriSign-managed TLDs will remain free, but other TLDs will have $2 per zone annual fee.
In other words, registrars will not have to pay to sign their customers’ .com, .net, .tv etc domains, but they will have to pay if they choose to use the VeriSign service to sign domains in .biz, .info or any other TLD.
VeriSign to deploy DNSSEC in .com next March
VeriSign is to start rolling out the DNSSEC security protocol in .net today, and will sign .com next March, the company said today.
In an email to the dns-ops mailing list, VeriSign vice president Matt Larson said that .net will get a “deliberately unvalidatable zone”, which uses unusable dummy keys for testing purposes, today.
That test is set to end on December 9, when .net will become fully DNSSEC-compatible.
The .com TLD will get its own unvalidatable zone in March, but registrars will be able to start submitting cryptographic keys for the domains they manage from February.
The .com zone will be validatable later in March.
The DNSSEC standard allows resolvers to confirm that DNS traffic has not been tampered with, reducing the risk of attacks such as cache poisoning.
Signing .com is viewed as the last major registry-level hurdle to jump before adoption kicks off more widely. The root zone was signed in July and a few dozen other TLDs, such as .org, are already signed.
Recent Comments