ICANN fixes new gTLD portal bugs

Kevin Murphy, July 23, 2012, Domain Policy

ICANN has brought its new gTLD program customer service portal back online after about five days of patching-related downtime.

In a notice posted late last night, ICANN said the delay was due to the wait for a vendor patch. ICANN said:

A recent, proactive review of the CSC system identified potential vulnerabilities. To address these vulnerabilities, the CSC portal was taken offline while vendor-provided patches were applied. There have been no known compromises to any data.

New gTLD applicants will now have to log in to their TLD Application System accounts, which use the Citrix remote terminal software, to use their customer service tools.

Non-applicants will be able to ask customer service questions via email.

The Knowledge Base — essentially a program FAQ — is still offline, but ICANN said it hopes to bring it back up within a few days.

ICANN shuts down new gTLD portal after finding more security bugs

Kevin Murphy, July 19, 2012, Domain Tech

ICANN has closed down part of its new generic top-level domain portal after finding “potential vulnerabilities” that put “confidential applicant information” at risk.

The shutdown — which has been going on for at least 30 hours — affects the Customer Service and Knowledge Base parts of the site, but ICANN said it is so far not aware of any attacks against the system.

While it’s waiting for a patch, ICANN has decided to move the affected areas behind the unpopular Citrix remote terminal software used previously in the TLD Application System.

This notice was posted on the site:

ICANN performs ongoing monitoring and analysis of our systems, including the Customer Service system. As part of this work, we recently identified potential vulnerabilities in the system used for Customer Service and the Knowledge Base (containing new gTLD articles and information).

Patches are being provided to ICANN to address these issues.

In the mean time, given that use of the Customer Service system was recently expanded, and now includes confidential applicant information, the decision was taken to move the system behind Citrix. This will provide for additional security for applicant information.

We are now testing the installation. This should be completed in the next few days. This decision is a proactive measure. There have been no known compromises to the data, attacks or other actions by third parties (other than our own analysis).

Off the top of my head — and I may be under-counting — this is the fifth significant technical glitch to hit the new gTLD program since April.

There was the notorious TAS bug, which took the system offline entirely for six weeks while ICANN fixed a data leakage vulnerability and upgraded its system capacity.

There was the Reveal Day screw-up, during which Arab community members noticed that all the applied-for Arabic gTLDs were broadcast back-to-front in a presentation.

Then ICANN accidentally published the home addresses of many applicants’ officers and directors, something it had promised not to do. This was probably human error and it has since apologized.

Then the “digital archery” batching system was yanked, after it emerged that TAS performance still wasn’t up to the task and that the scoring results were unreliable.

Former new gTLD program director Michael Salazar resigned a month ago; it is widely believed that he was taking the fall for the gTLD system bugs to that point.

While the latest bug appears — so far — to have not compromised any data, some applicants have nevertheless been frustrated by the fact that the customer service portal has been offline for over a day.

Digital archery suspended, surely doomed

Kevin Murphy, June 23, 2012, Domain Policy

ICANN has turned off its unpopular “digital archery” system after new gTLD applicants and independent testing reported “unexpected results”.

As delegates continue to hit the tarmac here in Prague for ICANN 44, at which batching may well be hottest topic in town, digital archery is now surely doomed.

ICANN said in a statement this morning:

The primary reason is that applicants have reported that the timestamp system returns unexpected results depending on circumstances. Independent analysis also confirmed the variances, some as a result of network latency, others as a result of how the timestamp system responds under differing circumstances.

While that’s pretty vague, it could partly refer to the kind of geographic randomness reported by ARI Registry Services, following testing, earlier this week.

It could also refer to the kind of erratic results reported by Top Level Domain Holdings two weeks ago, which were initially dismissed as a minor display-layer error.

TLDH has also claimed that the number of opportunistic third-party digital archery services calibrating their systems against the live site had caused latency spikes.

Several applicants also said earlier this week that the TLD Application System had been inaccessible for long periods, apparently due to a Citrix overloading problem.

Only 20% of applications had so far registered their archery timestamp, according to ICANN, despite the fact that the system was due to close down on June 28.

Make no mistake, this is another technical humiliation for ICANN, one which casts the resignation of new gTLD program director Michael Salazar on Thursday in a new light.

For applicants, ICANN said evaluations were still proceeding according to plan, but that the batching problem is now open for face-to-face community discussion:

The evaluation process will continue to be executed as designed. Independent firms are already performing test evaluations to promote consistent application of evaluation criteria. The time it takes to delegate TLDs will depend on the number and timing of batches

The information gathered from community input to date and here in Prague will be weighed by the New gTLD Committee of the Board. The Committee will work to ensure that community sentiment is fully understood and to avoid disruption to the evaluation schedule.

Expect ICANN staff to take a community beating over these latest developments as ICANN 44 kicks off here in Prague.

There’s light support for batching, and even less for digital archery. It’s looking increasingly likely that neither will survive the meeting.

Digital Archery lessons from tonight’s tweet-up

Kevin Murphy, May 22, 2012, Domain Policy

ICANN held a Twitter session tonight during which executives answered questions about the new gTLD program in that notoriously restrictive 140-character format.

Unsurprisingly, in light of the frustration borne out of ongoing delays, most of the questions were about timing.

New gTLD applicants wanted to know when ICANN plans to host its Big Reveal event, when the Digital Archery application batching system will open, and when the batches will be confirmed.

The only specific date applicants were given was May 29, which is when ICANN plans to publish its updated program timetable.

But @ICANN gave away enough information to make a broad estimate about the date digital archery will commence.

First, ICANN confirmed that the Big Reveal will be before its public meeting in Prague kicks off on June 23.

ICANN also said that the digital archery process will begin before the reveal day and finish after.

The archery window will be open for about three weeks, we learned.

We can draw some broad conclusions from this information.

The latest possible date for the Big Reveal, given what ICANN said tonight, is June 22 (the Friday before Prague), so the latest possible date for the digital archery window opening is June 21.

In that case, digital archery would run June 21 – July 12, or thereabouts.

Because the archery can’t start before the applications are all submitted, the earliest window would be May 31 – June 20.

My estimates err towards the lower end. I think we’re looking at archery starting within a week of the application window closing and ending immediately before or during Prague.

If ICANN decides that it wants the archery out of the way before the meeting begins, the window could have to open as early as May 31.

If it wants the window to close post-Prague, we’re looking at it opening around June 11.

TAS reopens after humiliating 40 days

Kevin Murphy, May 22, 2012, Domain Policy

Forty days after it was taken offline for a bug fix, ICANN has reopened its TLD Application System, giving new gTLD applicants a week to finish off their applications.

TAS will now close May 30 at 2359 UTC, which is 1559 in California next Wednesday afternoon.

But applicants are being warned that waiting until the final day “may not provide sufficient time to complete all submission steps before the submission period closes.”

The date of the Big Reveal of applications, which I’m now expecting to come at some point before the Prague meeting at the end of June, is likely to be confirmed in the next day or so.

As well as fixing the bug – a data leakage vulnerability that enabled applicants to see each others’ file names, affecting over 150 users – ICANN has made system performance improvements and cleaned up its HTML preview function, in response to user complaints.

Repairing the vulnerability has cost ICANN “hundreds of thousands of dollars” since TAS was taken offline April 12, chief operating officer Akram Atallah estimated last Thursday.

The fact that the system has reopened half a day ahead of the most recently scheduled deadline – it was due to open at 1900 UTC tonight – is unlikely to win ICANN many plaudits.

If the opinions of the opinionated are any guide, the TAS outage has left ICANN with a severe dent in its already patchy reputation, even among fervent supporters.

Atallah and senior vice president Kurt Pritz came in for a pummeling during an ICANN summit attended by registrars and registries, many of them gTLD applicants, late last week.

Several outspoken long-time community members made it clear that their confidence in ICANN’s ability to hit deadlines is at an all-time low.

Expectations of professionalism have increased, as AusRegistry CEO Adrian Kinderis told Atallah, now that ICANN has $350 million of applicant cash in its bank account.

The bug itself may have been as unavoidable and understandable as any bug in new software, but ICANN’s tardiness resolving the problem has left applicant trust in many cases shattered.