Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
Is the .home new gTLD doomed? ICANN poses study of security risks
ICANN has set up a study into whether certain applied-for new gTLD strings pose a security risk to the internet, admitting that some gTLDs may be rejected as a result.
Its board of directors on Saturday approved new research into the risk of new gTLD clashes with “internal name certificates”, saying that the results could kill off some gTLD applications.
In its rationale, the board stated:
it is possible that study might uncover risks that result in the requirement to place special safeguards for gTLDs that have conflicts. It is also possible that some new gTLDs may not be eligible for delegation.
Internal name certificates are the same digital certificates used in secure, web-based SSL transactions, but assigned to domain names in private, non-standard namespaces.
Many companies have long used non-existent TLDs such as .corp, .mail and .home on their private networks and quite often they obtain SSL certs from the usual certificate authorities in order to enable encryption between corporate resources and their internal users.
The problem is that browsers and other applications on laptops and other mobile devices can attempt to access these private namespaces from anywhere, not only from the local network.
If ICANN should set these TLD strings live in the authoritative DNS root, registrants of clashing domain names might be able to hijack traffic intended for secure resources and, for example, steal passwords.
That’s obviously a worry, but it’s one that did not occur to ICANN’s Security and Stability Advisory Committee until late last year, when it immediately sought out the help of the CA/Browser Forum.
It turned out the the CA/Browser forum, an alliance of certificate authorities and browser makers, was already on the case. It has put in new rules that state certificates issued to private TLDs that match new gTLDs will be revoked 120 days after ICANN signs a contract with the new gTLD registry.
But it’s still not entirely clear whether this will sufficiently mitigate risk. Not every CA is a member of the Forum, and some enterprises might find 120 day revocation windows challenging to work with.
Verisign recently highlight the internal certificate problem, along with many other potential risks, in an open letter to ICANN.
But both ICANN CEO Fadi Chehade and the chair of SSAC, Patrick Falstrom, have said that the potential security problems are already being addressed and not a reason to delay new gTLDs.
The latest board resolution appears to modify that position.
The board has now asked CEO Fadi Chehade and SSAC to “consider the potential security impacts of applied-for new-gTLD strings in relation to this usage.”
The Root Server Stability Advisory Committee and the CA/Browser Forum will also be tapped for data.
While the study will, one assumes, not be limited to any specific applied-for gTLD strings, it’s well known that some strings are more risky than others.
The root server operators already receive vast amounts of erroneous DNS traffic looking for .home and .corp, for example. If any gTLD applications are at risk, it’s those.
There are 10 remaining applications for .home and five for .corp.
Google domain hijacked in Kenya
Google’s Kenyan web site was reportedly inaccessible yesterday due to a hijacking of the company’s local domain name.
Google.co.ke briefly redirected users to a site bearing the slogan “hacked” on a black background, according to the Daily Nation. A change of DNS was blamed.
Google Kenya reportedly said:
Google services in Kenya were not hacked. For a short period, some users visiting www.google.co.ke and a few other website were re-directed to a different website. We are in contact with the organisation responsible for managing domain names in Kenya.
Google is of course a high-profile target; hackers often exploit weaknesses at third-party providers such as domain name registries in order to take down its satellite sites.
Its Irish site was taken down in October last year, after attackers broke in through a vulnerability in IEDR’s Joomla content management system.
Verisign’s security angst no reason to delay new gTLDs, says expert
Potential security vulnerabilities recently disclosed by Verisign and PayPal are well in hand and not a reason to delay the launch of new gTLDs, according to the chair of ICANN’s security committee.
Patrick Falstrom, chair of the Security and Stability Advisory Committee, said today that the risk of disastrous clashes between new gTLDs and corporate security certificates has been taken care of.
Talking to the GNSO Council at the ICANN public meeting in Beijing, he gave a definitive “no” when asked directly if the SSAC would advise ICANN to delay the delegation of new gTLDs for security reasons.
Falstrom had given a presentation on “internal name certificates”, one of the security risks raised by Verisign in a paper last week.
These are the same kinds of digital certificates given out by Certificate Authorities for use in SSL transactions on the web, but to companies for their own internal network use instead.
The SSAC, judging by Falstrom’s presentation, had a bit of an ‘oh-shit’ moment late last year when a member raised the possibility of new gTLDs clashing with the domain names on these certificates.
Consider the scenario:
A company has a private namespace on its LAN called .corp, for example, where it stores all of its sensitive corporate data. It uses a digital certificate, issued by a reputable CA, to encrypt this data in transit.
But today we have more than a few applicants for .corp that would use it as a gTLD accessible to the whole internet.
Should .corp get delegated by ICANN — which of course is by no means assured — then there could be the risk of CAs issuing certificates for public domains that clash with private domains.
That might enable, for example, a hacker on a Starbucks wifi network to present his evil laptop as a secured, green-padlocked, corporate server to an unlucky road warrior sitting in the same cafe.
According to Falstrom, at least 157 CAs have issued certificates that clash with applied-for new gTLDs. The actual number is probably much higher.
This risk was outlined in Verisign’s controversial security report to ICANN, which recommended delay to the new gTLD program until security problems were resolved, two weeks ago.
But Falstrom told the GNSO Council today that recent secretive work by the SSAC, along with ICANN security staff and the CA/Browser Forum, a certificate industry authority, has mitigated this risk to the point that delay is not needed.
Falstrom said that after the SSAC realized that there was a potential vulnerability, it got it touch with the CA/Browser Forum to share its concerns. But as it turned out, the Forum was already on the case.
The Forum decided in February, a couple of weeks after an SSAC briefing, that member CAs should stop issuing internal name certificates that clash with new gTLDs within 30 days of ICANN signing a registry contract for that gTLD.
It has also decided to revoke any already-issued internal domain certificate that clashes with a new gTLD within 120 days of contract signing.
This means that the vulnerability window will be much shorter, should the vulnerability start getting exploited in wild.
But only if all CAs conform to the CA/Browser Forum’s guidelines.
Much of this is detailed in a report issued by SSAC last month (pdf). The CA/Browser Forum’s guidance is here (pdf). Falstrom’s PowerPoint is available here (pdf)
Google starts supporting DNSSEC
Google has started fully supporting DNSSEC, the domain name security standard, on its Public DNS service.
According to a blog post from the company, while the free-to-use DNS resolution service has always passed on DNSSEC requests, now its resolvers will also validate DNSSEC signatures.
What does this mean?
Well, users of Public DNS will get protected from DNS cache poisoning attacks, but only for the small number of domains (such as domainincite.com) that are DNSSEC-signed.
It also means that if a company borks its DNSSEC implementation or key rollover, it’s likely to cause problems for Public DNS users. Comcast, an even earlier adopter, sees such problems pretty regularly.
But the big-picture story is that a whole bunch of new validating resolvers have been added to the internet, providing a boost to DNSSEC’s protracted global roll-out.
Google said:
Currently Google Public DNS is serving more than 130 billion DNS queries on average (peaking at 150 billion) from more than 70 million unique IP addresses each day. However, only 7% of queries from the client side are DNSSEC-enabled (about 3% requesting validation and 4% requesting DNSSEC data but no validation) and about 1% of DNS responses from the name server side are signed. Overall, DNSSEC is still at an early stage and we hope that our support will help expedite its deployment.
One has to wonder whether Google’s participation in the ICANN new gTLD program — with its mandatory DNSSEC at the registry level — encouraged the company to adopt the technology.
Apple, Google and Microsoft still don’t understand new TLDs
The world’s most-popular web browsers are still failing to recognize new top-level domains, many months after they go live on the internet.
The version of the Safari browser that ships with the Mountain Lion iteration of Apple’s OS X appears to have even gone backwards, removing support for at least one TLD.
The most recent versions of Google’s Chrome and Microsoft’s Internet Explorer also both fail to recognize at least two of the internet’s most recently added TLDs.
According to informal tests on multiple computers this week, Safari 6 on Mountain Lion and the Windows 7 versions of Internet Explorer 9 and Chrome v24 all don’t understand .post and .cw addresses.
Remarkably, it appears that Safari 6 also no longer supports .sx domains, despite the fact that version 5 does.
Typing affected domain names into the address bars of these browsers will result in surfers being taken to a search page (usually Google) instead of their intended destination.
If you want to test your own browser, registry.sx, una.cw and ems.post are all valid, resolving domain names you can try.
The gTLD .post was entered into the DNS root last August and the first second-level domain names went live in October.
The ccTLDs .sx and .cw are for Sint Maarten (Dutch part) and Curacao respectively, two of three countries formed by the breakup of the Netherlands Antilles in 2010.
ICANN approved the delegation of .cw in October 2011 and second-level domains there have been live since at least July 2012 (that’s when the registry’s site, una.cw, went live).
SX Registry’s .sx was delegated in December 2011 and sites there have been live since early 2012. It went into general availability in November.
Safari v5 on Windows and OS X recognizes .sx as a TLD, but v6 on Mountain Lion does not.
The problems faced by .post and .cw on Chrome appear to be mostly due to the fact that neither TLD is included on the Public Suffix List, which Google uses to figure out what a TLD looks like.
A few days after we reported last May that .sx didn’t work on Chrome, SX Registry submitted its details to the PSL, which appears to have solved its problems with that browser.
It’s not at all clear to me why .sx is borked on newer versions of Safari but not the older ones.
If the problem sounds trivial, believe me: it’s not.
The blurring of the lines between search and direct navigation is one of the biggest threats to the long-term relevance of domain names, so it’s vital to the industry’s interests that the problem of universal acceptance is sorted out sooner rather than later.
Is .home back on ICANN’s new gTLD risk list?
While most new gTLD applicants were focused on delays to the program revealed during last Friday’s ICANN webinar, another bit of news may also be a cause for concern for .home applicants.
As Rubens Kuhl of Nic.br spotted, ICANN revealed that 11 applications have not yet passed their DNS Stability check.
That’s a reversal from November, when ICANN said that all new gTLD applications had passed the stability review.
As I noted at the time, that was good news for .home, which some say may cause security problems if it is delegated.
As Kuhl observed, there are exactly 11 applications for .home, the same as the number of applications that now appear to have un-passed the DNS Stability check.
So is ICANN taking a closer look at .home, or is it just a numerical coincidence?
The string is considered risky by many because .home already receives a substantial amount of DNS traffic at the root servers, which will be inherited by whichever company wins the contention set.
It’s on a list of frequently requested invalid TLDs produced by ICANN’s Security and Stability Advisory Committee which was incorporated by reference in the new gTLD Applicant Guidebook.
Some major ISPs, notably BT in the UK, use .home as a pseudo-TLD in their residential routers.
Who really uses IDNs? [Guest Post]
Are Internationalised Domain Names really useful, or just a way for an ASCII-focused internet governance community to feel better about itself?
Beyond all the hoopla about ICANN’s 2009 program to enable countries to operate their own non-Latin script internet suffixes (aka the “IDN ccTLD Fast Track”), what should really matter is the Internet user.
Yes, those sitting in ICANN meeting rooms at the time, listening to the hyperbole about how the internet was now going truly global probably felt like they were feeding the hungry and bringing peace to the world. But do people actually use IDNs?
I will admit that at the time, I was dubious. Of course, saying so in ICANN circles would have been akin to wearing a “Camembert is bad” t-shirt in the streets of Paris: poor form! But still, I couldn’t help ask myself if having a single one-language system unite the world was actually such a bad thing?
“How would you like it if the Internet had been invented in China and you had to use their alphabet,” was the usual rebuke I got if I ever dared to doubt out loud. And there really is no arguing with that. If the internet was Chinese, I’d want the Mandarin version of ICANN to roll out IDNs pretty sharpish.
Nonetheless, can the usefulness of IDNs still be questioned?
Facebook in Latin
Talking to a local internet expert whilst attending last week’s excellent Domain Forum in Sofia, Bulgaria, the answer would seem to be a surprising yes.
“Why would kids in this country use IDNs,” I was told when I suggested that, surely, Bulgaria must be excited about the prospect of natural language web addresses. “What worries the authorities here is the fact that kids are using Latin scripts so much on social media sites that they don’t even know how to write in Cyrillic anymore! So even if they could use IDN web and email addresses, why would they? They want to communicate like everyone else does on Facebook.”
In truth, Bulgaria’s view may be skewed by the horrible experience it’s had with ICANN’s IDN Fast Track. The country was refused its own IDN country code due to a perceived similarity with another TLD that no-one in Bulgaria really feels is warranted. But not all potential IDN users feel they are useless. Neighbors in Russia tell of a different IDN experience.
The Russian registry saw stunning initial take-up when it opened the IDN .РФ (.RF for Russian Federation) to general consumption on November 11, 2010. Registration volumes were explosive, with almost 600,000 names registered in the first month. Strong growth continued for a year, hitting a peak of 937,913 registered names in December 2011.
No profit
But the following month, that number fell off a cliff. Total registrations dropped to 844,153 in January 2012. “Initial registrations were driven in part by speculators,” explains ccTLD .RU’s Leonid Todorov. “But when people saw they couldn’t make huge profits on the domains, they started letting them go.”
Even so, .РФ remains a real success. Although November 2012 figures show a year on year decline of 8.63%, the TLD still sports a whopping 845,037 names.
At 66%, .РФ has a slightly lower renewal rate than ASCII Russian equivalent .ru (73%), probably because of those day-one speculators, but it remains widely used. Current delegation figures (i.e. the number of domain names that are actually used for email or websites) stand at a commendable 70% and have not stopped rising since .РФ opened in 2010 with a 45% delegation rate.
The Cyrillic Russian domain sees a vast predominance of personal use, with 77% percent of domains being registered by individuals. “Russians care deeply about their national identity,” says my Bulgarian friend when I suggest that IDNs do seem to matter in some Cyrillic-using countries. “To them, Dot RF is a matter of national pride.”
National pride
So IDNs may not really be all that different from ASCII domain names, with take-up depending on perceived use or value. Europe’s IDN experience seems to confirm this, as European registry EURid’s Giovanni Seppia explained in Sofia.
He revealed that since EURid introduced IDNs on December 11, 2009, registrations reached a peak of around 70,000 (a mere fraction of the 3.7 million names currently registered in the .eu space) before dropping off quite sharply.
Why? Well .eu IDNs may not hold much potential for real use or investment value for Europeans. Although web use is possible with IDNs, software primarily designed for an ASCII-only world does not always make it easy.
Email capability would be a real boost, but so far only the Chinese seem to have enabled it for their local script domains. The Chinese registry recently announced this, without giving details on how the use of all-Chinese character email addresses has been implemented or which email clients support IDNs.
Whatever the technology, countries which combine national pride and a character set far removed from our own probably see more desire for IDNs. With two years of hindsight, Russia obviously loves its IDN. And as other countries like China bring more elaborate IDN capabilities online, demand should grow and force even this IDN skeptic to recognize the new character(s) of the internet.
This is a guest post written by Stéphane Van Gelder, strategy director for NetNames. He has served as chair of the GNSO Council and is currently a member of ICANN’s Nominating Committee.
ICANN, Verisign and NTIA “ready for 100 new gTLDs per week”
The three main entities responsible for managing the domain name system’s root zone have confirmed that they’re ready to add 100 or more new gTLDs to the internet every week.
In a statement, (pdf), ICANN, Verisign and the US National Telecommunications & Information Administration jointly said:
Based on current staffing levels and enhancements that are currently underway to the [Root Zone Management] system, the Root Zone Partners are able to process at least 100 new TLDs per week and will commit the necessary resources to meet all root zone management volume increases associated with the new gTLD program.
The letter was sent in response to a request from ICANN’s Security and Stability Advisory Committee, which asked in July whether ICANN, Verisign and the NTIA were ready for the new gTLD load.
The three-party Root Zone Management procedure used to add TLDs or update existing ones is getting more automation, which is expected to streamline the process.
Trademark Clearinghouse “breakthrough” at private Brussels meeting
ICANN’s various stakeholder groups reached a “breakthrough” agreement on the Trademark Clearinghouse for new gTLDs, according to attendees at a closed-doors meeting last week.
The meeting in Brussels evidently saw attendance from members of the Business Constituency and Intellectual Property Constituency, in addition to the registries and registrars that have been involved in the development of the TMCH implementation model to date.
It was a discussion of nitty-gritty implementation details, according to attendees, rather than reopening the policy discussion on matters such as the mandatory Trademark Claims service period.
Crucially, ICANN appears to have dropped its strong objection to a community-developed proposal that would put the TMCH in the “critical path” for domain registrations.
The community proposal requires a centralized Clearinghouse serving Trademark Claims notices live rather than in a batch fashion, meaning up-time would be paramount.
Senior ICANN executives including chief strategy officer Kurt Pritz were adamant that this model would create an unacceptable single point of failure for the new gTLD program.
But CEO Fadi Chehade, who in Toronto last month appeared to disagree with Pritz, does not appear to have shared these concerns to the same deal-breaking extent.
In a blog post reviewing the meeting’s conclusions last night, Chehade wrote that the community has settled on a “hybrid” solution:
Participants reviewed the features of possible centralized and decentralized systems, and agreed to support a “hybrid” system for Trademark Claims. In this system, a file of domain name labels derived from the trademarks recorded in the Clearinghouse (and hence subject to a Claims Notice) would be distributed to all registries and updated on a regular basis, and a live query system would be used to retrieve the detailed data from the Clearinghouse when necessary to display the Claims Notice to a prospective registrant.
This description appears to closely match the community proposal (pdf) developed by the registries.
ARI Registry Services CTO Chris Wright, one of the key architects of the community TMCH proposal, made no mention of a “hybrid” solution in his update following the Brussels meeting.
According to Wright, “ICANN has tentatively agreed to proceed with the community-developed Trademark Clearinghouse”.
The meeting also concluded that there’s no way to provide blanket privacy protection for trademark data under Trademark Claims, something that has been worrying trademark holders for a while.
At a session in Toronto last month registries observed that the whole point of Trademark Claims is to provide information about trademarks to potential registrants.
That means it can be mined in bulk, and there’s not a heck of a lot registries can do to prevent that even with technical solutions such as throttling access.
Chehade blogged:
There was discussion on implementing an appropriate framework for access and use of the data. The group considered whether measures were necessary specifically to address potential mining of the Clearinghouse database for purposes other than to support the rights protection mechanisms. Given that the Trademark Clearinghouse is designed to provide trademark data for particular purposes, there was agreement that most controls would be ineffective in attempting to control data elements once provided to other parties.
So, how much community support do the Brussels agreements have?
The meeting was not webcast and there does not appear to be a recording or transcript, so it’s difficult to know for sure who was there, what was discussed or what conclusions were reached.
Concerns were expressed by members of the Non-Commercial Stakeholders Group, as well as the Internet Commerce Association, about the fact that ICANN did not widely publicize the meeting, which was first reported in an ICA blog post last week.
The ICA’s Phil Corwin also questioned whether key members of the IPC and BC — based on the US Eastern seaboard — would be able to attend due to Hurricane Sandy’s impact on air travel.
While there seems to be a feeling that solid progress on the Clearinghouse is definitely a positive development for the new gTLD program, the fact that the consensus was apparently reached behind closed doors does not appear to be in lockstep with Chehade’s commitment to increase transparency at ICANN.
ICANN looking for new gTLD testing provider on very tight deadline
ICANN is seeking one or more pre-delegation testing providers for its new gTLD program on a very ambitious timetable.
An RFP issued yesterday calls for a company that can scratch-build a testing suite to put new gTLD applicants through the ringer before they go live, and have it up and running by March 25, 2013.
Pre-delegation testing is the last stage of the new gTLD program’s approval process.
Some new gTLD applicants have recently called on ICANN to begin testing as soon as possible — before even Initial Evaluation has finished — in order to speed up time to market.
The Applicant Guidebook suggests that ICANN itself would be doing the testing, and some applicants had made that assumption, but that’s clearly not the case.
The RFP spells out exactly what is required of the testing providers.
First, they’re expected to build bespoke software to run the tests.
In addition to load-testing and verifying the registry’s compliance with standards such as EPP, DNSSEC and Whois, it also needs a custom-made user interface for applicants and back-end integration with ICANN’s wobbly TLD Application System.
ICANN also wants to be able to open-source the software, which seems to rule out any off-the-shelf testing suites.
RFP respondents also need to be able test 20 applicants’ back-ends per week — potentially scaling up to 100 per week — as soon as ICANN starts signing registry agreements next year.
ICANN does not expect to announce the winning provider(s) until December 5. The deadline for responses is November 20.
In short, it looks like a challenging project on a very tight deadline.
I wonder how much institutional knowledge there is out there of, say, DNSSEC, in companies that are not also involved in new gTLD applications as either applicant or back-end.
The pool of possible RFP respondents is likely very small indeed.
The ability to run tests on the testing suite itself may also be limited by the timetable and the possible shortage of guinea-pig registry back-ends.
Why ICANN has waited until this very late date to issue the RFP is a real head-scratcher.
ICANN is offering a 24-month contract with a possible 12-month extension. The RFP can be downloaded here.
Recent Comments