Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
This is how AppDetex works
A small brand-protection registrar with a big friend caused quite a stir at ICANN 63 here in Barcelona this week, after accusing registrars for the second time of shirking their duties to disclose private Whois data to trademark owners.
AppDetex, which has close ties to Facebook, has sent something like 9,000 Whois requests to registrars over the last several months, then complained to ICANN last week that it only got a 3% response rate.
Registrars cried foul, saying that the company’s requests are too vague to action and sometimes seem farcical, suggesting an indiscriminate, automated system almost designed to be overly burdensome to them.
In chats with DI this week, AppDetex CEO Faisal Shah, general counsel Ben Milam and consultant Susan Kawaguchi claimed that the system is nowhere near as spammy as registrars think, then showed me a demo of their Whois Requester product that certainly seemed to support that claim.
First off, Whois Requester appears to be only partially automated.
Tucows had noted in a letter to ICANN that it had received requests related to domains including lincolnstainedglass.com and grifflnstafford.com, which contain strings that look a bit like the “Insta” trademark but are clearly not cybersquatting.
“That no human reviewed these domains was obvious, as the above examples are not isolated,” Tucows CEO Elliot Noss wrote.
“It is abundantly clear to us that the requests we received were generated by an automated system,” Blacknight CEO Michele Neylon, who said he had received similarly odd requests, wrote in his own letter.
But, according to AppDetex, these assumptions are not correct.
Only part of its service is automated, they said. Humans — either customers or AppDetex in-house “brand analysts” — were involved in sending out all the Whois requests generated via its system.
AppDetex itself does not generate the lists of domains of concern for its clients, they said. That’s done separately, using unrelated tools, by the clients themselves.
It’s possible these could be generated from zone files, watch services, abuse reports or something else. The usage of the domain, not just its similarity to the trademark in question, would also play a role.
Facebook, for example, could generate its own list of domains that contain strings matching, partially matching, or homographically similar to its trademarks, then manually input those domains into the AppDetex tool.
The product features the ability to upload lists of domains in bulk in a CSV file, but Kawaguchi told me this feature has never been used.
Once a domain has been input to main Whois Requester web form, a port 43 Whois lookup is automatically carried out in the background and the form is populated with data such as registrar name, Whois server, IANA number and abuse email address.
At this point, human intervention appears to be required to visually confirm whether the Whois result has been redacted or not. This might require also going to the registrar’s web-based Whois, as some registrars return different results over port 43 compared to their web sites.
If a redacted record is returned, users can then select the trademark at issue from a drop-down (Whois Requestor stores its’ customers trademark information) and select a “purpose” from a different drop-down.
The “purposes” could include things like “trademark investigation” or “phishing investigation”. Each generates a different piece of pre-written text to be used in the template Whois request.
Users can then choose to generate, manually approve, and send off the Whois request to the relevant registrar abuse address. The request may have a “form of authorization” attached — a legal statement that AppDetex is authorized to ask for the data on behalf of its client.
Replies from registrars are sent to an AppDetex email address and fed into a workflow tool that looks a bit like an email inbox.
As the demo I saw was on the live Whois Requester site with a dummy account, I did not get a view into what happens after the initial request has been sent.
Registrars have complained that AppDetex does not reply to their responses to these initial requests, which is a key reason they believe them frivolous.
Shah and Milam told me that over the last several months, if a registrar reply has included a request for additional information, the Whois Requester system has been updated with a new template for that registrar, and the request resent.
This, they said, may account for duplicate requests registrars have been experiencing, though two registrars I put this to dispute whether it fits with what they’ve been seeing.
The fact that human review is required before requests are sent out “just makes it worse”, they also said.
Amazon offered $5 million of free Kindles for .amazon gTLD
Amazon offered South American governments $5 million worth of free Kindles, content and cloud services in exchange for their endorsement of its .amazon gTLD application, it has emerged.
The proposal, made in February, also included an offer of four years of free hosting up to a value of $1 million.
The sweeteners came during negotiations with the eight governments of the Amazon Cooperation Treaty Organization, which object to .amazon because they think it would infringe on their geographical and cultural rights.
Amazon has sought to reassure these governments that it will reserve culturally sensitive strings of their choice in .amazon, and that it will actively support any future applications for gTLDs such as .amazonas, which is the more meaningful geographic string in local languages.
I’ve reported on these offers before, but to my knowledge the offer of free Kindles and AWS credits has not been made public before. (UPDATE: Nope.)
According to a September letter from ACTO, published (pdf) this week, Amazon told it:
as an indication of goodwill and support for the people and governments of the Amazonian Region… [Amazon will] make available to the OTCA governments credits for the use of AWS services, Kindles preloaded with mutually agreed upon content, and similar Amazon.com services and products in an amount not to exceed $5,000,000.
Amazon also offered to set up a .amazon web site “to support the Amazonian people’s cultural heritage” and pay up to $1 million to host it for four years.
These kinds of financial sweeteners would not be without precedent.
The applicant for .bar wound up offering to donate $100,000 to fund a school in Montenegro, after the government noted the string match with the Bar region of the country.
The ACTO countries met in August to consider Amazon’s offer, but chose not to accept it.
However, they’re not closing off talks altogether. Instead, they’ve taken up ICANN on its offer to act as a facilitator of talks between Amazon and ACTO members.
The ICANN board of directors passed a resolution last month instructing CEO Goran Marby to “support the development of a solution” that would involve “sharing the use of those top-level domains with the ACTO member states”.
ACTO secretary general Jacqueline Mendoza has responded positively to this resolution (pdf) and invited Marby to ACTO headquarters in Brasilia to carry on these talks.
US not happy with Donuts hiring Atallah
The US government appears to have reservations about Donuts’ recent hiring of ICANN bigwig Akram Atallah as its new CEO.
Speaking at a session of ICANN 63 here in Barcelona today, National Telecommunications and Information Administration head David Redl alluded to the recent hire.
Atallah was president of the Global Domains Division and twice interim CEO.
While most of Redl’s brief remarks today concerned internet security and Whois, he concluded by saying:
While the community has greatly improved ICANN’s accountability through the IANA stewardship transition process, there are still improvements to be made.
As one example, we need safeguards to ensure that ICANN staff and leadership are not only grounded ethically in their professional actions at ICANN, but also in their actions when they seek career opportunities outside of ICANN.
One potential fix could be “cooling off periods” for ICANN employees that accept employment with companies involved in ICANN activities and programs. This is an ethical way to ensure that conflicts of interest or appearances of unethical behavior are minimized.
ICANN faced similar scrutiny back in the 2011, when ICANN chair Peter Dengate Thrush pushed through the new gTLD program and almost immediately began working for a new gTLD applicant.
That was the same year Redl moved from being head of regulatory affairs at CTIA — lobbying for wireless industry legislation — to counsel to the House of Representatives Energy and Commerce Committee — helping to craft wireless industry legislation.
Here are his remarks. Redl starts speaking at around the 38-minute mark.
ICANN denies it’s in bed with trademark lawyers
ICANN chair Cherine Chalaby has strongly denied claims from non-commercial stakeholders that its attitude to Whois reform is “biased” in favour of “special interests” such as trademark lawyers.
In a remarkably fast reply (pdf) to a scathing October 17 letter (pdf) from the current and incoming chairs of the Non-Commercial Stakeholders Group, Chalaby dismissed several of the NCSG’s claims of bias as “not true”.
The NCSG letter paints ICANN’s efforts to bring Whois policy into line with the General Data Protection Regulation as rather an effort to allow IP owners to avoid GDPR altogether.
It even suggests that ICANN may be veering into content regulation — something it has repeatedly and specifically disavowed — by referring to how Whois may be used to combat “fake news”.
The “demonstrated intention of ICANN org has been to ensure the unrestrained and unlawful access to personal data demanded by special interest groups”, the NCSG claimed.
It believes this primarily due to ICANN’s efforts to support the idea of a “unified access model” — a way for third parties with “legitimate interests” to get access to private Whois data.
ICANN has produced a couple of high-level framework documents for such a model, and CEO Goran Marby has posted articles playing up the negative effects of an inaccessible Whois.
But Marby has since insisted that a unified access model is still very much an “if”, entirely dependent on whether the community, in the form of the Whois EPDP working group, decides there should be one.
That message was reiterated in Chalaby’s new letter to the NCSG.
The conversation on whether to adopt such a model must continue, but the outcomes of those discussions are for the community to decide. We expect that the community, using the bottom-up multistakeholder model, will take into account all stakeholders’ views and concerns.
He denied that coordinating Whois data is equivalent to content regulation, saying it falls squarely within ICANN’s mandate.
“ICANN’s mission related to ‘access to’ this data has always encompassed lawful third-party access and use, including for purposes that may not fall within ICANN’s mission,” he wrote.
The exchange of letters comes as parties on the other side of the Whois debate also lobby ICANN and its governmental advisors over the need for Whois access.
ICANN 63, Day 0 — registrars bollock DI as Whois debate kicks off
Blameless, cherubic domain industry news blogger Kevin Murphy received a bollocking from registrars over recent coverage of Whois reform yesterday, as he attended the first day of ICANN 63, here in Barcelona.
Meanwhile, the community working group tasked with designing this reform put in a 10-hour shift of face-to-face talks, attempting to craft the language that will, they hope, bring ICANN’s Whois policy into line with European privacy law.
Talks within this Expedited Policy Development Process working group have not progressed a massive amount since I last reported on the state of affairs.
They’re still talking about “purposes”. Basically, trying to write succinct statements that summarize why entities in the domain name ecosystem collect personally identifiable information from registrants.
Knowing why you’re collecting data, and explaining why to your customers, is one of the things you have to do under the General Data Protection Regulation.
Yesterday, the EPDP spent pretty much the entire day arguing over what the “purposes” of ICANN — as opposed to registries, registrars, or anyone else — are.
The group spent the first half of the day trying to agree on language explaining ICANN’s role in coordinating DNS security, and how setting policies concerning third-party access to private Whois data might play a role in that.
The main sticking point was the extent to which these third parties get a mention in the language.
Too little, and the Intellectual Property Constituency complains that their “legitimate interests” are being overlooked; too much, and the Non-Commercial Stakeholders Group cries that ICANN is overstepping its mission by turning itself into a vehicle for trademark enforcement.
The second half of the day was spent dealing with language explaining why collecting personal data helps to establish ownership of domains, which is apparently more complicated than it sounds.
Part of this debate was over whether registrants have “rights” — such as the right to use a domain name they paid for.
GoDaddy policy VP James Bladel spent a while arguing against this legally charged word, again favoring “benefits”, but appeared to eventually back down.
It was also debated whether relatively straightforward stuff such as activating a domain in the DNS by publishing name servers can be classed as the disclosure of personal data.
The group made progress reaching consensus on both sets of purposes, but damn if it wasn’t slow, painful progress.
The EPDP group will present its current state of play at a “High Interest Topic” session on Monday afternoon, but don’t expect to see its Initial Report this week as originally planned. That’s been delayed until next month.
While the EPDP slogs away, there’s a fair bit of back-channel lobbying of ICANN board and management going on.
All the players with a significant vested interest in the outcome are writing letters, conducting surveys, and so on, in order to persuade ICANN that it either does or does not need to create a “unified access model” that would allow some parties to carry on accessing private Whois data more or less the same way as they always have.
One such effort is the one I blogged about on Thursday, shortly before heading off to Barcelona, AppDetex’s claims that registrars have ignored or not sufficiently responded to some 9,000 automated requests for Whois data that its clients (notably Facebook) has spammed them with recently.
Registrars online and in-person gave me a bollocking over the post, which they said was one-sided and not in keeping with DI’s world-renowned record of fairness, impartiality and all-round awesomeness (I’m paraphrasing).
But, yeah, they may have a point.
It turns out the registrars still have serious beef with AppDetex’s bulk Whois requests, even with recent changes that attempt to scale back the volume of data demanded and provide more clarity about the nature of the request.
They suspect that AppDetex is simply trawling through zone files for strings that partially match a handful of Facebook’s trademarks, then spamming out thousands of data requests that fail to specify which trademarks are being infringed and how they are being infringed.
They further claim that AppDetex and its clients do not respond to registrars’ replies, suggesting that perhaps the aim of the game here is to gather data not about the owner of domains but about registrars’ alleged non-compliance with policy, thereby propping up the urgent case for a unified access mechanism.
AppDetex, in its defence, has been telling registrars on their private mailing list that it wants to carry on working with them to refine its notices.
The IP crowd and registrars are not the only ones fighting in the corridors, though.
The NCSG also last week shot off a strongly worded missive to ICANN, alleging that the organization has thrown in with the IP lobby, making a unified Whois access service look like a fait accompli, regardless of the outcome of the EPDP. ICANN has denied this.
Meanwhile, cybersecurity interests have also shot ICANN the results of a survey, saying they believe internet security is suffering in the wake of ICANN’s response to GDPR.
I’m going to get to both of these sets of correspondence in later posts, so please don’t give me a corridor bollocking for giving them short shrift here.
UPDATE: Minutes after posting this article, I obtained a letter Tucows has sent to ICANN, ripping into AppDetex’s “outrageous” campaign.
Tucows complains that it is being asked, in effect, to act as quality control for AppDetex’s work-in-progress software, and says the volume of spurious requests being generated would be enough for it ban AppDetex as a “vexatious reporter”.
AppDetex’s system apparently thinks “grifflnstafford.com” infringes on Facebook’s “Insta” trademark.
UPDATE 2: Fellow registrar Blacknight has also written to ICANN today to denounce AppDetex’s strategy, saying the “automated” requests it has been sending out are “not sincere”.
Registrars still not responding to private Whois requests
Registrars are still largely ignoring requests for private Whois data, according to a brand protection company working for Facebook.
AppDetex wrote to ICANN (pdf) last week to say that only 3% of some 9,000 requests it has made recently have resulted in the delivery of full Whois records.
Almost 60% of these requests were completely ignored, the company claimed, and 0.4% resulted in a request for payment.
You may recall that AppDetex back in July filed 500 Whois requests with registrars on behalf of client Facebook, with which it has a close relationship.
Then, only one registrar complied to AppDetex’s satisfaction.
Company general counsel Ben Milam now tells ICANN that more of its customers (presumably, he means not just Facebook) are using its system for automatically generating Whois requests.
He also says that these requests now contain more information, such as a contact name and number, after criticism from registrars that its demands were far too vague.
AppDetex is also no longer demanding reverse-Whois data — a list of domains owned by the same registrant, something not even possible under the old Whois system — and is limiting each of its requests to a single domain, according to Milam’s letter.
Registrars are still refusing to hand over the information, he wrote, with 11.4% of requests creating responses demanding a legal subpoena or UDRP filing.
The company reckons this behavior is in violation of ICANN’s Whois Temporary Specification.
The Temp Spec says registrars “must provide reasonable access to Personal Data in Registration Data to third parties on the basis of a legitimate interests pursued by the third party”.
The ICANN community has not yet come up with a sustainable solution for third-party access to private Whois. It’s likely to be the hottest topic at ICANN 63 in Barcelona, which kicks off this weekend.
Whois records for gTLD domains are of course, post-GDPR, redacted of all personally identifiable information, which irks big brand owners who feel they need it in order to chase cybersquatters.
Book review — “Domain Names: Strategies and Legal Aspects”
I’ve only ever read two books about the domain name industry.
The first one was Kieren McCarthy’s excellent Sex.com, the 2007 barely believable non-fictional tech-thriller that seemed to deliberately eschew inside-baseball policy talk in favor of a funny and rather gripping human narrative.
The second, Domain Names – Strategies and Legal Aspects, by Jeanette Soderlund Sause and Malin Edmar, is pretty much the diametrical opposite.
The book, published in its second edition in June, instead seems bent on explaining the complex intersection of domain names and intellectual property rights in as few words as it is able.
Coming in at a brisk 150 pages, it’s basically been engineered to funnel as much information into your brain as possible in as short a space of time as possible.
I blazed through my complimentary review copy during a three-hour train journey a couple months ago.
About half-way through, I realized I had done absolutely no background reading about the authors or publisher, and had no idea who the intended reader was.
The introduction, written for the 2014 first edition by a Swedish civil servant then on the GAC, gives the misleading impression that the book has something to say about multistakeholderism, DNS fragmentation, or new gTLD controversies.
It doesn’t. If the authors have any political opinions, you will not learn them from Domain Names.
What you will get is a competent reference work geared primarily towards IP lawyers and brand management folk who are newbies to the world of domain names.
The authors are both Swedish IP lawyers, though Soderland Sause is currently marketing VP for the .global gTLD registry.
The first half of their book deals with introducing and briefly explaining the high-level technical aspects of the DNS and the basic structure of the market, then discussing the difference between a trademark and a domain name.
An occasionally enlightening middle section of about 30 pages deals with strategies for selecting and obtaining domains, either as fresh registrations or from third parties such as cybersquatters, investors or competitors.
But the second half of the book — which deals with UDRP and related dispute resolution procedures — is evidently where the authors’, and presumably readers’, primary interest lies.
It goes into comparative depth on this topic, and I actually started to learn a few things during this section.
As a newcomer to the work, I cannot definitively say whether the new and updated content — which I infer covers developments in new gTLDs and such over the last four years — is worth the £120 upgrade for owners of the first edition.
It also seems to have gone to the printers before it was fully clear how ICANN was going to deal with GDPR; a third edition will likely be needed in a couple of years after the smoke clears.
I’d be lying if I said I had any fun reading Domain Names, but I don’t think I was supposed to.
I can see myself keeping it near my desk for occasional reference, which I think is what it’s mainly there for.
I can see IP lawyers or ICANN policy wonks also keeping copies by their desks, to be handed out to new employees as a primer on what they need to do to get their hands on the domains they want.
These juniors can then absorb the book over a weekend and keep it by their own desks for future reference, to be eventually passed on to the next n00b.
If that’s what it’s for, I think the authors have done a pretty good job of it.
Domain Names – Strategies and Legal Aspects, 2nd edition, by Jeanette Soderlund Sause and Malin Edmar, is published by Sweet & Maxwell.
Co-founder Nevett leaves Donuts
Donuts executive vice president of corporate affairs Jon Nevett has left the company, Donuts said yesterday.
He’s the last of the four co-founders of the new gTLD portfolio owner to step aside from their original roles over the last couple of years.
There’s no word on whether he’s got a new gig lined up, but given the recent acquisition of Donuts by Abry Partners, which gave the founders the opportunity to dispose of their shares, Nevett presumably will be in no rush.
Donuts said in a statement that Nevett, who led policy at the company, will continue to act as an advisor.
He follows Dan Schindler and Richard Tindal as co-founders who have since left the company.
Founding CEO Paul Stahura stepped into the executive chair role a couple of years ago to make way for Bruce Jaffe, who led the firm through its merger with Rightside and subsequent sale to Abry.
Jaffe himself will leave next month to allow former ICANN bigwig Akram Atallah into the hot seat. Former ICANN CEO Fadi Chehade is one of Abry’s lead overseers of Donuts.
The internet is still working after KSK roll
The first-ever change to the security keys at the top of the DNS tree appears to have been a non-event.
While ICANN received reports of some disruptions after last Thursday’s KSK rollover, the impact appears to have fallen short of the millions of users that had been speculated.
ICANN said yesterday:
After evaluation of the available data, there does not appear to be a significant number of Internet end-users who have been persistently and negatively impacted by the changing of the key.
The few issues that have arisen appear to have been quickly mitigated and none suggested a systemic failure that would approach the threshold (as defined by the ICANN community) to initiate a reversal of the roll. In that context, it appears the rollover to the new Key Signing Key, known as KSK 2017, has been a success.
The KSK, also sometimes called the “trust anchor”, is the ultimate cryptographic key in the chain that secures all DNSSEC queries on the internet.
October 11 was the first time it had been changed since the first version came online in 2010.
While changing the key was broadly considered sound security practice, the roll was delayed by a year after it was discovered that potentially millions of endpoints were using DNS resolvers not properly configured to use the 2017 key.
After much research, outreach and gnashing of teeth, it was decided that the risk posed by rolling the KSK now fell within acceptable parameters of collateral damage.
Experts from the likes of Google and Verisign, and one ICANN director, had urged caution and said perhaps the roll should be delayed further while more data was gathered.
But they were in the minority, ICANN went ahead anyway, and it seems their fears have not come to pass.
The KSK is now likely to be rolled regularly — it could be as little as once every five years, or more frequently.
It also gives ICANN the opportunity to eventually update the system to swap out its current RSA keys for keys based on elliptical curve cryptography, which could reduce the traffic load on the DNS as a whole.
Donuts loses to ICANN in $135 million .web auction appeal
Donuts has lost a legal appeal against ICANN in its fight to prevent Verisign running the .web gTLD.
A California court ruled yesterday that a lower court was correct when it ruled almost two years ago that Donuts had signed away its right to sue ICANN, like all gTLD applicants.
The judges ruled that the lower District Court had “properly dismissed” Donuts’ complaint, and that the covenant not to sue in the Applicant Guidebook is not “unconscionable”.
Key in their thinking was the fact that ICANN has an Independent Review Process in place that Donuts could use to continue its fight against the .web outcome.
The lawsuit was filed by Donuts subsidiary Ruby Glen in July 2016, shortly before .web was due to go to an ICANN-managed last-resort auction.
Donuts and many others believed at the time that one applicant, Nu Dot Co, was being secretly bankrolled by a player with much deeper pockets, and it wanted the auction postponed and ICANN to reveal the identity of this backer.
Donuts lost its request for a restraining order.
The auction went ahead, and NDC won with a bid of $135 million, which subsequently was confirmed to have been covertly funded by Verisign.
Donuts then quickly amended its complaint to include claims of negligence, breach of contract and other violations, as it sought $22.5 million from ICANN.
That’s roughly how much it would have received as a losing bidder had the .web contention set been settled privately and NDC still submitted a $135 million bid.
As it stands, ICANN has the $135 million.
That complaint was also rejected, with the District Court disagreeing with earlier precedent in the .africa case and saying that the covenant not to sue is enforceable.
The Appeals Court has now agreed, so unless Donuts has other legal appeals open to it, the .web fight will be settled using ICANN mechanisms.
The ruling does not mean ICANN can go ahead and delegate .web to Verisign.
The .web contention set is currently “on-hold” because Afilias, the second-place bidder in the auction, has since June been in a so-called Cooperative Engagement Process with ICANN.
CEP is a semi-formal negotiation-phase precursor to a full-blown IRP filing, which now seems much more likely to go ahead following the court’s ruling.
The appeals court ruling has not yet been published by ICANN, but it can be viewed here (pdf).
The court heard arguments from Donuts and ICANN lawyers on October 9, the same day that DI revealed that ICANN Global Domains Division president Akram Atallah had been hired by Donuts as its new CEO.
A recording of the 32-minute hearing can be viewed on YouTube here or embedded below.
Recent Comments