Recent Posts
- .au prices going up
- Nominet names director hopefuls
- Crowdstrike screw-up took down ICANN’s email
- We grassed up .TOP, says free abuse outfit
- ICANN to earmark $10 million for new gTLD subsidies
- TV network rebrands on single-letter domain
- First registry gets breach notice over new abuse rules
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
ICANN looking for new gTLD testing provider on very tight deadline
ICANN is seeking one or more pre-delegation testing providers for its new gTLD program on a very ambitious timetable.
An RFP issued yesterday calls for a company that can scratch-build a testing suite to put new gTLD applicants through the ringer before they go live, and have it up and running by March 25, 2013.
Pre-delegation testing is the last stage of the new gTLD program’s approval process.
Some new gTLD applicants have recently called on ICANN to begin testing as soon as possible — before even Initial Evaluation has finished — in order to speed up time to market.
The Applicant Guidebook suggests that ICANN itself would be doing the testing, and some applicants had made that assumption, but that’s clearly not the case.
The RFP spells out exactly what is required of the testing providers.
First, they’re expected to build bespoke software to run the tests.
In addition to load-testing and verifying the registry’s compliance with standards such as EPP, DNSSEC and Whois, it also needs a custom-made user interface for applicants and back-end integration with ICANN’s wobbly TLD Application System.
ICANN also wants to be able to open-source the software, which seems to rule out any off-the-shelf testing suites.
RFP respondents also need to be able test 20 applicants’ back-ends per week — potentially scaling up to 100 per week — as soon as ICANN starts signing registry agreements next year.
ICANN does not expect to announce the winning provider(s) until December 5. The deadline for responses is November 20.
In short, it looks like a challenging project on a very tight deadline.
I wonder how much institutional knowledge there is out there of, say, DNSSEC, in companies that are not also involved in new gTLD applications as either applicant or back-end.
The pool of possible RFP respondents is likely very small indeed.
The ability to run tests on the testing suite itself may also be limited by the timetable and the possible shortage of guinea-pig registry back-ends.
Why ICANN has waited until this very late date to issue the RFP is a real head-scratcher.
ICANN is offering a 24-month contract with a possible 12-month extension. The RFP can be downloaded here.
Trademark protection stalemate follows ICANN 45
Trademark interests and new gTLD applicants are at odds about trademark protection — again — following the ICANN meeting in Toronto two weeks ago.
In a welcomed, not-before-time show of cooperation, the Intellectual Property Constituency and Business Constituency submitted to ICANN a bulleted list of requests for improved rights protection mechanisms.
The list is, for the most part, not particularly egregious — calling for a permanent Trademark Claims service and a Uniform Rapid Suspension service that meets its cost goals, for example.
But the New TLD Applicants Group (NTAG), an observer component of the Registries Constituency, has dismissed it out of hand, anyway, saying that the time for policy changes is over.
Here’s the IPC/BC list:
1. Extend Sunrise Launch Period from 30 to 60 days with a standardized process.
2. Extend the TMCH and Claims Notices for an indefinite period; ensure the process is easy to use, secure, and stable.
3. Complete the URS as a low cost alternative and improve its usefulness – if necessary, ICANN could underwrite for an initial period.
4. Implement a mechanism for trademark owners to prevent second-level registration of their marks (exact matches, plus character strings previously determined to have been abusively registered or used) across all registries, upon payment of a reasonable fee, with appropriate safeguards for registrants with a legitimate right or interest.
5. Validate contact information for registrants in WHOIS.
6. All registrars active in new gTLD registrations must adhere to an amended RAA for all gTLD registrations they sponsor.
7. Enforce compliance of all registry commitments for Standard applications.
8. Expand TM Claims service to cover at least strings previously found to have been abusively registered or used.
Most of these requests are not entirely new, and some have been rejected by the ICANN policy-development process and its board of directors before.
The NTAG points out as much in a letter to ICANN management last week, which says that new gTLD applicants paid their application fees based on promises in the Applicant Guidebook, which should not be changed.
Many of the BC & IPC proposed policy changes have been considered and rejected in no fewer than four different processes and numerous prior Board decisions. Indeed, many go far beyond the recommendations of the IRT, which was comprised almost exclusively of trademark attorneys. These last-minute policy recommendations amount to just another bite of the same apple that already has been bitten down to its core.
The new gTLD policy development process is over. Applicants relied on the policies in the final Guidebook in making business decisions on whether to apply. At the time that ICANN accepted applications and fees from applicants, ICANN and applicants entered into binding agreements. ICANN should not change these agreements unilaterally without extraordinary reason and especially not when it would materially harm the counterparties to the agreements.
The Applicant Guidebook, as it happens, asks applicants to explicitly acknowledge that ICANN may make “reasonable
updates and changes” to the rules, even after the application has been submitted.
But if applicants reckon changes would create a “material hardship”, ICANN is obliged to “work with Applicant in good faith to attempt to make reasonable accommodations in order to mitigate any negative consequences”
ICANN 45: Super-Fadi targets Trademark Clearinghouse and RAA talks
There can be no denying that ICANN’s new CEO was well received at the Toronto meeting last week.
From his opening speech, a sleeves-rolled-up address that laid out his management goals, and throughout the week, Fadi Chehadé managed to impress pretty much everybody I spoke to.
Now Chehadé has turned his attention to the formative Trademark Clearinghouse and the Registrar Accreditation Agreement talks, promising to bring the force of his personality to bear in both projects.
“I’m coming out of Toronto with two priorities for this year,” he said during an interview with ICANN’s media relations chief, Brad White, last Friday.
“The first one is obviously to get the Trademark Clearinghouse to work as best as possible, for all parties to agree we have a mechanism that can satisfy the interests of the parties.”
“The second one is the RAA,” he said. “Without question I’m going to be inserting myself personally into both these, including the RAA.”
These are both difficult problems.
Work on the TMCH hit a snag early last week when ICANN chief strategy officer Kurt Pritz told the GNSO Council that the “community consensus” implementation model proposed by registries presented a big problem.
The “live query model” proposed for the Trademark Claims service, which would require the TMCH to sit in the live domain registration path, should be taken “off the table”, he said.
ICANN is/was worried that putting a live database of trademark checks into the registration model that has functioned fairly well for the last decade is a big risk.
The TMCH would become a single point of failure for the whole new gTLD program and any unanticipated downtime, ICANN has indicated, would be hugely embarrassing for ICANN.
“I’m personally concerned that once you put the Clearinghouse in the path for that it’s very difficult to unring the bell, so I’d rather proceed in a way that doesn’t change that,” Pritz said.
His remarks, October 14, angered backers of the community model, who estimated that the live query model would only affect about 10% to 15% of attempted domain registrations.
“Taking it off the table is a complete mistake,” said Jeff Neuman of Neustar, one of the authors of the alternative “community” TMCH model.
“It is a proven fact that the model we have proposed is more secure and, we believe, actually looks out much more in favor of protecting trademark holders,” he said.
He noted that the community model was created in a “truly bottom-up” way — the way ICANN is supposed to function.
NetChoice’s Steve DelBianco, in a rare show of solidarity between the Business Constituency and the registries, spoke to support Neuman and the centralized community model.
“The BC really supports a centralized Trademark Clearinghouse model, and that could include live query,” DelBianco said. “I’m disturbed by the notion that an executive decision took it off the table.”
“My question is, was that the same executive decision that brought us the TAS and its glitches?” he added. “Was it the same executive decision process that gave us Digital Archery that couldn’t shoot straight?”
Pritz pointed out the logical flaw in DelBianco’s argument.
“The group that brought you TAS and Digital Archery… you want to put that in the critical path for domain names?” he said. “Our job here is to protect trademark rights, not change the way we register domain names.”
But Neuman and DelBianco’s dismay was short-lived. Within a couple of hours, in the same room, Chehadé had told the GNSO Council, in a roundabout sort of way, that the live query model was not dead.
Chehadé’s full remarks are missing from the official transcript (pdf), and what remains is attributed to GNSO Council chair Stephane Van Gelder, but I’ve taken a transcript from my own recording:
The very first week I was on the job, I was presented with a folder — a very nice little folder — and little yellow thing that said “Sign Here”.
So I looked at what I’m signing, as I normally do, and I saw that moving forward with a lot of activities related to the Trademark Clearinghouse as really what I’m being asked to move forward with.
And I’ll be frank with you, my first reaction was: do all the people who will be affected by this agreement… did we hear them all about this before we sign this? Are they all part of the decision-making that led us here?
And the answer was muddled, it was “Yes… and…”. I said: No, I want to make sure that we use the time we have in Toronto make sure we listen to everybody to make sure before I commit any party — any party — to anything, that this party is very much part of the process and part of the solution.
I know I wasn’t the only person in the room to wonder if the anecdote described an incident in which an ICANN executive attempted to pull a fast one on his new, green boss.
A day later, after private discussion with ICANN board and staff, supporters of the community TMCH model told me they were very encouraged that the live query model was still in play.
The problem they still face, however, is that the Intellectual Property Constituency — ostensibly representing the key customers of the TMCH — is publicly still on the fence about which model it prefers.
Without backing from the IPC, any TMCH implementation model would run the risk of appearing to serve contracted parties’ cost and risk requirements at the expense of brand owners.
Getting the IPC to at least take a view will likely be Chehadé’s first priority when it comes to the TMCH.
Finding common ground on the Registrar Accreditation Agreement could be an even more complex task.
While the bulk of the work — integrating requests from certain law enforcement agencies and the Governmental Advisory Committee into the contract — has been completed, Whois remains a challenge.
European registrars claim, in the light of correspondence from a EU privacy watchdogs, that implementing ICANN’s demanded Whois data re-verification and retention rules would make them break the law.
Registrars elsewhere in the world are less than impressed with ICANN’s proposed ‘opt-out’ solution, which would essentially create a two-tier RAA and may, they say, have some impact on competition.
Privacy advocates in Toronto told ICANN that if certain governments (largely, I suspect, the US) want their own local registrars to retain and re-verify Whois data, they should pass laws to that effect, rather than asking ICANN to enforce the rule globally.
The GAC told ICANN’s board of directors last Tuesday that the privacy letters emerging from the EU did not represent the views of the European Commission or the GAC, and nothing more was said on the matter.
How ICANN reacts to the European letters now seems to be rest with ICANN’s executive negotiating team.
While everyone at ICANN 45 seemed to be super-impressed by Chehadé’s competence and vision for sorting out ICANN, the other recurring meme is that actions speak louder than words.
During his first 40 days in the job he managed to persuade India into an about-face on its support for an intergovernmental replacement for ICANN, an impressive feat.
Can he chalk up more early wins by helping resolve the TMCH and RAA deadlocks?
“There’s frankly universal agreement that if I participate personally in these activities I would help these activities come to hopefully a reasonably conclusion that we can bank on,” he said in the White interview.
EU plays down “unlawful” Whois data worries
The European Commission yesterday gave short shrift to recent claims that ICANN’s proposed Whois data retention requirements would be “unlawful” in the EU.
A recent letter from the Article 29 Working Party — an EU data protection watchdog — had said that the next version of the Registrar Accreditation Agreement may force EU registrars to break the law.
The concerns were later echoed by the Council of Europe.
But the EC stressed at a session between the ICANN board of directors and Governmental Advisory Committee yesterday that Article 29 does not represent the official EU position.
That’s despite the fact that the Article 29 group is made up of privacy commissioners from each EU state.
Asked about the letter, the EC’s GAC representative said:
Just to put everyone at ease, this is a formal advisory group concerning EU data privacy protection.
…
They’re there to give advice and they themselves, and we as well, are very clear that they are independent of the European Union. That gives you an idea that this is not an EU position as such but the position of the advisory committee.
The session then quickly moved on to other matters, dismaying privacy advocates in the room.
Milton Mueller of the Internet Governance Project tweeted:
By telling ICANN that it can ignore Art 29 WG opinion on privacy, European commission is telling ICANN it can ignore their national DP [data privacy] laws
Registrars hopeful that the Article 29 letter would put another nail into the coffin of some of ICANN’s more unpalatable and costly RAA demands also expressed dismay.
ICANN’s current position, based on input from law enforcement and the GAC, is that the RAA should contain new more stringent requirements on Whois data retention and verification.
It proposes an opt-out process for registrars that believe these requirements would put them in violation of local law.
But registrars from outside the EU say this would create a two-tier RAA, which they find unacceptable.
With apparently no easy compromise in sight the RAA negotiations, originally slated to be wrapped up in the first half of this year, look set to continue for many weeks or months to come.
Council of Europe has Whois privacy concerns too
The Council of Europe has expressed concern about the privacy ramifications of ICANN’s proposed changes to Whois requirements in the Registrar Accreditation Agreement.
In a letter this week (pdf), the Bureau of the Consultative Committee of the Convention for the Protection of Individuals with regard to Personal Data (T-PD) said:
The Bureau of the T-PD took note of the position of the Article 29 Data Protection Working Parking in its comments of 26 September 2012 on the data protection impact of the revision of these arrangements concerning accuracy and data retention of the WHOIS data and fully shares the concern raised.
The Bureau of the T-PD is convinced of the importance of ensuring that appropriate consideration be given in the ICANN context to the relevant European and international privacy standards
The letter was sent in response to outreach from ICANN’s Non-Commercial Users Constituency.
The Article 29 letter referenced said that EU registrars risked breaking the law if they implemented ICANN’s proposed data retention requirements.
Earlier today, we reported on ICANN’s response, which proposes an opt-out for registrars based in the EU, but we noted that registrars elsewhere are unlikely to dig a two-tier RAA.
ICANN says EU registrars could be exempt from stringent new Whois rules
Registrars based in the European Union could be let off the hook when it comes to the Whois verification requirements currently under discussion at ICANN.
That’s according to ICANN CEO Fadi Chehade, who this week responded to privacy concerns expressed by the Article 29 Working Party, a EU-based quasi-governmental privacy watchdog.
The Working Party said last month that if ICANN forced EU registrars to re-verify customer data and store it for longer than necessary, they would risk breaking EU privacy law.
Those are two of the many amendments to the standard Registrar Accreditation Agreement that ICANN — at the request of governments and law enforcement — is currently pushing for.
In reply, Chehade noted that ICANN currently plans to give registrars an opt-out:
ICANN proposes to adapt the current ICANN Procedures for Handling Whois Conflicts with Privacy Law, to enable registrars to seek an exempton from these new RAA WHOIS and data protection obligations in the even that the obligations would cause registrars to violate their local laws and regulations.
He also said that the Governmental Advisory Committee has “endorsed” the provisions at question, and encouraged the Working Party to work via the GAC to have its views heard.
I understand that registrars based in the US and elsewhere would not respond favorably to what would essentially amount to a two-tier RAA.
Some of the RAA changes would have cost implications, so there’s an argument that to exempt some registrars and not others would create an un-level competitive playing field.
The Article 29 Working Party is an advisory body, independent of the European Union, comprising one representative from the data privacy watchdogs in each EU state.
Some GAC representatives said during the ICANN meeting in Prague this June that they had already factored privacy concerns into their support for the RAA talks.
It’s going to interesting to see how both registrars and the GAC react to the Article 29 developments at the Toronto meeting, which begins this weekend.
European privacy watchdog says ICANN’s Whois demands are “unlawful”
European Union privacy officials have told ICANN that it risks forcing registrars to break the law by placing “excessive” demands on Whois accuracy.
In a letter to ICANN yesterday, the Article 29 Working Party said that two key areas in the proposed next version of the Registrar Accreditation Agreement are problematic.
It’s bothered by ICANN’s attempt to make registrars retain data about their customers for up to two years after registration, and by the idea that registrars should re-verify contact data every year.
These were among the requests made by law enforcement, backed up by the Governmental Advisory Committee, that ICANN has been trying to negotiate into the RAA for almost a year.
The letter (pdf) reads:
The Working Party finds the proposed new requirement to re-verify both the telephone number and the e-mail address and publish these contact details in the publicly accessible WHOIS database excessive and therefore unlawful. Because ICANN is not addressing the root of the problem, the proposed solution is a disproportionate infringement of the right to protection of personal data.
The “root cause” points to a much deeper concern the Working Party has.
Whois was designed to help people find technical and operational contacts for domain names, it argues. Just because it has other uses — such as tracking down bad guys — that doesn’t excuse infringing on privacy.
The problem of inaccurate contact details in the WHOIS database cannot be solved without addressing the root of the problem: the unlimited public accessibility of private contact details in the WHOIS database.
It’s good news for registrars that were worried about the cost implications of implementing a new, more stringent RAA.
But it’s possible that ICANN will impose the new requirements anyway, giving European registrars an opt-out in order to comply with local laws.
The letter is potentially embarrassing for the GAC, which seemed to take offense at the Prague meeting this June when it was suggested that law enforcement’s recommendations were not being balanced with the views of privacy watchdogs.
During a June 26 session between the GAC and the ICANN board, Australia’s GAC rep said:
I don’t come here as an advocate for law enforcement only. I come here with an Australian government position, and the Australian government has privacy laws. So you can be sure that from a GAC point of view or certainly from my point of view that in my positions, those two issues have been balanced.
That view was echoed during the same session by the European Commission and the US and came across generally like a common GAC position.
The Article 29 Working Party is an advisory body set up by the EU in 1995. It’s independent of the Commission, but it comprises one representative from the data privacy watchdogs in each EU state.
Identity checks coming to Whois
Pretty soon, if you want to register a domain name in a gTLD you’ll have to verify your email address and/or phone number or risk having your domain turned off.
That’s the latest to come out of talks between registrars, ICANN, governments and law enforcement agencies, which met last week in Washington DC to thrash out a new Registrar Accreditation Agreement.
While a new draft RAA has not yet been published, ICANN has reported some significant breakthroughs since the Prague meeting in June.
Notably, the registrars have agreed for the first time to do some minimal registrant identity checks — phone number and/or email address — at the point of registration.
Verification of mailing addresses and other data points — feared by registrars for massively adding to the cost of registrations — appears to be no longer under discussion.
The registrars have also managed to win another concession: newly registered domain names will be able to go live before identities have been verified, rather than only after.
The sticking point is in the “and/or”. Registrars think they should be able to choose which check to carry out, while ICANN and law enforcement negotiators think they should do both.
According to a memo released for discussion by ICANN last night:
It is our current understanding that law enforcement representatives are willing to accept post-‐resolution verification of registrant Whois data, with a requirement to suspend the registration if verification is not successful within a specified time period. However, law enforcement recommends that if registrant Whois data is verified after the domain name resolves (as opposed to before), two points of data (a phone number and an email address) should be verified.
Among the other big changes is an agreement by registrars to an ICANN-run Whois privacy service accreditation system. Work is already underway on an accreditation framework.
After it launches, registrars will only be able to accept private registrations made via accredited privacy and proxy services.
Registrars have also agreed to some of law enforcement’s data retention demands, which has been a bone of contention due to worries about varying national privacy laws.
Under the new RAA, they would keep some registrant transaction data for six months after a domain is registered and other data for two years. It’s not yet clear which data falls into which category.
These and other issues outlined in ICANN’s latest update are expected to be talking points in Toronto next month.
It looks like a lot of progress has been made since Prague — no doubt helped by the fact that law enforcement has actually been at the table — and I’d be surprised if we don’t see a draft RAA by Beijing next April.
How long it takes to be adopted ICANN’s hundreds of accredited registrars is another matter.
Registries propose PKI-based new gTLD sunrises
Neustar and ARI Registry Services have come up with an alternative to ICANN’s proposed new gTLDs sunrise period process, based on a secure Public Key Infrastructure.
The concept was outlined in a draft paper published today, following an intensive two-day tête-à-tête between domain companies and Trademark Clearinghouse providers IBM and Deloitte last month.
It’s presented as an alternative to the implementation model proposed by ICANN, which would use unique codes and was criticized for being inflexible to the needs of new gTLD registries.
The PKI-based alternative from Neustar and ARI would remove some of the cost and complexity for registries, but may create additional file-management headaches for trademark owners.
Under the ICANN model, which IBM and Deloitte are already developing, each trademark owner would receive a unique code for each of their registered trademarks and each registry would be given the list of codes.
If a trademark owner wanted a Sunrise registration, it would submit the relevant code to their chosen registrar, which would forward it to the registry for validation against the list.
One of the drawbacks of this method is that registries don’t get to see any of the underlying trademark data, making it difficult to restrict Sunrise registrations to certain geographic regions or certain classes of trademark.
If, for example, .london wanted to restrict Sunrise eligibility to UK-registered trademarks, it would have no easy way of doing so using the proposed ICANN model.
But IP interests participating in the development of the Trademark Clearinghouse have been adamant that they don’t want registries and registrars getting bulk access to their trademark data.
They’re worried about creating new classes of scams and have competitive concerns about revealing their portfolio of trademarks.
Frankly, they don’t trust registries/rars not to misuse the data.
(The irony that some of the fiercest advocates of Whois accuracy are so concerned about corporate privacy has not been lost on many participants in the TMCH implementation process.)
The newly proposed PKI model would also protect trademark owners’ privacy, albeit to a lesser extent, while giving registries visibility into the underlying trademark data.
The PKI system is rather like SSL. It used public/private key pairs to digitally sign and verify trademark data.
Companies would submit trademark data to the Clearinghouse, which would validate it. The TMCH would then sign the data with its private key and send it back to the trademark owner.
If a company wished to participate in a Sunrise, it would have to upload the signed data — most likely, a file — to its registrar. The registrar or registry could then verify the signature using the TMCH’s public key.
Because the data would be signed, but not encrypted, registrars/ries would be able to check that the trademark is valid and also get to see the trademark data itself.
This may not present a privacy concern for trademark owners because their data is only exposed to registries and registrars for the marks they plan to register as domains, rather than in bulk.
Registries would be able to make sure the trademark fits within their Sunrise eligibility policy, and would be able to include some trademark data in the Whois, if that’s part of their model.
It would require more file management work by trademark owners, but it would not require a unique code for each gTLD that they plan to defensively register in.
The Neustar/ARI proposal suggests that brand-protection registrars may be able to streamline this for their clients by enabling the bulk upload of trademark Zip files.
The overall PKI concept strikes me as more elegant than the ICANN model, particularly because it’s real-time rather than using batch downloads, and it does not require the TMCH to have 100% availability.
ICANN is understandably worried that about the potentially disastrous consequences for the new gTLD program if it creates a TMCH that sits in the critical registration path and it goes down.
The PKI proposal for Sunrise avoids this problem, as registries and registrars only need a stored copy of the TMCH’s public key in order to do real-time validation.
Using PKI for the Trademark Claims service — the second obligatory rights protection mechanism for new gTLD launches — is a much trickier problem if ICANN is to stick to its design goals, however.
ARI and Neustar plan to publish their Trademark Claims proposal later this week. For now, you can read the Sunrise proposal in PDF format here.
Why .com still doesn’t have a thick Whois
ICANN’s board of directors quizzed staff about the lack of a “thick” Whois obligation in Verisign’s .com contract, according to meeting minutes released last night.
The vote was 11-0 in favor, with four abstentions, when the board controversially approved the deal during the Prague meeting in June.
Director George Sadowsky raised the thick Whois issue, which has been a sharp wedge issue between non-commercial users and the intellectual property lobby, according to the minutes.
Senior vice president Kurt Pritz responded:
Kurt noted that while a requirement for a “thick” registry had been a topic of conversation among ICANN and Verisign, the ongoing GNSO Policy Development Process initiated on this same issue rendered this topic somewhat ill-suited for two-party negotiations. In addition, the current .COM registrants entered registration agreements with the understanding of .COM as thin registry, and the resultant change – along with the ongoing policy work – weighed in favor of leaving this issue to policy discussions.
In other words: thick Whois is best left to community policy-making.
Thick Whois is wanted by trademark holders because it will make it easier to enforce data accuracy rules down the road, while non-commercial stakeholders oppose it on privacy grounds.
Domainers, at least those represented by the Internet Commerce Association, have no objection to thick Whois in principle, but believe the policy should go through the GNSO process first.
Verisign is publicly neutral on the matter.
The ICANN board vote on .com was considered somewhat controversial in Prague because it took place before any substantial face-to-face community discussion on these issues.
Sadowsky abstained, stating: “I feel very uncomfortable going forward with provisions that will tie our hands, I think, in the long run without an attempt to reach an accommodation at this time.”
Three other directors (Tonkin, De La Chapelle and Vasquez) abstained from the vote due to actual or the potential for perceived conflicts of interest.
The .com agreement is currently in the hands of the US Department of Commerce which, uniquely for a gTLD, has approval rights over the contract. It’s expected to be renewed before the end of November.
Recent Comments