Latest news of the domain name industry

Recent Posts

Governments totally cool with two-letter domains

Kevin Murphy, October 13, 2014, Domain Registries

ICANN’s Governmental Advisory Committee does not plan to advise against the release of two-character domain names in new gTLDs.

In fact, judging by a GAC discussion at ICANN 51 in Los Angeles yesterday, the governments of many major nations are totally cool with the idea.

Under the standard Registry Agreement for new gTLD registries, all two-character domains (any combination of letters, numbers) must not be sold or activated in the DNS.

The blanket ban was designed to avoid clashes with two-letter ccTLD codes, both existing and future.

ICANN left the door open for registries to request the release of such names, however, and many companies have formally applied to do so via the Registry Services Evaluation Process.

Some registries want all two-character domains released, others have only asked for permission to sell those strings that do not match allocated ccTLDs.

There seems to have been an underlying assumption that governments may want to protect their geographic turf. That assumption may turn out to be untrue.

Representatives from the United States, Netherlands, Spain, Denmark, Australia, Austria and Iran all said yesterday that the GAC should not issue formal advice against the the two-character proposals.

No governments opposed that apparent consensus view.

“The use of the ‘US’ two-letter country code at the second level has not presented any technical or policy issues for the United States,” US rep Suzanne Radell said.

“We, in fact, do not require any approval for the use of US two-character country codes at the second level in existing gTLDs, and do not propose to require anything for new gTLDs,” she said.

She even highlighted domains such as us.com and us.org — which are marketed by UK-based CentralNic as alternatives to the .us ccTLD — as being just fine and dandy with the US government.

It seems likely that the GAC will instead suggest to ICANN that it is the responsibility of individual governments to challenge the registries’ requests via the RSEP process.

“What we see at the moment is that ICANN is putting these RSEP requests out for public comment and it would be open to any government to use that public comment period if they did feel in some instances that there was a concern,” Australian GACer Peter Nettlefold said.

I’ve not been able to find any government comments to the relevant RSEP requests.

For example, Neustar’s .neustar, which proposes the release of all two-character strings including country codes, has yet to receive a comment from a government.

Many comments in other RSEP fora appear to be from fellow dot-brand registries that want to use two-letter codes to represent the countries where they operate.

Wikipedia to get single-letter .wiki domain

Top Level Design has scored a bit of a coup for its forthcoming .wiki gTLD — Wikimedia Foundation, which runs Wikipedia, has signed up as an anchor tenant.

According to the registry, Wikimedia will use w.wiki as a URL shortener and they’re in talks about other domains.

The company has also applied to ICANN to release hundreds of two-letter language codes that the foundation wants to use for language-specific short links.

The deal is reminiscent of .CO Internet’s launch, when it allocated the now-ubiquitous t.co for Twitter’s in-house URL shortener, giving it a much-needed marketing boost.

The deal for two-letter domains stands only a slim chance of of being ready in time for .wiki’s general availability, scheduled for May 26, in my view.

Under ICANN’s standard Registry Agreement, all two-character strings are blocked, in order to avoid clashes with country codes used in the ccTLD naming schema.

Top Level Design has now used the Registry Services Evaluation Process to try to get 179 two-letter strings, each of which represents a language code, unblocked.

Wikimedia explicitly endorses the proposal, in a letter attached to the March 11 RSEP (pdf)

The organization plans to use domains such as fr.wiki to redirect to French-language Wikipedia pages and so forth.

It remains to be seen whether ICANN will approve the request. It’s previously been envisaged that registries would approach each country individually to have its ccTLD’s matching string released.

Top Level Design points out that the strings it wants unblocked are from the ISO 639-1 language codes list, not the ISO 3166-1 lists from which ccTLD names are drawn.

But it’s a bit of an argument to nowhere — the strings are identical in most cases.

Under the RSEP policy, Top Level Design really should have been given a preliminary determination by now. It filed its request March 11 but it was only posted last week.

The clock, which gives ICANN 15 days to give the nod or not, may have only just started.

After the preliminary determination, there would be a public comment period and a board of directors decision. The timetable for this would not allow .wiki to launch with the two-letter names active.

But even with the delay, it seems that the registry will be coming out of the door with at least one strong anchor tenant, which is something most new gTLDs have so far failed to manage.

VeriSign yanks domain seizure power request

Kevin Murphy, October 13, 2011, Domain Registries

That was quick.

VeriSign has withdrawn its request for new powers to delete domain names being used for abusive purposes, just a few days after filing it with ICANN.

The company had proposed a policy that would give law enforcement the ability to seize .com and .net names apparently without a court order, and a new malware scanning service.

The former came in for immediate criticism from groups including the American Civil Liberties Union and the Electronic Frontier Foundation, while the latter appeared to have unnerved some registrars.

But now both proposals have been yanked from ICANN’s Registry Services Evaluation Process queue.

This is not without precedent. Last year, VeriSign filed for and then withdrew requests to auction off one-letter .net names and a “Domain Name Exchange” service that looked a bit like domain tasting.

Both came in for criticism, and have not reappeared.

Whether the latest abuse proposals will make a reappearance after VeriSign has had time to work out some of the more controversial kinks remains to be seen.

VeriSign’s .com takedown power grab causing controversy

Kevin Murphy, October 11, 2011, Domain Policy

VeriSign’s request for a wide-ranging set of powers that would enable it to shut down .com and .net domain names that are suspected of abuse is already attracting criticism.

The proposals came in a Registry Services Evaluation Process request to ICANN that I reported on for The Register this morning.

It’s asking (pdf) to be able to create a new anti-abuse policy that would refocus many of the controls currently in the hands of registrars to the registry level instead.

The policy would “allow the denial, cancellation or transfer” of any VeriSign-managed domain if any any of these conditions were triggered:

(a) to protect the integrity, security and stability of the DNS;

(b) to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process;

(c) to avoid any liability, civil or criminal, on the part of Verisign, as well as its affiliates, subsidiaries, officers, directors, and employees;

(d) per the terms of the registration agreement,

(e) to respond to or protect against any form of malware (defined to include, without limitation, malicious code or software that might affect the operation of the Internet),

(f) to comply with specifications adopted by any industry group generally recognized as authoritative with respect to the Internet (e.g., RFCs),

(g) to correct mistakes made by Verisign or any Registrar in connection with a domain name registration, or

(h) for the non-payment of fees to Verisign. Verisign also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute;

As you can see, that’s a pretty broad range of justifications.

Notably, it would enable a domain to be canceled or transferred at the “requests of law enforcement or other governmental or quasi-governmental agency”, which would seem to circumvent the current practice of a court order being obtained before a domain is seized.

The question of what constitutes a “quasi-governmental agency” is also interesting. Is ICANN itself such a thing?

The policy would also enable a take-down “to avoid any liability, civil or criminal”, which seems to be just begging for VeriSign to be named spuriously in commercial lawsuits between .com registrants.

The RSEP also suggests that VeriSign plans to extend its hand of friendship to law enforcement agencies from outside the US:

Pilots with European Law Enforcement, Government CERTS and Registrars are planned, and other global test pilots will follow, to ensure global collaboration in the continuing development of the procedures.

Today, US agencies can get court orders instructing VeriSign to hand over domains. While imposing US law on .com owners from other countries is controversial, at least overseas registrants know where they stand.

Now VeriSign is talking about cooperating with European law enforcement agencies too.

At the risk of getting dangerously close to invoking Godwin’s Law, this brings us back to an old jurisdictional problem – what if the French police demand the seizure of a .com site selling Nazi memorabilia, which is illegal in France but legal in the US, for example?

Taking it a step further, what if VeriSign starts entertaining takedown requests from some of the world’s least pleasant theocracies, banana republics and dictatorships?

Half of .com could disappear overnight.

Since VeriSign has a business to run, that’s obviously not going to happen. So the company is going to have to draw a line somewhere, separating criminality from legitimate behavior and free speech.

I’m speculating wildly here, of course, but the RSEP doesn’t contain nearly enough detailed information about VeriSign’s proposed procedures to make a more informed analysis.

VeriSign knows what it is proposing is controversial. The RSEP says:

Registrants may be concerned about an improper takedown of a legitimate website. Verisign will be offering a protest procedure to support restoring a domain name to the zone.

The proposals have been made following many months of discussions between registries, registrars, law enforcement agencies and other community stakeholders.

It’s not entirely clear from VeriSign’s RSEP, which sometimes confusingly conflates the abuse policy with a separate proposed malware scanning service, how a takedown notice would be processed.

One likely reading is that VeriSign would act almost like a centralized clearinghouse for takedown requests, forwarding them to individual registrars for enforcement.

The registrars could be obliged by the terms of an amended Registry-Registrar Agreement to follow whatever process had been laid down.

There seems to be some concern in the ICANN community about this.

ICANN senior VP of stakeholder relations Kurt Pritz recently sent a document to PIR’s David Maher and Oversee.net’s Mason Cole outlining the procedure for amending the RRA.

The flowchart (pdf) describes a trilateral negotiation between the registry proposing the change, the Registrars Stakeholder Group and ICANN, with the ICANN board having the ultimate decision-making authority.

However this proceeds through ICANN, it’s going to cause some heated community debate.

Registry objects to .jobs shutdown threat

Employ Media will appeal ICANN’s threatened termination of its .jobs registry contract.

The company released a statement (pdf) late yesterday, following ICANN’s unprecedented threat, in which it said ICANN’s claims are “utterly without merit”.

“We view the substance of this notice to be a surprising reversal of position and contradictory to prior decisions issued by its Board of Directors,” the company said.

ICANN yesterday gave Employ Media until the end of the month to cancel its agreement to provide 40,000 .jobs domains to the DirectEmployers Association for its Universe.jobs employment board.

The organization said the allocation of the domains for non-human-resources purposes went against the letter, spirit and intent of the registry’s contract and Charter.

It essentially boils down to a claim that Employ Media hacked its contract to allow it to start making money on names beyond the limited scope of its original “sponsored” community TLD.

The .jobs TLD was originally pitched as a space for corporate HR pages, not independent jobs sites. With Universe.jobs, half of the namespace is an independent jobs site. Employ Media is believed to have a revenue-sharing arrangement with DirectEmployers.

The ICANN breach notice was welcomed by the .JOBS Charter Compliance Coalition, the ad hoc trade group formed by major commercial jobs sites to fight Universe.jobs.

Peter Weddle, executive director of the International Association of Employment Web Sites, said in a press release:

the Dot Jobs Universe was not an innovation but rather an unprecedented attempt by a registry operator to misappropriate an entire TLD for itself and its alliance partner in blatant disregard of ICANN’s rules.

Employ Media disagrees, of course, saying that Universe.jobs came about as a result of its “Phased Allocation” liberalization plan, which was approved by ICANN’s Registry Services Evaluation Process and then survived a Reconsideration Request filed by the Coalition.

The company said: “it is imperative for registry operators to have predictability in the performance of duties and that ICANN has a responsibility to honor its commitments with contracted parties.”

Its registry contract contains a dispute resolution procedure that first calls for bilateral talks and, failing agreement, arbitration via the International Chamber of Commerce.