Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
VeriSign to offer different prices to different registrars?
VeriSign may be able to offer differential pricing for .net domain names under the just-published draft .net registry contract.
The current .net agreement expires at the end of June, but VeriSign has a presumptive right of renewal.
The newly negotiated contract has a new “Special Programs” clause would enable VeriSign to offer pricing incentives to registrars in “underserved geographies” not available to other registrars.
Here’s the meat of the paragraph:
Registry Operator may for the purpose of supporting the development of the Internet in underserved geographies provide training, technical support, marketing or incentive programs based on the unique needs of registrars located in such geographies to such registrars, so long as Registry Operator does not treat similarly situated registrars differently or apply such programs arbitrarily. Registry Operator may implement such programs with respect to registrars within a specific geographic region, provided, that (i) such region is defined broadly enough to allow multiple registrars to participate and (ii) such programs do not favor any registrar in which Registry Operator may have an ownership interest over other similarly situated registrars within the same region.
Later, the part of the contract that limits VeriSign’s registry fee and requires uniform pricing among all registrars has been amended to specifically exclude these special programs.
The contract does seem to envisage differential registrar pricing, within certain geographic parameters, perhaps enabling VeriSign to stimulate growth in low-penetration markets.
It’s probably too early to speculate, given that we don’t know what incentives VeriSign has in mind, but it’s not difficult to imagine a scenario where particularly attractive pricing could cause a bunch of shell companies to emerge in, say, Africa or Asia.
For now, the provision would only apply to .net domains, but VeriSign has been known to use .com as a venue for dry runs of services it wants to offer in .com. The .com contract is up for renewal next year.
The proposed .net contract (pdf) contains a number of other changes (pdf), some of which mirror language found in other registry contracts, some of which are new.
There’s a provision for VeriSign to be able to “prevent” the registration of certain names, such as those that would have led to the Conficker worm spreading, in order to protect the security of the internet.
Some of the things that have not changed are also quite interesting.
With ICANN’s recent “vertical integration” decision, which will allow registries and registrars to own each other, you’d think the .net contract renegotiation would be the perfect opportunity for VeriSign to signal its intentions to get into the registrar business, as Neustar already has.
But it has not. The contract contains the same prohibitions on cross ownership as the earlier version.
And as Domain Name Wire noted, the new contract would allow VeriSign to continue to increase its prices by 10% every year until 2017.
That could lead to a maximum of about $9 per domain per year, including ICANN fees, by the time the deal is next up for renewal, if VeriSign exercised the option every year.
There’s an ICANN public comment period, open until May 10.
VeriSign now front-runner for .bank
VeriSign has signed a deal with two major banking industry organizations to become their exclusive provider of registry services for any new top-level domains designed for financial services companies.
The deal is with the American Bankers Association and BITS, the technology policy arm of the Financial Services Roundtable. Together, they represent the majority of US banks.
While the announcement conspicuously avoids mentioning any specific TLD strings, .bank is the no-brainer. I suspect other announced .bank initiatives will now be reevaluating their plans.
The way ICANN’s new gTLD Applicant Guidebook is constructed, any TLD application claiming to represent the interests of a specific community requires support from that community.
There are also community challenge procedures that would almost certainly kill off any .bank application that did not have the backing of major banking institutions.
BITS has already warned ICANN that it would not tolerate a .bank falling into the wrong hands, a position also held by ICANN’s Governmental Advisory Committee.
In an era of widespread phishing and online fraud, the financial services industry is understandably eager that domains purporting to represent banks are seen to be trustworthy.
Because we all trust bankers, right?
VeriSign is of course the perfect pick for a registry services provider. As well as running the high-volume .com and .net domains, it also carries the prestige .gov and .edu accounts.
“We’re honored to have been chosen by BITS and ABA as their registry operator for any new gTLDs deployed to serve the financial services industry and their customers,” said Pat Kane, VeriSign’s senior VP of Naming Services, in a statement.
Apart from the multilingual versions of .com and .net, I think this may be the first new TLD application VeriSign has publicly associated itself with.
Domain security arrives in .com
VeriSign announced late yesterday that it has fully implemented DNSSEC in .com, meaning pretty much anyone with a .com domain name can now implement it too.
DNSSEC is a domain-crypto protocol mashup that allows web surfers, say, to trust that when they visit wellsfargo.com they really are looking at the bank’s web site.
It uses validatable cryptographic signatures to prevent cache poisoning attacks such as the Kaminsky Bug, the potential internet-killer that caused panic briefly back in 2008.
With .com now supporting the technology, DNSSEC is now available in over half of the world’s domains, due to the size of the .com zone. But registrants have to decide to use it.
I chatted to Matt Larson, VeriSign’s VP of DNS research, and Sean Leach, VP of technology, this afternoon, and they said that .com’s signing could be the tipping point for adoption.
“I feel based on talking to people that everybody has been waiting for .com,” Larson said. “It could open the floodgates.”
What we’re looking at now is a period of gradual adoption. I expect a handful of major companies will announce they’ve signed their .coms, probably in the second half of the year.
Just like a TLD launch, DNSSEC will probably need a few anchor tenants to raise the profile of the technology. Paypal, for example, said it plans to use the technology at an ICANN workshop in San Francisco last month, but that it will take about six months to test.
“Most people have their most valuable domains in the .com space,” said Leach. “We need some of the big guys to be first movers.”
There’s also the issue of ISPs. Not many support DNSSEC today. The industry has been talking up Comcast’s aggressive deployment vision for over a year now, but few others have announced plans.
And of course application developer support is needed. Judging from comments made by Mozilla representatives in San Francisco, browser makers, for example, are not exactly champing at the bit to natively support the technology.
You can, however, currently download plugins for Firefox that validate DNSSEC claims, such as this one.
According to Leach, many enterprises are currently demanding DNSSEC support when they buy new technology products. This could light a fire under reluctant developers.
But DNSSEC deployment will still be slow going, so registries are doing what they can to make it less of a cost/hassle for users.
Accredited registrars can currently use VeriSign’s cloud-based signing service for free on a trial basis, for example. The service is designed to remove the complexity of managing keys from the equation.
I’m told “several” registrars have signed up, but the only one I’m currently aware of is Go Daddy.
VeriSign and other registries are also offering managed DNSSEC as part of their managed DNS resolution enterprise offerings.
Neither of the VeriSign VPs was prepared to speculate about how many .com domains will be signed a year from now.
I have the option to turn on DNSSEC as part of a Go Daddy hosting package. I probably will, but only in the interests of research. As a domain consumer, I have to say the benefits haven’t really been sold to me yet.
VeriSign’s upcoming battle for the Chinese .com
Could VeriSign be about to face off against China for control of the Chinese version of .com? That’s an intriguing possibility that was raised during the .nxt conference last week.
Almost as an aside, auDA chief Chris Disspain mentioned during a session that he believes there are moves afoot in China to apply to ICANN for “company”, “network” and “organization” in Chinese characters. In other words, .com, .net and .org.
I’ve been unable to find an official announcement of any such Chinese application, but I’m reliably informed that Noises Have Been Made.
VeriSign has for several quarters been open about its plans to apply for IDN equivalents of its two flagship TLDs, and PIR’s new CEO Brian Cute recently told me he wants to do the same for .org.
While neither company has specified which scripts they’re looking at, Chinese is a no-brainer. As of this week, the nation is the world’s second-largest economy, and easily its most populous.
Since we’re already speculating, let’s speculate some more: who would win the Chinese .com under ICANN’s application rules, VeriSign or China?
If the two strings were close enough to wind up in a contention set, could VeriSign claim intellectual property rights, on the basis of its .com business? It seems like a stretch.
Could China leapfrog to the end of the process with a community application and a demand for a Community Priority Evaluation?
That also seems like a stretch. It’s not impossible – there’s arguably a “community” of companies registered with the Chinese government – but such a move would likely stink of gaming.
Is there a technical stability argument to be made? Is 公司. (which Google tells me means “company” in Chinese) confusingly similar to .com?
If these TLDs went to auction, one thing is certain: there are few potential applicants with deeper pockets than VeriSign, but China is one of them.
UPDATE: VeriSign’s Pat Kane was good enough to post a lengthy explanation of the company’s IDN strategy in the comments.
VeriSign scores big win in .com pricing lawsuit
VeriSign has successfully had an antitrust lawsuit, which claims the company has been raising .com domain name prices anti-competitively, dismissed by a California court.
While it’s encouraging news if you’re a VeriSign shareholder, the Coalition for ICANN Transparency, which filed the suit, will be allowed to amend and re-file its complaint.
The basis for the dismissal (pdf) goes to the central irony of CFIT – the fact that, despite its noble name, it’s not itself a particularly transparent organization.
CFIT was set up in 2005 in order to sue ICANN and VeriSign over their deal that gave VeriSign the right to raise the price of .com and .net domains, and to keep its registry contracts on favorable terms.
While it was cagey about who was backing the organization, those of us who attended the ICANN meeting in Vancouver that year knew from the off it was primarily a front for Momentous.ca, owner of Pool.com and other domainer services.
In dismissing the case last Friday, Judge Ronald Whyte decided that CFIT’s membership is vague enough to raise a question over its standing to sue on antitrust grounds. He wrote:
By failing to identify its purported members, CFIT has made it impossible to determine whether the members are participants in the alleged relevant markets, or whether they have suffered antitrust injury. Because the [Third Amended Complaint] identifies no members of CFIT, it must be dismissed.
While CFIT had disclosed some time ago Pool.com’s involvement, it recently tried to add uber-domainer Frank Schilling’s Name Administration Inc and iRegistry Corp to the list of its financial supporters.
But Whyte was not convinced that the two companies were CFIT “members” with standing to sue.
Whyte decided that CFIT’s complaint, “fatally fails to allege facts showing that iRegistry or Name Administration were financial supporters or members at the time the complaint was filed”.
He also denied CFIT’s demand for a jury trial.
CFIT wants VeriSign to return all the excess profits it has made on .com registrations since it started raising its prices above $6.
If CFIT were to win, it would severely curtail VeriSign’s ability to grow its registry business, and could lead to billions being wiped off its accounts.
The organization has been given leave to file a fourth amended complaint, so it’s not over yet.
Incumbents get the nod for new TLD apps
Domain name registries such as Neustar, VeriSign and Afilias will be able to become registrars under ICANN’s new top-level domains program, ICANN has confirmed.
In November, ICANN’s board voted to allow new TLD registries to also own registrars, so they will be able to sell domains in their TLD direct to registrants, changing a decade-long stance.
Late last week, in reply (pdf) to a request for clarification from Neustar policy veep Jeff Neuman, new gTLD program architect Kurt Pritz wrote:
if and when ICANN launches the new gTLD program, Neustar will be entitled to serve as both a registry and registrar for new gTLDs subject to any conditions that may be necessary and appropriate to address the particular circumstances of the existing .BIZ registry agreement, and subject to any limitations and restrictions set forth in the final Applicant Guidebook.
That doesn’t appear to say anything unexpected. ICANN had already made it pretty clear that the new vertical integration rules would be extended to incumbent gTLD registries in due course.
(However, you may like to note Pritz’s use of the words “if and when”, if you think that’s important.)
Neustar’s registry agreement currently forbids it not only from acting as a .biz registrar, but also from acquiring control of greater than 15% of any ICANN-accredited registrar (whether or not its sells .biz domains).
That part of the contract will presumably need to be changed before Neustar applies for official registrar accreditation or attempts to acquire a large stake in an existing registrar.
VeriSign and Afilias, the other two big incumbent gTLD registries, have similar clauses in their contracts.
VeriSign takes over .gov
VeriSign has taken over registry functions at .gov, the top-level domain for the US government.
IANA records show that VeriSign Global Registry Services was named technical contact for .gov possibly as recently as this Monday.
The TLD is still administratively delegated to the US General Services Administration. Google’s cache of the IANA site shows the GSA was the technical contact for .gov as recently as October 29.
VeriSign certainly kept this contract win quiet.
At least, the first I heard about it was tonight, in an email VeriSign sent to the dns-ops mailing list, asking DNS administrators to reconfigure their DNSSEC set-up to reflect the change.
A KSK [Key Signing Key] roll for the .gov zone will occur at the end of January, 2011. This key change is necessitated by a registry operator transition: VeriSign has been selected by the U.S. General Services Administration (GSA) to operate the domain name registry for .gov.
The email expresses the urgency of making the changes, which are apparently needed in part because .gov was signed with DNSSEC before the root zone was signed, and some resolvers may be configured to use .gov as a “trust anchor” instead of the root.
The .gov TLD is reserved for the exclusive use of US federal and state government departments and agencies.
It’s certainly a prestige contract for VeriSign.
This appears to be the GSA page awarding the contract to VeriSign, in September, following an RFP. It’s valued at $3,325,000.
Go Daddy plans Premium DNS service
Go Daddy is to launch a Premium DNS service that will include managed DNSSEC security, the company revealed during sessions at the ICANN meeting in Cartagena last week.
Go Daddy customers can currently get a brief overview of the forthcoming service by logging into their domain manager and finding the Premium DNS “Coming Soon” link, or looking here.
During a session on DNSSEC in Colombia last week, Go Daddy’s James Bladel laid out more detail on the service in a presentation (PDF) which contains screenshots of the interface.
The company started supporting DNSSEC for free on certain TLDs in the summer – it currently supports .net, .biz, .eu, org and .us – but it requires users to manually generate and manage cryptographic keys.
That’s beyond the ken of most domain name owners, so the registrar is adding a premium “set it and forget it” service which will see Go Daddy manage the complexities of DNSSEC.
Bladel said of the service:
it’s as simple as having a DNSSEC on/off switch. So customers who have no particular interest in the behind- the-scenes technology of DNSSEC can simply flip that switch and then enjoy the benefits of a secured domain name.
The DNSSEC standard helps prevent domains being hijacked through cache poisoning attacks by signing each domain’s zone with a validatable cryptographic key. The technology will be available for .com domains early next year.
It’s by no means free or easy for registrars to implement, and there’s been little demand for the technology among registrants, so I’ve been wondering how registrars planned to monetize it.
Now we know how Go Daddy at least plans to do so – the Premium DNS service will have other benefits beyond DNSSEC, which could spur adoption through osmosis.
The service will also include DNS up-time guarantees of 99.999%, vanity name servers, log tracking, and several other perks.
The company has not officially announced the service to customers yet, so I expect we’ll find out more details in due course.
VeriSign launches free cloud domain security service
VeriSign is to offer registrars a hosted DNSSEC signing service that will be free for names in .com and the company’s other top-level domains.
The inventively named VeriSign DNSSEC Signing Service offloads the tasks associated with managing signed domains and is being offered for an “evaluation period” that runs until the end of 2011.
DNSSEC is an extension to DNS that allows domains to be cryptographically signed and validated. It was designed to prevent cache poisoning attacks such as the Kaminsky Bug.
It’s also quite complex, requiring ongoing secure key management and rollover, so I expect the VeriSign service, and competing services, will be quite popular among registrars reluctant to plough money into the technology.
While some gTLDs, including .org, and dozens of ccTLDs, are already DNSSEC-enabled, VeriSign doesn’t plan on bringing the technology online in .com and .net until early next year.
The ultimate industry plan is for all domain names to use DNSSEC before too many years.
One question I’ve never been entirely clear on was whether the added costs of implementing DNSSEC would translate into premium-priced services or price increases at the registrar checkout.
A VeriSign spokesperson told me:
The evaluation period is free for VeriSign-managed TLDs and other TLDs. After that period, the VeriSign-managed TLDs will remain free, but other TLDs will have $2 per zone annual fee.
In other words, registrars will not have to pay to sign their customers’ .com, .net, .tv etc domains, but they will have to pay if they choose to use the VeriSign service to sign domains in .biz, .info or any other TLD.
Domain universe breaks through 200 million
VeriSign is reporting that the number of registered domain names worldwide broke through the 200 million mark in the third quarter.
There were 202 million domains at the end of September, according to the company’s Domain Name Industry Brief, which was published today.
Over half of those domains, 103 million names in total, can be found in the .com and .net namespaces that VeriSign manages.
In a not-so-subtle plug for VeriSign’s 2011 growth strategy, the company also declared that the next ten years will be “The Decade of the International Internet”.
In the coming decade, the Internet will continue to become a ubiquitous, multi-cultural tool, fueled in part by the adoption of IDNs. By enabling online content and businesses to be represented in local scripts and languages, IDNs help the Internet to expand the power of technology to regions and cultures, and connect the world in new ways. Over the past year, several new IDNs for ccTLDs have been approved. The next step will be approval of IDNs for generic Top Level Domains (gTLDs).
The company, of course, plans to apply to ICANN to operate IDN versions of .com and .net, although it has not to date discussed openly which languages or strings it wants.
The VeriSign report also says that ccTLD registrations grew 2.4%, compared to the same quarter last year, to 79.2 million domains.
I expect this growth would have been tempered had it not been for the relaunch of .co, which occurred during the quarter, but it does not merit a mention in the report.
The report also reveals that .info has overtaken .cn in the biggest-TLD charts, although this is due primarily to the plummeting number of registrations in the Chinese ccTLD.
Recent Comments