Recent Posts
- Google Chrome handles new TLDs badly
- Brands are Pool.com’s surprise digital archery clients
- Domainmonster joins 123-reg stable
- Even when the domains are free, Irish small businesses prefer .com to .ie
- Nominet involved in seven gTLD applications
- ICANN names $25m gTLD objector
- .secure applicant claims NCC stole her idea
- Olympics wastes more money on ICANN nonsense
- How NCC plans to revolutionize domain name security with .secure gTLD
- Go Daddy applying for three new gTLDs
- ICANN not done with TAS bug analysis
- TAS to reopen May 22. Big Reveal on for Prague?
- Demand Media mum on $18m new gTLDs investment
- Amsterdam accepts pre-registrations for city gTLD
- ICANN affirms full refunds for pissed-off gTLD applicants, silent on new CEO
- How to make $10,000 from .xxx domains
- ICANN expects up to 2,305 new gTLD applications
- Is .xxx really that crappy?
- TAS bug hit over 100 new gTLD applicants
- Sex.com relaunches as Pinterest for porn
Domain security arrives in .com
VeriSign announced late yesterday that it has fully implemented DNSSEC in .com, meaning pretty much anyone with a .com domain name can now implement it too.
DNSSEC is a domain-crypto protocol mashup that allows web surfers, say, to trust that when they visit wellsfargo.com they really are looking at the bank’s web site.
It uses validatable cryptographic signatures to prevent cache poisoning attacks such as the Kaminsky Bug, the potential internet-killer that caused panic briefly back in 2008.
With .com now supporting the technology, DNSSEC is now available in over half of the world’s domains, due to the size of the .com zone. But registrants have to decide to use it.
I chatted to Matt Larson, VeriSign’s VP of DNS research, and Sean Leach, VP of technology, this afternoon, and they said that .com’s signing could be the tipping point for adoption.
“I feel based on talking to people that everybody has been waiting for .com,” Larson said. “It could open the floodgates.”
What we’re looking at now is a period of gradual adoption. I expect a handful of major companies will announce they’ve signed their .coms, probably in the second half of the year.
Just like a TLD launch, DNSSEC will probably need a few anchor tenants to raise the profile of the technology. Paypal, for example, said it plans to use the technology at an ICANN workshop in San Francisco last month, but that it will take about six months to test.
“Most people have their most valuable domains in the .com space,” said Leach. “We need some of the big guys to be first movers.”
There’s also the issue of ISPs. Not many support DNSSEC today. The industry has been talking up Comcast’s aggressive deployment vision for over a year now, but few others have announced plans.
And of course application developer support is needed. Judging from comments made by Mozilla representatives in San Francisco, browser makers, for example, are not exactly champing at the bit to natively support the technology.
You can, however, currently download plugins for Firefox that validate DNSSEC claims, such as this one.
According to Leach, many enterprises are currently demanding DNSSEC support when they buy new technology products. This could light a fire under reluctant developers.
But DNSSEC deployment will still be slow going, so registries are doing what they can to make it less of a cost/hassle for users.
Accredited registrars can currently use VeriSign’s cloud-based signing service for free on a trial basis, for example. The service is designed to remove the complexity of managing keys from the equation.
I’m told “several” registrars have signed up, but the only one I’m currently aware of is Go Daddy.
VeriSign and other registries are also offering managed DNSSEC as part of their managed DNS resolution enterprise offerings.
Neither of the VeriSign VPs was prepared to speculate about how many .com domains will be signed a year from now.
I have the option to turn on DNSSEC as part of a Go Daddy hosting package. I probably will, but only in the interests of research. As a domain consumer, I have to say the benefits haven’t really been sold to me yet.
VeriSign’s upcoming battle for the Chinese .com
Could VeriSign be about to face off against China for control of the Chinese version of .com? That’s an intriguing possibility that was raised during the .nxt conference last week.
Almost as an aside, auDA chief Chris Disspain mentioned during a session that he believes there are moves afoot in China to apply to ICANN for “company”, “network” and “organization” in Chinese characters. In other words, .com, .net and .org.
I’ve been unable to find an official announcement of any such Chinese application, but I’m reliably informed that Noises Have Been Made.
VeriSign has for several quarters been open about its plans to apply for IDN equivalents of its two flagship TLDs, and PIR’s new CEO Brian Cute recently told me he wants to do the same for .org.
While neither company has specified which scripts they’re looking at, Chinese is a no-brainer. As of this week, the nation is the world’s second-largest economy, and easily its most populous.
Since we’re already speculating, let’s speculate some more: who would win the Chinese .com under ICANN’s application rules, VeriSign or China?
If the two strings were close enough to wind up in a contention set, could VeriSign claim intellectual property rights, on the basis of its .com business? It seems like a stretch.
Could China leapfrog to the end of the process with a community application and a demand for a Community Priority Evaluation?
That also seems like a stretch. It’s not impossible – there’s arguably a “community” of companies registered with the Chinese government – but such a move would likely stink of gaming.
Is there a technical stability argument to be made? Is 公司. (which Google tells me means “company” in Chinese) confusingly similar to .com?
If these TLDs went to auction, one thing is certain: there are few potential applicants with deeper pockets than VeriSign, but China is one of them.
UPDATE: VeriSign’s Pat Kane was good enough to post a lengthy explanation of the company’s IDN strategy in the comments.
VeriSign scores big win in .com pricing lawsuit
VeriSign has successfully had an antitrust lawsuit, which claims the company has been raising .com domain name prices anti-competitively, dismissed by a California court.
While it’s encouraging news if you’re a VeriSign shareholder, the Coalition for ICANN Transparency, which filed the suit, will be allowed to amend and re-file its complaint.
The basis for the dismissal (pdf) goes to the central irony of CFIT – the fact that, despite its noble name, it’s not itself a particularly transparent organization.
CFIT was set up in 2005 in order to sue ICANN and VeriSign over their deal that gave VeriSign the right to raise the price of .com and .net domains, and to keep its registry contracts on favorable terms.
While it was cagey about who was backing the organization, those of us who attended the ICANN meeting in Vancouver that year knew from the off it was primarily a front for Momentous.ca, owner of Pool.com and other domainer services.
In dismissing the case last Friday, Judge Ronald Whyte decided that CFIT’s membership is vague enough to raise a question over its standing to sue on antitrust grounds. He wrote:
By failing to identify its purported members, CFIT has made it impossible to determine whether the members are participants in the alleged relevant markets, or whether they have suffered antitrust injury. Because the [Third Amended Complaint] identifies no members of CFIT, it must be dismissed.
While CFIT had disclosed some time ago Pool.com’s involvement, it recently tried to add uber-domainer Frank Schilling’s Name Administration Inc and iRegistry Corp to the list of its financial supporters.
But Whyte was not convinced that the two companies were CFIT “members” with standing to sue.
Whyte decided that CFIT’s complaint, “fatally fails to allege facts showing that iRegistry or Name Administration were financial supporters or members at the time the complaint was filed”.
He also denied CFIT’s demand for a jury trial.
CFIT wants VeriSign to return all the excess profits it has made on .com registrations since it started raising its prices above $6.
If CFIT were to win, it would severely curtail VeriSign’s ability to grow its registry business, and could lead to billions being wiped off its accounts.
The organization has been given leave to file a fourth amended complaint, so it’s not over yet.
Incumbents get the nod for new TLD apps
Domain name registries such as Neustar, VeriSign and Afilias will be able to become registrars under ICANN’s new top-level domains program, ICANN has confirmed.
In November, ICANN’s board voted to allow new TLD registries to also own registrars, so they will be able to sell domains in their TLD direct to registrants, changing a decade-long stance.
Late last week, in reply (pdf) to a request for clarification from Neustar policy veep Jeff Neuman, new gTLD program architect Kurt Pritz wrote:
if and when ICANN launches the new gTLD program, Neustar will be entitled to serve as both a registry and registrar for new gTLDs subject to any conditions that may be necessary and appropriate to address the particular circumstances of the existing .BIZ registry agreement, and subject to any limitations and restrictions set forth in the final Applicant Guidebook.
That doesn’t appear to say anything unexpected. ICANN had already made it pretty clear that the new vertical integration rules would be extended to incumbent gTLD registries in due course.
(However, you may like to note Pritz’s use of the words “if and when”, if you think that’s important.)
Neustar’s registry agreement currently forbids it not only from acting as a .biz registrar, but also from acquiring control of greater than 15% of any ICANN-accredited registrar (whether or not its sells .biz domains).
That part of the contract will presumably need to be changed before Neustar applies for official registrar accreditation or attempts to acquire a large stake in an existing registrar.
VeriSign and Afilias, the other two big incumbent gTLD registries, have similar clauses in their contracts.
VeriSign takes over .gov
VeriSign has taken over registry functions at .gov, the top-level domain for the US government.
IANA records show that VeriSign Global Registry Services was named technical contact for .gov possibly as recently as this Monday.
The TLD is still administratively delegated to the US General Services Administration. Google’s cache of the IANA site shows the GSA was the technical contact for .gov as recently as October 29.
VeriSign certainly kept this contract win quiet.
At least, the first I heard about it was tonight, in an email VeriSign sent to the dns-ops mailing list, asking DNS administrators to reconfigure their DNSSEC set-up to reflect the change.
A KSK [Key Signing Key] roll for the .gov zone will occur at the end of January, 2011. This key change is necessitated by a registry operator transition: VeriSign has been selected by the U.S. General Services Administration (GSA) to operate the domain name registry for .gov.
The email expresses the urgency of making the changes, which are apparently needed in part because .gov was signed with DNSSEC before the root zone was signed, and some resolvers may be configured to use .gov as a “trust anchor” instead of the root.
The .gov TLD is reserved for the exclusive use of US federal and state government departments and agencies.
It’s certainly a prestige contract for VeriSign.
This appears to be the GSA page awarding the contract to VeriSign, in September, following an RFP. It’s valued at $3,325,000.
