Latest news of the domain name industry

Recent Posts

ICANN gets Boing-Boinged over URS

Boing-Boing editor Cory Doctorow caused a storm in a teacup yesterday, after he urged his legions of readers to complain to ICANN about copyright-based domain name seizures and the abolition of Whois privacy services in .net.

Neither change has actually been proposed.

The vast majority of the comments filed on VeriSign’s .net contract renewal now appear to have been sent by Boing-Boing readers, echoing Doctorow’s concerns.

Doctorow wrote: “Among the IPC’s demands are that .NET domains should be subject to suspension on copyright complaints and that anonymous or privacy-shielded .NET domains should be abolished.”

Neither assertion is accurate.

Nobody has proposed abolishing Whois privacy services. Nobody has proposed allowing VeriSign to seize domain names due to copyright infringement complaints.

What has happened is that ICANN’s Intellectual Property Constituency has asked ICANN to make the Uniform Rapid Suspension policy part of VeriSign’s .net contract.

URS is a variation of the long-standing UDRP cybersquatting complaints procedure.

It was created for the ICANN new gTLD Program and is intended to be cheaper and quicker for trademark holders than UDRP, designed to handle clear-cut cases.

While the URS, unlike UDRP, has a number of safeguards against abusive complaints – including an appeals mechanism and penalties for repeat reverse-hijacking trolls.

But the domainer community is against its introduction in .net because it has not yet been finalized – it could still be changed radically before ICANN approves it – and it is currently completely untested.

The IPC also asked ICANN and VeriSign to transition .net to a “thick” Whois, whereby all Whois data is stored at the registry rather than with individual registrars, and to create mechanisms for anybody to report fake Whois data to registrars.

Not even the IPC wants Whois privacy services abolished – chair Steve Metalitz noted during the Congressional hearing on new gTLDs last week that such services do often have legitimate uses.

VeriSign to offer different prices to different registrars?

Kevin Murphy, April 12, 2011, Domain Registries

VeriSign may be able to offer differential pricing for .net domain names under the just-published draft .net registry contract.

The current .net agreement expires at the end of June, but VeriSign has a presumptive right of renewal.

The newly negotiated contract has a new “Special Programs” clause would enable VeriSign to offer pricing incentives to registrars in “underserved geographies” not available to other registrars.

Here’s the meat of the paragraph:

Registry Operator may for the purpose of supporting the development of the Internet in underserved geographies provide training, technical support, marketing or incentive programs based on the unique needs of registrars located in such geographies to such registrars, so long as Registry Operator does not treat similarly situated registrars differently or apply such programs arbitrarily. Registry Operator may implement such programs with respect to registrars within a specific geographic region, provided, that (i) such region is defined broadly enough to allow multiple registrars to participate and (ii) such programs do not favor any registrar in which Registry Operator may have an ownership interest over other similarly situated registrars within the same region.

Later, the part of the contract that limits VeriSign’s registry fee and requires uniform pricing among all registrars has been amended to specifically exclude these special programs.

The contract does seem to envisage differential registrar pricing, within certain geographic parameters, perhaps enabling VeriSign to stimulate growth in low-penetration markets.

It’s probably too early to speculate, given that we don’t know what incentives VeriSign has in mind, but it’s not difficult to imagine a scenario where particularly attractive pricing could cause a bunch of shell companies to emerge in, say, Africa or Asia.

For now, the provision would only apply to .net domains, but VeriSign has been known to use .com as a venue for dry runs of services it wants to offer in .com. The .com contract is up for renewal next year.

The proposed .net contract (pdf) contains a number of other changes (pdf), some of which mirror language found in other registry contracts, some of which are new.

There’s a provision for VeriSign to be able to “prevent” the registration of certain names, such as those that would have led to the Conficker worm spreading, in order to protect the security of the internet.

Some of the things that have not changed are also quite interesting.

With ICANN’s recent “vertical integration” decision, which will allow registries and registrars to own each other, you’d think the .net contract renegotiation would be the perfect opportunity for VeriSign to signal its intentions to get into the registrar business, as Neustar already has.

But it has not. The contract contains the same prohibitions on cross ownership as the earlier version.

And as Domain Name Wire noted, the new contract would allow VeriSign to continue to increase its prices by 10% every year until 2017.

That could lead to a maximum of about $9 per domain per year, including ICANN fees, by the time the deal is next up for renewal, if VeriSign exercised the option every year.

There’s an ICANN public comment period, open until May 10.

VeriSign’s upcoming battle for the Chinese .com

Kevin Murphy, February 16, 2011, Domain Registries

Could VeriSign be about to face off against China for control of the Chinese version of .com? That’s an intriguing possibility that was raised during the .nxt conference last week.

Almost as an aside, auDA chief Chris Disspain mentioned during a session that he believes there are moves afoot in China to apply to ICANN for “company”, “network” and “organization” in Chinese characters. In other words, .com, .net and .org.

I’ve been unable to find an official announcement of any such Chinese application, but I’m reliably informed that Noises Have Been Made.

VeriSign has for several quarters been open about its plans to apply for IDN equivalents of its two flagship TLDs, and PIR’s new CEO Brian Cute recently told me he wants to do the same for .org.

While neither company has specified which scripts they’re looking at, Chinese is a no-brainer. As of this week, the nation is the world’s second-largest economy, and easily its most populous.

Since we’re already speculating, let’s speculate some more: who would win the Chinese .com under ICANN’s application rules, VeriSign or China?

If the two strings were close enough to wind up in a contention set, could VeriSign claim intellectual property rights, on the basis of its .com business? It seems like a stretch.

Could China leapfrog to the end of the process with a community application and a demand for a Community Priority Evaluation?

That also seems like a stretch. It’s not impossible – there’s arguably a “community” of companies registered with the Chinese government – but such a move would likely stink of gaming.

Is there a technical stability argument to be made? Is 公司. (which Google tells me means “company” in Chinese) confusingly similar to .com?

If these TLDs went to auction, one thing is certain: there are few potential applicants with deeper pockets than VeriSign, but China is one of them.

UPDATE: VeriSign’s Pat Kane was good enough to post a lengthy explanation of the company’s IDN strategy in the comments.

VeriSign launches free cloud domain security service

Kevin Murphy, December 2, 2010, Domain Tech

VeriSign is to offer registrars a hosted DNSSEC signing service that will be free for names in .com and the company’s other top-level domains.

The inventively named VeriSign DNSSEC Signing Service offloads the tasks associated with managing signed domains and is being offered for an “evaluation period” that runs until the end of 2011.

DNSSEC is an extension to DNS that allows domains to be cryptographically signed and validated. It was designed to prevent cache poisoning attacks such as the Kaminsky Bug.

It’s also quite complex, requiring ongoing secure key management and rollover, so I expect the VeriSign service, and competing services, will be quite popular among registrars reluctant to plough money into the technology.

While some gTLDs, including .org, and dozens of ccTLDs, are already DNSSEC-enabled, VeriSign doesn’t plan on bringing the technology online in .com and .net until early next year.

The ultimate industry plan is for all domain names to use DNSSEC before too many years.

One question I’ve never been entirely clear on was whether the added costs of implementing DNSSEC would translate into premium-priced services or price increases at the registrar checkout.

A VeriSign spokesperson told me:

The evaluation period is free for VeriSign-managed TLDs and other TLDs. After that period, the VeriSign-managed TLDs will remain free, but other TLDs will have $2 per zone annual fee.

In other words, registrars will not have to pay to sign their customers’ .com, .net, .tv etc domains, but they will have to pay if they choose to use the VeriSign service to sign domains in .biz, .info or any other TLD.

VeriSign to deploy DNSSEC in .com next March

Kevin Murphy, October 29, 2010, Domain Tech

VeriSign is to start rolling out the DNSSEC security protocol in .net today, and will sign .com next March, the company said today.

In an email to the dns-ops mailing list, VeriSign vice president Matt Larson said that .net will get a “deliberately unvalidatable zone”, which uses unusable dummy keys for testing purposes, today.

That test is set to end on December 9, when .net will become fully DNSSEC-compatible.

The .com TLD will get its own unvalidatable zone in March, but registrars will be able to start submitting cryptographic keys for the domains they manage from February.

The .com zone will be validatable later in March.

The DNSSEC standard allows resolvers to confirm that DNS traffic has not been tampered with, reducing the risk of attacks such as cache poisoning.

Signing .com is viewed as the last major registry-level hurdle to jump before adoption kicks off more widely. The root zone was signed in July and a few dozen other TLDs, such as .org, are already signed.