Recent Posts
- .au prices going up
- Nominet names director hopefuls
- Crowdstrike screw-up took down ICANN’s email
- We grassed up .TOP, says free abuse outfit
- ICANN to earmark $10 million for new gTLD subsidies
- TV network rebrands on single-letter domain
- First registry gets breach notice over new abuse rules
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
Could this be ICANN’s most important public comment period ever?
How much power should governments have over the domain name industry? Should the industry be held responsible for the actions of its customers? Are domain names the way to stop crime?
These are some of the questions likely to be addressed during ICANN’s latest public comment period, which could prove to be one of the most important consultations it’s ever launched.
ICANN wants comments on governmental advice issued during the Beijing meeting two weeks ago, which sought to impose a broad regulatory environment on new gTLD registries.
According to this morning’s announcement:
[ICANN’s Board New gTLD Committee] has directed staff to solicit comment on how it should address one element of the advice: safeguards applicable to broad categories of New gTLD strings. Accordingly, ICANN seeks public input on how the Board New gTLD Committee should address section IV.1.b and Annex I of the GAC Beijing Communiqué.
Annex 1 of the Beijing communique is the bit in which the GAC told ICANN to impose sweeping new rules on new gTLD registries. It’s only a few pages long, but that’s because it contains a shocking lack of detail.
For all new gTLDs, the GAC wants ICANN to:
- Apply a set of abuse “safeguards” to all new gTLDs, including mandatory annual Whois accuracy audits. Domain names found to use false Whois would be suspended by the registry.
- Force all registrants in new gTLDs to provide an abuse point of contact to the registry.
- Make registries responsible for adjudicating complaints about copyright infringement and counterfeiting, suspending domains if they decide (how, it’s not clear) that laws are being broken.
For the 385 gTLD applications deemed to represent “regulated or professional sectors”, the GAC wants ICANN to:
- Reject the application unless the applicant partners with an appropriate industry trade association. New gTLDs such as .game, .broadway and .town could only be approved if they had backing from “relevant regulatory, or industry self-regulatory, bodies” for gaming, theater and towns, for example.
- Make the registries responsible for policing registrants’ compliance with financial and healthcare data security laws.
- Force registries to include references to organic farming legislation in their terms of service.
For gTLD strings related to “financial, gambling, professional services, environmental, health and fitness, corporate identifiers, and charity” the GAC wants even more restrictions.
Essentially, it’s told ICANN that a subset of the strings in those categories (it didn’t say which ones) should only be operated as restricted gTLDs, a little like .museum or .post are today.
It probably wouldn’t be possible for a poker hobbyist to register a .poker domain in order to blog about his victories and defeats, for example, unless they had a license from an appropriate gambling regulator.
Attempting to impose last-minute rules on applicants appears to reverse one of the GAC’s longstanding GAC Principles Regarding New gTLDs, dating back to 2007, which states:
All applicants for a new gTLD registry should therefore be evaluated against transparent and predictable criteria, fully available to the applicants prior to the initiation of the process. Normally, therefore, no subsequent addition selection criteria should be used in the selection process.
The Beijing communique also asks ICANN to reconsider allowing singular and plural versions of the same string to coexist, and says “closed generic” or “exclusive access” single-registrant gTLDs must serve a public interest purpose or be rejected.
There’s a lot of stuff to think about in the communique.
But ICANN’s post-Beijing problem isn’t whether it should accept the GAC’s advice, it’s to first figure out what the hell the GAC is actually asking for.
Take this bit, for example:
Registry operators will require that registrants who collect and maintain sensitive health and financial data implement reasonable and appropriate security measures commensurate with the offering of those services, as defined by applicable law and recognized industry standards.
This one paragraph alone raises a whole bunch of extremely difficult questions.
How would registry operators identify which registrants are handling sensitive data? If .book has a million domains, how would the registry know which are used to sell books and which are just reviewing them?
How would the registries “require” adherence to data security laws? Is it just a case of paying lip service in the terms of service, or do they have to be more proactive?
What’s a “reasonable and appropriate security measure”? Should a .doctor site that provides access to healthcare information have the same security as one that merely allows appointments to be booked? What about a .diet site that knows how fat all of its users are? How would a registry differentiate between these use cases?
Which industry standards are applicable here? Which data security laws? From which country? What happens if the laws of different nations conflict with each other?
If a registry receives a complaint about non-compliance, how on earth does the registry figure out if the complaint is valid? Do they have to audit the registrant’s security practices?
What should happen if a registrant does not comply with these laws or industry standards? Does its domain get taken away? One would assume so, but the GAC, for some reason, doesn’t say.
The ICANN community could spend five years discussing these questions, trying to build a framework for registries to police security compliance, and not come to any consensus.
The easier answer is of course: it’s none of ICANN’s business.
Is it ICANN’s job to govern how web sites securely store and transmit healthcare data? I sure hope not.
And those are just the questions raised by one paragraph.
The Beijing communique as a whole is a perplexing, frustrating mess of ideas that seems to have been hastily cobbled together from a governmental wish-list of fixes for perceived problems with the internet.
It lacks detail, which suggests it lacks thought, and it’s going to take a long time for the community to discuss, even as many affected new gTLD applicants thought they were entering the home stretch.
Underlying everything, however, is the question of how much weight the GAC’s advice — which is almost always less informed than advice from any other stakeholder group — should carry.
ICANN CEO Fadi Chehade and chair Steve Crocker have made many references recently to the “multi-stakeholder model” actually being the “multi-equal-stakeholder model”.
This new comment period is the first opportunity the other stakeholders get to put this to the test.
New registrar deal to bring big changes to the domain name industry
Big changes are coming to Whois, privacy services and resellers, among other things, under the terms of a newly agreed contract between domain name registrars and ICANN.
A proposed 2013 Registrar Accreditation Agreement that is acceptable to the majority of registrars, along with a plethora of supporting documentation, has been posted by ICANN this morning.
This “final” version, which is expected to be approved by ICANN in June, follows 18 months of often strained talks between ICANN and a negotiating team acting for all registrars.
It’s expected that only 2013 RAA signatories will be able to sell domain names in new gTLDs.
Overall, the compromise reflects ICANN’s desire to ensure that all registrars adhere to the same high standards of conduct, bringing contractual oversight to some currently gray, unregulated areas.
It also provides registrars with greater visibility into their future businesses while giving ICANN ways to update the contract in future according to the changing industry landscape.
For registrants, the biggest changes are those that came about due to a set of 12 recommendations made a few years ago by law enforcement agencies including the FBI and Interpol.
Notably, registrars under the 2013 RAA will be obliged to verify the phone number or email address of each registrant and suspend the domains of those it cannot verify.
That rule will apply to both new registrations, inter-registrar transfers and domains that have changes made to their Whois records. It will also apply to existing registrations when registrars have been alerted to the existence of possibly phony Whois information.
It’s pretty basic stuff. Along with provisions requiring registrars to disclose their business identities and provide abuse points of contact, it’s the kind of thing that all responsible online businesses should do anyway (and indeed all the big registrars already do).
Registrars have also agreed to help ICANN create an accreditation program for proxy and privacy services. Before that program is created, they’ve agreed to some temporary measures to regulate such services.
This temporary spec requires proxy services to investigate claims of abuse, and to properly inform registrants about the circumstances under which it will reveal their private data.
It also requires the proxy service to hold the registrant’s real contact data in escrow, to be accessed by ICANN if the registrar goes out of business or has its contract terminated.
This should help registrants keep hold of their names if their registrar goes belly-up, but of course it does mean that their private contact information will be also stored by the escrow provider.
But the biggest changes in this final RAA, compared to the previously posted draft versions, relate to methods of changing the contract in future.
Notably, registrars have won the right to perpetual renewal of their contracts, giving them a bit more long-term visibility into their businesses.
Under the current arrangement, registrars had to sign a new RAA every five years but ICANN was under no obligation to grant a renewal.
The 2013 contract, on the other hand, gives registrars automatic renewal in five-year increments after the initial term expires, as long as the registrar remains compliant.
The trade-off for this is that ICANN has codified the various ways in which the agreement can be modified in future.
The so-called “unilateral right to amend” clauses introduced a few months ago — designed to enable “Special Amendments” — have been watered down now to the extent that “unilateral” is no longer an accurate way to describe them.
If the ICANN board wants to introduce new terms to the RAA there’s a series of complex hoops to jump through and more than enough opportunities for registrars to kill off the proposals.
Indeed, there are so many caveats and a so many procedural kinks that would enable registrars to prevent ICANN taking action without their consent I’m struggling to imagine any scenario in which the Special Amendment process is successfully used by the board.
But the final 2013 RAA contains something entirely new, too: a way for ICANN’s CEO to force registrars back to the negotiating table in future.
This seems to have made an appearance at this late stage of negotiations precisely because the Special Amendment process has been castrated.
It would enable ICANN’s CEO or the chair of the Registrars Stakeholder Group to force the other party to start talking about RAA amendments with a “Negotiation Notice”. If the talks failed, all concerned would head to mediation, and then arbitration, to sort out their differences.
My guess is that this Negotiation Notice process is much more likely to be used than the Special Amendment process.
It seems likely that these terms will provide the template for similar provisions in the new gTLD Registry Agreement, which is currently under negotiation.
The 2013 RAA public comment period is open until June 4, but I don’t expect to see any major changes after that date. The documents can be downloaded, and comments filed, here.
GAC delivers sweeping advice that will delay scores of new gTLDs by months
ICANN’s Governmental Advisory Committee has issued the kiss of death to two new gTLD applications and sweeping advice that will delay many, many more.
In its Beijing communique, issued this hour, the GAC as expected delivered advice against whole categories of gTLDs and provided a lengthy but “non-exhaustive” list of affected bids.
First, the GAC said that the .africa bid filed by DotConnectAfrica and the .gcc bid filed by GCCIX WLL should be rejected. Those were full consensus objections.
Two gTLDs related to Islam: .islam and .halal, have non-consensus objections, and will now have to be considered by the ICANN board of directors directly.
The GAC also said it needed more time, until ICANN’s meeting in Durban this July, to consider delivering specific advice against 14 more:
the GAC advises the ICANN Board to: not proceed beyond Initial Evaluation with the following strings: .shenzhen (IDN in Chinese), .persiangulf, .guangzhou (IDN in Chinese), .amazon (and IDNs in Japanese and Chinese), .patagonia, .date, .spa, .yun, .thai, .zulu, .wine, .vin
On the issue of plurals versus singulars, the GAC said ICANN should “Reconsider its decision to allow singular and plural versions of the same strings.” This affects about 60 applications.
But it doesn’t end there.
As predicted, the GAC has also issued swathes of advice against scores of proposed gTLDs in 12 categories: children, environmental, health and fitness, financial, gambling, charity, education, intellectual property, professional services, corporate identifiers, generic geographical terms and inherently governmental functions.
A “non-exhaustive” list of applications has been provided for each category, covering well over 100, setting the stage for a fight over inclusion for any application that the GAC forgot about.
If the GAC gets its way, any application that falls into one of these categories will have to have enhanced regulations governing Whois, abuse mitigation, and security.
The GAC also has its say on “closed generics”, which it calls “exclusive registry access” strings. They should only be awarded if they serve a public interest purpose, the GAC said.
In short, the advice is extraordinarily broad and seems to delegate the considerable work of picking through the mess to ICANN.
More analysis later…
Registries still angry despite ICANN concessions on new gTLD contract
Domain name companies are coming close to agreement with ICANN on two critical new contracts, but there was still substantial skepticism and anger on display in Beijing yesterday.
It was revealed during a session at ICANN 46 that the long-running negotiations on the 2013 Registrar Accreditation Agreement are now pretty much done, with apparent compromise from both sides.
In addition, the proposed Registry Agreement for new gTLDs has been toned down to make it more acceptable to applicants, with ICANN apparently confident that agreement can be reached soon.
But while registrars seemed relatively content with their outcome, registries appear to still be very upset indeed, largely due to the new “special amendments” process that continues to be on the table.
This unilateral-right-to-amend proposal, which ICANN sprung on the industry in February, has been watered down along the lines that we reported last week.
The scope of the amendment process has been narrowed to items outside the “picket fence” that surrounds ICANN’s regulatory jurisdiction, and there are a few more ways companies can head off ICANN intervention.
“It’s not quite a unilateral amendment process any more, we’ve built in a lot of safeguards,” ICANN senior counsel Samantha Eisner told the meeting.
What’s new in the RAA?
These are some of the other things that have been agreed since the last draft of the RAA was posted a month ago.
- Privacy opt-out on Whois. Registrars based in places such as Europe, which has stronger data protection laws than the US, will be able to opt out of the Whois data retention and verification rules if they can show that they’d be breaking the law otherwise. They won’t have to wait to to get sued first, either.
- Account holder verification. As well as validating the email address or phone number used in the public Whois, registrars will do the same checks on their private account-holder records.
- Proxy and privacy services. If ICANN doesn’t come up with an accreditation program for proxy/privacy services by a certain deadline, the temporary specs in the 2013 RAA will expire.
- Port 43 obligations scrapped. Registrars will no longer have to provide Whois service over port 43 for gTLDs with “thick” registries. They’ll still have to provide it on their web sites though.
The registrars have also agreed to measures that address all 12 of the recommendations proposed by law enforcement agencies a few years ago, which is what kicked off the RAA renegotiation in the first place.
However, as we reported yesterday, law enforcement in the US and Europe are not impressed with the RAA, saying it doesn’t go far enough to verify domain registrants’ identities.
The Governmental Advisory Committee is due to speak to the ICANN board later today, and this is a topic it is likely to bring up. The RAA story may not be over yet.
Generally, the mood from registrars seemed to be mixed but relatively upbeat.
Rob Hall of Pool.com said he’s going to sign the new RAA as soon as possible. He said that the fact that the 2013 RAA is needed in order to sell new gTLD domains is an impetus to sign it.
Elliot Noss of Tucows said he was less eager to sign. He said that the new gTLDs likely to launch in the short term (uncontested ones, in other words) are unlikely to be the most lucrative ones.
Registries and new gTLD applicants, on the other hand, were not so happy with their lot.
Anger over the Registry Agreement
Yesterday’s session in Beijing was notable for a jarring moment in which normally mild-mannered Verisign policy veep Chuck Gomes threw an uncharacteristic wobbler, politely but brutally attacking ICANN for acting in bad faith and treating registries like “second-class citizens”.
He took issue with the fact that the special amendments process in the Registry Agreement was first introduced by ICANN, and then rejected by the community, a few years back.
ICANN can’t describe its eleventh-hour return as an act of “good faith”, he said.
“You’re dealing with organizations on the registry and registrar side that fund 95%, through our registrants, of your budget, and yet we’re treated like second class citizens by throwing something at us that totally reverses a community, multi-stakeholder, bottom-up decision that was made three years ago,” he said.
“Convince me that that was in good faith. I don’t think you can,” he said, receiving a round of applause.
New gTLD applicants such as Verisign have had less time to assemble their collective thoughts and come to a unified negotiating position on the RA, which was thought to be settled until recently.
The amendment provisions were introduced by ICANN in February, and applicants don’t yet have a the same kind of negotiating team the registrars have had for the past 18 months.
What’s more, they’re worried that ICANN is trying to push the changes through without giving them enough time for talks.
Rumors have been circulating in Beijing that the ICANN board is preparing to approve the RAA and RA at a meeting April 20, in time for the first registries to sign up at its April 23 new gTLDs media event.
Under persistent questioning, ICANN vice president of industry engagement Cyrus Namazi said in various different ways that ICANN has no intention to rush-approve an RA to an arbitrarily chosen date.
ICANN says it needs its special amendment rights in order to address unknown future situations in which the voting dynamics of the ICANN policy-making bodies are dominated by special interests that want to block contract changes that would be in the public interest.
Noss from Tucows, an applicant as well as a registrar, said he’s been asking for specific examples of possible reasons the special amendment process would be invoked, but has had no response from ICANN.
He further suggested that if ICANN is so worried about future uncertainties that it feels it needs these rights, then registries and registrars should get the same rights to force amendments.
Chehade says “no delay” as Verisign drops a security bomb on ICANN
Verisign today said that the new gTLD program presents risks to the security of the internet, but ICANN CEO Fadi Chehade told DI that he’s not expecting any new delays.
The .com behemoth tonight delivered a scathing review of the security and stability risks of launching new gTLDs on ICANN’s current timetable.
The new Verisign report catalogs the myriad ways in which ICANN is not ready to start approving new gTLDs, and the various security problems they could cause if launched without due care.
It strongly suggests that ICANN should delay the program until its concerns are addressed.
But Chehade, in an exclusive interview with DI tonight, rebutted the already-emerging conspiracy theories and said: “There’s nothing new here that would cause me to predict a new delay.”
What does the Verisign report say?
It’s a 21-page document, and it covers a lot of ground.
The gist of it is that ICANN is rushing to launch new gTLDs without paying enough attention to the potential security and stability risks that a vast influx of new gTLDs could cause.
It covers about a dozen main points, but here are the highlights:
- Certificate authorities and browser makers are not ready. CAs have long issued certificates for use on organizations’ internal networks. In many cases, these certs will use TLDs that only exist on that internal network. A company might have a private .mail TLD, for example, and use certs to secure those domains for its users. The CA/Browser Forum, which coordinates CAs and browser makers, has decided (pdf) to deprecate these certs, but not until October 2016. This, Verisign says, creates a “vulnerability window” of three years during which attackers could exploit clashes between certs on internal TLDs and new gTLDs.
- Root server operators are not ready. The organizations that run the 13 DNS root servers do not currently coordinate their performance metrics, Verisign said. This makes it difficult to see what impact new gTLDs will have on root server stability. “The current inability to view the root server system’s performance as a whole presents a risk when combined with the impending delegation of the multitude of new gTLDs,” Verisign said.
- Root zone automation isn’t done yet. ICANN, Verisign and the US Department of Commerce are responsible for adding new gTLDs to the root zone, and work on automating the “TLD add” process is not yet complete. Verisign reckons this could cause “data integrity” problems at the root.
- The Trademark Clearinghouse is not ready. Delays in finalizing the TMCH technical specs mean registries haven’t had sufficient time to build their interfaces and test them, and the TMCH itself is a potential single point of failure with an unknown attack profile.
- Universal acceptance of new TLDs. Verisign points out that new gTLDs won’t be immediately available to users when they go live due to lack of software support. It points specifically to the ill-maintained Public Suffix List, used by browsers to set cookie boundaries, as a potential risk factor.
- A bunch of other stuff. The report highlights issues such as zone file access, data escrow, Whois and pre-delegation testing where Verisign reckons ICANN has not given registries enough time to prepare.
Basically, Verisign has thrown pretty much every risk factor it can think of into the document.
Some of the issues of concern have been well-discussed in the ICANN community at large, others not so much.
Yeah, yeah, but what did Fadi say?
Chehade told DI this evening that he was surprised by the report. He said he’s been briefed on its contents today and that there’s “nothing new” in it. The program is “on track”, he said.
“What is most surprising here is that there is nothing new,” he said. “I’m trying to get my finger on what is new here and I can’t find it.”
“It was very surprising to see this cornucopia of things put together,” he said. “I’m struggling to see how the Trademark Clearinghouse has a security impact, for example.”
He added that some of Verisign’s other concerns, such as the fact that the Emergency Back-End Registry Operator is not yet up and running, are confusing given that existing TLDs don’t have EBEROs.
The report could be divided into two buckets, he said: those things related to ICANN’s operational readiness and those things related to the DNS root.
“Are these operational issues really security and stability risks, and given that we can only launch TLDs when these things are done… what’s the issue there?” he said.
On the DNS root issues, he pointed to a November 2012 report, signed by Verisign, that said the root is ready to take 1,000 new gTLDs a year or 100 a week.
So the Conspiracy Theory is wrong?
When ICANN held a webinar for new gTLD applicants earlier this week, Chehade spent an inordinate amount of time banging home the point that security and stability concerns underpin every stage of the new gTLD program’s timetable.
As this slide from his presentation (click to enlarge) illustrates, security, stability and resiliency or “SSR” is the foundation of every timing assumption.
He said during the webinar:
Nothing will trump the gTLD process, nothing, but the SSR layer. The SSR layer is paramount. It is our number one responsibility to the internet community. Nothing will be done that jeopardizes the security and stability of the internet, period.
At any time if we as a community do not believe that all relevant security and stability matters have been addressed, if we do not believe that’s the case, the program freezes, period.
There is too much riding on the DNS. Hundreds of billions of dollars of commerce. Some may say livelihoods. We will not jeopardize it, not on my watch, not during my administration.
During the webinar, I was lurking on an unofficial chat room of registries, registrars and others, where the mood at that point could be encapsulated by: “Shit, what does Chehade know that he’s not telling us?”
Most people listening to the webinar were immediately suspicious that Chehade was expecting to receive some last-minute security and stability advice and that he was preparing the ground for delay.
The Verisign report was immediately taken as confirmation that their suspicions were correct.
It seemed quite likely that ICANN knew in advance that the report was coming down the pike and was not-so-subtly readying applicants for a serious SSR discussion in Beijing a little over a week from now.
When I asked Chehade a few times whether he knew the Verisign report was coming in advance, he declined to give a straight answer.
My feeling is he probably did, though he may not have known precisely what it was going to say. The question is perhaps less relevant given what he said about its contents.
But what Chehade thinks right now is probably not the biggest concern for new gTLD applicants.
The GAC’s reaction is now critical
The Verisign document could be seen as pure GAC fodder. How the Governmental Advisory Committee reacts to the report, which was CC’d to the US Department of Commerce, is now key.
The GAC has been banging on about root system stability for years and will, in my view, lap up anything that seems to prove that it was right all along.
The GAC will raise the Verisign report with ICANN in Beijing and, if it doesn’t like what it hears, it might advise delay. GAC advice is a lot harder for ICANN’s board to ignore than a self-serving Verisign report.
What’s Verisign playing at?
So why did Verisign issue the report now? I’ve been unable to get the company on the phone at this late hour, but I’ve asked some other industry folk for their responses.
Verisign’s super-lucrative .com contract is the obvious place to start theorizing.
Even though the company has over 200 new gTLD back-end contracts — largely with dot-brand applicants — .com is its cash cow and new gTLDs are a potential threat to that business.
The company has sounded a little more aggressive — talking about enforcing its patents and refusing to comply with ICANN’s audits — since the US Department of Commerce ordered a six-year .com price freeze last November.
But Chehade would not speculate too much about Verisign’s motives.
“I can’t read why this report and why now,” Chehade said. “Especially when there’s nothing new in it. That’s not for me to figure out. It’s for me to look at this report with a critical eye and understand if there’s something we’re not addressing. If there is, and we find it, we’ll address it.”
He pointed to a flurry of phone calls and emails to his desk after the Initial Evaluation results started getting published last week for a possible reason for the report’s timing.
“I think the real change that’s happened in the last few months is that the new gTLD program is now on track and for the first time people are seeing it coming,” he said.
Competitors were more blunt.
“It’s a bloody long report,” said ARI Registry Services CEO Adrian Kinderis. “Had they put the same amount of effort into working with ICANN, we’d be a lot better off on the particular issues.”
Mystery web site proposes new gTLD “string change” system
Somebody out there is bummed that they can’t afford to win their new gTLD contention set.
A new web site, StringChange.org, is planning to petition ICANN to allow new gTLD applicants to change the string they’ve applied for, for an extra $100,000 fee.
It’s not clear who’s behind the proposal, which was sent to every new gTLD applicant via email today. The page is unsigned and the domain is registered behind Whois privacy.
The site states:
We are proposing that ICANN allow the option of a “String Change” to applicants in contention, allowing these applicants, if they so choose, to change their string to another string and rewrite the appropriate parts of their applications. In doing so, these applicants would relinquish the right to their original string that is in contention, and be assessed a reevaluation fee of $100,000.
Many applicants would choose this over going to auction, being outbid, and never having the opportunity to launch a TLD and implement their business models. This also creates fairness for smaller groups to have the opportunity to launch and operate a TLD, especially when they are currently up against corporate giants such as Amazon or Google.
It goes on to say that a special “String Change round” of applications would begin in 2014, restricted to applicants who don’t fancy their chances punching it out with Google at auction in 2013.
The system would enable applicants that do not want to change their strings to get to market earlier, the site reckons.
It’s soliciting email addresses for its ICANN petition.
Good idea? Bad idea? Mediocre satire? Cheap attempt to see which applicants have gotten cold feet?
Confusion reigns over three “hijacked” ccTLDs
Control over three ccTLDs is currently up in the air due to the alleged hijacking of one of the registry operator’s domain names.
The TLDs for the Turks and Caicos Islands (.tc), the British Virgin Islands (.vg) and Grenada (.gd) are all nominally managed by a UK-based company called AdamsNames.
Last October, AdamsNames outsourced the back-end technical functions of the registry to KSRegistry, the registry sister company to German registrar Key-Systems.
But this week, it’s difficult to say who’s in charge any more.
KSRegistry, in an official statement, said yesterday that an unspecified “third party” had managed to take over the registry’s domain name, AdamsNames.net, and was operating a “shadow registry” there.
Today, the KSregistry GmbH, a hundred percent subsidiary of the Key-Systems GmbH, has learned that a third party has executed a transfer of the domain name adamsnames.net and now operates a shadow registry under this domain. According to the CEO of AdamsNames Ltd., Mr. Carsten Pauli, this transfer was not authorized by the registry operator.
Whois records show that the domain was transferred away from Key-Systems to Hexonet last week, and that the administrative contact changed from an address in London to an address in Istanbul.
The name on the records was Ertan Ulutas before and after the transfer.
So has Ulutas, by taking control over what is in effect the official registry web site, hijacked all three registries?
Statements appearing on AdamsNames.net this week tell a different story.
Whoever’s in control of the domain — presumably Ulutas — claims that the outfit is “currently experiencing a high level Corporate hijack from the minority shareholder Carsten Pauli and Key Systems GmbH.”
A statement today reads:
As you are all aware AdamsNames Ltd has been run by us for a while. Key Systems is our former Registry Backend provider. We recently noticed, the adamsnames.com domain, for which Key Systems was the Registrar had been illegally transferred into another account without any notice or authorisation from us.
Upon realising this we transferred our other gTLD domains to another Registrar. Due to this matter we lost trust in Key Systems GmbH and decided to run it ourselves. Please be aware that our Registry is fully operational.
All domains can be registered, renewed and updated as usual. We could not trust a company with three ccTLD’s if we could not trust them with one domain!
Whois records show that Pauli recently became the owner of AdamsNames.com. Ulutas was the previous owner. The domain is registered via Key-Systems.
KSRegistry, which has declined to comment beyond its prepared statement yesterday, said:
KSregistry GmbH still provides the technical back-end services for the ccTLDs .TC, .GD and .VG authorized by AdamsNames Ltd., but this is currently hampered by the actions of the third party.
In order to not endanger the integrity of the zone after addressing the issues, the Key-Systems GmbH as registrar has decided to not permit current modifications to domains under .TC, .GD and .VG. The resolution and renewal of the domains are not affected.
What seems to be happening here is that Pauli and Ulutas have had some kind of dispute, and that as a result the registrants and the reputation of three countries’ ccTLDs have been harmed.
Very amateurish.
UPDATE: Key-Systems founder and CEO Alexander Siffrin has issued the following updated statement in response to the latest claims on Adamsnames.net:
Key-Systems GmbH has at no time hijacked a domain name from Adamsnames Ltd. It has in the incident referred to by the party currently claiming to represent Adamsnames acted upon a request of the director of Adamsnames Ltd. who is also the signatory of the agreement outsourcing the technical backend of the registry to KSregistry GmbH.
On the other hand the transfer of the domain name adamsnames.net and with that the ability to change the management of the zone has to our knowledge been initiated without permission of Adamsnames Ltd.
It is noteworthy that at this time the domain names listed by the current technical operator do not list Adamsnames Ltd. as registrant:
ADAMSNAMES.NET
adamsnames.org
adamsnames.eu
You may draw your own conclusions.
Registrars and ICANN hit impasse on new RAA
ICANN and its accredited domain name registrars have hit a brick wall in their long-running contract negotiations, after ICANN demanded the right to unilaterally amend the deal in future.
Documents published by ICANN this morning reveal that the two sides have reached agreement on almost all of their previous sticking points — including the extremely thorny issue of Whois verification — but have run into some fundamental, eleventh-hour disagreements.
As we’ve been reporting for the last couple of weeks, the big unresolved issue is ICANN’s unilateral right to amend the Registrar Accreditation Agreement in future, which registrars absolutely hate.
Death of the GNSO? Again?
The text of that proposed change has today been revealed to be identical to the text ICANN wants to insert into the Registry Agreement that all new gTLD registries must sign.
It gives ICANN’s board of directors the right, by two-thirds majority, to make essentially any changes they want to the RA and RAA in future, with minimal justification.
Registrars are just as livid about this as new gTLD applicants are.
The proposed change appears to be one of those introduced last month that ICANN said “[stems] from the call by ICANN’s CEO, Fadi Chehadé, to work to improve the image of the domain industry and to protect registrants”.
Chehadé has been on the road for the last couple of months trying to raise ICANN’s profile in various stakeholder groups in the private and public sectors around the world.
One of the memes he’s impressed upon contracted parties and others is that people don’t trust the domain name industry. Part of ICANN’s solution, it seems, is to grant its board more powers over registries and registrars.
But the Registrars Stakeholder Group reckons unilateral amendments would torpedo the multistakeholder process by emasculating the Generic Names Supporting Organization. It said:
The effect of such a clause in the primary agreements between ICANN and its commercial stakeholders would be devastating to the bottom-up, multi-stakeholder model.
First, it will effectively mean the end of the GNSO’s PDP [Policy Development Process], as the Board will become the central arena for all controversial issues, not the community.
Second, it creates an imbalance of authority in the ICANN model, with no limits on the scope or frequency of unilateral amendments, and no protections for registrars and more important registrants.
That’s the biggest barrier to an agreement right now, and it’s one shared by the entire contracted parties constituency of ICANN. Expect fireworks in Beijing next month.
Friction over new gTLDs
Registrars and registries are also angry about the fact that ICANN wants to force registrars to adopt the 2013 RAA, even if their 2009 or 2001 deals are still active, if they want to sell new gTLDs.
RrSG secretary Michele Neylon of Blacknight told DI today that it looks like ICANN is trying to “drive a wedge” between registrars and registries.
Here’s why:
ICANN is trying desperately to stick to its new gTLD program timetable, which will see it start signing Registry Agreements with new gTLD applicants in late April.
But it wants the base RA to include a clause obliging registries to only sell via registrars on the 2013 RAA.
Because the 2013 RAA is not yet finalized, registrars could potentially hold up the approval and delegation of new gTLDs if they don’t quickly agree to the changes ICANN wants.
According to Neylon, the documents released today have been published prematurely; with a little more time agreement could be reached on some of the remaining differences.
Again: expect fireworks in Beijing.
Whois records will be verified
But the new RAA is not all friction.
ICANN and registrars have finally come to agreement on important topics where there was previously sharp divergence.
Registrars have agreed to a new Whois Accuracy Program Specification that is a lot weaker than ICANN had, working from a blueprint laid out by governments and law enforcement agencies, first asked for.
Under the 2013 RAA signed-up registrars will have to start verifying certain elements of the contact information submitted by their registrants.
Notably, there’ll be a challenge-response mechanism for first-time registrants. Registrars will ask their customers to verify their email address or enter a code that has been sent to them via SMS text message or phone.
Note the “or” in that sentence. ICANN and law enforcement wanted registrars to do email “and” phone verification, but ICANN appears to have relented after months of registrars yapping about costs.
In future practice, because email verification is far easier and cheaper to implement, I’d be surprised if phone verification is used in anything but the rarest of cases.
Other data points will also be verified, but only to see that they conform to the correct formats.
Registrars will have to make sure that mailing addresses meet the Universal Postal Union standards, and that phone numbers conform to International Telecommunications Union formatting, for example.
They’ll also have to verify that the street address exists (if they have access to that data) but there will be no obligation to make sure that address and phone number actually belong to the registrant.
Registrants that provide patently false information that fails registrar verification will get 15 days to correct it or face the suspension of their domains.
ICANN wants registrars to also verify their customer records (which are usually different to the Whois records and, anecdotally, more accurate anyway) too, but registrars have so far not agreed to do so.
Taken as a whole, at first reading it’s difficult to see how the new Whois verification spec will do anything to prevent fast-turnover abuse such as phishing, but it may go a small way to help law enforcement investigate longer-term scams such as counterfeit goods sites.
The proposed 2013 RAA, along with more explanatory documents than you could possibly read in a coffee break is now open for public comment, with the reply period closing shortly after the Beijing meeting.
ICANN to reveal Registrant Rights & Responsibilities (and here’s a draft copy)
ICANN is set to publish and start promoting a new Registrant Rights & Responsibilities charter at some point over the next couple of days, we hear.
The one-page document is set to become an important part of CEO Fadi Chehade’s plan to make the domain name industry appear more trustworthy and likable in the eyes of the internet-using public.
He first revealed the idea during a meeting with registries and registrars in Amsterdam last month.
An ICANN-commissioned study showed that people have a very low opinion of the industry, he told them.
The new document is designed to address some of those concerns.
While the charter may be presented as originating in the industry, it was first drafted by ICANN and we hear that some registrars have been somewhat reluctant to agree to it.
“It’s like when you’re a kid and your dad gives you a birthday card to sign for your mom,” one registrar told us.
The legalese-stricken document that ICANN originally presented to them over-stretched and could have carried legal exposure, they added.
DI has been sent of copy of what we’re told is a close-to-final draft of the document, which we understand is more agreeable to most registrars. We’ve pasted it below in full.
Registrants’ Rights and Responsibilities
Domain Name Registrants’ Rights:
- Your domain name registration and any privacy services you may use in conjunction with it must be subject to a Registration Agreement with an ICANN Accredited Registrar.
- You are entitled to review this Registration Agreement at any time, and download a copy for your records.
- You are entitled to accurate and accessible information about:
- The identity of your ICANN Accredited Registrar;
- The identity of any privacy service provider affiliated with your Registrar;
- Your Registrar’s terms and conditions, including pricing information, applicable to domain name registrations;
- The terms and conditions, including pricing information, applicable to any privacy services offered by your Registrar;
- The customer support services offered by your Registrar and the privacy services provider, and how to access them;
- How to raise concerns and resolve disputes with your Registrar and any privacy services offered by them; and
- Instructions that explain your Registrar’s processes for registering, managing, transferring, renewing, and restoring your domain name registrations, including through any privacy services made available by your Registrar.
- You shall not be subject to false advertising or deceptive practices by your Registrar or though any privacy services made available by your Registrar. This includes deceptive notices, hidden fees, and any practices that are illegal under the consumer protection law of your residence.
Domain Name Registrants’ Responsibilities:
- You must comply with the terms and conditions posted by your Registrar, including applicable policies from your Registrar, the Registry and ICANN.
- You must review your Registrar’s current Registration Agreement, along with any updates.
- You will assume sole responsibility for the registration and use of your domain name.
- You must provide accurate information for publication in directories such as WHOIS, and promptly update this to reflect any changes.
- You must respond to inquiries from your Registrar within fifteen (15) days, and keep your Registrar account data current. If you choose to have your domain name registration renew automatically, you must also keep your payment information current.
It draws on changes ICANN and registrars have agreed to in the 2013 (hopefully) Registrar Accreditation Agreement, such as registrar commitments to provide basic information about themselves.
As for the 2013 RAA itself, we hear that ICANN wants to present a final version to its board of directors for approval during its public meeting in Beijing in early April.
That would mean opening it up for public comment next week, but registrars and ICANN have not yet agreed to a final draft for publication, despite now-daily negotiation meetings.
The major sticking point, we gather, is an amendment that would give ICANN a unilateral right to change the contract in future — similar to the proposed gTLD Registry Agreement provision currently causing a shitstorm in the new gTLD applicant community.
There’s also controversy about the fact that ICANN wants to restrict new gTLDs to only registrars that sign the new RAA, which is designed to be a carrot to get them to sign up even if their 2009/2001 RAAs are still active.
NTIA fights Big Content’s corner, tells ALL new gTLD applicants to submit PICs
The National Telecommunications and Information Administration said today that all new gTLD applicants, even those that have not already been hit by government warnings, should submit Public Interest Commitments to ICANN.
In a rare comment sent to an ICANN public forum today, the NTIA suggested that applicants should use the process to help combat counterfeiting and piracy.
The agency, the part of the US Department of Commerce that oversees ICANN and participates in its Governmental Advisory Committee, said (emphasis in original):
NTIA encourages all applicants for new gTLDs to take advantage of this opportunity to address the concerns expressed by the GAC in its Toronto Communique, the individual early warnings issued by GAC members, and the ICANN public comment process on new gTLDs, as appropriate.
PICs were introduced by ICANN earlier this month as a way for applicants to voluntarily add binding commitments — for example, a promise to restrict their gTLD to a certain user base — to their registry contracts.
The idea is to let applicants craft and agree to stick to special terms they think will help them avoid receiving objections from the GAC, GAC members and others.
NTIA said that applicants should pay special attention in their PICs to helping out the “creative sector”.
Specifically, this would entail “ensuring that WHOIS data is verified, authentic and publicly accessible”.
They should also “consider providing an enforceable guaranty that the domain name will only be used for licensed and legitimate activities”, NTIA said, adding:
NTIA believes that these new tools may help in the fight against online counterfeiting and piracy and is particularly interested in seeing applicants commit to these or similar safeguards.
The PICs idea isn’t going down too well in the applicant community, judging by other submissions this week.
The Registries Stakeholder Group of ICANN, for example, says its members are feeling almost “blackmailed” into submitting PICs, saying the timing is “completely unreasonable”.
As DI noted when PICs was first announced, applicants have been given until just March 5 to submit their commitments, raising serious questions about the timetable for objections and GAC advice.
The RySG has even convened a conference call for March 4 to discuss the proposal, which it says “contains so many serious and fundamental flaws that it should be withdrawn in
its entirety”.
Recent Comments