Latest news of the domain name industry

Recent Posts

ICANN takes the lamest swipe at Namecheap et al over blockchain domains

Kevin Murphy, November 24, 2021, 15:58:58 (UTC), Domain Tech

ICANN has come out swinging against blockchain domains and the registrars that sell them. And by “come out” I mean it’s published a blog post. And by “swinging” I mean “offered the weakest criticism imaginable”.

The post starts off well enough, observing that services marketed as “domain names” that are not automatically compatible with the global DNS are probably not a great purchase, because they don’t work like regular domains.

Using these alternatives requires something like a browser plug-in or to reconfigure your device to use a specialist DNS resolver network, the post notes, before concluding with a brief caveat emptor message.

All good stuff. ICANN has been opposed to alt-root domain efforts for at least 20 years, and the policy is even enshrined in so-called ICP-3, which nobody really talks about any more but appears to still be the law of ICANN Land.

So, which domain-alternatives is ICANN referring to here, and which registrars are selling them? The post states:

Name resolution systems outside the DNS have existed for a long time. One could mention the Sun Microsystem Network Information Service (NIS), the Digital Object Architecture (DOA), or even the Ethereum Name Service (ENS)…

With some ICANN-accredited registrars now selling NIS, DOA, or other similar domains alongside standard domain names, the potential for confusion among unsuspecting customers seems high.

You may be asking: what the heck (or, if you’re like me, fuck) are NIS and DOA domains, and which registrars are selling them?

Great questions.

NIS is an authentication protocol (a bit like LDAP) for Unix networks developed in 1985 (the same year the original DNS standard was finalized) by Sun Microsystems, a company that hasn’t existed in over a decade.

To the best of my knowledge they’ve never been marketed as an alternative to regular domain names. Nobody’s ever used them to address a publicly available web site. Nobody sells them.

DOA, also known as the Handle System, is a more recent idea, first implemented in 1994, before some of you were born. Handles are mostly numeric strings used to address digital objects such as documents. Libraries use them.

The main thing to know about Handles for the purposes of this article is that they’re specifically designed to convey no semantic information whatsoever. They’re not designed to look like domain names and they’re not used that way.

So how many registrars are selling NIS/DOA domains? I haven’t checked them all, but I’m going to go out on a pretty sturdy limb and guess the answer is “none”, which is a lot less than the “some” that ICANN asserts.

But ICANN also mentions the Ethereum Name Service, a much newer and sexier way of cybersquatting, based on the Ethereum cryptocurrency blockchain.

ENS allows people to buy .eth domain names (which do not function in the consensus DNS) for the Ethereum equivalent of about $5. As far as I can tell, you can only buy them through ens.domains, and no ICANN-accredited registrar is functionally capable of selling them.

The ICANN post also contains a brief mention of “Handshake”, and this appears to be what ICANN is actually worried about.

Handshake domains, also known as HNS, look like regular domain names and a handful of ICANN-accredited registrars are actually selling them.

Handshake is also based on blockchain technology, but unlike ENS it also allows people to create their own TLDs (which, again, do not function without special adaptations). Registrars including Namecheap, 101domain and EnCirca sell them.

It’s Namecheap’s storefront hover text, warning that HNS domains don’t work in the regular DNS, that ICANN appears to be paraphrasing in its blog post.

The registrar has a lengthy support article explaining some of the ways you can try to make a Handshake domain work, including an interactive comment thread in which a Namecheap employee suggests that DNS resolvers may choose to resolve HNS TLDs instead of conflicting TLDs that ICANN approves in future.

That’s the kind of thing that should worry ICANN, but it’s got a funny way of expressing that concern. Sun Microsystems? Digital Object Architecture? What’s the message here?

Twenty years ago, I interviewed an ICANN bigwig about New.net, one of the companies attempting to sell alt-root domains at the time. He told me bluntly the company was “breaking the internet” and “selling snake oil”, earning ICANN a snotty lawyer’s letter.

Today’s ICANN post was ostensibly authored by principal technologist Alain Durand, but I’m going to give him the benefit of the doubt and assume comms and legal took their knives to it before it was published.

While some things haven’t changed in the last two decades, others have.

Tagged: , , , , , , , , , ,

Comments (19)

  1. Hahaha yes!

    I was wondering when I’d see a mention of Handshake here.

    Unlike DNS of today, Handshake aims to remove Certificate Authorities from the equation and use a mixture of blockchain, DANE, and DNSSEC instead.

    The easiest (and best, IMHO) way to resolve Handshake names on desktop is via Fingertip, a toolbar application by a company called Impervious.

    ICANN has every right to be concerned. They don’t innovate and they consistently push back planned dates for pretty much everything they publicly announce.

    Would you rather pay $100k just to have a *conversation* about getting your own TLD or bid on one via a Vickrey auction and possibly getting your desired TLD for free? While also helping the Internet be more secure? The choice is easy.

    Where ICANN is “winning” right now is…Handshake is still in its early days and infrastructure is being built as we speak. The next round of gTLDs isn’t slated for another 3-4 years and like clockwork, that’ll get pushed back. Handshake will be unstoppable by then.

    • Kevin Murphy says:

      Giving out TLDs for free to anyone who wants one makes the internet more secure? Even charging $185k a pop wasn’t enough to keep out the scumbags at the top level.

      • The way Vickrey auctions work, you pay the second highest price. So, if you’re the only one who bids on a TLD and the auction ends, you pay the second highest price, which would be 0. There’s also the functionality of adding a blind to your bid which effectively disguises your true bid. The purpose of doing this would be to dissuade others from bidding. Lots of gamification mechanics to make things interesting.

        In regards to making DNS more secure, Handshake relies on specifications like DANE/DNSSEC for the trust anchor, rather than CAs. Organizations are not immune to greed, spoofing, and other things that can compromise infrastructure (see ICANN’s proposed sale of .org, CAs getting hacked, &c). The Internet started out decentralized, Handshake is a way to bring it back while also providing incentives for doing so.

        All existing TLDs in the ICANN namespace are reserved on Handshake so there’s no conflict there. Honestly, ICANN would still be winning if they embraced Handshake, what with all the HNS they’d accumulate by claiming them with DNS proofs.

        • Rubens Kuhl says:

          In the immortal words of Admiral Ackbar, it’s a trap. ICANN or any TLD taking the Handshake offer are just being used to bring relevance and recognition to something that doesn’t have that.

        • Ramos R says:

          “All existing TLDs in the ICANN namespace are reserved on Handshake so there’s no conflict there. Honestly, ICANN would still be winning if they embraced Handshake, what with all the HNS they’d accumulate by claiming them with DNS proofs.”

          This is an outright lie @PaulAnthonyWebb

          I just Googled “Handshake Conflict Issue” and this thread came up: https://github.com/handshake-org/hs-names/issues/6

          So why does Namebase appear to be auctioning out a bunch of existing TLDs? I just found “music” string being auctioned for about 1.5 million HNS coins: https://www.namebase.io/domains/music

          Are you getting a kickback on these auctions? Seems nothing was done to resolve these issues. From what was discussed on the conflicts thread, it does appear that Handshake insiders knew of these conflict issues and did nothing to solve them. How many TLDs have these issues? Why is that? Decentralisation = mass cybersquatting.

          So let me get the official word from you here. Are you being honest when saying that all existing TLDs in the ICANN namespace are reserved on Handshake for existing registries so there’s no conflict there? Are these Namebase auctions for existing TLDs fake? What is the business relationship between Namebase and Handshake?

          • I wish I got notified when you responded to me. Good thing I frequent this site now and noticed my name in the sidebar. Let’s address your impassioned comments!

            > I just Googled “Handshake Conflict Issue” and this thread came up

            Did you *read* the thread? Seems like you found a link and was satisfied with it existing to post here as a “gotcha” for me. My initial comment SHOULD have stated that *nearly* all ICANN TLDs are reserved. The edge cases are for TLDs that were in some limbo state with ICANN.

            > So why does Namebase appear to be auctioning out a bunch of existing TLDs?

            > What is the business relationship between Namebase and Handshake?

            Namebase is simply a product built upon Handshake. They did not create Handshake, same as ENS did not create Ethereum. A for-profit company built to facilitate a service for non-technical people to onboard onto an ecosystem.

            > Are you getting a kickback on these auctions?

            LOL what

            > it does appear that Handshake insiders knew of these conflict issues and did nothing to solve them

            It’s not an easy issue to fix. As you can see in that MASSIVE thread, people have written essays in their responses. No one in that thread is greedy or hucksters like the tone of your comments seem to imply.

            > Decentralisation = mass cybersquatting

            Pretty sure cybersquatting existed long before decentralization, look at domains today. Your over-simplification insults the work of many actually working to improve the current state of the Internet.

            > So let me get the official word from you here

            The great thing about Handshake being a trustless system is that you don’t have to take my “official” word for it, you can check for yourself.

            Handshake is still pretty new and while your anger(?) towards its existence is misplaced, your disappointment is understandable. It didn’t launch with perfect execution but its ideals and focus are sound.

            Feel free to ping me @NetOpWibby if you want a quicker response.

    • Kevin Murphy says:

      Oh, and thanks for reminding me about the former existence of “webrings”. As if I didn’t feel old enough already!

    • Tony R says:

      Handshake is a scam. If it was legit then all the TLD name collisions with existing TLDs would have been addressed and not auctioned out to anonymous Handshake insiders. No such thing as decentralisation. Follow the money. ICANN has a point here. Buyer beware.

      @PaulAnthonyWebb If this Handshake scam was so legit then why were existing TLDs being auctioned out to anonymous cybersquatters? You may talk the talk but you don’t walk the walk. Clean up your house first before complaining about ICANN.

      • > Handshake is a scam

        > anonymous Handshake insiders

        Big words from an anonymous poster. There are no “insiders.” People knowing about something before you doesn’t imply ill intent or something insidious in nature.

        > No such thing as decentralisation

        Not with that attitude.

        > Follow the money

        Sure, have a look at all the sponsors/investors who bootstrapped the original team: https://handshake.org/grant-sponsors/

        I’ll quote relevant portions so you don’t have to do research:

        > The Handshake project has received 10.2 Million US Dollars from Project Sponsors. The net proceeds have been distributed to Free and Open Source Software communities (projects, non-profits, hackerspaces).

        > The traditional model of for-profit companies releasing open source code and hiring open source developers has historically been the primary method of community funding. The Handshake model is an experiment in a self-sustaining alternative source of no-obligation FOSS community support.

        So yeah, follow the money. A group of people raised $10 million from investors like a16z and gave it away to open-source developers. Some of those developers are now building, PR reviewing, or otherwise investing their time and effort into developing the atop Handshake protocol.

        Funny thing, incentivize people to work on something that could benefit the greater good and they’ll go, “Hmm, sure.” How nefarious!

        > If this Handshake scam was so legit then why were existing TLDs being auctioned out to anonymous cybersquatters?

        I’m just gonna copy part of my response to “Ramos R” (scroll up to see full context):

        My initial comment SHOULD have stated that *nearly* all ICANN TLDs are reserved. The edge cases are for TLDs that were in some limbo state with ICANN.

        It’s not an easy issue to fix. As you can see in that MASSIVE thread, people have written essays in their responses. No one in that thread is greedy or hucksters like the tone of your comments seem to imply.

        > You may talk the talk but you don’t walk the walk.

        I guarantee you wouldn’t say that to my face but on the Internet, everyone’s a tough guy, right? I’m building a registry and registrar atop Handshake and once they’re out and stable, I’m released open-source versions for anyone to essentially become their own ICANN/Verisign. Basically, I’m walking so one day you can fly. You’re welcome in advance.

        > Clean up your house first before complaining about ICANN.

        This very blog complains about ICANN, not sure what you’re moaning about. Lemme match your analogy with this: my house is smaller but with sturdier foundations. In fact, my house is still being built. Our architects are taking their time to discover optimal solutions. Not as long as YOUR house mind you, when’s the next gTLD launch? Half a decade from now? Just in time to try and sell .ORG to another for-profit? Your porch is dirty, maybe a power-washer can buff it out.

        Feel free to ping me @NetOpWibby if you want a quicker response, I didn’t know you responded until I saw the sidebar.

  2. Rubens Kuhl says:

    DOA is being sponsored by ITU in an attempt to get relevant in the world of the Internet. “Comparison and Analysis of DNS and DOA for Internet of Things Naming System” and other texts might give a hint on why it was mentioned.

  3. The Finger says:

    Handshake’s really been growing fast. I actually think this one is going to work.

    Exciting times.

  4. Rob Golding says:

    Whilst there was the potential initially for HNS it degenerated into a scammer/squatter heavy system pretty quick, and is stacked so heavily in the abusers favour now.

    • Tony R says:

      Exactement. Handshake insiders auctioning out .amazon, .kids, .spa, .music, .web and other new gTLDs clearly shows where this is heading. Unstoppable cybersquatting and mass phishing due to user confusion over name collisions.

  5. For the “problem” of alternate NS: The underlying technology doesn’t matter these days. It is all about applicability for users. And when it is applicable – it can be sold.

    And what I can see is that each alternate-root model we have seen in the last two decades adds a little portion of applicability – from an anduser perspective.

    IMHO the Handshake folk has etablished a setup which is (afaik) new from the point of the question: How can they reach end user aka. customers. The handshake folk does this job well so far.

    IMHO(2): Name Collision (well I never meet a person who has been confused in that way ICANN fears about..), in the big picture, it is an academic problem and if not it would be an show stopper for all the alternate root models. So I can imagine that each alternate ns model WILL have mechanisms for eliminating confusion. Of course they MUST because it won’t work without registrars which are THE key for a successfull business model.

    So, ironically, the decision of how the dns will look in the future is not ICANNs business – its all about one or two really big registrars and mozilla.

    So, ICANN (and it’s folk) wake up and face it: You have to deal with other players (not sure whether it would be handshake or not..) in a constructive way to “secure” the net.

    So, kick out all your overpaied whining lawyers and get ready to rumble with the future 😀

    • Exactly.

      Fear-mongering only riles up people and make them angrily respond to people like me LOL.

      The fact of the matter is, people will gravitate to the namespace that is more appealing to them. Handshake is too new to have any sway in the matter at the moment but there will be a time when people will be able to decide which one to pick when visiting a domain with a conflicting TLD.

      The naysayers look at a handful of conflicts (literally less than 10) and tear their hair out. Alternate namespaces will force ICANN to stop moving at such a glacial pace and actually be stewards of the Web again. Currently, they’re perceived as lazy oafs, fat from profit. Only thing consistent with them is no progress. That’s not bad but it’s also not good. Just…is.

      Is that what we want from the Web going into 2022?

Add Your Comment