Verisign has been given approval to start restricting who can and cannot register .com and .net domain names in various countries.
Customers of Chinese registrars are the first to be affected by the change to the registry’s back-end system, which was made last year.
ICANN last week gave Verisign a “free to deploy” notice for a new “Verification Code Extension” system that enables the company to stop domains registered via selected registrars from resolving unless the registrant’s identity has been verified and the name is not on China’s banned list.
It appears to be the system Verisign deployed in order to receive its Chinese government license to operate in China.
Under Verification Code Extension, Verisign uses ICANN records to identify which registrars are based in countries that have governmental restrictions. I believe China is currently the only affected country.
Those registrars are able to register domains normally, but Verisign will prevent the names from resolving (placing them in serverHold status and keeping them out of the zone file) unless the registration is accompanied by a verification code.
These codes are distributed to the affected registrars by at least two verification service providers. Verisign, in response to DI questions, declined to name them.
Under its “free to deploy” agreement with ICANN (pdf), Verisign is unable to offer verification services itself. It must use third parties.
The company added the functionality to its .com and .net registry as an option in February 2016, according to ICANN records. It seems to have been implemented last July.
A Verisign spokesperson said the company “has implemented” the system.
The Verification Code Extension — technically, it’s an extension to the EPP protocol pretty much all registries use — was outlined in a Registry Services Evaluation Process request (pdf) last May, and approved by ICANN not long after.
Verisign was approved to operate in China last August in the first wave of gTLD registries to obtain government licenses.
Under Chinese regulations, domain names registered in TLDs not approved by the government may not resolve. Registrars are obliged to verify the identities of their registrants and names containing certain sensitive terms are not permitted.
Other gTLDs, including .vip, .club, .xyz .site and .shop have been granted approval over the last few months.
Some have chosen to work with registration gateway providers in China to comply with the local rules.
Apart from XYZ.com and Verisign, no registry has sought ICANN approval for their particular implementation of Chinese law.
Because Chinese influence over ICANN is a politically sensitive issue right now, it should be pointed out that the Verification Code Extension is not something that ICANN came up with in response to Chinese demands.
Rather, it’s something Verisign came up with in response to Chinese market realities. ICANN has merely rubber-stamped a service requested by Verisign.
This, in other words, is a case of China flexing market muscle, not political muscle. Verisign, like many other gTLD registries, is over-exposed to the Chinese market.
It should also be pointed out for avoidance of doubt that the Chinese restrictions do not apply to customers of non-Chinese registrars.
However, it appears that Verisign now has a mechanism baked into its .com and .net registries that would make it much easier to implement .com restrictions that other governments might choose to put into their own legislation in future.
A group comprising some of the largest domain registrars has claimed Amazon is attempting to close off a new gTLD that it previously indicated would be unrestricted.
The 12-strong group, which includes Go Daddy, Network Solutions and Tucows, also claims that the company’s proposal for a “Registration Authentication Platform” is anti-competitive.
The complaints follow Amazon’s filing of a Registry Services Evaluation Process request with ICANN in March.
The RSEP speaks in broad terms about rejigging the conventional domain registration path so that all .moi sales are funneled through Amazon’s registry site, where registrants will have their eligibility verified and then be offered a set of add-on “technology tools” before being bounced back to their chosen registrar.
Amazon hasn’t said who will be eligible to register .moi domains, nor has it explained what technology tools it plans to offer. I expect the tools will include things such as hosting and security, where many registrars currently make money.
Unsurprisingly, many registrars are not happy about these vague proposals.
In a comment (pdf) to the RSEP filed yesterday, they said:
Ultimately, the use of pre-registration verification and “optional” value added services will negatively impact competition. By tying both practices in a TLD, a TLD Operator can create a “captive audience” via the pre-registration verification and then offering optional services. This will effectively bypass the existing registration and purchase process, putting TLD Operator in a privileged position. The TLD is set up to capture customers earned via the Registrars marketing efforts to promote its own tools and services.
It’s not unusual for “sponsored” or “restricted” gTLDs to implement registry-side verification, they admitted, but said that .moi is meant to be “open”.
While this practice is not explicitly prohibited under gTLDs, we believe that post-delegation inclusion of these practices should only be allowed in compelling circumstances because they are, in effect, retroactively “closing” what was applied for and approved to be operated as an open, generic TLD.
Amazon’s application for .moi, like all of its new gTLD applications, is not entirely clear on what the company’s plans are. There’s vague talk about eligibility, but no details and nothing substantial to suggest a tightly restricted zone.
The signatories to the registrar comment represent the majority of registered domain names. They are: Astutium, Blacknight Internet Solutions, Domain.com, EuroDNS, GoDaddy.com, OpenproviderNetEarth One, Key-Systems, Netistrar, Network Solutions, Nordreg, Realtime Register, Tucows Domains.
One registrar, Com Laude, whose sister company Valideus handles Amazon’s gTLD applications, wrote a comment (pdf) expressing the opposite view.
Com Laude says that it’s not unusual for registries to require registry-side verification. It points to .bank, .pharmacy and .travel as examples.
The company also claims that the 12 registrars are in essence complaining about the idea of vertical integration — where registries and registrars are under common ownership — which is already in place at companies such as Uniregistry and Rightside.
Com Laude’s Jeff Neuman wrote:
We do not believe that it is unacceptable for a company like Amazon to do what these other companies have been doing for some time. To apply different standards to Amazon Registry than it does for each of the other vertically integrated entities would single them out for disparate treatment – especially when there is no factual basis to believe that Amazon Registry has not adhered to its vertical integration-related obligations under the Registry Agreement.
What’s going on here, I suspect, is a bit of a proxy war.
Neither Amazon nor the registrars care a great deal about .moi, I think. The gTLD is merely a canary for Amazon’s 30-odd yet-to-be-launched gTLDs. The company has the rights to potentially more attractive strings, including .book, .song and .tunes.
Amazon originally wanted to make these strings “closed generics”, or what ICANN calls “exclusive access” gTLDs, where only Amazon could register names.
It has since disavowed such plans, but still hasn’t said who will be able to register names in its portfolio or how they will prove eligibility.
.moi was not originally identified as a closed generic by ICANN, but it could represent a model for what Amazon plans to do with the rest of its stable.
Amazon has given an early hint at how it may manage its new gTLD registries.
The company seems to be planning to make its own web site the place to go to for its new gTLD domains, relegating registrars to secondary players in the sales path.
It also seems to be planning to up-sell registrants with services, possibly including hosting, before they even get to the registrar’s storefront.
Amazon has filed a Registry Services Evaluation Process request with ICANN, relating to its gTLD .moi (French for “.me”) covering a “Registration Authentication Platform”.
.moi isn’t a brand, but Amazon says it plans to verify registrant “eligibility” before allowing a registration to take place.
To date, it has not revealed what the eligibility requirements for .moi are.
Its RSEP filing says that it intends to offer registrants a suite of optional add-on “technology tools or applications” at the point of verification.
Crucially, that’s before they get bounced to their registrar of choice to actually register the name.
Amazon is basically putting its up-sell pitch into the sales path before registrars get to do the same.
The RSEP explains it like this:
After the customer selects the Technology Tools of interest and/or ancillary products or services (if any), the customer will select its registrar of choice from among the complete list of .MOI-accredited registrars and be directed to that registrar’s site to permit that registrar to collect the required registrant information for the domain name registration, and to submit payment for the selected .MOI domain name. Upon completion of these steps, the registrar, through the normal EPP processes, shall transmit the required registration information to the Registry and the .MOI domain name shall be registered. A customer that first visits a .MOI-accredited registrar’s website will be directed to the Registry’s .MOI website to undergo the process noted above. After pre-registration policy verification, those customers will be transitioned back to the originating registrar’s site.
The RSEP does not explain what the “technology tools” are, but I’d be very surprised if they did not include for example web hosting, a staple higher-margin registrar product.
It’s not entirely clear what, if any, consultations Amazon has had with registrars regarding its proposals. The RSEP language is evasive:
Amazon Registry reached out to several registrars to have general discussions about their experience with pre-registration policy verification and how that experience (including customer experience) could be improved. Any consultations that may have occurred regarding the Technology Tools and the ancillary products and services would have occurred subject to a Mutual Non-Disclosure Agreement and cannot be disclosed.
Currently, the RSEP only covers .moi. Amazon would have to file additional RSEPs if it wanted the new service applied to its 32-TLD-strong portfolio, which includes the likes of .book, .song and .tunes.
ICANN has already made a preliminary determination that the RSEP “does not raise significant competition, security or stability issues”.
As usual, there’s a public comment period, which ends April 14.
XYZ.com plans to slap a global ban on domain names censored by the Chinese government.
Chinese words meaning things such as “human rights” and “democracy” are believed to be on the block list, which an industry source says could contain as many as 40,000 words, names and phrases.
(UPDATE: Gavin Brown, CTO of XYZ back-end CentralNic, tweeted that the list is nowhere near 40,000 names long.)
The registry seems to be planning to allow the Chinese government to censor its new gTLDs, which include .xyz, .college, .rent, .protection and .security, in every country of the world.
And it might not be the last non-Chinese registry to implement such a ban.
The surprising revelation came in a fresh Registry Services Evaluation Process request (pdf), filed with ICANN on Friday.
The RSEP asks ICANN to approve the use of a gateway service on the Chinese mainland, which the company says it needs in order to comply with Chinese law.
As previously reported, Chinese citizens are allowed to register domains in non-Chinese registries, but they may not activate them unless the registry complies with the law.
That law requires the registry to be located on the Chinese mainland. XYZ plans to comply by hiring local player ZDNS to proxy its EPP systems and mirror its Whois.
But the Chinese government also bans certain strings — which I gather are mostly but not exclusively in Chinese script — from being registered in domain names.
Rather than block them at the ZDNS proxy, where only Chinese users would be affected, XYZ has decided to ban them internationally.
Registrants in North America or Europe, for example, will not be able to register domains that are banned in China. XYZ said in its RSEP:
XYZ will reserve names prohibited for registration by the Chinese government at the registry level internationally, so the Gateway itself will not need to be used to block the registration of of any names. Therefore, a registrant in China will be able to register the same domain names as anyone else in the world.
It seems that XYZ plans to keep its banned domain list updated as China adds more strings to its own list, which I gather it does regularly.
Customers outside of China who have already registered banned domains will not be affected, XYZ says.
If China subsequently bans more strings, international customers who already own matching domains will also not be affected, it says.
CEO Daniel Negari told DI: “To be clear, we will not be taking action against names registered outside of China based on Chinese government requests.”
But Chinese registrants do face the prospect losing their domains, if China subsequently bans the words and XYZ receives a complaint from Chinese authorities.
“We treat requests from the Chinese government just like we treat requests from the US government or any other government,” Negari said.
“When we receive a valid government or court order to take action against a name and the government has jurisdiction over the registration, we will take action the registration,” he said.
Up to a third of the .xyz zone — about three hundred thousand names — is believed to be owned by Chinese registrants who are currently unable to actually use their names.
The company clearly has compelling business reasons to comply with Chinese law.
But is giving the Chinese government the ongoing right to ban tens of thousands of domain names internationally a step too far?
ICANN allows anyone to file public comments on RSEP requests. I expect we’ll see a few this time.
Electronics firm Sharp wants to remove part of its new gTLD registry contract relating to Whois.
The company has filed a Registry Services Evaluation Process request to get its requirement to offer “searchable Whois” dropped. RSEP is the mechanism registries use to amend their contracts.
ICANN’s initial review has not found any security, stability or competition problems and has now opened the request up for public comment.
Because .sharp will be a dot-brand, all the domains would belong to Sharp and its affiliates, reducing the value of searchable Whois.
Searchable Whois is an enhanced Whois service that allows users to search on all fields (such as registrant, email address, etc) rather than just the domain name.
Such services are not mandatory under ICANN’s new gTLD rules, but applicants that said they would offer them could score an extra point in their Initial Evaluation.
In Sharp’s case, a one-point difference would not have affected the outcome of its IE. In any event, it did not score the extra point.
Sharp said it was requesting the change because it’s switching back-ends from GMO Internet to JPRS, which apparently does not or does not want to support searchable Whois.