Latest news of the domain name industry

Recent Posts

As .trust opens for sunrise, Artemis dumps .secure bid

Kevin Murphy, December 16, 2014, Domain Registries

Amazon is now the proud owner of the .secure new gTLD, after much smaller competing applicant Artemis Internet withdrew its bid.

Coincidentally, the settlement of the contention set came just yesterday, the day before Artemis took its .trust — which I’ve described as a “backup plan” — to sunrise.

I assume .secure was settled with a private deal. I’ve long suspected Artemis — affiliated with data escrow provider NCC Group — had its work cut out to win an auction against Amazon.

It’s a shame, in a way. Artemis was one of the few new gTLD applicants that had actually sketched out plans for something quite technologically innovative.

Artemis’ .secure was to be a “trust mark” for a high-priced managed security service. It wasn’t really about selling domain names in volume at all.

The company had done a fair bit of outreach work, too. As long ago as July 2013, around 30 companies had expressed their interest in signing up as anchor tenants.

But, after ICANN gave Amazon a get-out-of-jail-free card by allowing it to amend its “closed generic” gTLD applications, it looked increasingly unlikely Artemis would wind up owning the gTLD it was essentially already pre-selling.

In February this year, it emerged that it had acquired the rights to .trust from Deutsche Post, which had applied for the gTLD unopposed.

This Plan B was realized today when .trust began its contractually mandated sunrise period.

Don’t expect many brands to apply for their names during sunrise, however — .trust’s standard registration policies are going to make cybersquatting non-existent.

Not only will .trust registrants have their identities manually vetted, but there’s also a hefty set of security standards — 123 pages (pdf) of them at the current count — that registrants will have to abide by on an ongoing basis in order to keep their names.

As for Amazon, its .secure application, as amended, is just as vague as all of its other former bids for closed, single-registrant generic strings (to the point where I often wonder if they’re basically still just closed generics).

It’s planning to deploy a small number of names to start with, managed by its own intellectually property department. After that, its application all gets a bit hand-wavey.

Vignes joins Artemis

Kevin Murphy, September 24, 2013, Domain Registries

Former OpenRegistry CEO Jean-Christophe Vignes has joined new gTLD applicant Artemis as director of domain operations, according to Artemis.

Artemis, which is one of the hopeful applicants for .secure, said “he will be in charge of building our Registry and Registrar capabilities for .secure”.

Vignes, a lawyer by trade, helped found registry service provider OpenRegistry a few years ago but left in July 2012 to go into private practice in Paris. He formerly worked for EuroDNS.

Artemis still needs to beat Amazon at auction or through some other means if it wants to win .secure, which Amazon wants to operate as a closed generic.

Artemis signs 30 anchor tenants for .secure gTLD

Artemis, the NCC Group subsidiary applying for .secure, says it has signed up 30 big-name customers for its expensive, high-security new gTLD offering.

CTO Alex Stamos said that the list includes three “too big to fail” banks and three of the four largest social networking companies. They’ve all signed letters of intent to use .secure domains, he said.

He was speaking at a small gathering of customers and potential customers in London yesterday, to which DI was invited on the condition that we not report the name of anyone else in attendance.

Artemis is doing this outreach despite the facts that a) .secure is still in a two-way contention set and b) deep-pocketed online retailer Amazon is the other applicant.

Stamos told DI he’s confident that Artemis will win .secure one way or the other — hopefully Amazon’s single-registrant bid will run afoul of ICANN’s current rethink of “closed generics”.

He expects to launch .secure in the second or third quarter of next year with a few dozen registrants live from pretty much the start.

The London event yesterday, which was also attended by executives from a few household names, was the second of three the company has planned. New York was the first and there’ll soon be one in California.

I’m hearing so many stories about new gTLD applicants that still haven’t figured out their go-to-market strategies recently that it was refreshing to see one that seems to be on the ball.

Artemis’ vision for .secure is also probably the most technologically innovative proposed gTLD that I’m currently aware of.

As the name suggests, security is the order of the day. Registrants would be vetted during the lengthy registration process and the domain names themselves would be manually approved.

Not only will there not be any typosquatting, but there’s even talk of registering common typos on behalf of registrants.

Registrants would also be expected to adhere to levels of security on their web sites (mandatory HTTPS, for example) and email systems (mandatory TLS). Domains would be scanned daily for malware and would have manual penetration testing at least annually.

Emerging security standards would be deployed make sure that browsers would only trust SSL certificates provided by Artemis (or, more likely, its CA partner) when handling connections to .secure sites.

Many of the policies are still being worked out, sometimes in conversation with an emerging “community” of the aforementioned anchor tenants, but there’s one thing that’s pretty clear:

This is not a domain name play.

If you buy a .secure domain name, you’re really buying an NCC managed security service that allows you to use a domain name, as opposed to an easily-copied image, as your “trust mark”.

Success for .secure, if it goes live as planned, won’t be measured in registration volume. I wouldn’t expect it to be much bigger than .museum, the tiniest TLD today, within its first few years.

Prices for .secure have not yet been disclosed, but I’m expecting them to be measured in the tens of thousands of dollars. If “a domain” costs $50,000 a year, don’t be surprised.

Artemis’ .secure would however be available to any enterprise that can afford it and can pass its stringent security tests, which makes it more “open” than Amazon’s vaguely worded closed generic bid.

Other ICANN accredited registrars will technically be allowed to sell .secure domains, but the Registry-Registrar Agreement will be written in such a way as to make it economically non-viable for them to do so.

Overall, the company has a bold strategy with some significant challenges.

I wonder how enthusiastic enterprises will be about using .secure if their customers start to assume that their regular domain name (which may even be a dot-brand) is implicitly insecure.

Artemis is also planning to expose some information about how well its registrants are complying with their security obligations to end users, which may make some potential registrants nervous.

Even without this exposure, simply complying appears to be quite a resource-intensive ongoing process and not for the faint-hearted.

However, that’s in keeping with the fact that it’s a managed security service — companies buy these things in order to help secure their systems, not cover up problems.

Stamos also said that its eligibility guidelines are being crafted with its customers in such a way that registrants will only ever be kicked out of .secure if they’re genuinely bad actors.

Artemis’ .secure is a completely new concept for the gTLD industry, and I wouldn’t like to predict whether it will work or not, but the company seems to be going about its pre-sales marketing and outreach in entirely the correct way.

.secure applicant claims NCC stole her idea

Domain Security Company CEO Mary Iqbal claims that NCC Group took many of her ideas for a high-security .secure top-level domain following unproductive investment talks.

Iqbal is also hinting at “potential future litigation” over the issue.

The surprising claims, made in emails to DI today, follow the announcement last week that a new NCC subsidiary, Artemis Internet, will also apply to ICANN for .secure.

“NCC Group has taken many of the security measures outlined in the Domain Security Company LLC security plan and incorporated them into the NCC Group’s proposed security measures,” Iqbal said.

Artemis chief technology officer Alex Stamos, a veteran security industry technologist, has dismissed the allegations as “completely ridiculous”.

“The only reason I know she is applying is because we did some Google searches when we were putting together our announcement,” he said.

Iqbal claims she was first contacted by NCC in January this year to talk about signing up for data escrow services – one of the technical services all new gTLD applicants need.

However, she says these talks escalated into discussions about a possible NCC investment in Domain Security Company, during which she shared the company’s security and business plans.

She said in an email:

These disclosures were made based on assurances from the NCC Group that the NCC Group was not then involved with any other applications for a secure Top Level Domain. Specific assurances were also given that the NCC Group was not involved with any other potential application for a .SECURE Top Level Domain.

But Stamos said that he’s been working on .secure at NCC since late last year, and he has no knowledge of any talks about investing in Iqbal’s company.

“All I know is that she talked to one of our salespeople about escrow,” he said. “I’ve never seen a business plan or security plan.”

Emails from an NCC executive sent to Iqbal in January and forwarded to DI by Iqbal today appear to be completely consistent with a sales call.

Iqbal said she has emails demonstrating that the talks went further, but she declined to provide them “since I may have to use it in any potential future litigation”.

Stamos pointed out that if NCC was in the habit with competing with its escrow clients, it would have applied for considerably more gTLDs than just .secure.

Artemis is proposing a significant technology development as part of its .secure bid, he said: the Domain Policy Framework, which he outlines on his personal blog here.

He added that Artemis is happy to compete with other .secure applicants – he evidently expects more to emerge – but on the merits of the application rather than “spurious claims”.

Domain Security Company “already has a very troubling history of using the legal process to overcome problems that should be based on merit”, he said.

That’s a reference to the company’s almost-successful attempt to secure US trademarks on .secure and .bank, in spite of the US trademark office’s rules against granting trademarks on TLDs.

Expect more stories like this to emerge about other gTLDs after ICANN’s Big Reveal of the applicant list next month.

Whether her claims have any merit or not, Iqbal’s not the first to claim that another applicant stole her idea, and she certainly won’t be the last.

How NCC plans to revolutionize domain name security with .secure gTLD

The proposed .secure generic top-level domain is now officially contested, after NCC Group, best known in the domain industry for its data escrow services, announced a bid.

Newly formed NCC subsidiary Artemis Internet Inc, based in San Francisco, is the official applicant.

According to Artemis chief technology officer Alex Stamos, who co-founded security testing firm iSEC Partners and sold it to NCC for $22.8 million two years ago, this is a hard security play.

The .secure gTLD would be all about enforcing strict security policies on registrants, he said.

“Right now there are a lot of interesting security technologies out there, but they’re generally not very effective because they’re optional,” he said.

As well as premium pricing and a manual registrant verification process expected to take about two weeks – complete with mailing address confirmation and two-factor authentication tokens – Artemis plans to force registrants to adhere to certain baseline security policies.

For example, all .secure web sites would have to be completely HTTPS, Stamos said. The only permissible use of a standard port 80 URL would be to redirect to the encrypted site.

The same would go for mail servers – they’d all have to use TLS to encrypt email as standard.

“When you go to bank.secure you’ll know that the software and servers at the other end are going to make the most secure decisions possible,” Stamos said.

Artemis would scan its registrants’ sites for compliance with these baseline rules, looking out for things such as botched SSL implementations.

But Artmeis wants to take it a step further. It is also proposing a new protocol, Domain Policy Framework, which would let registrants publish their security policies in the DNS.

Stamos said the company has set up a Domain Policy Working Group to develop the spec, which it plans to submit to the IETF for standardization before the end of the year.

The other members of the working group, which promise to include some “influential” names in financial services, software and social media, will be announced in July.

DPF would work alongside the existing DNSSEC and DANE protocols to enable registrants to specify, for example, which Certificate Authorities browsers should trust when accessing their .secure domain, preventing certain types of attacks, Stamos said.

Obviously, this system is not going to work without support from browser software, but Stamos said he’s hopeful that the big vendors will embrace the DPF spec.

“The most innovative and forward-leaning browsers will support it first,” he said.

Domains in .secure would still be accessible by non-compliant browsers, he said.

ARI Registry Services has been hired to manage the back-end registry, but Artemis is also building a secondary registry system for storing the DPF records, which it plans to offer to other TLD registries.

NCC plans to invest up to £6 million ($9.7 million) in Artmeis over the next 15 months, according to a press release.

Another firm, Domain Security Company, also plans to apply for .secure.

  • Page 1 of 2
  • 1
  • 2
  • >