Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Hackers stole data from Verisign, Blacknight
Hackers broke into Verisign’s corporate network and made out with sensitive data, it emerged today.
The attacks happened in 2010 and the company does not believe its all-important domain name infrastructure – which supports .com and several other top-level domains – was compromised.
Reuters broke the news today, but the attack was actually revealed in a Securities and Exchange Commission filing last October. The filing said:
In 2010, the Company faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers. We have investigated and do not believe these attacks breached the servers that support our Domain Name System (“DNS”) network. Information stored on the compromised corporate systems was exfiltrated.
The filing, which was required under recent SEC disclosure rules, goes on to say that the attacks were “not sufficiently reported to the Company’s management” until September 2011.
It adds that Verisign does not know whether the “exfilitrated” – ie, stolen – data was used by the attackers. The filing does not say what was taken.
Back in 2010, Verisign was still a security company. It did not sell off its SSL business to Symantec until August that year. The filing does not say whether SSL data was breached.
As one of the logical single points of failure on the internet, Verisign is of course the subject of regular attacks, mainly of the performance-degrading distributed denial of service variety.
The bigger worry, as Reuters rather breathlessly notes, is that if hackers could compromise the integrity of the DNS root or .com/.net zones, it could lead to mayhem.
In unrelated news, the domain name registrar Blacknight today revealed that it got hacked on Tuesday.
The attackers may have got away with contact information – including email addresses and telephone numbers – for up to 40,000 customers, the company said.
Financial information such as credit card numbers was not compromised, Blacknight said.
The company has contacted Irish data protection regulators and will also inform the police. Customers are advised to change their passwords.
If you’re a Blacknight customer you’ll also want to be on the lookout for “spear-phishing” attacks in the near future. When the bad guys know your name, it can lead to a more convincing phish.
Verisign to apply for a dozen new gTLDs
Verisign plans to apply to ICANN for about 12 new generic top-level domains, according to the executive in charge of registry services.
“We intend to do about 12. Most of those will be transliterations of .com,” senior vice president Pat Kane said on the company’s fourth-quarter earnings call yesterday.
This does not mark a significant change of strategy – the company has been open about its intention to apply for internationalized domain name variants of .com for over a year – but I believe it’s the first time it’s put a number on it.
It will be interesting to see which gTLDs – if any – Verisign will go for which are not .com IDNs.
My view is that it would make more sense for the company to apply for potentially high-volume .com competitors, such as .web or .blog. It has the capacity, the channel and the cash.
Smaller niche gTLDs may not be worth the distraction and risk, and would be better suited to dedicated registries that can concentrate on more focused marketing.
In any event, we’re going to see some major consolidation in the new gTLD space four or five years from now, and Verisign could well vacuum up cash-making registries at that time.
CEO Jim Bidzos also said on the call that Verisign has been retained to provide the registry for “several” dot-brand applications, but that it will not see any material revenue until 2013.
The major event for 2012, he noted, is the renewal of the .com Registry Agreement with ICANN, which expires at the end of November.
Verisign is already “engaging” with ICANN on this, Bidzos said.
This contract will be posted for public comment and sent to the US Department of Commerce for approval.
I’m expecting controversy, particularly if the contract continues to allow Verisign to increase prices.
It’s going to be harder for Verisign to argue that it needs the extra cash to invest in its infrastructure if it’s also leveraging that infrastructure to win lucrative dot-brand contracts.
Tiny start-up secures .bank gTLD trademark
A likely new gTLD applicant has secured a US trademark on the term “.bank”.
Asif LLC, a Wisconsin start-up with an undisclosed number of employees, won approval for the trademark 4,085,335 on Tuesday, for use in “domain name registration services”.
(UPDATE: Asif actually does business now as Domain Security Company LLC, but the trademark application was filed under its former name.)
As Domain Name Wire reported last year, Asif became a Go Daddy reseller in order to provide the US Patent & Trademark Office with proof it was using the brand.
It appears the gambit was successful, and the company now has a card to play in its inevitable battle with other .bank applicants, such as the BITS/American Bankers Association project.
Mary Iqbal, Asif’s CEO, told DomainIncite today that the company also has a trademark pending in Pakistan, where it has existing business connections.
Iqbal says she’s serious about her .bank application. It’s an idea she’s been working on for a few years.
Asif has been talking to security companies about providing the security infrastructure for the gTLD and has already signed up with a registry back-end provider, she said.
All she was prepared to disclose at the moment is that one of these partners has “ground-breaking encryption technology” and that the company has solid plans for its security profile.
The .bank gTLD would of course be limited to manually verified financial institutions, Iqbal confirmed.
Explaining the reseller site used to get the trademark, Iqbal said: “We intend to use that in future to sell .bank domain names but for now we’re selling names in other TLDs.”
Asif also has a pending US trademark on “.secure”, which it also plans to apply for as a gTLD.
Iqbal said that the company plans to offer small and medium sized e-commerce businesses extra security services if they redirect their customers to their .secure domain at the checkout.
While I am unaware of any other public .secure applicants, the .bank gTLD is expected to be contested.
A joint project of the American Bankers Association and BITS, part of the Financial Services Roundtable, has already essentially confirmed that it plans to apply for .bank and possibly two other financial gTLDs, using Verisign as its back-end.
“We don’t know for sure if they’re going to apply for .bank,” Iqbal said, however. “If somebody else does apply, all I can say that we are the legal rights holder for .bank.”
Holding a trademark on a term gives companies the right to file a Legal Rights Objection against new gTLD applicants.
However, as much as I love an entrepreneur, I estimate the chances of Asif getting its .bank application approved at roughly zero, trademark or not.
There are about half a dozen different reasons Asif would probably not pass the Legal Rights Objection test, which would leave it in a contention set with other .bank applicants.
The final mechanism offered by ICANN to resolve contested gTLDs is an auction, and nobody goes into an auction against the American Bankers Association expecting to win.
ICANN also encourages applicants in contention sets to talk it out amongst themselves before resorting to auction. If Asif is lucky, a rival .bank applicant will pay it to go away before the string goes to auction.
If it’s very lucky, somebody will acquire the trademark before the company – which Iqbal said is already funded but would welcome additional investment – splashes out $185,000 on its application fee.
The Asif .bank application also stands a substantial chance of being objected to by governments.
ICANN’s Governmental Advisory Committee, and in particular the influential US representative, has very strong views on gTLDs purporting to represent regulated industries.
If the GAC is faced with a choice between a .bank backed by the ABA and BITS with a Verisign back-end, and one backed by a tiny Wisconsin start-up, I believe there’s a pretty good chance the Wisconsin start-up is going to find itself on the receiving end of a GAC Advice objection.
Just a hunch.
Fight brewing over thick .com Whois
This year is likely to see a new fight over whether Verisign should be forced to create a “thick” Whois database for .com and its other generic top-level domains.
While Verisign has taken a deliberately ambivalent position on whether ICANN policy talks should kick off, the community is otherwise split on whether a mandatory thick Whois is a good idea.
Currently, only .com, .net, .name and .jobs – which are all managed on Verisign’s registry back-end – use a thin Whois model, in which domain name registrars store their customers’ data.
Other gTLDs all store registrant data centrally. Some “sponsored” gTLD registries have an even closer relationship with Whois data — ICM Registry for example verifies .xxx registrants’ identities.
But in a Preliminary Issue Report published in November, ICANN asked whether it should kick off a formal Policy Development Process that could make thick Whois a requirement in all gTLDs.
In comments filed with ICANN last week, Verisign said:
As the only existing registry services provider impacted by any future PDP on Thick Whois, Verisign will neither advocate for nor against the initiation of a PDP.
…
Verisign believes the current Whois model for .com, .net, .name and .jobs is effective and that the proper repository of registrant data is with registrars — the entities with direct connection to their customers. However, if the community, including our customers, determines through a PDP that “going thick” is now the best approach, we will respect and implement the policy decision.
Thick Whois services make it easier to find out who owns domain names. Currently, a Whois look-up for a .com domain can require multiple queries at different web sites.
While Whois aggregation services such as DomainTools can simplify searches today, they still face the risk of being blocked by dominant registrars.
The thin Whois model can also make domain transfers trickier, as we witnessed just last week when NameCheap ran into problems processing inbound transfers from Go Daddy.
ICANN’s Intellectual Property Constituency supports the transition to a thick Whois. It said in its comments:
Simplifying access to this information through thick Whois will help prevent abuses of intellectual property, and will protect the public in many ways, including by reducing the level of consumer confusion and consumer fraud in the Internet marketplace. Thick Whois enables quicker response and resolution when domain names are used for illegal, fraudulent or malicious purposes.
However, Verisign noted that a thicker Whois does not mean a more accurate Whois database – registrars will still be responsible for collecting and filing customer contact records.
There are also concerns that a thick Whois could have implications for registrant privacy. Wendy Seltzer of the Non-Commercial Users Constituency told ICANN:
Moving all data to the registry could facilitate invasion of privacy and decrease the jurisdictional control registrants have through their choice of registrar. Individual registrants in particular may be concerned that the aggregation of data in a thick WHOIS makes it more attractive to data miners and harder to confirm compliance with their local privacy laws.
This concern was echoed to an extent by Verisign, which noted that transitioning to a thick Whois would mean the transfer of large amounts of data between legal jurisdictions.
European registrars, for example, could face a problem under EU data protection laws if they transfer their customer data in bulk to US-based Verisign.
Verisign also noted that a transition to a thick Whois would dilute the longstanding notion that registrars “own” their customer relationships. It said in its comments:
As recently as the June 2011 ICANN meeting in Singapore, Verisign heard from several registrars that they are still not comfortable with Verisign holding their customers’ data. Other registrars have noted no concern with such a transition
ICANN staff will now incorporate these and other comments into its final Issue Report, which will then be sent to the GNSO Council to decide whether a PDP is required.
If the Council votes in favor of a PDP, it would be many months, if at all, before a policy binding on Verisign was created.
VeriSign yanks domain seizure power request
That was quick.
VeriSign has withdrawn its request for new powers to delete domain names being used for abusive purposes, just a few days after filing it with ICANN.
The company had proposed a policy that would give law enforcement the ability to seize .com and .net names apparently without a court order, and a new malware scanning service.
The former came in for immediate criticism from groups including the American Civil Liberties Union and the Electronic Frontier Foundation, while the latter appeared to have unnerved some registrars.
But now both proposals have been yanked from ICANN’s Registry Services Evaluation Process queue.
This is not without precedent. Last year, VeriSign filed for and then withdrew requests to auction off one-letter .net names and a “Domain Name Exchange” service that looked a bit like domain tasting.
Both came in for criticism, and have not reappeared.
Whether the latest abuse proposals will make a reappearance after VeriSign has had time to work out some of the more controversial kinks remains to be seen.
Registrars not happy with VeriSign abuse plans
VeriSign has been talking quietly to domain name registrars about its newly revealed anti-abuse policies for several months, but some are still not happy about its plans for .com malware scans.
The company yesterday revealed a two-pronged attack on domain name abuse, designed to counteract a perception that .com is not as secure a space as it should be.
One prong, dealing with law enforcement requests to seize domains, I covered yesterday. It’s already received criticism from the Electronic Frontier Foundation and American Civil Liberties Union.
The other is an attempt to introduce automatic malware scanning into the .com, .net and .name spaces, rather like ICM Registry has said it will do with all .xxx domains.
Unlike the daily ICM/McAfee service, VeriSign’s free scans will be quarterly, but the company intends to also offer a paid-for upgrade that would search domains for malware more frequently.
On the face of it, it doesn’t seem like a bad idea.
But some registrars are worried about the fading line between registrars, which today “own” the customer relationship, and the registries, which for the most part are hidden away in the cloud.
Go Daddy director of network abuse Ben Butler, asked about both of yesterday’s VeriSign proposals, said in a statement that they have “some merit”, but sounded several notes of caution:
This is going to make all registrars responsible for remediation efforts and negative customer-service clean up. The registrar at this point becomes the “middle man,” dealing with customers whose livelihood is being negatively impacted. As mentioned in their report, the majority of sites infected with malware were not created by the “bad guys.”
While there is an appeal process mentioned, it could take some time to get issues resolved, potentially leaving a customer’s website down for an extended period.
This could also create a dangerous situation, allowing registries to gain further control over registrars’ operations – as registrars have the relationship with the registrant, the registrar should be responsible for enforcing policies and facilitating remediation.
It has also emerged that VeriSign unilaterally introduced the malware scanning service as a mandatory feature of .cc and .tv domains – which are not regulated by ICANN – earlier this year.
The changes appear to have been introduced without fanfare, but are clearly reflected in today’s .tv registration policies, which are likely to form the basis of the .com policies.
Some registrars weren’t happy about that either.
Six European registrars wrote to VeriSign last month to complain that they were “extremely displeased” with the way the scanning service was introduced. They told VeriSign:
These changes mark the beginning of a substantive shift in the roles of registries regarding the monitoring and controlling of content and may lead to an increase of responsibility and liability of registries and registrars for content hosted elsewhere. As domain name registrars, we hold the position that the responsibilities for hosted content and the registration of a domain name are substantially different, and this view has been upheld in European court decisions numerous times. In this case, Verisign is assuming an up-front responsibility that surpasses even the responsibilities of a web hoster, and therefore opens the door to added responsibilities and legal liability for any form of abuse.
…
In the end, the registrar community will have to face the registrant backlash and criticism, waste countless hours of support time to explain this policy to the registrants and again every time they notice downtimes or loss of performance. These changes are entirely for the benefit of Verisign, but the costs are delegated to the registrants, the registrars and the hosting service providers.
The registrars were concerned that scanning could cause hosting performance hits, but VeriSign says the quarterly scan uses a virtual browser and is roughly equivalent to a single user visit.
They were also worried that the scans, which would presumably ignore robots.txt prohibitions on spidering, would be “intrusive” enough to potentially violate European Union data privacy laws.
VeriSign now plans to give all registrars an opt-out, which could enable them to avoid this problem.
It looks like VeriSign’s plans to amend the Registry-Registrar Agreement are heading for ICANN-overseen talks, so registrars may just be digging into a negotiating position, of course.
But it’s clear that there is some unease in the industry about the blurring of the lines between registries and registrars, which is only likely to increase as new gTLDs are introduced.
In the era of new gTLDs, and the liberalization of ICANN’s vertical integration prohibitions, we’re likely to see more registries having hands-on relationships with customers.
VeriSign’s .com takedown power grab causing controversy
VeriSign’s request for a wide-ranging set of powers that would enable it to shut down .com and .net domain names that are suspected of abuse is already attracting criticism.
The proposals came in a Registry Services Evaluation Process request to ICANN that I reported on for The Register this morning.
It’s asking (pdf) to be able to create a new anti-abuse policy that would refocus many of the controls currently in the hands of registrars to the registry level instead.
The policy would “allow the denial, cancellation or transfer” of any VeriSign-managed domain if any any of these conditions were triggered:
(a) to protect the integrity, security and stability of the DNS;
(b) to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process;
(c) to avoid any liability, civil or criminal, on the part of Verisign, as well as its affiliates, subsidiaries, officers, directors, and employees;
(d) per the terms of the registration agreement,
(e) to respond to or protect against any form of malware (defined to include, without limitation, malicious code or software that might affect the operation of the Internet),
(f) to comply with specifications adopted by any industry group generally recognized as authoritative with respect to the Internet (e.g., RFCs),
(g) to correct mistakes made by Verisign or any Registrar in connection with a domain name registration, or
(h) for the non-payment of fees to Verisign. Verisign also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute;
As you can see, that’s a pretty broad range of justifications.
Notably, it would enable a domain to be canceled or transferred at the “requests of law enforcement or other governmental or quasi-governmental agency”, which would seem to circumvent the current practice of a court order being obtained before a domain is seized.
The question of what constitutes a “quasi-governmental agency” is also interesting. Is ICANN itself such a thing?
The policy would also enable a take-down “to avoid any liability, civil or criminal”, which seems to be just begging for VeriSign to be named spuriously in commercial lawsuits between .com registrants.
The RSEP also suggests that VeriSign plans to extend its hand of friendship to law enforcement agencies from outside the US:
Pilots with European Law Enforcement, Government CERTS and Registrars are planned, and other global test pilots will follow, to ensure global collaboration in the continuing development of the procedures.
Today, US agencies can get court orders instructing VeriSign to hand over domains. While imposing US law on .com owners from other countries is controversial, at least overseas registrants know where they stand.
Now VeriSign is talking about cooperating with European law enforcement agencies too.
At the risk of getting dangerously close to invoking Godwin’s Law, this brings us back to an old jurisdictional problem – what if the French police demand the seizure of a .com site selling Nazi memorabilia, which is illegal in France but legal in the US, for example?
Taking it a step further, what if VeriSign starts entertaining takedown requests from some of the world’s least pleasant theocracies, banana republics and dictatorships?
Half of .com could disappear overnight.
Since VeriSign has a business to run, that’s obviously not going to happen. So the company is going to have to draw a line somewhere, separating criminality from legitimate behavior and free speech.
I’m speculating wildly here, of course, but the RSEP doesn’t contain nearly enough detailed information about VeriSign’s proposed procedures to make a more informed analysis.
VeriSign knows what it is proposing is controversial. The RSEP says:
Registrants may be concerned about an improper takedown of a legitimate website. Verisign will be offering a protest procedure to support restoring a domain name to the zone.
The proposals have been made following many months of discussions between registries, registrars, law enforcement agencies and other community stakeholders.
It’s not entirely clear from VeriSign’s RSEP, which sometimes confusingly conflates the abuse policy with a separate proposed malware scanning service, how a takedown notice would be processed.
One likely reading is that VeriSign would act almost like a centralized clearinghouse for takedown requests, forwarding them to individual registrars for enforcement.
The registrars could be obliged by the terms of an amended Registry-Registrar Agreement to follow whatever process had been laid down.
There seems to be some concern in the ICANN community about this.
ICANN senior VP of stakeholder relations Kurt Pritz recently sent a document to PIR’s David Maher and Oversee.net’s Mason Cole outlining the procedure for amending the RRA.
The flowchart (pdf) describes a trilateral negotiation between the registry proposing the change, the Registrars Stakeholder Group and ICANN, with the ICANN board having the ultimate decision-making authority.
However this proceeds through ICANN, it’s going to cause some heated community debate.
Should .com get a thick Whois?
The ICANN community has taken another baby step towards pushing VeriSign into implementing a “thick” Whois database for .com and .net domain names.
The GNSO Council yesterday voted to ask ICANN to prepare an Issue Report exploring whether to require “all incumbent gTLDs” to operate a thick Whois. Basically, that means VeriSign.
The .com and .net registries currently run on a “thin” model, whereby each accredited registrar manages their own Whois databases.
Most other gTLDs today run thick registries, as will all registries approved by ICANN under its forthcoming new gTLDs program.
The thinness of .com can cause problems during inter-registrar transfers, when gaining and losing registrars have no central authoritative database of registrant contact details to rely upon.
In fact, yesterday’s GNSO vote followed the recommendations of a working group that decided after much deliberation that a thick .com registry may help reduce bogus or contested transfers.
Trusting registrars to manage their own Whois is also a frequent source of frustration for law enforcement, trademark interests and anti-spam firms.
Failure to maintain a functional web-based or port 43 Whois interface is an often-cited problem when ICANN’s compliance department terminates rogue registrars.
Now that an Issue Report has been requested by the GNSO, the idea of a thick .com moves closer to a possible Policy Development Process, which in turn can create binding ICANN consensus policies.
There’s already a clause in VeriSign’s .com registry agreement that gives ICANN the right to demand that it creates a centralized Whois database.
Switching to a thick model would presumably not only transfer responsibility to VeriSign, but also cost and liability, which is presumably why the company seems to be resisting the move.
Don’t expect the changes to come any time soon.
Writing the Issue Report is not expected to be a priority for ICANN staff, due to their ongoing chronic resource problems, and any subsequent PDP could take years.
The alternative – for ICANN and VeriSign to come to a bilateral agreement when the .com contract comes up for renewal next year – seems unlikely given that ICANN did not make a similar requirement when .net was renegotiated earlier this year.
VeriSign CFO quits after buyout rumors
VeriSign has just announced that its chief financial officer, Brian Robins, will leave the company at the end of the month.
The announcement follows a couple of trading days in which VeriSign’s shares have rallied on rumors that the company was on the verge of being acquired.
Ironically, it was Robins’ decision to cancel an appearance at a financial conference that sparked the rumors.
Robins’ resignation follows that of his old boss, CEO Mark McLaughlin, who quit to join a pre-IPO tech startup in late July.
Robins’ destination is not yet known, and VeriSign has yet to name a replacement.
MelbourneIT talks to 270 .brand applicants
The Australian domain registrar MelbourneIT said it has talked to 270 companies and signed contracts with 17 that want to apply for “.brand” top-level domains.
The news came in the company’s “disappointing” first-half financial results announcement yesterday.
According to its official report (pdf), MelbourneIT has received 230 expressions of interest and has inked deals with 14, but managing director Theo Hnarkis reportedly told analysts the higher numbers.
The company is charging clients between AUD 45,000 ($47,000) and AUD 75,000 ($79,000) to handle the ICANN application process.
MelbourneIT’s preferred partner for back-end registry services is VeriSign, so the clients it signs are likely to become recurring revenue streams for VeriSign if their applications are successful.
Recent Comments