dotShabaka Diary — Day 7, PDT Success

ICANN today revealed that three of the first four new gTLD applicants to have already signed registry contracts have also now passed through pre-delegation testing.
He’s the take of dotShabaka, one of the three, written by general manager Yasmin Omer as the seventh installment of our ongoing dotShabaka Diary.

Tuesday 27 August 2013
A milestone today with the receipt of official confirmation from ICANN that شبكة. has successfully passed pre-delegation testing.
While effectively it’s just a piece of paper (or more accurately a PDF file) it is, like the execution of the Registry Agreement, another step closer to making the new gTLD program a reality. We would like to extend our thanks to the support of the technical team at ARI Registry Services, the team at IIS and ICANN for playing your part in getting us to this stage.
Like many pioneers the path has not been easy; however with the support of all involved we have achieved the desired outcome. We hope that through our experience we are helping to refine the process, making the journey easier for those to follow.
شبكة. is now eligible for transition to IANA delegation. We expect notice soon from ICANN on how to proceed with this step. The next tasks to be completed include TMCH Integration Testing. This is slated to commence on 9 September 2013 when the claims service functionality becomes available.
At this point we are on schedule for Sunrise and despite the trials that we and every applicant has faced in the past, we remember the words of Egyptian singer, songwriter, and film actress Om Kalthoum:
“أحب رؤية القمر في بدايته عندما يكون هلال لأنني أحب كل شيء له مستقبل”
“I love looking at the moon when it’s still a crescent because I love everything that has a future”

Comment Tagged: dotshabaka diary

All gTLD confusion decisions in one handy chart

Dirk Krischenowski of DotBerlin has produced an interesting chart plotting all the new gTLD string confusion decisions to come out of ICANN and its objection panels to date.
He’s kindly allowed us to reproduce it here. Click to enlarge.

Each string-pair’s percentage of similarity, as determined by the Sword algorithm, determines its position on the Y-axis, while the color of the circle indicates which way the decision went.
It’s a nice way of visualizing the fact that while Sword may have been instructive in the String Similarity Panel’s determinations it’s not an overwhelming factor in String Confusion Objection decisions made by International Centre for Dispute Resolution panelists.
You can download the chart as a PDF here.

2 Comments Tagged: dotberlin, ICANN, icdr, string confusion objection, string similarity panel

ICANN’s name collision plan “creates risk of abuse”

One of ICANN’s proposed methods of reducing the risk of name collisions in new gTLDs actually may create its own “significant risk for abuse”, according to RIPE NCC.
Asking registry operators to send a notification to the owner of IP address blocks that have done look-ups of their TLD before it is delegated risks creating a “backlash” against ICANN and registry operators, RIPE said.
Earlier this month, ICANN said that for the 80% of applied-for strings that are categorized as low risk, “the registry operator will notify the point of contacts of the IP addresses that issue DNS requests for an un-delegated TLD or names under it.”
The proposal is intended to reduce the risk of harms caused by the collision of new gTLDs and matching names that are already in use on internal networks.
For example, if the company given .web discovers that .web already receives queries from 100 different IP blocks, it will have to look up the owners of those blocks with the Regional Internet Registries and send them each an email telling them than .web is about to hit the internet.
RIPE is the RIR for Europe, responsible for allocating IP addresses in the region, so its view on how effective a mitigation plan this is cannot be easily shrugged off.
Chief scientist Daniel Karrenberg told ICANN today that the complexity of the DNS, with its layers of recursive name servers and such, makes the approach pointless:

The notifications will not be effective because they will typically not reach the party that is potentially at risk.

In addition, it will be trivial for mischief-makers to create floods of useless notifications by conducting deliberately erroneous DNS queries for target TLDs, he said:

anyone can cause the registry operator to send an arbitrary amount of mandatory notifications to any holder of IP address space. It will be highly impractical to detect such attacks or find their source by technical means. On the other hand there are quite a number of motivations for such an attack directed at the recipient or the sender of the notifications. The backlash towards the registry operator, ICANN and other parties in the chain will be even more severe once the volume increases and when it turns out that the notifications are for “non-existing” queries.

With a suitably large botnet, it’s easy to see how an attacker could generate the need for many thousands of mandatory notifications.
If the registry has a manual notification process, such a flood would effectively DDoS the registry’s ability to send the notices, potentially delaying the gTLD.
Even if the process were to be automated, you can imagine how IP address block owners (network admins at ISPs and hosting companies, for example) would respond to receiving notifications, each of which creates work, from hundred of affected gTLD operators.
It’s an interesting view, and one that affected new gTLD applicants (which is most of them) will no doubt point to in their own comments on the name collisions mitigation plan.

Comment Tagged: ICANN, name collisions, new gTLDs, ripe ncc, security

15 new gTLD applications enter Extended Evaluation

The first batch of new gTLD applications have officially entered the Extended Evaluation stage of the process.
Fifteen bids that failed to achieve passing scores during Initial Evaluation are now taking a second crack at getting approved.
Extended Evaluation is voluntary but in most cases — such as when additional financial or geographic support information is required — it is also free from additional ICANN fees.
If an application goes into EE, its whole contention set is delayed — possibly for months — while the evaluation is completed.
The affected strings so far are: .online, .bcg, .ged, .supersport, .life, .payu, .locus, .shop, .taipei, .pay, .ltd, .olayangroup, .llc, العليان., and .mckinsey.
The 15 comprise basically every application that has so far been told it is eligible for extended evaluation, but excluding most of those that received the news last Friday.
The DI PRO Application Tracker has been updated to reflect the new statuses, and we’ve added a new search option that lets you view or exclude “In EE” applications.
The DI PRO New gTLD Timeline now also includes diary entries related to Extended Evaluation.

Comment Tagged: extended evaluation, ICANN, initial evaluation, new gTLDs

.taipei not blocked after all

Taipei City Government’s application for the .taipei new gTLD is still live, despite indications to the contrary from ICANN last week.
On Friday, we reported that there was some confusion about the status of the bid, which was flagged by ICANN as “Eligible for Extended Evaluation” in one place and “Ineligible for Further Review” in another.
We wondered aloud whether Taiwan’s controversial national identity was responsible for the application failing due to lack of governmental support.
But an ICANN spokesperson called last night to confirm that the “Eligible” status is the correct one. The ICANN web site has been corrected accordingly.
What this means is that .taipei is not rejected yet, but must provide more evidence of government support if it wants to pass Extended Evaluation and eventually get delegated.
The question remains, however: which government are we talking about here? If it’s the People’s Republic of China, which claims Taiwan as a province, Taipei may still face problems.

Comment Tagged: .taipei, ICANN, new gTLDs

CNNIC hit by “largest ever” denial of service attack

Chinese ccTLD operator CNNIC suffered up to half a day of degraded performance and intermittent accessibility yesterday, after being hit by what it called its “largest ever” denial of service attack.
CNNIC is one of ICANN’s three Emergency Back-End Registry Operators, contracted to take over the running of any new gTLD registries that fail. It’s also the named back-end for seven new gTLD applications.
According to an announcement on its web site, as well as local reports and tips to DI, the first wave of DDoS hit it at about midnight yesterday. A second wave followed up at 4am local time and lasted up to six hours.
According to a tipster, all five of .cn’s name servers were inaccessible in China during the attack.
Local reports (translated) say that many Chinese web sites were also inaccessible to many users, but the full scale of the problem doesn’t seem to be clear yet.
China’s .cn is the fourth-largest ccTLD, with close to 10 million domains under management.

Comment Tagged: cnnic, ddos, ebero, ICANN, new gTLDs

dotShabaka Diary — Day 6, TMCH Integration Testing

Today, the sixth installment of dotShabaka Registry’s journal, charting its progress towards becoming one of the first new gTLDs to go live, written by general manager Yasmin Omer.

Monday 26 August 2013
We attended the second IBM webinar on the TMCH which ran smoothly. The guys at IBM were pretty responsive and helpful.
Having received our registration token from ICANN, we logged on to the TMDB System to create credentials for the OT&E platform, provide contact details and accept the TMCH Terms and Conditions. TMCH integration testing is now on hold since we were not able to download the DNL file or upload the LORDN file. IBM confirmed that this functionality will not be available until the Trademark Claims functionality update scheduled for the 9th of September.
The testing environment was communicated as the TMCH accreditation environment that would include all the functionality required for Sunrise processing. It’s currently a limited test environment but we’re looking forward to conducting further tests as IBM continue to add functionality.
We recommend those planning on conducting TMCH Integration Testing in the near future wait until the Claims functionality update scheduled for the 9th of September before proceeding.

Read previous and future diary entries here.

Comment Tagged: dotshabaka diary

Failures mount up as ICANN releases penultimate week of IE results

Eight new gTLD applications flunked Initial Evaluation this week, according to ICANN’s just-released results.
One of them, the Taipei City Government’s bid for .taipei, has been flagged as “Ineligible for Further Review” — the only application to receive such a status to date — suggesting it is fully dead.
But the full IE report delivered by ICANN says .taipei is actually “Eligible for Extended Evaluation”. It’s not clear right now which of these statuses is the correct one.
Its IE report says “the required documentation of support or non-objection was either not provided or did not meet the criteria” for Taipei’s bid to pass the Geographic Names Review.
While the city government seems to be the applicant, city bids also require national government support, which could be problematic given that the People’s Republic of China regards Taiwan as a province and the United Nations does not officially recognize it as a nation.
Also failing to receive a passing score this week was one of three bidders for the hotly contested gTLD .eco.
Planet Dot Eco failed on both its financial and technical questions, one of the first two applicants to suffer this double whammy. The other was Metaregistrar, which has just found out its app for .frl has failed on both counts.
The clothing retailer Express, noted for its failed Legal Rights Objection against Donuts, also failed its technical evaluation.
Express had a Verisign back-end, while Planet Dot Eco is using ARI Registry Services. Metaregistrar did not specify a third-party back-end provider in its application.
.olayan became the third application from the Saudi conglomerate Olayan Investments to fail because it did not provide its financial statements as required by the Applicant Guidebook.
.place, an application by 1589757 Alberta Ltd (‘DotPlace’) also failed to provide financial statements, as did the dot-brands .shaw, .alcon and .rexroth.
These applications received passing scores this week:

.mail .tech .kpn .play .weatherchannel .crown .aeg .statoil .app .cloud .honeywell .cruises .vig .netaporter .juegos .aramco .lamborghini .soccer .ping .surf .lol .gallo .parts .flowers .gree .webs .netflix .science .school .inc .rio .bbt .mutual .auspost .best .men .symantec .med .doctor .deals .insure .citadel .care .barcelona .racing .feedback .amfam .design .save .nhk .productions .forum .finish .spot .hitachi .web .dish .vistaprint .art .maison .properties .nissay .book .tiffany .haus .skin .hockey .phone .allfinanz .finance .通用电气公司 .手表 .電訊盈科 .珠宝 .ارامكو .hisamitsu .intuit .orientexpress .gecompany .team .church .panasonic .onyourside .ski

With only 141 applications left in evaluation, there’s only one week officially left on the IE timetable, though I expect ICANN will spend some time mopping up the stragglers afterwards.
There are 23 applications eligible for extended evaluation.

Comment Tagged: ICANN, initial evaluation, new gTLDs

Bank takes blame for gTLD name collision

The Commonwealth Bank of Australia, which has applied for the new gTLD .cba, has told ICANN that its own systems are to blame for most of the error traffic the string sees at the DNS root.
The company wants ICANN to downgrade its gTLD application to “low risk” from its current delay-laden “uncalculated” status, saying that it can remediate the problem itself.
Since the publication of Interisle Consulting’s name collisions report, CBA said it has discovered that its own systems “make extensive use of ‘.cba’ as a strictly internal domain.”
Leakage is the reason Interisle’s analysis of root error traffic saw so many occurrences of .cba, the bank claims:

As the cause of the name collision is primarily from CBA internal systems and associated certificate use, it is within the CBA realm of control to detect and remediate said systems and internal certificate use.

One has to wonder how CBA can be so confident based merely on an “internal investigation”, apparently without access to the same extensive and highly restricted data set Interisle used.
There are many uses of the string CBA and there can be no guarantees that CBA is the only organization spewing internal DNS queries out onto the internet.
CBA’s comment is however notable for being an example of a bank that is so unconcerned about the potential risks of name collision that it’s happy to let ICANN delegate its dot-brand without additional review.
This will surely help those who are skeptical about Interisle’s report and ICANN’s response to it.

2 Comments Tagged: .cba, commonwealth back of australia, ICANN, name collisions, new gTLDs, security

.vip and .now clear objections

The latest batch of Legal Rights Objection results has seen two proposed new gTLDs — .vip and .now — emerge unscathed from the objections phase of the new gTLD program.
There are six applications for .vip and one of the applicants, I-Registry, had filed LROs against its competitors.
Starbucks (HK), a cable company rather than a coffee chain, had also filed LROs against each of its five rivals for .now.
With yesterday’s decisions, all 10 objections have now been rejected.
In the case of .vip, every applicant wants to run it as a generic term, but I-Registry had obtained a European trademark on its proposed brand.
But Starbucks’ .now was to be a dot-brand reflecting a pre-existing mark unrelated to domain names. WIPO panelists found that trademark did not trump the proposed generic use by other applicants, however.
Both strings will now head to contention resolution, where an auction seems the most likely way to decide the winners.

1 Comment Tagged: .now, .vip, i-registry, ICANN, legal rights objection, new gTLDs, starbucks, wipo