Verisign has escalated its war against competition by telling its government masters that it is not ready to add new gTLDs to the DNS root, raising eyebrows at NTIA.
The company told the US National Telecommunications and Information Administration in late May that the lack of uniform monitoring across the 13 root servers means it would put internet security and stability at risk to start delegating new gTLDs now.
In response, the NTIA told Verisign that its recent position on DNS security is “troubling”. It demanded confirmation that Verisign is not planning to block new gTLDs from being delegated.
Verisign senior VP Pat Kane wrote in the May letter:
we strongly believe certain issues have not been addressed and must be addressed before any root zone managers, including Verisign, are ready to implement the new gTLD Program.
We want to be clearly on record as reporting out this critical information to NTIA unequivocally as we believe a complete assessment of the critical issues remain unaddressed which left unremediated could jeopardize the security and stability of the DNS.
we strongly recommend that the previous advice related to this topic be implemented and the capability for root server system monitoring, instrumentation, and management capabilities be developed and operationalized prior to beginning delegations.
Verisign is so far the only root server operator to publicly express concerns about the lacking of coordinated monitoring, and many people believe that the company is simply desperately trying to delay competition for its $800 million .com business for as long as possible.
These people note that in early November 2012, Verisign signed a joint letter with ICANN and NTIA that said:
the Root Zone Partners are able to process at least 100 new TLDs per week and will commit the necessary resources to meet all root zone management volume increases associated with the new gTLD program
That letter was signed before NTIA stripped Verisign of its right to increase .com prices every year, depriving it of tens or hundreds of millions of dollars of additional revenue.
Some say that Verisign is raising spurious security concerns now purely because it’s worried about its bottom line.
NTIA is beginning to sound like one of these critics. In its response to the May 30 letter, sent by NTIA and published by ICANN on Saturday, deputy associate administrator Vernita Harris wrote:
NTIA and VeriSign have historically had a strong working relationship, but inconsistencies in VeriSign’s position in recent months are troubling… NTIA fully expects VeriSign to process change requests when it receives an authorization to delegate a new gTLD. So that there will be no doubt on this point, please provide me a written confirmation no later than August 16, 2013 that VeriSign will process change requests for the new gTLD program when authorized to delegate a new gTLD.
Harris said that a system is already in place that would allow the emergency rollback of the root zone, basically ‘un-delegating’ any gTLD that proves to cause a security or stability problem.
This would be “sufficient for the delegation of new gTLDs”, she wrote.
Could Verisign block new gTLDs?
It’s worth a reminder at this point that ICANN’s power over the DNS root is something of a facade.
Verisign, as operator of the master A root server, holds the technical keys to the kingdom. Under its NTIA contract, it only processes changes to the root — such as adding a TLD — when NTIA tells it to.
NTIA in practice merely passes on the recommendations of IANA, the department within ICANN that has the power to ask for changes to the root zone, also under contract with NTIA.
Verisign or NTIA in theory could refuse to delegate new gTLDs — recall that when .xxx was heading to the root the European Union asked NTIA to delay the delegation.
In practice, it seems unlikely that either party would stand in the way of new gTLDs at the root, but the Verisign rhetoric in recent months suggests that it is in no mood to play nicely.
To refuse to delegate gTLDs out of commercial best interests would be seen as irresponsible, however, and would likely put its role as custodian of the root at risk.
That said, if Verisign turns out to be the lone voice of sanity when it comes to DNS security, it is ICANN and NTIA that will ultimately look like they’re the irresponsible parties.
Verisign now has until August 16 to confirm that it will not make trouble. I expect it to do so under protest.
According to the NTIA, ICANN’s Root Server Stability Advisory Committee is currently working on two documents — RSSAC001 and RSSAC002 — that will outline “the parameters of the basis of an early warning system” that will address Verisign’s concerns about root server management.
These documents are likely to be published within weeks, according to the NTIA letter.
Meanwhile, we’re also waiting for the publication of Interisle Consulting’s independent report into the internal name collision issue, which is expected to recommend that gTLDs such as .corp and .home are put on hold. I’m expecting this to be published any day now.
Did Verisign get to the US Congress? That’s the intriguing question emerging from a new Senate appropriations bill.
In notes attached to the bill, the Senate Appropriations Committee delivers a brief but scathing assessment of the National Telecommunication and Information Administration’s performance on ICANN’s Governmental Advisory Committee.
It says it believes the NTIA has “not been a strong advocate for U.S. companies and consumers”.
The notes would order the agency to appear before the committee within 30 days to defend the “security” aspects of new gTLDs and “urges greater participation and advocacy within the GAC”.
While the NTIA had a low-profile presence at the just-finished Durban meeting, it would be difficult to name many other governments that participate or advocate more on the GAC.
This raises an eyebrow. Which interests, in the eyes of the committee, is the NTIA not sufficiently defending?
Given the references to intellectual property, suspicions immediately fall on usual suspects such as the Association of National Advertisers, which is worried about cybersquatting and associated risks.
The ANA successfully lobbied for an ultimately fruitless Congressional hearing in late 2011, following its campaign of outrage against the new gTLD program.
It’s mellowed somewhat since, but still has fierce concerns. Judging by comments its representatives made in Durban last week, it has shifted its focus to different security issues and is now aligned with Verisign.
Verisign, particularly given the bill’s reference to “security, stability and resiliency” and the company’s campaign to raise questions about the potential security risks of new gTLDs, is also a suspect.
“Security, stability and resiliency” is standard ICANN language, with its own acronym (SSR), rolled out frequently during last week’s debates about Verisign’s security concerns. It’s unlikely to have come from anyone not intimately involved in the ICANN community.
And what of Amazon? The timing might not fit, but there’s been an outcry, shared by almost everyone in the ICANN community, about the GAC’s objection last week to the .amazon gTLD application.
The NTIA mysteriously acquiesced to the .amazon objection — arguably harming the interests of a major US corporation — largely it seems in order to play nice with other GAC members.
Here’s everything the notes to “Departments of Commerce and Justice, and Science, and related agencies appropriations Bill, 2014″ (pdf) say about ICANN:
ICANN — NTIA represents the United States on the Internet Corporation for Assigned Names and Numbers [ICANN] Governmental Advisory Committee [GAC], and represents the interests of the Nation in protecting its companies, consumers, and intellectual property as the Internet becomes an increasingly important component of commerce. The GAC is structured to provide advice to the ICANN Board on the public policy aspects of the broad range of issues pending before ICANN, and NTIA must be an active supporter for the interests of the Nation. The Committee is concerned that the Department of Commerce, through NTIA, has not been a strong advocate for U.S. companies and consumers and urges greater participation and advocacy within the GAC and any other mechanisms within ICANN in which NTIA is a participant.
NTIA has a duty to ensure that decisions related to ICANN are made in the Nation’s interest, are accountable and transparent, and preserve the security, stability, and resiliency of the Internet for consumers, business, and the U.S. Government. The Committee instructs the NTIA to assess and report to the Committee within 30 days on the adequacy of NTIA’s and ICANN’s compliance with the Affirmation of Commitments, and whether NTIA’s assessment of ICANN will have in place the necessary security elements to protect stakeholders as ICANN moves forward with expanding the number of top level Internet domain names available.
While the bill is just a bill at this stage, it seems to be a strong indication that anti-gTLD lobbyists are hard at work on Capitol Hill, and working on members of diverse committees.
The National Telecommunications and Information Administration said today that all new gTLD applicants, even those that have not already been hit by government warnings, should submit Public Interest Commitments to ICANN.
In a rare comment sent to an ICANN public forum today, the NTIA suggested that applicants should use the process to help combat counterfeiting and piracy.
The agency, the part of the US Department of Commerce that oversees ICANN and participates in its Governmental Advisory Committee, said (emphasis in original):
NTIA encourages all applicants for new gTLDs to take advantage of this opportunity to address the concerns expressed by the GAC in its Toronto Communique, the individual early warnings issued by GAC members, and the ICANN public comment process on new gTLDs, as appropriate.
PICs were introduced by ICANN earlier this month as a way for applicants to voluntarily add binding commitments — for example, a promise to restrict their gTLD to a certain user base — to their registry contracts.
The idea is to let applicants craft and agree to stick to special terms they think will help them avoid receiving objections from the GAC, GAC members and others.
NTIA said that applicants should pay special attention in their PICs to helping out the “creative sector”.
Specifically, this would entail “ensuring that WHOIS data is verified, authentic and publicly accessible”.
They should also “consider providing an enforceable guaranty that the domain name will only be used for licensed and legitimate activities”, NTIA said, adding:
NTIA believes that these new tools may help in the fight against online counterfeiting and piracy and is particularly interested in seeing applicants commit to these or similar safeguards.
The PICs idea isn’t going down too well in the applicant community, judging by other submissions this week.
The Registries Stakeholder Group of ICANN, for example, says its members are feeling almost “blackmailed” into submitting PICs, saying the timing is “completely unreasonable”.
As DI noted when PICs was first announced, applicants have been given until just March 5 to submit their commitments, raising serious questions about the timetable for objections and GAC advice.
The RySG has even convened a conference call for March 4 to discuss the proposal, which it says “contains so many serious and fundamental flaws that it should be withdrawn in
Today’s shock news that Verisign will be subject to a .com price freeze for the next six years will have broad implications.
The US Department of Commerce has told the company it will have to continue to sell .coms at $7.85 wholesale until 2018, barring exceptional circumstances.
Here’s my initial take on the winners and losers of this new arrangement.
Volume .com registrants are of course the big winners here. A couple of dollars a year for a single .com is pretty insignificant, but when you own tens or hundreds of thousands of names…
Mike Berkens of Most Wanted Domains calculated that he’s saved
$170,000 $400,000 over the lifetime of the new .com deal, and he reckons fellow domainer Mike Mann will have saved closer to $800,000 $2 million.
The other big constituency of volume registrants are the brand owners who spend tens or hundreds of thousands of dollars a year maintaining defensive registrations — mostly in .com — that they don’t need.
Microsoft, for example, owns over 91,000 domain names, according to DomainTools. I’d hazard a guess that most of those are defensive and that most are in .com.
There’s potentially trouble on the horizon for new gTLD applicants and existing registry operators. Verisign is looking for new ways to grow, and it’s identified its patent portfolio as an under-exploited revenue stream.
The company says it has over 200 patents either granted or pending, so its pool of potential licensees could be quite large.
Its US portfolio includes patents such as 7,774,432, “Registering and using multilingual domain names”, which appear to be quite broad.
Verisign also owns a bunch of patents related to its security business, so companies in that field may also be targeted.
Verisign’s registrars will no longer have to pass their cost increases on to consumers every year.
While this may help with renewal rates, it also means registrars won’t be able to sneak in their own margin increases whenever Verisign ups its annual fees.
Another area Verisign plans to grow is in internationalized domain names, where it’s applied to ICANN for about a dozen non-Latin variants of .com and .net.
Those registry deals, assuming they’re approved by ICANN, will not be governed by the .com pricing restrictions. Now that Verisign’s growth is getting squeezed, we might expect higher prices for IDN .com variants.
ICANN may have suffered a small reputational hit today, with Commerce demonstrating it has the balls to do what ICANN failed to do six years ago, but money-wise it’s doing okay.
The new .com contract changes the way Verisign pays ICANN fees, and Commerce does not appear to have made any changes to that structure. ICANN still stands to get about $8 million a year more from the deal.
The Department of Commerce
Unless you’re a Verisign shareholder, Commerce comes out of this deal looking pretty good. It played hard-ball and seems to have won a lot of credibility points as a result.
The three main entities responsible for managing the domain name system’s root zone have confirmed that they’re ready to add 100 or more new gTLDs to the internet every week.
In a statement, (pdf), ICANN, Verisign and the US National Telecommunications & Information Administration jointly said:
Based on current staffing levels and enhancements that are currently underway to the [Root Zone Management] system, the Root Zone Partners are able to process at least 100 new TLDs per week and will commit the necessary resources to meet all root zone management volume increases associated with the new gTLD program.
The letter was sent in response to a request from ICANN’s Security and Stability Advisory Committee, which asked in July whether ICANN, Verisign and the NTIA were ready for the new gTLD load.
The three-party Root Zone Management procedure used to add TLDs or update existing ones is getting more automation, which is expected to streamline the process.