Recent Posts
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
ICANN bans closed generic gTLDs, for now
ICANN has slapped a de facto ban on so-called “closed generic” gTLDs, at least for the remaining 2012 round applicants.
The ICANN board’s New gTLD Program Committee passed a resolution Sunday that un-freezes the remaining new gTLD applications that envisage a namespace wholly controlled by the applicant.
The affected strings are .hotels, .dvr and .grocery, which are uncontested, as well as .food, .data and .phone, which are contested by one or two other applicants.
The NGPC said five strings are affected, but the ICANN web site currently shows these six.
The resolution allows the contested strings to head to dispute resolution or auction, but makes it clear that “exclusive generic gTLDs” will not be able to sign a registry contract.
Instead, they will either have to withdraw their applications (receiving a partial refund), drop their exclusivity plans, or have their applications carried over to the second new gTLD round.
The GNSO has been asked to develop a policy on closed generics for the second round, which is still probably years away.
It’s not clear whether other applicants would be able to apply for strings that are carried over, potentially making the close generic applicant fight two contention sets.
The NGPC decision comes over two years after the Governmental Advisory Committee advised that closed generics must serve “a public interest goal” or be rejected.
This weekend’s resolution sidesteps the “public interest” question altogether.
US Congresspeople tell ICANN to ignore GAC “interference”
A bispartisan group of US Congresspeople have called on ICANN to stop bowing to Governmental Advisory Committee meddling.
Showing characteristic chutzpah, the governmental body advises ICANN that advice from governments should be viewed less deferentially in future, lest the GAC gain too much power.
The members wrote (pdf):
Recent reports indicate that the GAC has sought to increase its power at the expense of the multistakeholder system. Although government engagement in Internet governance is prudent, we are concerned that allowing government interference threatens to undermine the multistakeholder system, increasing the risk of government capture of the ICANN Board.
The letter was signed by 11 members of the House Judiciary Subcommittee on Courts, Intellectual Property and the Internet, which is one of the House committees that most frequently hauls ICANN to Capitol Hill to explain itself.
Most of the signatories are from the Republican majority, but some are Democrats.
It’s not entirely clear where they draw the line between “engagement” and “interference”.
The letter highlights two specific pieces of GAC input that the signatories seem to believe constitute interference.
First, the GAC’s objection to Amazon’s application for .amazon. The letter says this objection came “without legal basis” and that ICANN “succumbed to political pressure” when it rejected the application.
In reality, the GAC’s advice was consensus advice as envisaged by the Application Guidebook rules. It was the US government that succumbed to political pressure, when it decided to keep its mouth shut and allow the rest of the GAC to reach consensus.
The one thing the GAC did wrong was filing its .amazon objection outside of the window envisaged by the Guidebook, but that’s true of almost every piece of advice it’s given about new gTLD applications.
Second, the Congresspeople are worried that the GAC has seized for its members the right to ban the two-letter code representing their country from any new gTLD of their choosing.
I’ve gone into some depth into how stupid and hypocritical this is before.
The letter says that it has “negative implications for speech and the world economy”, which probably has a grain of truth in it.
But does it cross the line from “engagement” to “interference”?
The Applicant Guidebook explicitly “initially reserved” all two-letter strings at the second level in all new gTLDs.
It goes on to say that they “may be released to the extent that Registry Operator reaches agreement with the government and country-code manager.”
While the rule is pointless and the current implementation convoluted, it comes as a result of the GAC engaging before the new gTLD program kicked off. It was something that all registries were aware of when they applied for their gTLDs.
However, the GAC’s more recent behavior on the two-letter domain subject has been incoherent and looks much more like meddling.
At the ICANN meeting in Los Angeles last October, faced with requests for two-character domains to be released, the GAC issued formal advice saying it was “not in a position to offer consensus advice on the use of two-character second level domain names”.
ICANN’s board of directors accordingly passed a resolution calling for a release mechanism to be developed by ICANN staff.
But by the time February ICANN meeting rolled around, it had emerged that registries’ release requests had been put on hold by ICANN due to letters from the GAC.
The GAC then used its Singapore communique to advise ICANN to “amend the current process… so that relevant governments can be alerted as requests are initiated.” It added that “Comments from relevant governments should be fully considered.”
ICANN interpreted “fully considered” to mean an effective veto, which has led to domains such as it.pizza and fr.domains being banned.
So it does look like thirteenth-hour interference but that’s largely because the GAC is often incapable of making its mind up, rarely talks in specifics, and doesn’t meet frequently enough to work within timelines set by the rest of the community.
However, while there’s undoubtedly harm from registries being messed around by the GAC recently, governments don’t seem to have given themselves any powers that they did not already have in the Applicant Guidebook.
.wine no longer blocked after EU drops complaint
Donuts and ICANN are currently in the process of signing new gTLD agreements for .wine and .vin, after the European Union and wine sellers dropped objections.
As of today, both gTLDs are “In Contracting” rather than “On Hold”, according to ICANN’s web site.
ICANN revealed earlier this week that the European Union and various wine trade associations have both dropped their Cooperative Engagement Process complaints.
CEP is less formal precursor to a much more expensive and lawyer-hungry Independent Review Process complaint.
With the CEPs out of the way, Donuts is now free to sign its contracts.
Donuts won the auction for .wine back in November, but its application was frozen due to ongoing arguments about the protection of “geographic indicators” representing wine-making regions.
Governments, particularly in Europe and Latin America, had protested that .wine and .vin should not be allowed to launch until areas such as Rioja and Champagne were given special privileges.
Last October, ICANN CEO Fadi Chehade told the French government that it was negotiating with applicants to get these protections included in the contracts.
Either Donuts has agreed to such protections, or the EU and wine-makers have gotten bored of complaining.
My feeling is the former is probably more likely, which may be controversial in itself.
There is no international agreement on GI protection — the US and Australia opposed the EU’s position on .wine — so this may be seen as a case of ICANN creating new rights where none previously existed.
Governments go on a kill-crazy rampage with new two-letter domain veto
ICANN has confirmed to new gTLD registries that governments now get to unilaterally block two-letter domains that match their home ccTLDs.
The organization has essentially given nations a veto — already enthusiastically exercised — over domains including il.army, it.pizza and fr.domains.
I’m not making this up. The Italian government has banned anyone from registering it.pizza.
Governments have already started invoking their new-found right, with dozens of domains already heading to the block-list.
The veto was revealed in a letter from Akram Atallah, president of ICANN’s Global Domains Division, to the Registries Stakeholder Group yesterday.
It has not been published yet, but I’ve had its contents confirmed by a few registries and I understand the RySG mailing list is buzzing about it today.
In it, Atallah says that two-letter strings that do not receive objections from the government with the matching ccTLD will be released within seven to 10 days of comment periods closing.
However, strings that do receive objections will remain blocked.
For labels that receive objections from relevant governments, the labels will remain reserved. Should the registry operator and the objecting government reach an agreement regarding the release of the label, the registry operator shall notify ICANN that it has reached agreement, and ICANN will approve the release request and issue an authorization. The label will no longer be a reserved name.
…
until there is Consensus Policy or a Board Resolution on this matter, ICANN can only follow the process outlined above. ICANN encourages further community discussions to resolve this matter, and until then, negotiation between the objector and the registry operator as a means to release this class of labels from the reserved names list.
New gTLD registries believe, as they explained in a recent letter (pdf), that neither ccTLD operators nor their governments own these two-character strings. They believe ICANN is creating new rights.
So far, two-character domains have been banned by default in all new gTLDs. It was kind of a placeholder policy in order to get the new gTLD program launched a few years ago.
ICANN did enable the release of letter-number, number-letter and number-number strings in December, but made letter-letter combinations subject to government comments.
Following a GAC outcry last month, the comment periods were extended.
All comments were to be “fully considered”, but it wasn’t clear what that meant until the RySG asked and Atallah replied yesterday.
Some governments are already using the comment period to exercise their new veto.
The European Commission, for example, has objected to eu.credit, eu.creditcard, eu.auction, eu.casino, eu.bingo and eu.law.
The basis for the EU objections is in most of the cases: “The new TLD at hand corresponds to a regulated market in many EU countries. Its release might generate confusion and possible abuses at the end users level.”
It’s a wonder that the EU doesn’t seem to care about those strings in its own .eu ccTLD, where they’re all registered by people that I suspect may lack credentials.
Does credit.eu look to you like the registrant is a credentialed member of a regulated financial services industry? If he was, he may be able to afford a better web site.
The Commission also objects to eu.community, because:
the terms “EU Community” or “European Community” are widely used
That is true, which makes me wonder why the EU is allowing community.eu to languish parked at Sedo. You’d have to ask the Commission.
Israel, meanwhile, objects to il.casino, il.bingo, il.law, il.chat, il.bible, il.country, il.airforce, il.navy and il.army
The Vietnamese ccTLD registry has objected to several vn. domains, but it’s not clear to me whether it has veto authority.
Italy has objected to it.pizza, it.bingo and it.casino. Really, Italy? You’re objecting to “it.pizza”?
Côte d’Ivoire objects to all ci. domains.
Spain objects to es.casino, es.bingo and es.abogado.
Again, I invite you to check out bingo.es and casino.es and make a judgement as to whether the registrants are licensed gambling establishments.
Taiwan has vetoed the release of .tw in all city gTLDs (such as tw.london, tw.berlin etc) over a “concern that the release of above-mentioned domain names may cause the degradation of statehood”.
France has objected to “fr” in .archi, .army, .airforce, .bank, .bet, .bio, .casino, .cloud, .dentist, .doctor, .domains, .finance, .lawyer, .navy and .sarl.
Again again, several of these domains are just parked if you flip the words to the other side of the dot.
As a reminder, ICANN CEO Fadi Chehade said recently:
Come on guys, do not apply rules that you’re not using today to these new folks simply because it’s easy, because you can come and raise flags here at ICANN. Let’s be fair.
Does Chehade agree with Donuts on .doctor?
Should governments have the right to force business-limiting restrictions on new gTLD operators, even though they don’t have the same rules in their own ccTLDs?
ICANN CEO Fadi Chehade evidently believes the answer to that question is “No”, but it’s what ICANN is controversially imposing on Donuts and two other .doctor applicants anyway.
Donuts recently filed a Request for Reconsideration appeal with ICANN over its decision to make the .doctor gTLD restricted to medical professionals only.
It was an unprecedented “Public Interest Commitment” demanded by ICANN staff in order to keep the Governmental Advisory Committee happy.
The GAC has been asking for almost two years for so-called “Category 1” gTLD strings — which could be seen to represent highly regulated sectors such as law or medicine — to see a commensurate amount of regulation from ICANN.
Governments wanted, for example, registrants to show professional credentials before being able to register a name.
In the vast majority of instances, ICANN creatively reinterpreted this advice to require registrants to merely assert that they possess such credentials.
These rules were put in registries’ contracts via PICs.
But for some reason in February the organization told Donuts that .doctor domains must be “ascribed exclusively to legitimate medical practitioners.”
According to Donuts, this came out of the blue, is completely unnecessary, an example of ICANN staff making up policy on the spot.
Donuts wants to be able to to sell .doctor names to doctors of any discipline, not just medical doctors. It also wants people to be able to use the names creatively, such as “computer.doctor” or “skateboard.doctor”.
What makes ICANN’s decision especially confusing is that CEO Fadi Chehade had the previous day passionately leaped to the defense of new gTLD registries in their fight against unnecessary GAC-imposed red tape.
The following video, in which Chehade uses .dentist as an example of a string that should not be subject to even more oversight, was taken February 11 at a Q&A with the Domain Name Assocation.
The New gTLD Program Committee meeting that authorized ICANN staff to add the new PIC took place February 12, the very next day. Chehade did not attend.
It’s quite remarkable how in line with registries Chehade seems to be.
It cuts to the heart of what many believe is wrong with the GAC — that governments demand of ICANN policies that they haven’t even bothered to implement in their own countries, just because it’s much easier to lean on ICANN than to pass regulations at home.
Here’s the entire text of his answer. He’s describing conversations he’d had with GAC members earlier in the week.
They’re saying stop all the Category 1 TLDs. Stop them. Freeze them!
And we said: Why do we need to freeze them? What’s the issue?
They said: It’s going to harm consumers.
How will it harm consumers? We started having a debate.
It turns out that they’re worried that if somebody got fadi.casino or fadi.dentist, to pick one of Statton’s [Statton Hammock, VP at Rightside, who was present], that this person is not a dentist and will pluck your ear instead of your teeth. How do you make sure they’re a dentist?
So I asked the European Commission: How do you make sure dentist.eu is a dentist?
They said: We don’t. They just get it.
I said: Okay, so why do these guys [new gTLD registries] have to do anything different?
And they said: The new gTLD program should be better or a model…
I said: Come on guys, do not apply rules that you’re not using today to these new folks simply because it’s easy, because you can come and raise flags here at ICANN. Let’s be fair. How do you do it at EU?
“Well, if somebody reports that fadi.dentist.eu is not a dentist, we remove them.”
Statton said: We do the same thing. It’s in our PICs. If fadi.dentist is not, and somebody reports them…
They said: But we can’t call compliance.
You can call compliance. Anyone can call compliance. Call us and we’ll follow up. With Statton, with the registrar.
What we have here is Chehade making a passionate case for the domain name industry’s right to sell medical-themed domain names without undue regulation — using many of the same arguments that Donuts is using in its Reconsideration appeal — then failing to show up for a board meeting the next day when that specific issue was addressed.
It’s impossible to know whether the NGPC would have reached a different decision had Chehade been at the February 12 meeting, because no formal vote was taken.
Rather, the committee merely passed along its “sense” that ICANN staff should carrying on what it was doing with regards implementing GAC advice on Category 1 strings.
While Chehade is but one voice on the NGPC, as CEO he is in charge of the ICANN staff, so one would imagine the decision to add the unprecedented new PIC to the .doctor contract falls into his area of responsibility.
That makes it all the more baffling that Donuts, and the other .doctor new gTLD applicants, are faced with this unique demand to restrict their registrant base to one subset of potential customers.
ICANN ditches plan to give governments more power
ICANN has quietly abandoned a plan to make it harder for its board of directors to go against the wishes of national governments.
A proposal to make a board two-thirds super-majority vote a requirement for overruling advice provided by the Governmental Advisory Committee is now “off the table”, ICANN CEO Fadi Chehade told a US Senate committee hearing today.
The threshold, which would replace the existing simple majority requirement, was proposed last August as a result of talks in a board-GAC working group.
At the time, I described the proposal as a “fait accompli” — the board had even said it would use the higher threshold in votes on GAC advice in advance of the required bylaws change.
But now it’s seemingly gone.
The news emerged during a hearing of the Senate Committee on Commerce, Science, and Transportation today in Washington DC, which was looking into the transition of US oversight of ICANN’s IANA functions to a multi-stakeholder process.
Asked by Sen. Deb Fischer whether the threshold change was consistent with ICANN’s promise to limit the power of governments in a post-US-oversight world, Chehade replied:
You are right, this would be incongruent with the stated goals [of the IANA transition]. The board has looked at that matter and has pushed it back. So it’s off the table.
That came as news to me, and to others listening to the hearing.
The original plan to change the bylaws came in a board resolution last July.
If it’s true that the board has since changed its mind, that discussion does not appear to have been documented in any of the published minutes of ICANN board meetings.
If the board has indeed changed its mind, it has done so with the near-unanimous blessing of the rest of the ICANN community (although I doubt the GAC was/will be happy).
The public comment period on the proposal attracted dozens of responses from community members, all quite vigorously opposed to the changes.
The ICANN report on the public comments was due October 2, so it’s currently well over four months late.
UPDATE 1: An ICANN spokesperson just got in touch to say that the board decided to ditch its plan in response to the negative public comments.
UPDATE 2: Another ICANN spokesperson has found a reference to the board’s U-turn in the transcript of a meeting between the ICANN board and GAC at the Los Angeles public meeting last October. A brief exchange between ICANN chair Steve Crocker and Heather Dryden, then chair of the GAC, reads:
DRYDEN: On the issue of the proposed bylaw changes to amend them to a third — two-thirds majority to reject or take a decision not consistent with the GAC’s advice, are there any updates there that the Board would like to — the Board or NGPC? I think it’s a Board matter? Yes?
CROCKER: Yes.
Well, you’ve seen the substantial reaction to the proposal.
The reaction embodies, to some extent, misunderstanding of what the purpose and the context was, but it also is very instructive to all of us that the timing of all this comes in the middle of the broader accountability question.
So it’s — I think it’s in everyone’s interest, GAC’s interest, Board’s interest, and the entire community’s interest, to put this on hold and come back and revisit this in a larger context, and that’s our plan.
So it seems that the ICANN board did tip its hand a few months ago, but not many people, myself included, noticed.
Delays to two-letter domains after governments take a second bite at the apple
New gTLD registries will have to wait a bit longer before they’re allowed to start selling two-character domain names, after ICANN’s Governmental Advisory Committee controversially issued new guidelines on their release.
The registries for hundreds of gTLDs will be affected by the delays, which could last a few months and were put in place by the ICANN board of directors at the request of the GAC at the ICANN 52 meeting in Singapore last week.
The two-character domain issue was one of the most contentious topics discussed at ICANN 52.
Exasperated registries complained to ICANN’s board that their requests to release such domains had been placed on hold by ICANN staff, apparently based on a letter from GAC chair Thomas Schneider which highlighted concerns held by a small number of governments.
The requests were frozen without a formal resolution by the board, and despite the fact that the GAC had stated more than once that it did not have consensus advice to give.
Some governments don’t want any two-letter domains that match their own ccTLDs to be released.
Italy, for example, has made it clear that it wants it.example and 1t.example blocked from registration, to avoid confusion.
Others, such as the US, have stated publicly that they have no issue with any two-character names being sold.
The process for releasing the names went live in December, following an October board resolution. It calls for a 30-day comment period on each request, with official approval coming seven to 10 days later.
But despite hundreds of requests going through the pipe, ICANN has yet to approve any. That seems to be due to Schneider’s letter, which said some governments were worried the comment process was not transparent enough.
This looked like a case of ICANN staff putting an unreasonable delay on part of registries’ businesses, based on a non-consensus GAC position that was delivered months after everyone thought it was settled law.
Registries grilled the board and senior ICANN executives about this apparent breakdown in multi-stakeholder policy-making last Tuesday, but didn’t get much in the way of an explanation.
It seems the GAC chair made the request, and ICANN implemented a freeze on a live business process, without regard to the usual formal channels for GAC advice.
However, the GAC did issue formal advice on two-letter domains on Wednesday during the Singapore meeting. ICANN’s board adopted the advice wholesale the next day.
This means that the comment period on each request — even the ones that have already completed the 30-day period — will be extended to 60 days.
The delay will be longer than a month for those already in the pipe, however, as ICANN still has to implement the board-approved changes to the process.
One of those changes is to alert governments when a new registry request has been made, a potentially complex task given that not every government is a member of the GAC.
The board’s resolution says that all comments from governments “will be fully considered”, which probably means we won’t be seeing the string “it” released in any new gTLD.
The GAC has also said it will publish a list of governments that do not intend to object to any request, and a list of governments that intend to object to every request.
Anger as governments delay two-letter domains
ICANN has heard an angry response from gTLD registries after delaying the release of two-character domains in new gTLDs, apparently at the whim of a small number of governments.
ICANN has yet to approve any of the over 350 requests for the release of two-letter domains filed by registries under a process approved by its board last October and launched in December.
The reason, according to registries, is that members of ICANN’s Governmental Advisory Committee — probably a minority — have objected and ICANN staff has “unilaterally” put a halt to the process.
Some governments — Spain, Italy and Cote d’Ivoire among them — are concerned that two-letter domains, such as es.example or it.example, may cause confusion with existing ccTLDs.
But the GAC itself was unable to find a consensus against the release of two-letter domains when it discussed the issue back in October. It merely asked for comment periods to allow individual governments to object to specific domains.
So ICANN’s board asked staff to create an “efficient procedure” to have requests swiftly approved, taking some of the stress off of the regular Registry Services Evaluation Process.
Two-letter domains have a premium dollar value for open registries, while multinational dot-brands expect to find them useful to market to the territories in which they operate.
Under the streamlined approval process, each request is subject to a 30-day comment period, and would be approved or not within seven to 10 days.
Right now, the oldest requests, which were filed in early December, are almost a month overdue for a response. The Registries Stakeholder Group told ICANN, in a letter (pdf):
We write to raise serious concern about what appears to be a recent closed-door, unilateral decision by ICANN staff, which took place over a period of weeks, to defer action on pending requests for two-character labels. This action was apparently initiated as a result of recent correspondence you received from the Chair of the Governmental Advisory Committee — but which critically does not represent formal consensus advice or even purport to represent the opinion of the GAC as a whole
It’s a case of governments strong-arming ICANN staff into changing policy, the registries claim.
GAC chair Thomas Schneider’s letter (pdf) says that an unspecified number of governments have “concerns” that the approval process was launched quite quickly and without any formal consultation with the GAC.
He goes on to make a laundry list of recommendations for making the process more amenable to governments, before requesting a “stay” on approvals until the GAC has further discussed the issue.
To date, registries representing a little over 300 strings have completed their 30-day comment periods, yet there have been only four comments from governments.
Italy and Cote d’Ivoire want ICANN to deny all requests for it.example and ci.example, because they may be confused with ccTLDs.
Spain, meanwhile, filed specific objections against the release of es.bingo, es.casino and es.abogado (lawyer), saying that these are regulated industries in Spain and should only be given to registrants who “have the required credentials”.
The RySG wants ICANN staff to immediately start approving requests that have passed through the comment process. The GAC says it will discuss the matter further at the ICANN 52 meeting currently going on in Singapore.
When RySG members raised the topic at a meeting the with ICANN board yesterday, directors avoided directly addressing the specific concerns.
Human glitch lets hackers into ICANN
It’s 2014. Does anyone in the domain name business still fall for phishing attacks?
Apparently, yes, ICANN staff do.
ICANN has revealed that “several” staff members fell prey to a spear-phishing attack last month, resulting in the theft of potentially hundreds of user credentials and unauthorized access to at least one Governmental Advisory Committee web page.
According to ICANN, the phishers were able to gather the email passwords of staff members, then used them to access the Centralized Zone Data Service.
CZDS is the clearinghouse for all zone files belonging to new gTLD registries. The data it stores isn’t especially sensitive — the files are archives, not live, functional copies — and the barrier to signing up for access legitimately is pretty low.
But CZDS users’ contact information and login credentials — including, as a matter of disclosure, mine — were also accessed.
While the stolen passwords were encrypted, ICANN is still forcing all CZDS users to reset their passwords as a precaution. The organization said in a statement:
The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised.
As a victim, this doesn’t worry me a lot. My contact details are all in the public Whois and published on this very web site, but I can imagine other victims might not want their home address, phone number and the like in the hands of ne’er-do-wells.
It’s the second time CZDS has been compromised this year. Back in April, a coding error led to a privilege escalation vulnerability that was exploited to view requests by users to new gTLD registries.
Also accessed by the phishers this time around were several pages on the GAC wiki, which is about as interesting as it sounds (ie, not very). ICANN said the only non-public information that was viewed was a “members-only index page”.
User accounts on the ICANN blog and its Whois information portal were also accessed, but apparently no damage was caused.
In summary, the hackers seem to have stolen quite a lot of information they could have easily obtained legitimately, along with some passwords that may allow them to cause further mischief if they can be decrypted.
It’s embarrassing for ICANN, of course, especially for the staff members gullible enough to fall for the attack.
While the phishers made their emails appear to come from ICANN’s own domain, presumably their victims would have had to click through to a web page with a non-ICANN domain in the address bar order to hand over their passwords.
That’s not the kind of practice you’d expect from the people tasked with running the domain name industry.
For only the second time, ICANN tells the GAC to get stuffed
ICANN’s board of directors has decided to formally disagree with its Governmental Advisory Committee for what I believe is only the second time in the organization’s history.
In a letter to new GAC chair Thomas Schneider today, ICANN chair Steve Crocker took issue with the fact that the GAC recently advised the board to cut the GNSO from a policy-making decision.
The letter kick-starts a formal “Consultation Procedure” in which the board and GAC try to reconcile their differences.
It’s only the second time, I believe, that this kind of procedure — which has been alluded to in the ICANN bylaws since the early days of the organization — has been invoked by the board.
The first time was in 2010, when the board initiated a consultation with the GAC when they disagreed about approval of the .xxx gTLD.
It was all a bit slapdash back then, but the procedure has since been formalized somewhat into a seven-step process that Crocker outlined in an attachment to his letter (pdf) today.
The actual substance of the disagreement is a bit “inside baseball”, relating to the long-running (embarrassing, time-wasting) saga over protection for Red Cross/Red Crescent names in new gTLDs.
Back in June at the ICANN 50 public meeting in London, the GAC issued advice stating:
the protections due to the Red Cross and Red Crescent terms and names should not be subjected to, or conditioned upon, a policy development process
A Policy Development Process is the mechanism through which the multi-stakeholder GNSO creates new ICANN policies. Generally, a PDP takes a really long time.
The GNSO had already finished a PDP that granted protection to the names of the Red Cross and Red Crescent in multiple scripts across all new gTLDs, but the GAC suddenly decided earlier this year that it wanted the names of 189 national Red Cross organizations protected too.
And it wasn’t prepared to wait for another PDP to get it.
So, in its haste to get its changing RC/RC demands met by ICANN, the GAC basically told ICANN’s board to ignore the GNSO.
That was obviously totally uncool — a slap in the face for the rest of the ICANN community and a bit of an admission that the GAC doesn’t like to play nicely in a multi-stakeholder context.
But it would also be, Crocker told Schneider today, a violation of ICANN’s bylaws:
The Board has concerns about the advice in the London Communiqué because it appears to be inconsistent with the framework established in the Bylaws granting the GNSO authority to recommend consensus policies to the Board, and the Board to appropriately act upon policies developed through the bottom-up consensus policy developed by the GNSO.
Now that Crocker has formally initiated the Consultation Procedure, the process now calls for a series of written and face-to-face interactions that could last as long as six months.
While the GAC may not be getting the speedy resolution it so wanted, the ICANN board’s New gTLD Program Committee has nevertheless already voted to give the Red Cross and Red Crescent the additional protections the GAC wanted, albeit only on a temporary basis.
Recent Comments