Recent Posts
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
Verisign launches name-spinner tool for if you really, really need a .com
Verisign has launched a new name-spinning tool, designed to help new businesses find relevant domain names in Verisign-managed TLDs.
It’s called NameStudio. Verisign said:
NameStudio can deliver relevant .com and .net domain name suggestions based on popular keywords, trending news topics and semantic relevance. Pulling from multiple and diverse data sources, the service can identify the context of a word, break search terms apart into logical combinations and quickly return results. It can also distinguish personal names from other keywords and use machine-learning algorithms that get smarter over time.
The machine-learning component may come in handy, based on my non-scientific, purely subjective messing around at the weekend.
I searched for “london pubs”, a subject close to my heart. Naturally enough, londonpubs.com is not available, but the suggestions were not what you’d call helpful.
As you can see, the closest match to London it could find was “Falkirk”, a town 400 miles away in Scotland. The column is filled with the names of British towns and cities, so the tool clearly knows what London is, even if its suggestions are not particularly useful for a London-oriented web site.
The closest match to “pubs” was “cichlids”, which Google reliably informs me is a type of fish. “ComicCon” (a famous trademark), “barbarians” and a bunch of sports, dog breeds and so on feature highly on its list of suggestions.
NameStudio obviously does not know what a “pub” is, but it’s not a particularly common word in most of Verisign’s native USA, so I tried “london bars” instead. The results there were a little more encouraging.
Again, Falkirk topped the list of London alternatives, a list that this time also prominently included the names of Australian cities.
On the “bars” column, suggestions such as “parties”, “stags” and “nights” suggests that NameStudio has a notion what I’m looking for, but the top suggestion is still “birthdays”.
I should note that the service also suggests prefixes such as “my” and “free” and suffixes such as “online” or “inc”, so if you have your heart set on a .com domain you’ll probably be able to find something containing your chosen keywords.
The domains alllondonpubs.com and alllondonbars.com were probably the best available alternatives I could find. For my hypothetical London-based pub directory/blog web site, they’re not terrible choices.
I also searched NameStudio for “domain blog”, another subject close to my heart.
The top three suggestions in the “domain” column were “pagerank”, “websites” and “query”. Potentially relevant. Certainly some are in the right ball-park. Let’s ignore that “pagerank” is a Google trademark that nobody really talks about much any more.
The top suggestions to replace “blog” were “infographic”, “snippets” and “rumor”. Again, right ball-park, but my best bet still appears to be adding a prefix or suffix to my original keywords.
I tried a few more super-premium one-word keywords too.
The best suggestion for “vodka” was “dogvodka.com”. For “attorney”, it was “funattorney.com”. For “insurance”, there were literally no available suggestions.
Currently — and to be fair the tool just launched last week — you’re probably better off looking at other name suggestion tools.
NameStudio does not appear to currently suggest domains that are listed for sale on the aftermarket. I expect that’s a feature addition that could come in future.
But possibly the main problem with the tool appears to be that it currently only looks for available names in .com, .net, .tv or .cc.
Repeating my “london pubs” search with GoDaddy and DomainsBot, which each support hundreds more TLDs, produced arguably superior results.
They’re only superior, of course, if you consider your chosen keywords, and the brevity of your domain, more important than your choice of TLD. For some people, a .com at the end of the domain will always be the primary consideration, and perhaps those people are Verisign’s target market.
Almost half of ccTLDs may block some Whois data
Almost half of ccTLDs are planning to hide parts of Whois results from public view in response to incoming European Union law.
That’s according to a recent informal survey of the members of CENTR, the Council of European National Top Level Domain Registries, detailed in a letter to ICANN (pdf) last week.
According to the survey of 28 ccTLDs, 13 of them (46.4%) said they plan to “hide certain data fields” in response to the requirements of the General Data Protection Regulation.
GDPR forces companies to give EU citizens more rights to control how their data is used, which includes the publication of Whois data.
While the sample size is small, the results are probably indicative of the direction of the industry.
The industry and community is still struggling to reconcile longstanding Whois practices and contractual requirements with the new law, but a consensus seems to be forming that Whois as we know it is not going to survive.
Hiding data fields such as contact information to general Whois users, while making it available to verified law enforcement, may be one part of becoming GDPR-compliant. It’s what two Dutch gTLD registries are already doing.
The CENTR survey also found that smaller numbers of registries are planning to throttle Whois queries and revise their agreements in response to GDPR, which comes into full effect next May.
The survey was carried out in June. Given the speed at which discussions in the community are progressing, I would not be surprised if the same survey carried out today would produce different results.
Hurricane victims get a renewal pass under ICANN rules
ICANN has given registries and registrars the ability to delay the cancellation of domain names owned by victims of Hurricane Maria and other similar natural disasters.
In a note to contracted parties, published by Blacknight boss Michele Neylon this weekend, Global Domains Division president Akram Atallah said:
registrars will be permitted to temporarily forebear from canceling domain registrations that were unable to be renewed as a result of the natural disaster.
Maria and other hurricanes caused widespread damage to infrastructure in the Caribbean earlier this year — not to mention the loss of life — making it difficult for many people to get online to renew their registrations.
ICANN’s Registrar Accreditation Agreement ties registrars to a fairly strict domain name renewal and expiration life-cycle, but there’s a carve out for certain specified “extenuating circumstances” such as bankruptcy or litigation.
Atallah’s note makes it clear that ICANN considers hurricane damage such a circumstance, so its contractual compliance department will not pursue registrars who fail to expire domains on time when the registrant has been affected by the disaster.
He added that perhaps it’s time for the ICANN community to come up with a standardized policy for handling such domains. There’s already been mailing list chatter of such an initiative.
ICANN is heading to Puerto Rico, which was quite badly hit by Maria, for its March 2018 public meeting.
While attendees have been assured that the infrastructure is in place for the meeting to go ahead, large parts of the island are reportedly still without power.
Cops tell Nominet to yank 16,000 domains, Nominet complies
Nominet suspended over 16,000 .uk domain names at the request of law enforcement agencies in the last year.
The registry yanked 16,632 domains in the 12 months to October 31, more than double the 8,049 it suspended in the year-earlier period.
The 2016 number was in turn more than double the 2015 number. The 2017 total is more than 16 times the number of suspended domains in 2014, the first year in which Nominet established this cozy relationship with the police.
The large majority of names — 13,616 — were suspended at the request of the Police Intellectual Property Crime Unit. Another 2,781 were taken down on the instruction of National Fraud Intelligence Bureau.
Nominet has over 12 million .uk domains under management, so 16,000 names is barely a blip on the radar overall.
But the fact that police can have domains taken down in .uk with barely any friction does not appear to be acting as a deterrent to bad actors when they choose their TLD.
The registry said that just 15 suspensions were reversed — which requires the consent of the reporting law enforcement agency — during the period. That’s basically flat on 2016.
“A suspension is reversed if the offending behavior has stopped and the enforcing agency has since confirmed that the suspension can be lifted,” the company said.
The company does not publish data on how many registrants requested a reversal and didn’t get one, nor does it publish any of the affected domains, so we have no way of knowing whether there’s any ambiguity or overreach in the types of domains the police more or less unilaterally have taken down.
It seems that the only reasons suspension requests do not result in suspensions are when domains have already been suspended or have already been transferred to an IP rights holder by court order. There were 32 of those in the last 12 months, half 2016 levels.
The separate, ludicrously onerous preemptive ban on domains that appear to encourage sexual violence resulted in just two suspensions in the last year, bringing the total new domains suspended under the rule since 2014 to just six.
Some poor bugger at Nominet had to trawl through 3,410 new registrations containing strings such as “rape” in 2017 to achieve that result, up from 2,407 last year.
Kickstarter launches Patreon rival on .RIP domain hack
They’re deadly serious.
Crowdfunding service Kickstarter has relaunched its Drip subscriptions service on a .rip domain.
It’s a domain hack using a single-character domain: d.rip.
It’s actually a case of a migration away from a .com domain, which is not something you see every day from a major online brand.
Drip was acquired by Kickstarter from record company Ghostly International in 2012 and has had a relatively low-key presence at drip.kickstarter.com.
Rather than enabling creators to fund a project entirely in advance, with an “all-or-nothing” approach, it allows them to collect subscription fees from fans.
It’s aimed at musicians, podcasters, comedians, YouTubers and the like — people who need a way to support their work now that advertisers are increasingly wary of edgy online content.
The .rip gTLD was originally a Rightside domain. It’s now in the Donuts stable.
It was intended to stand for Rest In Peace, giving registrants a memorable name with which to memorialize the dead.
In reality, with under 3,000 names in its zone, it’s used for a wide variety of other purposes too. Some sites use it to represent “rip” as a verb, others use it to evoke a sense of horror.
As a single-character registry premium name, d.rip would not have been cheap. However, it would have been certainly a lot cheaper than Drip.com, which is in use by an email marketing company.
Even post-Weinstein, no sexual harassment complaints at ICANN
There have been no formal complaints of sexual harassment in the ICANN community since the organization introduced a zero tolerance policy back in March, according to the Ombudsman.
That’s even after the current media storm about such behavior, precipitated by the revelations about movie producer Harvey Weinstein, which has given men and women in many industries the confidence to level accusations against others.
“There have been no complaints of sexual harassment since the implementation of the Community Anti-Harassment Policy nor the uptake of [post-Weinstein] media coverage,” ICANN Ombudsman Herb Weye told DI in response to an inquiry today.
The anti-harassment policy was adopted in March, and there have been three full, in-person ICANN meetings since then.
Face-to-face meetings are of course where one would expect to see such incidents, if any were to occur.
The policy bans everything from groping to wolf-whistling to dirty jokes to repeated, unwanted requests for dates.
At the time the policy was approved, ICANN general counsel John Jeffrey noted that there had been more than one such complaint since the infamous Cheesesandwichgate incident in March 2016.
No complaints since March does not necessarily mean no incidents, of course.
One recent recommendation to reform the office of the Ombudsman (or Ombudsperson, or simply Ombuds, in recent ICANN documentation) is to ensure a gender-mixed staff to perhaps make it more likely for issues related to gender to be reported.
A recent, non-scientific survey of ICANN participants found that about a third of women had knowledge or experience of sexism in the community.
Weye said that most complaints about non-sexual “harassment” occur at social events where alcohol is involved. He said that ICANN participants should be discreet when discussing “sensitive” cultural issues in such contexts, lest they inadvertently offend those within earshot.
There is “no place for disrespect in ICANN’s multi-cultural diverse environment” he said.
Radix claims 77% renewal rates after two years
New gTLD registry Radix says that three of its larger TLDs have seen a 77% renewal rate two years after launch.
The company said today that .online had 75% renewals, with .tech at 78% and .site at 81%.
It appears to have carved out these three from its portfolio for attention, ignoring the rest of its portfolio, because they all went to general availability in the same two-month period July and August 2015.
The renewal rates are for the first month of GA. In other words, 77% of the domains registered in the TLDs’ respective first month have been renewed for a third year.
Radix, in a press release, compared the numbers favorably to .com and .net, which had a combined renewal rate of 74% in the second quarter according to Verisign’s published numbers.
It’s probably not a fully fair apples-to-apples comparison. Domains registered in the first month of GA are likely higher-quality names registered by in-the-know early adopters, and therefore less likely to be dropped, whereas .com and .net have decades of renewal cycles behind them.
Radix also said that 86% of domains registered during the three TLDs’ sunrise periods and Early Access Periods are still being renewed, with .tech at 92% and .site at 88%.
Amazon and Google to fight over .kids at auction
Amazon, Google and a third applicant are scheduled to fight for control of the new gTLDs .kid or .kids at auction.
It’s the first ICANN gTLD auction to be scheduled since a Verisign puppet paid $135 million for .web in July 2016.
According to ICANN documentation, .kid and .kids will go to auction January 25, 2018.
The winning bid will be added to ICANN’s quarter-billion-dollar stash of auction proceeds, rather than shared out between the applicants.
Even though two different strings are at stake, it will be a so-called “direct contention” auction, meaning only .kids or .kid will ultimately go live.
Google, the sole applicant for .kid, had filed String Confusion Objections against .kids applications from Amazon and DotKids Foundation and won both, meaning the three applications were lumped into the same contention set.
Unless DotKids has a secret sugar daddy, it seems probable that the internet will next year either get a .kid gTLD operated by Google or a .kids gTLD operated by Amazon.
DotKids had applied as a “community” application and attempted to shut out both rivals and avoid an auction by requesting a Community Priority Evaluation.
However, it comprehensively lost the CPE.
Child-friendly domain spaces have a poor track record, partly due to the extra restrictions registrants must agree to, and are unlikely to be high-volume gTLDS no matter who wins.
Neustar operated .kids.us for 10 years, following US legislation, but turned it off in 2012 after fewer than 100 web sites used the domain. It made the decision not to reintroduce it in 2015.
The Russian-language equivalent, .дети, has been live for over three years but has only around 1,000 domains in its zone file.
The .kids/.kid auction may not go ahead if the three applicants privately negotiate a deal soon, but they’ve had over a year to do so already and have apparently failed to come to an agreement.
ICANN chief tells industry to lawyer up as privacy law looms
The domain name industry should not rely on ICANN to protect it from incoming EU privacy law.
That’s the strong message that came out of ICANN 60 in Abu Dhabi last week, with the organization’s CEO repeatedly advising companies to seek their own legal advice on compliance with the General Data Protection Regulation.
The organization also said that it will “defer taking action” against any registrar or registry that does not live up its contractual Whois commitments, within certain limits.
“GDPR is a law. I didn’t come up with it, it didn’t come from ICANN policy, it’s the law,” Marby said during ICANN 60 in Abu Dhabi last week.
“This is the first time we’ve seen any legislation that has a direct impact on our ability to make policies,” he said.
GDPR is the EU law governing how companies treat the private information of individuals. While in force now, from May next year companies in any industry found in breach of GDPR could face millions of euros in fines.
For the domain industry, it is expected to force potentially big changes on the current Whois system. The days of all Whois contact information published freely for all to see may well be numbered.
But nobody — not even ICANN — yet knows precisely how registries and registrars are going to be able to comply with the law whilst still publishing Whois data as required by their ICANN contracts.
The latest official line from ICANN is:
At this point, we know that the GDPR will have an impact on open, publicly available WHOIS. We have no indication that abandoning existing WHOIS requirements is necessary to comply with the GDPR, but we don’t know the extent to which personal domain registration data of residents of the European Union should continue to be publicly available.
Marby told ICANNers last week that it might not be definitively known how the law applies until some EU case law has been established in the highest European courts, which could take years.
A GNSO working group and ICANN org have both commissioned legal studies by European law experts. The ICANN one, by Swedish law firm Hamilton, is rather more comprehensive and can be read here (pdf).
Even after this report, Marby said ICANN is still in “discovery” mode.
Marby encouraged the industry to not only submit their questions to ICANN, to be referred on to Hamilton for follow-up studies, but also to share whatever legal advice they have been given and are able to share.
He and others pointed out that Whois is not the only point of friction with GDPR — it’s a privacy law, not a Whois law — so registries and registrars should be studying all of their personal data collection processes for potential conflicts.
Because there is very likely going to be a clash between GDPR compliance and ICANN contract compliance, ICANN has suspended all enforcement actions against Whois violations, within certain parameters.
It said last week that: “ICANN Contractual Compliance will defer taking action against any registry or registrar for noncompliance with contractual obligations related to the handling of registration data.”
This is not ICANN saying that registries and registrars can abandon Whois altogether, the statement stresses, but they might be able to adjust their data-handling models.
Domain firms will have to show “a reasonable accommodation of existing contractual obligations and the GDPR” and will have to submit their models to ICANN for review by Hamilton.
ICANN also stressed that registries may have to undergo a Registry Services Evaluation Process review before they can deploy their new model.
The organization has already told two Dutch new gTLD registries that they must submit to an RSEP, after .amsterdam and .frl abruptly stopped publishing Whois data for private registrants recently.
General counsel John Jeffrey wrote to the registries’ lawyer (pdf) to state that an RSEP is required regardless of whether the “new registry service” was introduced to comply with local law.
“One of the underlying purposes of this policy is to ensure that a new registry service does not create and security, stability or competition concerns,” he wrote.
Jeffrey said that while Whois privacy was offered at the registry level, registrars were still publishing full contact details for the same registrants.
ICANN said last week that it will publish more detailed guidance advising registries and registrars how to avoid breach notices will be published “shortly”.
Up to 20 million people could get broken internet in domain security rollover
Twenty million people losing access to parts of the internet is considered an acceptable level of collateral damage for ICANN’s forthcoming DNS root security update.
That’s one of a number of facts and figures to emerge from recent updates from the organization, explaining its decision to delay the so-called “KSK rollover” from October 11 to some time in the first quarter next year.
The rollover will see a new Key Signing Key, used as the trust anchor for all DNSSEC-signed domains, replace the seven-year-old original.
DNSSEC protects internet users and registrants from domain-based man-in-the-middle attacks. It’s considered good practice to roll keys at each level of the DNS hierarchy periodically, to reduce the risk of successful brute-force attacks.
The root KSK update will affect hundreds of millions of people who currently use DNSSEC-compatible resolvers, such as Google DNS.
ICANN delayed the rollover after it, rather fortuitously, spotted that not all of these resolvers are configured to correctly handle the change.
The number of known incompatible servers is quite small — only about 500 of the 11,982 DNSSEC-using recursive servers initially surveyed (pdf). That represents only a very small minority of the world’s internet users, as most are not currently using DNSSEC.
Subsequent ICANN research, presented by principal researcher Roy Arends at ICANN 60 last week, showed that:
- There are currently about 4.2 million DNS resolvers in the world.
- Of those, 27,084 are configured to tell the root servers which KSKs they support (currently either the KSK-2011 or KSK-2017).
- Of those, 1,631 or 6.02% do not support KSK-2017
It was only possible to survey servers that have turned on a recent update to DNS software such as BIND and Unbound, so the true number of misconfigured servers could be much higher.
Matt Larson, ICANN’s VP of research, told DI that ICANN has identified 176 organizations in 41 countries that are currently not prepared to handle the new KSK. These organizations are fairly evenly spread geographically, he said.
Since making the decision to delay the rollover, ICANN has hired a contractor to reach out to these network operators to alert them to potential problems.
ICANN’s CEO Goran Marby has also been writing to telecommunications regulators in all countries to ask for assistance.
After the rollover, people using an incompatible resolver would be unable to access DNSSEC-signed domains. Again, that’s still quite a small minority of domains — there are only about 750,000 in .com by some accounts and apparently none of the top 25 site support it.
ICANN could roll back the change if it detects that a sufficiently large number of people are negatively affected, but that number turns out to be around 20 million.
According to its published rollover plan:
Rollback of any step in the key roll process should be initiated if the measurement program indicated that a minimum of 0.5% of the estimated Internet end-user population has been negatively impacted by the change 72 hours after each change has been deployed into the root zone.
According to InternetWorldStats, there were around 3,885,567,619 internet users in the world this June. It’s very likely more people now.
So a 0.5% threshold works out to about 19 million to 20 million people worldwide.
Larson agreed that in absolute terms, it’s a big number.
“The overall message to take away from that number, I suggest, is that a problem would have to be pretty serious for us to consider rolling back,” Larson, who was not on the team that came up with the threshold, said.
“I think that’s a reasonable position considering that, in the immediate aftermath of the rollover, there are two near-immediate fixes available to any operator experiencing problems: update their systems’ trust anchors with the new key or (less desirable from my perspective but still effective) simply disable DNSSEC validation,” he said.
He added that the 0.5% level is not a hard and fast rule, and that ICANN could be flexible in the moment.
“For example, if when we roll the key, we find out there’s some critical system with a literal life or death impact that is negatively affected by the KSK roll, I think I can pretty confidently state that we wouldn’t require the 0.5% of Internet user threshold to be met before rolling back if it looked like there would be a significant health and safety risk not easily mitigated,” he said.
The chances of such an impact are very slim, but not impossible, he suggested.
It’s not ICANN’s intention to put anyone’s internet access at risk, of course, which is why there’s a delay.
ICANN’s plan calls for any rollover to happen on the eleventh day of a given calendar quarter, so the soonest it could happen would be January 11.
Given the complexity of the outreach task in hand, the relative lack of data, and the holiday periods approaching in many countries, and ICANN’s generally cautious nature, I’d hazard a guess we might be looking at April 11 at the earliest instead.
Recent Comments