Recent Posts
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
ICANN freezes “closed generic” gTLD bids
ICANN has temporarily banned “closed generic” gTLDs in response to Governmental Advisory Committee demands.
The ban, which may be lifted, affects at least 73 applications (probably dozens more) for dictionary-word strings that had been put forward with “single registrant” business models.
ICANN’s New gTLD Program Committee on Tuesday voted to prevent any applicant for a closed generic gTLD from signing a registry contract, pending further talks with the GAC.
In order to sign a registry agreement, applicants will have to agree to the following Public Interest Commitments:
1. Registry Operator will operate the TLD in a transparent manner consistent with general principles of openness and non-discrimination by establishing, publishing and adhering to clear registration policies.
2. Registry Operator of a “Generic String” TLD may not impose eligibility criteria for registering names in the TLD that limit registrations exclusively to a single person or entity and/or that person’s or entity’s “Affiliates” (as defined in Section 2.9(c) of the Registry Agreement). “Generic String” means a string consisting of a word or term that denominates or describes a general class of goods, services, groups, organizations or things, as opposed to distinguishing a specific brand of goods, services, groups, organizations or things from those of others.
The effect of this is that applications for closed generics are on hold until ICANN has figured out what exactly the GAC is trying to achieve with its advice, which emerged in its Beijing communique (pdf).
Closed generics have not to date been a specific category of gTLD. They’re basically bids like Symantec’s .antivirus, L’Oreal’s .beauty and Amazon’s .cloud, where the gTLD is not a “dot-brand” but every second-level domain would belong to the registry anyway.
The two main reasons the new gTLD program has allowed them so far are a) ICANN decided that coming up with definitions for categories of gTLD was too hard and prone to abuse, and b) ICANN didn’t want to overly restrict registries’ business models.
Apparently all it needed was a nudge from the GAC and a change of senior management to change its mind.
ICANN now has a definition of “generic”, which I believe is a first. To reiterate, it’s:
a string consisting of a word or term that denominates or describes a general class of goods, services, groups, organizations or things, as opposed to distinguishing a specific brand of goods, services, groups, organizations or things from those of others
If the proposed PIC stands after ICANN’s talks with the GAC, nobody will be able to operate a generic string as a single-registrant gTLD.
But there may be one massive loophole.
Let’s say Volkswagen had applied for .golf (it didn’t) as a single-registrant dot-brand gTLD.
In that context, “golf” is a word used to label one model of car, “distinguishing a specific brand of goods, services, groups, organizations or things from those of others”.
But the word “golf” is also indisputably “a word or term that denominates or describes a general class of goods, services, groups, organizations or things”.
So which use case would trump the other? Would Volkswagen be banned from using .golf as a dot-brand?
It’s not just hypothetical. There are live examples in the current round of single-registrant applications that are both generic terms in one industry and brands in others.
Apple’s application for .apple is the obvious one. While it’s hard to imagine apple farmers wanting a gTLD, we don’t yet know how crazy the gTLD landrush is going to get in future rounds.
What of Bond University’s application for .bond? It’s a brand in terms of further education, but a generic term for debt instruments in finance.
Boots’ application for .boots? A brand in the high street pharmacy game, a generic if you sell shoes. Google’s application for .chrome is a brand in browsers but a generic in metallurgy.
None of the examples given here (and there are many more) are on the GAC’s list of problematic closed generics, but as far as I can see they would all be affected by ICANN’s proposed PIC.
The affected applications are not dead yet, of course. ICANN could change its view and drop the new PIC requirement a few months from now after talking to the GAC.
But the applications do appear to be in limbo for now.
ICANN offers to split the cost of GAC “safeguards” with new gTLD registries
All new gTLD applicants will have to abide by stricter rules on security and Whois accuracy under government-mandated changes to their contracts approved by the ICANN board.
At least one of the new obligations is likely to laden new gTLDs registries with additional ongoing costs. In another case, ICANN appears ready to shoulder the financial burden instead.
The changes are coming as a result of ICANN’s New gTLD Program Committee, which on on Tuesday voted to adopt six more pieces of the Governmental Advisory Committee’s advice from March.
This chunk of advice, which deals exclusively with security-related issues, was found in the GAC’s Beijing communique (pdf) under the heading “Safeguards Applicable to all New gTLDs”.
Here’s what ICANN has decided to do about it.
Mandatory Whois checks
The GAC wanted all registries to conduct mandatory checks of Whois data at least twice a year, notifying registrars about any “inaccurate or incomplete records” found.
Many new gTLD applicants already offered to do something similar in their applications.
But ICANN, in response to the GAC advice, has volunteered to do these checks itself. The NGPC said:
ICANN is concluding its development of a WHOIS tool that gives it the ability to check false, incomplete or inaccurate WHOIS data
…
Given these ongoing activities, ICANN (instead of Registry Operators) is well positioned to implement the GAC’s advice that checks identifying registrations in a gTLD with deliberately false, inaccurate or incomplete WHOIS data be conducted at least twice a year. To achieve this, ICANN will perform a periodic sampling of WHOIS data across registries in an effort to identify potentially inaccurate records.
While the resolution is light on detail, it appears that new gTLD registries may well be taken out of the loop completely, with ICANN notifying their registrars instead about inaccurate Whois records.
It’s not the first time ICANN has offered to shoulder potentially costly burdens that would otherwise encumber registry operators. It doesn’t get nearly enough credit from new gTLD applicants for this.
Contractually banning abuse
The GAC wanted new gTLD registrants contractually forbidden from doing bad stuff like phishing, pharming, operating botnets, distributing malware and from infringing intellectual property rights.
These obligations should be passed to the registrants by the registries via their contracts with registrars, the GAC said.
ICANN’s NGPC has agreed with this bit of advice entirely. The base new gTLD Registry Agreement is therefore going to be amended to include a new mandatory Public Interest Commitment reading:
Registry Operator will include a provision in its Registry-Registrar Agreement that requires Registrars to include in their Registration Agreements a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name.
The decision to include it as a Public Interest Commitment, rather than building it into the contract proper, is noteworthy.
PICs will be subject to a Public Interest Commitment Dispute Resolution Process (PICDRP) which allows basically anyone to file a complaint about a registry suspected of breaking its commitments.
ICANN would act as the enforcer of the ruling, rather than the complainant. Registries that lose PICDRP cases face consequences up to an including the termination of their contracts.
In theory, by including the GAC’s advice as a PIC, ICANN is handing a loaded gun to anyone who might want to shoot down a new gTLD registry in future.
However, the proposed PIC language seems to be worded in such a way that the registry would only have to include the anti-abuse provisions in its contract in order to be in compliance.
Right now, the way the PIC is worded, I can’t see a registry getting terminated or otherwise sanctioned due to a dispute about an instance of copyright infringement by a registrant, for example.
I don’t think there’s much else to get excited about here. Every registry or registrar worth a damn already prohibits its customers from doing bad stuff, if only to cover their own asses legally and keep their networks clean; ICANN merely wants to formalize these provisions in its chain of contracts.
Actually fighting abuse
The third through sixth pieces of GAC advice approved by ICANN this week are the ones that will almost certainly add to the cost of running a new gTLD registry.
The GAC wants registries to “periodically conduct a technical analysis to assess whether domains in its gTLD are being used to perpetrate security threats such as pharming, phishing, malware, and botnets.”
It also wants registries to keep records of what they find in these analyses, to maintain a complaints mechanism, and to shut down any domains found to be perpetrating abusive behavior.
ICANN has again gone the route of adding a new mandatory PIC to the base Registry Agreement. It reads:
Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.
You’ll notice that the language is purposefully vague on how registries should carry out these checks.
ICANN said it will convene a task force or GNSO policy development process to figure out the precise details, enabling new gTLD applicants to enter into contracts as soon as possible.
It means, of course, that applicants could wind up signing contracts without being fully apprised of the cost implications. Fighting abuse costs money.
There are dozens of ways to scan TLDs for abusive behavior, but the most comprehensive ones are commercial services.
ICM Registry, for example, decided to pay Intel/McAfee millions of dollars — a dollar or two per domain, I believe — for it to run daily malware scans of the entire .xxx zone.
More recently, Directi’s .PW Registry chose to sign up to Architelos’ NameSentry service to monitor abuse in its newly relaunched ccTLD.
There’s going to be a fight about the implementation details, but one way or the other the PIC would make registries scan their zones for abuse.
What the PIC does not state, and where it may face queries from the GAC as a result, is what registries must do when they find abusive behavior in their gTLDs. There’s no mention of mandatory domain name suspension, for example.
But in an annex to Tuesday’s resolution, ICANN’s NGPC said the “consequences” part of the GAC advice would be addressed as part of the same future technical implementation discussions.
In summary, the NGPC wants registries to be contractually obliged to contractually oblige their registrars to contractually oblige their registrants to not do bad stuff, but there are not yet any obligations relating to the consequences, to registrants, of ignoring these rules.
This week’s resolutions are the second big batch of decisions ICANN has taken regarding the GAC’s Beijing communique.
Earlier this month, it accepted some of the GAC’s direct advice related to certain specific gTLDs it has a problem with, the RAA and intergovernmental organizations and pretended to accept other advice related to community objections.
The NGPC has yet to address the egregiously incompetent “Category 1” GAC advice, which was the subject of a public comment period.
Plural gTLDs could be a casualty as ICANN accepts big chunk of GAC advice
ICANN has accepted nine pieces of Governmental Advisory Committee advice pertaining to new gTLDs, essentially killing off two applications and putting question marks over many more.
Notably, the question of whether plural and singular versions of the same string should be allowed to coexist has been reopened for debate, affecting as many as 98 applications.
ICANN’s New gTLD Program Committee, which carries board powers but does not include directors with conflicts of interest, this week passed a resolution that addresses a good chunk of the GAC’s Beijing communique.
It does not discuss any of the amorphous “safeguard” advice from the document, which was subject to a recently closed public comment period and is likely to take much longer to resolve.
By far the line item with the broadest immediate impact is this:
The NGPC accepts this advice and will consider whether to allow singular and plural versions of the same string.
That’s right folks, singular and plural gTLDs (eg, .car and .cars) may not be allowed to coexist after all.
Using a broad interpretation (that treats .new and .news as clashes, for example), 98 applications could be affected by this decision.
Singular vs plural is a contentious issue with some strongly held religious views. Whether you come down on one side or the other depends largely on how you see new gTLDs being used in future.
Proponents of coexistence see a future of 30,000 gTLDs being used as direct navigation and search tools, while opponents worry about the risk of freeloading plural registries making a killing from unnecessary defensive registrations.
The NGPC did not say how the debate would be moved forward, but I’d be surprised if it didn’t involved the broader community through public comments or meetings in Durban next month.
Ding dong…?
Two line items appear to put the final nails in the coffins of two new gTLD applications: DotConnectAfrica’s .africa and GCCIX WLL’s .gcc.
Both clash with the names of geographic regions (.gcc is for Gulf Cooperation Council, a name often associated with nations in the Arabian/Persian Gulf) and received the GAC’s strongest possible form of objection.
In both cases, the NGPC said the applications “will not be approved” and invited the applicants to withdraw.
However, it gave both applicants the right to appeal using “ICANN’s accountability mechanisms”.
Islamic strings on life support
Some governments in the GAC had taken issue with the applications for strings such as .islam and .halal, and the NGPC said it “stands ready to enter into dialogue with the GAC on this matter”.
That’s the Applicant Guidebook-mandated response when the GAC cannot reach a consensus that an application should be killed off.
Amazon among geo strings delayed
As expected, the NGPC decided to work with the GAC’s extended timetable for the consideration of 19 applications whose chosen strings clash with geographic names such as .thai and .persiangulf.
Basically, the GAC asked for more time to discuss them.
In response, ICANN will not delay Initial Evaluation for these applications, but it will not sign contracts with the applicants until the GAC has issued its final advice.
The list includes two big trademarks: retail giant Amazon and the clothing brand Patagonia.
Both will have to wait until at least Durban to discover their fate.
The list also includes .wine and .vin, because some in the wine industry have been kicking up a stink about the protection of special geographic identifiers (eg Champagne, Bordeaux) at the second-level.
Weasel words on community objections
There’s one piece of advice that the NGPC said it has “accepted” but which it clearly has not.
The GAC had said this:
The GAC advises the Board that in those cases where a community, which is clearly impacted by a set of new gTLD applications in contention, has expressed a collective and clear opinion on those applications, such opinion should be duly taken into account, together with all other relevant information.
I think any reasonable interpretation of this item would require ICANN or somebody else to make a subjective judgement call on which applications should win certain contention sets.
To my mind, the advice captures contested strings such as .book (where publishers hate the idea of Amazon running it as a closed generic) and .music (where the music industry favors a restricted registration policy).
But ICANN, always reluctant to have to pick winners and losers, seems to have chosen to interpret the advice somewhat differently. In its response, it states:
The NGPC accepts this advice. Criterion 4 for the Community Priority Evaluation process takes into account “community support and/or opposition to the application” in determining whether to award priority to a community application in a contention set. (Note however that if a contention set is not resolved by the applicants or through a community priority evaluation then ICANN will utilize an auction as the objective method for resolving the contention.)
I don’t think this covers the GAC’s advice at all, and I think the NGPC knows it.
As the parenthetical comment says, communities’ views are only taken into account if an applicant has filed a formal “Community” bid and chooses to resolve its contention set with a Community Priority Evaluation.
To return to the above examples, this may well capture .music, where at least one applicant intends to go the CPE route, but it does not capture .book, where there are no Community applications.
There are 33 remaining Community applications in 29 contention sets.
Will the GAC accept the NGPC’s response as a proper implementation of its advice? If it’s paying attention and feels strongly enough about the issue, my guess is probably not.
More special favors for the Olympics
The International Olympic Committee holds extraordinary power over governments, which has resulted in the GAC repeatedly humiliating itself by acting an Olympic lobbyist before the ICANN board.
In the Beijing communique, it asked ICANN to make sure that the temporary temporary protections granted to Olympics and Red Cross are made permanent in the Applicant Guidebook.
Prior to April, the Registry Agreement in the Guidebook said that the protected strings “shall be initially reserved”, but this language has been removed in the current version of the RA.
The NGPC said that this was due to the GAC’s advice. Box ticked.
But here’s the kicker: the protections will still be subject to a Generic Names Supporting Organization Policy Development Process.
In other words, the discussion is not over. The rest of the ICANN community will get their say and ICANN will try to reconcile what the GNSO decides with what the GAC wants at a later date.
While “accepting” the GAC’s advice, it’s actually proposing something of a compromise. The NGPC said:
Until such time as the GNSO approves recommendations in the PDP and the Board adopts them, the NGPC’s resolutions protecting IOC/RCRC names will remain in place. Should the GNSO submit any recommendations on this topic, the NGPC will confer with the GAC prior to taking action on any such recommendations.
New gTLD registries will not be able to argue in future that their contracts only require them to “initially” protect the Olympic and Red Cross strings, but at the same time the GNSO as a whole gets a say in whether permanent protections are warranted.
It seems like a pretty nice compromise proposal from ICANN — particularly given the problems it’s been having with the GNSO recently — but I doubt the GAC will see it that way.
Other stuff
There were two other items:
- The GAC had advised that no new gTLD contracts should be approved until the 2013 Registrar Accreditation Agreement is finalized. ICANN agreed. It’s already built into the timetable.
- The GAC wanted its existing views taken into account in the current, ongoing, formative discussions about a replacement service for Whois. That’s already happening.
In summary…
…it’s a pretty sensible response from the NGPC, with the exception of the weaselly response to the “community views” advice.
Taken as a whole, it’s notable for its respect for other stakeholders and processes, which is admirable.
Even in the case of .africa and .gcc, which I firmly believed would be dead today, it’s given the applicants the opportunity to go through the appropriate appeals channels.
The GAC, it seems, doesn’t even get the last word with its kiss of death.
The official (unrealistic) go-live date for new gTLDs is September 28
September 28 could be (won’t be) the launch date of the first new gTLD sunrise period, according to a (unrealistic) timetable released by ICANN yesterday.
During a webinar for new gTLD applicants, program head Christine Willett presented the following slide:
As you can see, using this timetable the first registry contract would be signed one month from now and the TLD itself would hit the root around August 28. Sunrise would follow a month later.
Willett was very clear that the timetable represents the absolute shortest path an application could take, and that it’s unlikely that any application will actually make it.
What the timetable deliberately fails to include is any delay caused by Governmental Advisory Committee advice.
The GAC’s Beijing communique had advice for all applicants, remember, but the response is currently being handled by the ICANN board and not new gTLD program staff, so the outcome is unknown.
The communique contains six “Safeguards Applicable to all New gTLDs” which are controversial because they appear to duplicate or preempt existing policy work, for example on Whois rules.
If ICANN adopts the advice wholesale, it’s difficult to see how these safeguards could be enforced if not by contract, which could delay the contract approval or contracting phases of the timeline.
If ICANN does not adopt the advice wholesale, it will have to consult with the GAC to find a “mutually acceptable solution”.
Last time it deviated from GAC advice, which covered considerably less complex ground, there was a great deal of to-and-fro over the space of months along with four days of face-to-face meetings.
The only hint so far that ICANN may be creating a fast-track for applicants came in notes from its May 18 New gTLD Program Committee meeting, which said:
The Committee agreed that it would adopt a strategy that permits full consideration of the ongoing community comment forum while resolving GAC advice in a manner that permits as many applications as possible to keep making forward progress.
Speculatively, could we be looking at some kind of hack? A way for new gTLD applicants to blindly sign up to whatever future agreement the GAC and ICANN come to, in exchange for a speedy delegation?
Or is it an indication that ICANN is leaning towards approving the “safeguards” that apply to all new gTLDs?
The GAC advice is open for public comment until June 11, so we won’t find out until the second half of the month at the earliest.
Verisign says people might die if new gTLDs are delegated
If there was any doubt in your mind that Verisign is trying to delay the launch of new gTLDs, its latest letter to ICANN and the Governmental Advisory Committee advice should settle it.
The company has ramped up its anti-expansion rhetoric, calling on the GAC to support its view that launching new gTLDs now will put the security and stability of the internet at risk.
People might die if some strings are delegated, Verisign says.
Among other things, Verisign is now asking for:
- Each new gTLD to be individually vetted for its possible security impact, with particular reference to TLDs that clash with widely-used internal network domains (eg, .corp).
- A procedure put in place to throttle the addition of new gTLDs, should a security problem arise.
- A trial period for each string ICANN adds to the root, so that new gTLDs can be tested for security impact before launching properly.
- A new process for removing delegated gTLDs from the root if they cause problems.
In short, the company is asking for much more than it has to date — and much more that is likely to frenzy its rivals — in its ongoing security-based campaign against new gTLDs.
The demands came in Verisign’s response to the GAC’s Beijing communique, which detailed government concerns about hundreds of applied-for gTLDs and provided frustratingly vague remediation advice.
Verisign has provided one of the most detailed responses to the GAC advice of any ICANN has received to date, discussing how each item could be resolved and/or clarified.
In general, it seems to support the view that the advice should be implemented, but that work is needed to figure out the details.
In many cases, it’s proposing ICANN community working groups. In others, it says each affected registry should negotiate individual contract terms with ICANN.
But much of the 12-page letter talks about the security problems that Verisign suddenly found itself massively concerned about in March, a week after ICANN started publishing Initial Evaluation results.
The letter reiterates the potential problem that when a gTLD is delegated that is already widely used on internal networks, security problems such as spoofing could arise.
Verisign says there needs to be an “in-depth study” at the DNS root to figure out which strings are risky, even if the volume of traffic they receive today is quite low.
It also says each string should be phased in with an “ephemeral root delegation” — basically a test-bed period for each new gTLD — and that already-delegated strings should be removed if they cause problems:
A policy framework is needed in order to codify a method for braking or throttling new delegations (if and when these issues occur) either in the DNS or in dependent systems that provides some considerations as to when removing an impacting string from the root will occur.
While it’s well-known that strings such as .home and .corp may cause issues due to internal name clashes and their already high volume of root traffic, Verisign seems to want every string to be treated with the same degree of caution.
Lives may be on the line, Verisign said:
The problem is not just with obvious strings like .corp, but strings that have even small query volumes at the root may be problematic, such as those discussed in SAC045. These “outlier” strings with very low query rates may actually pose the most risks because they could support critical devices including emergency communication systems or other such life-supporting networked devices.
…
We believe the GAC, and its member governments, would undoubtedly share our fundamental concern.
The impact of pretty much every recommendation made in the letter would be to delay or prevent the delegation of new gTLDs.
A not unreasonable interpretation of this is that Verisign is merely trying to protect its $800 million .com business by keeping competitors out of the market for as long as possible.
Remember, Verisign adds roughly 2.5 million new .com domains every month, at $7.85 a pop.
New gTLDs may well put a big dent in that growth, and Verisign doesn’t have anything to replace it yet. It can’t raise prices any more, and the patent licensing program it has discussed has yet to bear fruit.
But because the company also operates the primary DNS root server, it has a plausible smokescreen for shutting down competition under the guise of security and stability.
If that is what is happening, one could easily make the argument that it is abusing its position.
If, on the other hand, Verisign’s concerns are legitimate, ICANN would be foolhardy to ignore its advice.
ICANN CEO Fadi Chehade has made it clear publicly, several times, that new gTLDs will not be delegated if there’s a good reason to believe they will destabilize the internet.
The chair of the SSAC has stated that the internal name problem is largely dealt with, at least as far as SSL certificates go.
The question now for ICANN — the organization and the community — is whether Verisign is talking nonsense or not.
Global standards group highlights silliness of GAC’s IGO demands
The International Organization for Standardization, known as ISO, doesn’t want to have its acronym blocked in new gTLDs by the International Sugar Organization.
ISO has told ICANN in a letter that demands for special favors coming from intergovernmental organizations, via the Governmental Advisory Committee, should be rejected.
Secretary general Rob Steele wrote:
We have very strong concerns with the GAC proposal, and firmly oppose any such block of the acronym “ISO.”
…
To implement a block on the term “ISO” (requiring its release be permitted by the International Sugar Organization) disregards the longstanding rights and important mission of the International Organization for Standardization. To be frank, this would be unacceptable.
…
please be assured that the International Organization for Standardization is prepared to take all necessary steps if its well-known short name is blocked on behalf of another organization.
For several months the GAC has argued that IGOs are “objectively different category to other rights holders, warranting special protection from ICANN” in new gTLDs.
Just like the “unique” Olympics and Red Cross were in 2011.
The GAC proposes that that any IGO that qualifies for a .int address (it’s a number in the hundreds) should have its name and acronym blocked by default at the second level in every new gTLD.
But ICANN pointed that this would be unfair on the hundreds (thousands?) of other legitimate uses of those acronyms. It gave several examples.
The GAC in response said that the IGOs would be able to grant consent for their acronyms to be unblocked for use by others, but this opened up a whole other can of implementation worms (as the GAC is wont to do).
ICANN director Chris Disspain of AuDA said in Beijing:
Who at each IGO would make a decision about providing consent? How long would each IGO have to provide consent? Would no reply be equivalent to consent? What criteria would be used to decide whether to give consent or not? Who would draft that criteria? Would the criteria be consistent across all IGOs or would consent simply be granted at the whim of an IGO?
In the GAC’s Beijing communique, it seemed to acknowledge this problem. It said:
The GAC is mindful of outstanding implementation issues and commits to actively working with IGOs, the Board, and ICANN Staff to find a workable and timely way forward.
The GAC insists, however, that no new gTLDs should be allowed to launch until the IGO protections are in place.
Given the amount of other work created for ICANN by the Beijing communique, I suspect that the IGO discussions will focus on implementation detail, rather than the principle.
But the principle is important. IGOs are not typically victims of pernicious cybersquatting. If they deserve special protections, then why don’t trademark owners that are cybersquatted on a daily basis?
ISO standardizes all kinds of stuff in dozens of sectors. In the domain name space, it’s probably best known for providing ICANN with ISO 3166-1 alpha-2, the authoritative list of two-letter strings that may be delegated as ccTLDs.
The International Sugar Organization is very important too, probably, if you’re in the sugar business.
Wikipedia gives it a single paragraph, Google ranks the International Society of Organbuilders higher on a search for “ISO”, and its web site suggests it doesn’t do much business online.
Does it need better brand protection than Microsoft or Marriott or Facebook or Fox? Is anyone going to want to cybersquat the International Sugar Organization, really?
If it does deserve that extra layer of protection, should that right trump the more-famous ISO’s right to register domains matching its own brand?
TLDH weighs in on “terrifying” GAC advice
Top Level Domain Holdings is the latest portfolio applicant to slate the Governmental Advisory Committee’s advice on new gTLDs, calling it “troubling in principle” and “terrifying in practice”.
The company, which applied directly for 70 gTLDs and is involved in several others, filed its comments on the “safeguard advice” in the GAC’s Beijing communique with ICANN today.
The comments focus mainly on the overarching issues of governmental power and process, rather than delve into the nitty-gritty implementation problems presented by the advice.
TLDH CEO Antony Van Couvering wrote:
The Communiqué’s prescriptions define the opposite of a well-regulated sector. Instead of a clear process in which all concerns are weighed, the Communiqué sets up an ad-hoc GAC process from which the views of applicants are excluded.
Instead of clear rules to which industry players must adhere, ill-defined categories have been set up that applicants have a hard time even to understand.
Instead of a clear authority on who will determine policy, the ICANN community must now wonder who is in charge.
The comment points to the fact that the GAC’s 2007 principles on new gTLDs state that applicants should have a clear, objective process to follow, and that Beijing undermines that principle.
It also puts forth the view that the GAC appears to be trying to create policy unilaterally, and in a top-down manner that doesn’t give the Generic Names Supporting Organization a role.
The GAC Beijing Communiqué as enunciated in Section IV.1.b [the safeguard advice] unilaterally expands the role of the GAC from an advisory committee, with a remit of providing advice on policy originating in the GNSO, into a policy-making body from which other members of the ICANN community are excluded.
TLDH also notes that some parts of the advice are “not in themselves bad ideas” and that the company has offered to adopt some of them already in the Public Interest Commitments appended to its applications.
It comments follow those from rival Demand Media, which questioned the feasibility of implementing the GAC’s advice, last week.
Separately, over the weekend, Medicus Mundi International Network — an organization of healthcare non-governmental organizations — filed comments saying that the GAC advice does not go far enough.
Rather, it said, ICANN should delay the introduction of .health until a “broad-based consultation of the health community” can be carried out and a “multi-stakeholder” governance model for it created.
New gTLDs applicants should brace for GAC delays
New gTLD applicants affected by Governmental Advisory Committee advice may be about to find that their launch runway is quite a bit longer than they hoped.
That’s the message that seems to be coming through subtly from ICANN and the GAC itself — via last week’s applicant update webinar and GAC chair Heather Dryden — right now.
Dryden made it clear in an official ICANN interview, recorded early last week, that the GAC expects its Beijing communique to be “fully taken into account”, lest governments abandon ICANN altogether.
But at the same time she seemed to suggest that the rest of the community may have misunderstood the GAC’s intentions, due in part to the fact that its deliberations were held in private.
Here’s a slice of the interview with Brad White, ICANN’s media relations chief:
WHITE: Suppose the [ICANN] board in the end says “thank you very much for the advice, we’ve looked at it, but we’re moving on” and basically ignores a lot of that advice?
DRYDEN: I think it would be a very immediate reaction, questioning the value of participating in the Governmental Advisory Committee. If it is going to be the place for governments to come and raise their concern and influence the decision making that occurs at ICANN then we have to be able to demonstrate that the advice generated is fully taken into account or to the maximum extent appropriate taken in and in this way governments understand that the GAC is useful mechanism for them.
…
WHITE: What you seem to be saying is there is concern about whether or not some governments might pull out from that multi-stakeholder model?
DRYDEN: Right, right why would they come? How would they justify coming to the GAC meetings? Why would they support this model if in fact it’s there aren’t channels available to them and appropriate to their role and perspective as a government?
Under ICANN’s bylaws, the board of directors does not have to adopt GAC advice wholesale.
It is able to disagree with, and essentially overrule, the GAC, but only after they’ve tried “in good faith and in a timely and efficient manner, to find a mutually acceptable solution”.
The only time this has happened before was in February 2011, when discussions covered the final details of the new gTLD program and the imminent approval of the .xxx gTLD.
Then, the ICANN board and the GAC gathered in Brussels for two days of intense face-to-face discussions, which was followed by multiple “scorecard” drafts and follow-up talks.
It seems very likely that we’re going to see something similar for the Beijing advice, if for no other reason than the communique is vague enough that ICANN will need a lot of clarification before it acts.
So does this mean delay for new gTLD applicants? Probably.
Dryden, asked about the GAC’s agenda for the ICANN public meeting in Durban this July, said:
There may well also be aspects of safeguard advice that we would discuss further with the board or with the community or would need to, particularly the implementation aspects of some of the new safeguards that the GAC identified.
The “safeguard” advice is the large section of the Beijing communique that attempts to impose broad new obligations on over 500 new gTLDs in “regulated or professional sectors”.
Dryden appeared to acknowledge the criticism that much of the advice appears unworkable to many, saying:
The intent behind this was to provide a reminder or to reinforce the importance of preexisting obligations and the applicability of national laws and really not to impose new burdens on applicants or registrants.
However, there are measures proposed in that safeguard advice where there are real implementation questions and so we think this is a very good focus for discussions now in the community with the GAC and with the board around that particular aspect of the advice.
The safeguard advice is currently open for public comment. I outline some of the many implementation questions in this post.
White put to Dryden DI’s criticism that the communique was a “perplexing, frustrating mess” aimed at using the DNS to solve wider problems with the internet.
For example, the GAC appears to want to use ICANN contracts use introduce new ways to enforce copyrights and data security regulations, something perhaps better addressed by legislation.
She responded:
It’s really not intended to impose a new global regulatory regime. It is intended to be consistent with ICANN’s existing role and serve as a reminder to those that have applied of what is really involved with implementing if they are successful a string globally as well as really wanting to emphasize that some of those strings raise particular sensitivities for governments
So have we misunderstood the GAC’s intentions? That seems to be the message.
Watch the whole Dryden interview here:
Based on current evidence, I’d say that any applicant covered by the Beijing communique that still believes they have a chance of signing a contract before July is kidding itself.
The ICANN board’s new gTLD program committee met on Wednesday to discuss its response to the Beijing communique. The results of this meeting should be published in the next few days.
But there’s little doubt in my mind that ICANN doesn’t have enough time before Durban to pick through the advice, consult with the GAC, and come up with a mutually acceptable solution.
Quite apart from the complexity of and lack of detail in the GAC’s requests, there’s the simple matter of logistics.
Getting a representative quorum of GAC members in the same room as the ICANN board for a day or two at some point in the next 60 days would be challenging, based on past performance.
I think it’s much more likely that a day or two will be added to the Durban meeting (before its official start) to give the board and GAC the kind of time they need to thrash this stuff out.
ICANN’s latest program timetable, discussed during a webinar on Thursday night, extended the deadline for the ICANN board’s response to the GAC from the first week of June to the end of June.
On the call, program manager Christine Willett confirmed that this date assumes the board adopts all of the advice — it does not take into account so-called “bylaws consultations”.
While it seems clear that all 518 applications (or more) affected by the “safeguards” advice won’t be signing anything before Durban, it’s less clear whether the remaining applicants will feel an impact too.
This is how stupid the GAC’s new gTLDs advice is
For the last few weeks I’ve been attempting to write a sensible analysis of the Governmental Advisory Committee’s advice on new gTLDs without resorting to incredulity, hyperbole or sarcasm.
I failed, so you’ll have to read this instead.
I’m sorry, but the GAC’s Beijing communique (pdf) just has too much stupid in it to take seriously.
As a quick reminder, the bulk of the GAC’s advice was taken up by a list of hundreds of applied-for strings, in 12 categories, that “are likely to invoke a level of implied trust from consumers”.
The GAC said that any string on the list should be subject to more stringent regulation than others, turning their registries into data security regulators and creating an obligation to partner with “relevant regulatory, or industry self-regulatory, bodies”.
The GAC, having advised the creation of these unexpected obligations, decided that it wasn’t its responsibility to figure out whether any of them would be feasible to implement.
That’s apparently up to ICANN to figure out.
But that’s not the most infuriating part of the advice. The most infuriating part is the list of strings it provided, which by the GAC’s own admission was unhelpfully “non-exhaustive”.
When one performs a cursory analysis of the list, and compares it to the strings that did not make it, the dumb just accumulates.
My spies tell me that the GAC worked into the early hours on a few occasions during the Beijing meeting in order to put this advice together, and some might say it’s unfair to expect its members to have read and formed consensus opinions on all 1,930 original new gTLD applications.
But the GAC wasn’t expected to read them all, nor did it. Its job was originally conceived of as commenting on the strings alone, and that appears to be what it ultimately did limit itself to.
I think it’s fair to try to get some insight into the GAC’s collective thought process by looking at the “Category 1” strings that it did put on the list and those that it did not.
Not because I think there’s a coherent thought process at work here, but because I think there isn’t.
Remember, the GAC had nine months to come up with its list. This article was written in an afternoon.
Here’s my list of bizarre inconsistencies, failed reality checks and pure dumb I found in the Beijing communique.
It’s non-exhaustive.
Destroy all pirates!
The GAC is clearly a bit worried that people might use new gTLDs to offer pirated and counterfeited goods (like they do in existing TLDs), so it has placed a few dozen content-related strings on its list.
The intellectual property list is one of the longest of the 12 categories in the Beijing communique.
But it could be longer.
I wonder why, for example, the GAC doesn’t consider .stream a threat to copyright? Streaming sites are frequent targets of takedown notices.
Why does .hiphop get a mention but not .country, a gTLD specifically designed for country music lovers?
Why are .photography, .photo, .photos, .pictures and .pics not on the list? Image theft is pandemic online, enabled by default in browsers (no P2P required) and utterly trivial to execute.
And if .tours is considered a problem, why not .events, or .tickets?
We’re talking about sectors with abuse potential here, and ticketing is considered worthy of legislation in many places. Here in England you can get a £5,000 fine for reselling a ticket to a football match.
Why is .tours even on the intellectual property list? It could just as easily refer to organized vacations or guide services provided by museums. Or the French city of the same name, for that matter.
Why aren’t our friends in Tours getting the same GAC love as Spa and Date — towns in Belgium and Japan — which have caused the delay of advice on .spa and .date respectively?
And why are .free, .gratis and .discount considered intellectual property problems?
How is the .free registry supposed to follow the GAC’s demand that it partner with “relevant regulatory, or industry self‐regulatory, bodies” for free stuff? Does “.free” even have an “implied level of trust”?
Is the GAC’s goal to kill off the bid by the back door?
Goodbye .free, you couldn’t guarantee that there wouldn’t be piracy in your TLD so your application is forfeit? A potentially cool TLD, sacrificed on the altar of Big Copyright?
Don’t even get me started on .art…
Won’t somebody think of the children?!
The GAC did not say why the “children” category exists, but I assume it’s about ensuring that the content in TLDs such as .kids and .school is suitable for “kids” (pick your own definition, the GAC doesn’t have one).
It goes without saying that any TLD that is obliged to follow child-friendly rules will be saddled with a commercial death sentence, as the US government already knows full well.
The GAC didn’t include .family on the list for some reason, but it did inexplicably include .game and .games.
In the last game I played, my character stabbed a guy in the neck with a broken bottle, stole his clothes and threw his body off a cliff. Gaming is a predominantly adult pastime nowadays.
Suggesting that .games sites need to be child-friendly is just as stupid as saying .movie or .book sites need to be child-friendly.
I’m sure GAC chair Heather Dryden is far too sensible and grown-up to play games, but I’d be surprised if not a single member of the committee owns an Xbox. One of them should have pointed this nonsense out.
If the GAC is not saying this — if it’s merely saying the .games registry should work cooperatively with the gaming industry — then why is .games in the “Children” category?
The GAC Diet
Another couple dozen strings are listed under the “health and fitness” category, ranging from the not-unreasonable, such as .doctor, to the terrifically broad, such as .diet and .care.
Really? .care?
Donuts, the .care applicant, has to partner with some kind of medical register in order to sell a TLD that could just as easily be used for customer support by a company that sells shoes?
And .diet? If the GAC is concerned about internet users getting dodgy dieting advice from a disreputable .diet registrant, why not also issue advice against .eat and .food?
If .fitness is a problem, why isn’t .yoga?
Why isn’t the GAC bothered by .tattoo and .ink? Where I live, you need to be a licensed professional in order to stick people with an inky needle.
For that matter, why aren’t .beauty and .salon a problem? Pretty much every beauty salon I’ve walked past in the last couple of years wants to inject toxins into my face for a fee.
If we’re already saying games are for kids, that free equals fake, and that tours can be pirated, it doesn’t seem like too unreasonable a leap to to regulate .beauty too.
You feed beefburgers to swans
There’s a provision in the Beijing communique saying that every string on the GAC’s list must force its registrants “to comply with all applicable laws, including those that relate to… organic farming.”
So why the hell doesn’t .farm appear on the list?!?
Really, it doesn’t. I’ve triple-checked. It’s not there. According to the GAC’s advice, a .bingo registrant has to abide by organic farming laws but a .farm registrant does not.
Some professions are more equal than others
For all of the “Category 1” strings the GAC has advised against, the headline argument is this:
Strings that are linked to regulated or professional sectors should operate in a way that is consistent with applicable laws.
But there are plenty of strings that are “linked to regulated or professional sectors” that don’t merit a mention in the communique.
Alcohol, for example. The sale of booze is regulated pretty much everywhere — in some places it’s illegal — but .pub and .bar don’t make it to the GAC’s advice. Neither does .vodka.
If the GAC wants .weather to have strict controls — with no abuse scenario I can think of — why not a couple of TLDs that could, potentially, be used to sell alcohol over the internet?
What of construction? There may have been advice against .engineer, but .construction, .building, .contractors and .build got a pass. Why? Governments everywhere regulate the building industry tightly.
Here in the UK, if you want a plumber to come over and tinker with your heating you’d better hope they’re on the Gas Safe Register, but .plumber doesn’t show up in the Beijing communique.
Why not? An abusive .dentist registrant could mess up my teeth, but he’ll need an expensive surgery to do it in. An abusive .plumber, on the other hand, can come over and blow up my house with no such outlay.
Taxis are regulated in most big cities, but .taxi and .limo escaped GAC advice. Hell, even porn is strictly controlled in many countries, but .porn got a pass.
I could go on.
Anyway…
You might think I’m being petty, but remember: the GAC got the list of applied-for strings last June the same as everybody else. It had plenty of time to get its advice list right.
The GAC has a big responsibility in the multi-stakeholder process and by presenting advice that appears half-assed at best it makes it look like it doesn’t take that responsibility seriously.
I know it does, but it doesn’t appear that way.
Demand Media slates GAC’s new gTLDs demands
Demand Media has become the first new gTLD applicant to put its head above the parapet and tell ICANN that its latest batch of Governmental Advisory Committee advice is unworkable.
While its comment on the GAC’s Beijing communique is very diplomatically worded, it’s obvious that Demand reckons most of the “safeguard” advice it contains would be difficult, if not impossible, to implement.
The company has urged ICANN to refuse to adopt the advice, saying:
the spirit and actual letter of the GAC Advice related to these additional safeguards comes in a manner and form that is completely antithetical and contrary to ICANN’s bottom-up, multi-stakeholder, consensus-driven policy development process. Because the proposed safeguards, if implemented, would effectively change how new gTLDs are managed, sold, distributed, registered, operated, and used in the marketplace, the GAC Advice is tantamount to making “top-down,” dictatorial, non-consensus, policy which undermines the entire ICANN model. If ICANN chose to adopt any one of these three safeguards, ICANN itself would lose all legitimacy.
Demand seems to agree with many of the points raised in this DI post from a few weeks ago related to the GAC’s demand that hundreds of new gTLD registries should compel their registrants to stick to data security standards when they handle sensitive financial or healthcare data.
The GAC’s advice is extremely broad here and pays scant attention to the innumerable implementation questions raised. As such, Demand says in its comment (filed by applying subsidiary United TLD Holdco):
United TLD believes applicable laws and recognized industry standards should be developed and implemented by appropriate legislative, law enforcement and industry expert bodies and should not be developed by the registry operator.
It also takes issue with the GAC’s demand for registry operators to “establish a working relationship with the relevant regulatory body including developing a strategy to mitigate abuse.”
The company points out that many TLDs listed in the Beijing communique will have multiple uses, and even if there is a regulatory body for a subsection of registrants, it may not cover all.
For example, should a software engineer (an unregulated profession) have to agree to abide by rules developed for civil engineers when they register a .engineer domain name?
it would be inappropriate, and impossible, to find a “relevant regulatory body” with whom to establish a relationship related to the use of .ENGINEER. Additionally, what if the relevant regulatory body simply declined to work with a registry operator or does not respond to requests for collaboration?
The Demand comment is full of examples of problems such as this.
In broader terms, however, the registrar and applicant is utterly opposed to the GAC’s insistence that “certain” unspecified gTLDs representing regulated sectors should be forced, in effect, to transform into tightly restricted sponsored gTLDs.
The GAC wants these applicants to forge tight links with regulatory and self-regulatory bodies and vet each registrant’s credentials before allowing domains to be registered.
Demand said:
applicants, including United TLD, submitted their new gTLD applications believing that that they would be operating, managing and distributing generic TLDs. These three Safeguards completely change the nature of the new TLDs from being generic and widely available, to being “sponsored” TLDs restricted only to those individuals who must prove their status or credentials entitling them to register domain names with certain extensions. These three Safeguards are patently adverse to the core purpose of the new gTLD program and ICANN’s mission generally which is to promote consumer choice and competition.
While Demand is the first application to slam the GAC advice as a whole (a few others have submitted preliminary comments on specific subsets of advice), I’m certain it won’t be the last.
That said, .secure applicant Artemis Internet submitted what is possibly the most amusing example of “sucking up” I’ve ever seen in an ICANN public comment period.
The company actually requests to be added to the list of strings covered by the GAC advice on the grounds that its application was so gosh-darn wonderful it already planned to do all that stuff anyway.
I expect, by the time the comment period closes next Tuesday the prevailing mood from applicants will be more Demand and less Artemis.
Recent Comments