Recent Posts
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
- $2 million Christmas bonus for ICANN
- Another VW car dot-brand crashes out
- Largest back-end switch EVER as GoDaddy loses deal
- Yeah, we got phished, ICANN admits after crypto hack
- ICANN hacked to promote crypto scam
- Super Bowl a bit of a dud for .com?
- More gloom predicted for .com
- These are the .gov domains Trump has deleted so far
- Did Trump just create the world’s next ccTLD?
- $3,000 to do a Whois lookup?
- PIR to join GlobalBlock, but its crown jewel won’t
- LA wildfire victims get domain deletes delay
First three Community Objections decided: DotGay and Google win but Donuts loses
The International Chamber of Commerce has delivered the first three Community Objection decisions in the new gTLD program, killing off one application and saving two others.
These are the results:
.gay
The objection filed by Metroplex Republicans of Dallas, a gay political organization, against DotGay LLC has failed.
The panelist, Bernhard Schlink, decided that Metrolplex lacked standing to file the objection, stating:
while the conservative segment, with which Metroplex claims association, is a segment of the clearly delineated gay community, it is not a clearly delineated community in and of itself. That some LGBTQ people hold conservative political views and vote for conservative candidates may bring them into a statistical category, but does not make them connect, gather, interact, or do anything else together that would constitute a community, or, that would make them publicly visible as one.
It was the only objection against this .gay application, meaning it can now proceed to later stages of the new gTLD process.
.fly
The objection was filed by FairSearch.org, a coalition of companies that campaigns against Google’s dominance of online markets, against Google’s .fly application.
The application was originally for a “closed generic” registry, but Google has since stated that it has changed its mind and run .fly with an open registration policy.
FairSearch lost the objection, despite ICC panelist George Bermann giving it the benefit of the doubt multiple times during his discussion on its standing to object.
Instead, Google prevailed due to FairSearch’s failure to demonstrate enough opposition to its application, with Bermann writing:
A showing of substantial opposition to an application is critical to a successful Objection. Such a showing is absent here.
He also decided that Google presented a better case when it came to arguing whether or not its .fly would be damaging to the community in question.
.architect
Finally, Donuts has lost its application for .architect, due to an objection by the International Union of Architects, which supports Starting Dot’s competing application for .archi.
Donuts had argued that UIA did not have standing to object because an “architect” does not always mean the kind of architect that designs buildings, which is the community the UIA represents. It could mean a software architect or landscape architects, for example.
But panelist Andreas Reiner found that even if the UIA represents a subset of the overall “architect” community, that subset was still substantial enough, still a community, and still represented by the string “architect”, so that it did have the standing to use the Community Objection.
It also did not matter that the UIA does not represent all the “structural architects” in the world, the panelist found. It represents enough of them that its opposition to .architect passes the “substantial” test.
He eventually took the word “architect” in its most common use — people who design buildings — in determining whether the UIA was closely associated with the community in question.
On the question of whether architects would be harmed by Donuts’ plan for .architect, the panelist noted that architects are always licensed for public safety reasons.
Here are some extracts from his decision, which seem important:
Beyond concerns of public safety, habitat for human beings is of essential importance in society, at the human-social level, at the economic level and at the environmental level
…
it would be compatible with the above references public interests linked to the work of architects and with the related consumer protection concerns, to allow the domain name “.architect” to be used by anyone other than “architects” who, by definition, need to be licensed
…
The use of the top-level domain “.architect” by non-licenced architects is in itself an abuse. This top-level domain refers to a regulated professional service. Therefore all safeguards must be adopted to prevent its use by a non-licensed person.
…
The top-level domain “.architect” raises the legitimate expectation that the related website is the webiste of a licensed architect (or a group of licenced architects). Correct information is essential to consumers visiting websites.
Basically, Reiner trashed Donuts long-standing argument in favor of blanket open registration policies.
He noted specifically that whether to allow a gTLD to proceed might be considered a free speech question, but said that free speech often has its limits, such as in cases of consumer protection.
Worryingly, one of the pieces of evidence that the panelist considered was the Governmental Advisory Committee’s Beijing communique, which contains the GAC’s formal advice against over 500 applications.
Public Suffix List to get monthly new gTLD updates
New gTLDs are set to be added to the widely used Public Suffix List within a month of signing an ICANN registry agreement, according to PSL volunteer Jothan Frakes.
This is pretty good news for new gTLD registries.
The PSL, maintained by volunteers under the Mozilla banner, is used in browsers including Firefox and Chrome, and will be a vital part of making sure new gTLDs “work” out of the box.
If a TLD doesn’t have an entry on the PSL, browsers tend to handle them badly.
For example, after .sx launched last year, Google’s Chrome browser returned search results instead of the intended web site when .sx domain names were typed into the address/search bar.
It also provides a critical security function, telling browsers at which level they should allow domains to set cookies.
According to Frakes, who has been working behind the scenes with other PSL volunteers and ICANN staff to get this process working, new gTLDs will usually hit the PSL within 30 days of an ICANN contract.
Due to the mandatory pre-delegation testing period, new gTLDs should be on the PSL before or at roughly the same time as they are delegated, with plenty of time to spare before they launch.
The process of being added to the PSL should be fairly quick for TLDs that intend to run flat second-level spaces, according to Frakes, but may be more complex if they plan to do something less standard, such as selling third-level domains, for example.
Browser makers may take some time to update their own lists with the PSL updates. Google, with its own huge portfolio of applications, will presumably be incentivized to stay on the ball.
Google beats Donuts in objection — .pet and .pets ARE confusingly similar
Google has won a String Confusion Objection against rival new gTLD applicant Donuts, potentially forcing .pet and .pets into the same contention set.
The shock ruling by International Centre for Dispute Resolution panelist Richard Page goes against previous decisions finding singulars and plurals not confusingly similar.
In the 11-page decision, Page said he decided to not consider the reams of UDRP precedent or US trademark law submitted by the two companies, and seems to have come to his opinion based on a few simple facts:
Objector has come forward with the following evidence for visual, aural and meaning similarity. Visually, the words are identical but for the mere addition of the letter “s”. Aurally, the word “pets” is essentially phonetically equivalent to the word “pet”. The term “pet” is pronounced as it is spelled, “pet”. The term “pets” is likewise pronounced as “pets” in essentially a phonetically equivalent fashion. The terms each have only one syllable, and they have the same stress pattern, with primary accent on the initial “pe” portion of the words. In commercial meaning, the terms show no material difference. As English nouns, “pets” is the pluralization of “pet”.
The visual similarity and algorithmic score are high, the aural similarity is high, the meaning similarity is high. Objector has met its burden of proof. The cumulative impact of these factors is such that the Expert determines that the delegation of <.pet> gTLD and the <.pets> gTLD into the root zone will cause a probability of confusion.
Page did take into account the similarity score provided by the Sword algorithm — for .pet and .pets it’s actually a fairly weak 72% — in his thinking on visual similarity.
But he specifically rejected Donuts’ defense that co-existence of plurals at the second level was proof that plural/singular gTLDs could also co-exist at the top-level, saying:
The rapid historical development of the Internet and the proliferation of domain names over the past two decades has taken place without the application of the string confusion standard now established for gTLDs. Therefore, the Expert has not considered the current coexistence of pluralized second-level TLDs or similarities between country code TLDs and existing gTLDs in the application of the string confusion standard in this proceeding.
Can: open. Worms: everywhere.
The decision stands in stark contrast to the decision (pdf) of Bruce Belding in the .hotel v .hotels case, in which it was found that the two strings were “sufficiently visually and audibly different”.
Likewise, the panelist in .car v .cars (pdf) found that Google had not met the high evidential bar to proving the “probability” rather than mere “possibility” of confusion.
One has to assume that the evidence Google submitted in .car is fairly similar to the evidence it submitted in .pets.
Are String Confusion Objections just a crap shoot, the outcome depending on which panelist you get? It’s probably too early to say for sure, but it’s looking like a possibility.
The big test will come with the next .pets decision. Afilias, the other .pet applicant, has also filed an SCO against Donuts over its .pets bid.
What if the panel in the Afilias case goes the other way? Will Donuts be in a contention set with Google and Afilias or won’t it?
I asked Akram Atallah, president of ICANN’s Generic Domains Division, about this yesterday and he said that ICANN basically doesn’t know, and that it might have to refer back to the community for advice.
Read the Atallah interview here and the .pets decision (pdf) here.
Dotless domains are dead
ICANN has banned dotless gTLDs, putting a halt to Google’s plans to run .search as a dotless search service and confounding the hopes of some portfolio applicants.
ICANN’s New gTLD Program Committee, acting with the powers of its board of directors passed the resolution on Tuesday. It was published this morning. Here’s the important bit (links added):
Resolved (2013.08.13.NG02), in light of the current security and stability risks identified in SAC053, the IAB statement and the Carve Report, and the impracticality of mitigating these risks, the NGPC affirms that the use of dotless domains is prohibited.
The current version of the Applicant Guidebook bans dotless domains (technically, it bans apex A, AAAA and MX records) but leaves the door open for registries to request an exception via Extended Evaluation.
This new decision closes that door.
The decision comes a week after the publication of Carve Systems’ study of the dotless domain issue, which concluded that the idea was potentially “dangerous” and that if ICANN intended to allow them it should do substantial outreach to hardware and software makers, essentially asking them to change their products.
The Internet Architecture Board said earlier that “dotless domains are inherently harmful to Internet security.”
Microsoft, no doubt motivated in part at least by competitive concerns in the search market, had repeatedly implored ICANN to implement a ban on security grounds.
Google had planned to run .search as a browser service that would allow users to specify preferred search engines. I doubt the dotless ban will impact its application’s chances of approval.
Donuts and Uniregistry, which together have applied for almost 400 gTLDs, had also pushed for ICANN to allow dotless domains, although I do not believe their applications explicitly mentioned such services.
Dotless domains “dangerous”, security study says
An independent security study has given ICANN a couple dozen very good reasons to continue outlaw “dotless” domain names, but stopped short of recommending an outright ban.
The study, conducted by boutique security outfit Carve Systems and published by ICANN this morning, confirms that dotless domains — as it sounds, a single TLD label with no second-level domain and no dot — are potentially “dangerous”.
If dotless domains were to be allowed by ICANN, internet users may unwittingly send their private data across the internet instead of a local network, Carve found.
That’s basically the same “internal name collision” problem outlined in a separate paper, also published today, by Interisle Consulting (more on that later).
But dotless domains would also open up networks to serious vulnerabilities such as cookie leakage and cross-site scripting attacks, according to the report.
“A bug in a dotless website could be used to target any website a user frequents,” it says.
Internet Explorer, one of the many applications tested by Carve, automatically assumes dotless domains are local network resources and gives them a higher degree of trust, it says.
Such domains also pose risks to users of standard local networking software and residential internet routers, the study found. It’s not just Windows boxes either — MacOS and Unix could also be affected.
These are just a few of the 25 distinct security risks Carve identified, 10 of which are considered serious.
ICANN has a default prohibition on dotless gTLDs in the new gTLD Applicant Guidebook, but it’s allowed would-be registries to specially request the ability to go dotless via Extended Evaluation and the Registry Services Evaluation Process (with no guarantee of success, of course).
So far, Google is the only high-profile new gTLD applicant to say it wants a dotless domain. It wants to turn .search into such a service and expects to make a request for it via RSEP.
Other portfolio applicants, such as Donuts and Uniregistry, have also said they’re in favor of dotless gTLDs.
Given the breadth of the potential problems identified by Carve, you might expect a recommendation that dotless domains should be banned outright. But that didn’t happen.
Instead, the company has recommended that only certain strings likely to have a huge impact on many internet users — such as “mail” and “local” — be permanently prohibited as dotless TLDs.
It also recommends lots of ways ICANN could allow dotless domains and mitigate the risk. For example, it suggests massive educational outreach to hardware and software vendors and to end users.
Establish guidelines for software and hardware manufacturers to follow when selecting default dotless names for use on private networks. These organizations should use names from a restricted set of dotless domain names that will never be allowed on the public Internet.
Given that most people have never heard of ICANN, that internet standards generally take a long time to adopt, and allowing for regular hardware upgrade cycles, I couldn’t see ICANN pulling off such a feat for at least five to 10 years.
I can’t see ICANN approving any dotless domains any time soon, but it does appear to have wiggle-room in future. ICANN said:
The ICANN Board New gTLD Program Committee (NGPC) will consider dotless domain names and an appropriate risk mitigation approach at its upcoming meeting in August.
DotMusic loses LRO, and four other cases rejected
Constantine Roussos has lost his first Legal Rights Objection over the flagship .music gTLD.
The case, DotMusic v Charleston Road Registry (pdf) was actually thrown out on a technicality — DotMusic didn’t present any evidence to show that it was the owner of the trademarks in question.
But the WIPO panelist handling the case made it pretty clear that DotMusic wouldn’t have won on the merits anyway.
If any applicant can be said to have built a brand around a proposed generic-term gTLD, it’s Roussos. DotMusic has been promoting .music on social media an in the music industry for years.
The company also owns the string “music” in a number of second-tier TLDs such as .co, .biz and .fm.
It’s not a bogus, last-minute attempt to game the system, like the .home cases — filed using Roussos-acquired trademarks — that have been thrown out repeatedly over the last couple of weeks.
The panelist addressed this directly:
On the one hand, the Panel recognizes that there has been a real investment by the Objector and associated parties in the trademark registrations, domain name registrations, sponsorship and branding to create consumer recognition and goodwill entitled to protection. On the other hand, there is a circularity in the Objector’s position in that the rights upon which the Objector relies to defeat the application are to a certain extent conditional on the defeat of the Applicant and the Objector’s success in obtaining the <.music> gTLD string.
In other words, Catch-22.
The panelist decided that .music is generic, that Google’s proposed use of it is generic, and that obtaining a trademark on a gTLD should not be a legit way to exclude rival applicants for that gTLD.
One objective of the Objector has been to obtain precisely the type of competitive advantage (in this case in the application process for the <.music> gTLD string) that the doctrine of generic names is designed to prevent. However, as the Applicant proposes to use the <.music> gTLD string in a generic sense it is immune from this challenge.
On that basis, the LRO would have failed, had DotMusic managed to demonstrate standing to object in the first place.
Unfortunately, DotMusic didn’t present any evidence that it actually owned the trademarks in question, which were applied for by Roussos and assigned to his company CGR E-Commerce.
The objection failed on that basis.
Defender Security, which obtained trademarks on “.home” from Roussos, ran into the same problems proving ownership of the trademarks in its LROs on the .home gTLD.
Four other LROs were decided this week:
.mail (United States Postal Service v. GMO Registry)
The case (pdf) turned on whether USPS owns a trademark that exactly matches the applied-for string (it doesn’t) and whether the word “mail” should be considered generic (it is) rather than a source identifier (it isn’t).
It’s pretty much the same logic applied in the two previous .mail LROs.
.food (Scripps Networks Interactive v. Dot Food, LLC)
This is the first of two competitive LROs filed by Scripps — which runs TV stations including the Food Network — against its .food applicant rivals to be decided.
Scripps has a bunch of trademarks containing the word “food”, including a November 2011 registration in the US for “Food” alone, covering entertainment services.
The WIPO panelist found (pdf) that the trademark was legit, but decided that it was not enough to prevent Dot Food using the matching string as a gTLD.
The fact that rights protection mechanisms exist in the new gTLD program was key:
to the extent that registration and use of a particular second-level domain within the <.food> gTLD actually creates a likelihood of confusion, then Objector will have remedies available to it, including the established Uniform Domain Name Dispute Resolution Policy, the forthcoming Uniform Rapid Suspension System and relevant laws. The fact that such disputes at the second level may arise is inherent in ICANN’s new gTLD program and is not in the circumstances of this case sufficient to uphold the present legal rights objection.
Objector’s rights in the FOOD mark do not confer upon it the exclusive right to use of the word “food” in all circumstances, particularly where, as here, Applicant intends to use the <.food> gTLD in connection with the food industry. Such intended use of the word would appear to be only for its dictionary meaning and not because of Objector’s trademark rights.
.vip (i-Registry v. Charleston Road Registry)
It’s the second objection by .vip applicant to get thrown out. In this case the respondent was Google.
Like the first time, the WIPO panelist found that the i-Registry trademark had been obtained for the purposes of the new gTLD program and that Google’s use of it in its generic sense would not infringe its rights.
.cam (AC Webconnecting Holding v. Dot Agency)
The second and final LRO decision (pdf) in the .cam contention set.
AC Webconnecting, an operator of webcam-based porn sites, lost again on the grounds that it applied for its trademark just a month before ICANN opened up the new gTLD application window in January last year.
The company didn’t have time to, and produced no evidence to suggest that, it had used the trademark and built up goodwill around “.cam” in the normal course of business.
In other words, front-running doesn’t pay.
Google beats USPS in LRO, Defender loses another
The United States Postal Service and Defender Security have both lost Legal Rights Objections over the new gTLDs .mail and .home, respectively.
In both cases it’s not the first LRO the objector has lost. USPS, losing here against Google, lost a similar objection against Amazon, while Defender has previously racked up six losses over .home.
The Defender case (pdf) this time was against .Home Registry Inc. The objection was rejected by the World Intellectual Property Organization panelist on pretty much the same grounds as the others — Defender acquired its trademark rights purely in order to be able to file LROs against its .home rivals.
In the USPS v Amazon case (pdf) the WIPO panelist also decided along the same lines as the previous case.
The decision turned on whether USPS, which owns trademarks on “U.S. Mail” but not “mail”, could be said to have rights in “mail” by virtue of the fact that it is the monopoly postal service in the US.
USPS argued that .mail is like .gov — internet users know a .gov domain is owned by the US government, so they’re likely to think .mail belongs to the official US mail service.
The panelist decided that users are more likely to associate the gTLD with email:
A consumer viewing the string <.mail> in the context of a domain name registration or an email address is presumably even more likely to think of the electronic (“email”) meaning, rather than the postal meaning, of the term “mail,”
WIPO has now decided 20 LRO cases. All have been rejected. Several more were terminated after the objector withdrew its objection.
First new gTLD objection scalps claimed
Employ Media has killed off the Chinese-language gTLD .招聘 in the latest batch of new gTLD objection results.
Amazon and DotKids Foundation’s respective applications for .kids also appear to be heading into a contention set with Google’s bid for .kid, following the first String Confusion Objections.
All three objections were marked as “Closed, Default” by objection handler the International Center For Dispute Resolution a few days ago. No full decisions were published.
This suggests that the objectors have won all three cases on technicalities (such as the applicant failing to file a response).
Employ Media vice president for policy Ray Fassett confirmed to DI that the company has prevailed in its objection against .招聘, which means “recruitment” in Chinese and would have competed with .jobs.
The String Confusion Objection can be filed based on similarity of meaning, not just visual similarity.
What’s more, if the objector is an existing TLD registry like Employ Media, the only remedy is for the losing applicant to have their application rejected by ICANN.
So Hu Yi Global Information Resources, the .招聘 applicant, appears to be finished as far as this round of the new gTLD program is concerned.
But because there’s no actual ICDR decision on the merits of the case, it seems possible that it, or another company, could try for the same string in a future round.
In Google’s case, it had objected to both the Amazon and DotKids applications for .kids on string confusion grounds. The company is applying for .kid, which is obviously very similar.
The String Similarity Panel, which created the original pre-objection contention sets, decided that singular and plurals could co-exist without confusion. Not everyone agreed.
Because .kid is merely an application, not an existing TLD, none of the bids are rejected. Instead, they all join the same contention set and will have to work out their differences some other way.
Applicants are under no obligation to fight objections; they may even want to be placed in a contention set.
IAB gives dotless domains the thumbs down
The Internet Architecture Board believes dotless domain names would be “inherently harmful to Internet security.”
The IAB, the oversight committee which is to internet technical standards what ICANN is to domain names, weighed into the debate with an article apparently published yesterday.
In it, the committee states that over time dotless domains have evolved to be used only on local networks, rather than the internet, and that to start delegating them at the top level of the DNS would be dangerous:
most users entering single-label names want them to be resolved in a local context, and they do not expect a single name to refer to a TLD. The behavior is specified within a succession of standards track documents developed over several decades, and is now implemented by hundreds of millions of Internet hosts.
…
By attempting to change expected behavior, dotless domains introduce potential security vulnerabilities. These include causing traffic intended for local services to be directed onto the global Internet (and vice-versa), which can enable a number of attacks, including theft of credentials and cookies, cross-site scripting attacks, etc. As a result, the deployment of dotless domains has the potential to cause significant harm to the security of the Internet
The article also says (if I understand correctly) that it’s okay for browsers to interpret words entered into address bars without dots as local resources and/or search terms rather than domain names.
It’s pretty unequivocal that dotless domains would be Bad.
The article was written because there’s currently a lot of talk about new gTLD applicants — such as Google, Donuts and Uniregistry — asking ICANN to allow them to run their TLDs without dots.
There’s a ban in the Applicant Guidebook on the “apex A records” that would be required to make dotless TLDs work, but it’s been suggested that applicants could apply to have the ban lifted on a case by case basis.
More recently, ICANN’s Security and Stability Advisory Committee has stated almost as unequivocally as the IAB that dotless domains should not be allowed.
But for some reason ICANN recently commissioned a security company to look into the issue.
This seems to have made some people, such as the At Large Advisory Committee, worried that ICANN is looking for some wiggle room to give its new gTLD paymasters what they want.
Alternatively, ICANN may just be looking for a second opinion to wave in the faces of new gTLD registries when it tells them to take a hike. It was quite vague about its motives.
It’s not just a technical issue, of course. Dotless TLDs would shake up the web search market in a big way, and not necessarily for the better.
Donuts CEO Paul Stahura today published an article on CircleID that makes the case that it is the browser makers, specifically Microsoft, that are implementing DNS all wrong, and that they’re objecting to dotless domains for competitive reasons. The IAB apparently disagrees, but it’s an interesting counterpoint nevertheless.
Google beaten in new gTLD contention set
When it comes to new gTLDs, Google is not invulnerable.
Japanese web portal NTT Resonant, a subsidiary of the country’s incumbent national telco, has drawn first blood against the search giant, apparently forcing Google to withdrawn its application for .goo.
NTT has also applied for .goo, the name of its primary portal site, which competes with Google for Japanese-language searchers.
The company had filed a formal legal rights objection with WIPO. The withdrawal demonstrates that the mechanism can protect trademark owners, at least insofar as it can scare off competing applicants.
Google’s bid was marked as withdrawn on ICANN’s web site overnight. It’s the fourth withdrawal from the company, following three misjudged geographic applications, leaving it with 97 active bids.
There are now 82 withdrawn and 1,848 live applications. The maximum number of delegated strings remains steady at 1,365. More program status stats can be found over on DI PRO.
Recent Comments