ICANN must do more to fight internet security threats [Guest Post]

ICANN and its contracted parties need to do more to tackle security threats, write Dave Piscitello and Lyman Chapin of Interisle Consulting.
The ICANN Registry and Registrar constituencies insist that ICANN’s role with respect to DNS abuse is limited by its Mission “to ensure the stable and secure operation of the internet’s unique identifier systems”, therefore limiting ICANN’s remit to abuse of the identifier systems themselves, and specifically excluding from the remit any harms that arise from the content to which the identifiers point.
In their view, if the harm arises not from the identifier, but from the thing identified, it is outside of ICANN’s remit.
This convenient formulation relieves ICANN and its constituencies of responsibility for the way in which identifiers are used to inflict harm on internet users. However convenient it may be, it is fundamentally wrong.
ICANN’s obligation to operate “for the benefit of the Internet community as a whole” (see Bylaws, “Commitments”) demands that its remit extend broadly to how a domain name (or other Internet identifier) is misused to point to or lure a user or application to content that is harmful, or to host content that is harmful.
Harmful content itself is not ICANN’s concern; the way in which internet identifiers are used to weaponize harmful content most certainly is.
Rather than confront these obligations, however, ICANN is conducting a distracting debate about the kinds of events that should be described as “DNS abuse”. This is tedious and pointless; the persistent overloading of the term “abuse” has rendered it meaningless, ensuring that any attempt to reach consensus on a definition will fail.
ICANN should stop using the term “DNS abuse” and instead use the term “security threat”.
The ICANN Domain Abuse Activity Reporting project and the Governmental Advisory Committee (GAC) use this term, which is also a term of reference for new TLD program obligations (Spec 11) and related reporting activities. It is also widely used in the operational and cybersecurity communities.
Most importantly, the GAC and the DAAR project currently identify and seek to measure an initial set of security threats that are a subset of a larger set of threats that are recognized as criminal acts in jurisdictions in which a majority of domain names are registered.
ICANN should acknowledge the GAC’s reassertion in its Hyderabad Communique that the set of security threats identified in its Beijing correspondence to the ICANN Board were not an exhaustive list but merely examples. The GAC smartly recognized that the threat landscape is constantly evolving.
ICANN should not attempt to artificially narrow the scope of the term “security threat” by crafting its own definition.
It should instead make use of an existing internationally recognized criminal justice treaty. The Council of Europe’s Convention on Cybercrime is a criminal justice treaty that ICANN could use as a reference for identifying security threats that the Treaty recognizes as criminal acts.
The Convention is recognized by countries in which a sufficiently large percentage domain names are registered that it can serve the community and Internet users more effectively and fairly than any definition that ICANN might concoct.
ICANN should also acknowledge that the set of threats that fall within its remit must include all security events (“realized security threats”) in which a domain name is used during the execution of an attack for purposes of deception, for infringement on copyrights, for attacks that threaten democracies, or for operation of criminal infrastructures that are operated for the purpose of launching attacks or facilitating criminal (often felony) acts.
What is that remit?
ICANN policy and contracts must ensure that contracted parties (registrars and registries) collaborate with public and private sector authorities to disrupt or mitigate:

• illegal interception or computer-related forgery,
• attacks against computer systems or devices,
• illegal access, data interference, or system interference,
• infringement of intellectual property and related rights,
• violation of laws to ensure fair and free elections or undermine democracies, and
• child abuse and human trafficking.

We note that the Convention on Cybercrime identifies or provides Guidance Notes for these most prevalently executed attacks or criminal acts:

• Spam,
• Fraud. The forms of fraud that use domain names in criminal messaging include, business email compromise, advance fee fraud, phishing or other identity thefts.
• Botnet operation,
• DDoS Attacks: in particular, redirection and amplification attacks that exploit the DNS
• Identity theft and phishing in relation to fraud,
• Attacks against critical infrastructures,
• Malware,
• Terrorism, and,
• Election interference.

In all these cases, the misuse of internet identifiers to pursue the attack or criminal activity is squarely within ICANN’s remit.
Registries or registrars should be contractually obliged to take actions that are necessary to mitigate these misuses, including suspension of name resolution, termination of domain name registrations, “unfiltered and unmasked” reporting of security threat activity for both registries and registrars, and publication or disclosure of information that is relevant to mitigating misuses or disrupting cyberattacks.
No one is asking ICANN to be the Internet Police.
The “ask” is to create policy and contractual obligations to ensure that registries and registrars collaborate in a timely and uniform manner. Simply put, the “ask” is to oblige all of the parties to play on the same team and to adhere to the same rules.
This is unachievable in the current self-regulating environment, in which a relatively small number of outlier registries and registrars are the persistent loci of extraordinary percentages of domain names associated with cyberattacks or cybercrimes and the current contracts offer no provisions to suspend or terminate their operations.
This is a guest editorial written by Dave Piscitello and Lyman Chapin, of security consultancy Interisle Consulting Group. Interisle has been an occasional ICANN security contractor, and Piscitello until last year was employed as vice president of security and ICT coordination on ICANN staff. The views expressed in this piece do not necessary reflect DI’s own.

Tempted by the Caesar solution [Guest Post]

The ICANN leadership is in a hurry, so to get things done, it is cutting corners.
One such attempt at going straight around a bend, the proposed changes to the new gTLD registry contract giving the ICANN Board unilateral right of amendment, has raised the registries’ ire.
ICANN’s other group of contracted parties (i.e. entities that must contract directly with ICANN to operate), the registrars, are also up in arms following ICANN’s inclusion of the same proposal at the eleventh hour of ongoing negotiations on their contract.
ICANN’s new leadership team, headed by newly appointed CEO Fadi Chehadé, has been rightly praised since he took office in the second half of 2012. This team has a business background, and it is attempting to apply business logic and business solutions to a number of obvious problems with ICANN.
The main one is predictability. ICANN is just not good at setting timelines, or keeping to those timelines it does manage to set.
In the past, that used to be annoying to stakeholders. But since the Board approved the new gTLD program in 2008, this trait has become excruciating.
This program has spawned a new industry, bought new interests into the ICANN environment, generated large-scale investments on the premise of future TLDs, and shone the spotlight on ICANN’s weaknesses to such business ventures.
Having a constantly slipping timeline as the new gTLD program did through much of its implementation phase, from that 2008 Board green light to the June 2011 Board resolution finally turning it into an operational reality, is a nightmare for any business.
So trying to fix this is a worthy goal. But the ICANN model is not only about business. It is first and foremost about community-driven policy-development and oversight. The new gTLD program is the result of such a process. One that the new ICANN leadership is finding cumbersome enough to want to cut through.
There have been a few mistakes made in this area in the last few months, but they seemed like honest missteps from a motivated team of result-getters. A team that apologized for those mistakes when they became apparent. A welcome change at ICANN.
But now, almost six months into the new leadership’s reign the veil is starting to lift and the leadership’s real visage to appear.
Last week, ICANN’s policymaking body for gTLDs, the GNSO, was unanimous in its denunciation of the leadership’s attempts at making the ICANN train go faster than it was engineered to.
During the GNSO Council’s monthly teleconference, the various groups that make up the GNSO’s diverse community all seemed to speak with one voice.
In a blog post written after the call and entitled “Clearing Up the Logjam: Time for ICANN to Drop Request for a Unilateral Right to Amend the Agreements”, GNSO Councillor Jeff Neuman, a representative of the Registry Stakeholder Group and a past Vice Chair of the Council, said the following:

A very rare thing happened in the GNSO Council meeting this week—the ICANN community spoke with one voice. Registries, registrars, non-commercial interests, new TLD applicants, IP owners and businesses unanimously and unambiguously agreed that giving ICANN a “unilateral right to amend” the registry and registrar agreements is not compatible with ICANN’s bottom-up processes and poses a fundamental threat to the multi-stakeholder model. There is true consensus that this change should be rejected.

ICANN COO Akram Attalah participated in the GNSO Council meeting and explained that this was not a done deal and that the leadership was in listening mode.
Except it all seems to be going in one ear and out the other.
A couple of days later, on March 15, ICANN Staff gave the Council an unofficial response by publishing a paper in which it explains its rationale for the unilateral change suggestion. It says:

The Board-approved amendment process is drafted to address a key concern of ICANN in this changing marketplace. What if the gTLD registration market develops in a way that is anticonsumer, yet very favorable to the existing registries or registrars. In this situation, it would be against the business interests of the incumbent registries or registrars to adopt a change – even when the broader community supports the change. Particularly in light of the “perpetual” renewal terms that are already in place within the proposed agreements, this limited power of the Board is the only way to introduce this type of change over the life of the agreements.

The real message is clear. The current leadership does not trust the ICANN multi-stakeholder bottom-up policy development process. Period.
So in cases of extreme necessity, the Board must have absolute power to enact the changes it sees fit. Experienced ICANN community member and former GNSO Council Chair Avri Doria calls this leadership’s tenure ICANN 3.0, and charts ICANN’s progress thus: “ICANN 1.0 – Democracy, ICANN 2.0 – Oligarchy, ICANN 3.0 – Imperium.”
Is a term which describes the absolute power given to the rulers of ancient Rome suited to ICANN? Of course not. But if a little caricature can help turn the ICANN leadership away from this temptation to get things done at all costs, then maybe it is needed.
This is a guest post by domain name industry consultant Stephane Van Gelder of Stephane Van Gelder Consulting. He has served as chair of the GNSO Council and is currently a member of ICANN’s Nominating Committee.

If the GNSO is irrelevant, ICANN itself is at risk [Guest Post]

The weeks since October’s Toronto ICANN meeting have seen some extraordinary (and, if you care about the multi-stakeholder model, rather worrying), activity.
First, there were the two by-invitation-only meetings organised in November at ICANN CEO Fadi Chehadé’s behest to iron out the Trademark Clearinghouse (TMCH).
The TMCH is one of the Rights Protection Mechanisms (RPMs) being put in place to protect people with prior rights such as trademarks from the risk of seeing them hijacked as a spate of new gTLDs come online.
The first meeting in Brussels served as a warning sign that policy developed by the many might be renegotiated at the last minute by a few. The follow-up meeting in Los Angeles seemed to confirm this.
Two groups, the Intellectual Property Constituency (IPC) and the Business Constituency (BC), met with the CEO to discuss changing the TMCH scheme. And although others were allowed in the room, they were clearly told not to tell the outside world about the details of the discussions.
Chehadé came out of the meeting with a strawman proposal for changes to the TMCH that includes changes suggested by the IPC and the BC. Changes that, depending upon which side of the table you’re sitting on, look either very much like policy changes or harmless implementation tweaks.
Making the GNSO irrelevant
So perhaps ICANN leadership should be given the benefit of the doubt. Clearly Chehadé is trying to balance the (legitimate) needs of the IP community to defend their existing rights with the (necessary) requirement to uphold the multi stakeholder policy development model.
But then the ICANN Board took another swipe at the model.
It decided to provide specific protection for the International Olympic Committee (IOC), the Red Cross (RC), and other Intergovernmental Organisations (IGOs) in the new gTLD program. This means that gTLD registries will have to add lengthy lists of protected terms to the “exclusion zone” of domain names that cannot be registered in their TLDs.
RPMs and the IOC/RC and IGO processes have all been worked on by the Generic Names Supporting Organisation (GNSO). ICANN’s policy making body for gTLDs groups together all interested parties, from internet users to registries, in a true multi-stakeholder environment.
It is the epitome of the ICANN model: rule-based, hard to understand, at times slow or indecisive, so reliant on pro-bono volunteer commitment that crucial details are sometimes overlooked… But ultimately fair: everyone has a say in the final decision, not just those with the most money or the loudest voice.
The original new gTLD program policy came from the GNSO. The program’s RPMs were then worked on for months by GNSO groups. The GNSO currently has a group working on the IOC/RC issue and is starting work on IGO policy development.
But neither Chehadé, in the TMCH situation, or the Board with the IOC/RC and IGO protections, can be bothered to wait.
So they’ve waded in, making what look very much like top-down decisions, and defending them with a soupcon of hypocrisy by saying it’s for the common good. Yet on the very day the GNSO Chair was writing to the Board to provide an update on the GNSO’s IOC/RC/IGO related work, the Board’s new gTLD committee was passing resolutions side-stepping that work.
The next day, on November 27, 2012, new gTLD committee Chair Cherine Chalaby wrote:

The Committee’s 26 November 2012 resolution is consistent with its 13 September 2012 resolution and approves temporary restrictions in the first round of new gTLDs for registration of RCRC and IOC names at the second level which will be in place until such a time as a policy is adopted that may required further action on the part of the Board.

Continuing on the same line, Chalaby added:

The second resolution provides for interim protection of names which qualify for .int registration and, for IGOs which request such special protection from ICANN by 28 February 2013. (…) The Committee adopted both resolutions at this time in deference to geopolitical concerns and specific GAC advice, to reassure the impacted stakeholders in the community, acknowledge and encourage the continuing work of the GNSO Council, and take an action consistent with its 13 September 2012 resolution.

A soothing “sleep on” message to both the community and the GNSO that the bottom-up policy development process is safe and sound, as long as no-one minds ICANN leadership cutting across it and making the crucial decisions.
Red alert!
Chehadé’s drive to get personally involved and help solve issues is paved with good intentions. In the real world, i.e. the one most of us live and work in, a hands-on approach by the boss generally has few downsides. But in the ICANN microverse, it is fraught with danger.
So is the Board deciding that it knows better than its community and cannot afford to wait for them to “get it”?
These latest episodes should have alarm bells ringing on the executive floor of ICANN Towers.
ICANN only works if it is truly about all interested parties getting together and working through due process to reach consensus decisions. Yes, this process is sometimes lengthy and extremely frustrating. But it is what sets ICANN apart from other governance organisations and make it so well suited to the internet’s warp-speed evolution.
Turn your back on it, act like there are valid circumstances which call for this ideology to be pushed aside, and you may as well hand the technical coordination of the internet’s naming and numbering system to the UN. Simple as that.
This is a guest post written by Stéphane Van Gelder, strategy director for NetNames. He has served as chair of the GNSO Council and is currently a member of ICANN’s Nominating Committee.

Who really uses IDNs? [Guest Post]

Are Internationalised Domain Names really useful, or just a way for an ASCII-focused internet governance community to feel better about itself?
Beyond all the hoopla about ICANN’s 2009 program to enable countries to operate their own non-Latin script internet suffixes (aka the “IDN ccTLD Fast Track”), what should really matter is the Internet user.
Yes, those sitting in ICANN meeting rooms at the time, listening to the hyperbole about how the internet was now going truly global probably felt like they were feeding the hungry and bringing peace to the world. But do people actually use IDNs?
I will admit that at the time, I was dubious. Of course, saying so in ICANN circles would have been akin to wearing a “Camembert is bad” t-shirt in the streets of Paris: poor form! But still, I couldn’t help ask myself if having a single one-language system unite the world was actually such a bad thing?
“How would you like it if the Internet had been invented in China and you had to use their alphabet,” was the usual rebuke I got if I ever dared to doubt out loud. And there really is no arguing with that. If the internet was Chinese, I’d want the Mandarin version of ICANN to roll out IDNs pretty sharpish.
Nonetheless, can the usefulness of IDNs still be questioned?
Facebook in Latin
Talking to a local internet expert whilst attending last week’s excellent Domain Forum in Sofia, Bulgaria, the answer would seem to be a surprising yes.
“Why would kids in this country use IDNs,” I was told when I suggested that, surely, Bulgaria must be excited about the prospect of natural language web addresses. “What worries the authorities here is the fact that kids are using Latin scripts so much on social media sites that they don’t even know how to write in Cyrillic anymore! So even if they could use IDN web and email addresses, why would they? They want to communicate like everyone else does on Facebook.”
In truth, Bulgaria’s view may be skewed by the horrible experience it’s had with ICANN’s IDN Fast Track. The country was refused its own IDN country code due to a perceived similarity with another TLD that no-one in Bulgaria really feels is warranted. But not all potential IDN users feel they are useless. Neighbors in Russia tell of a different IDN experience.
The Russian registry saw stunning initial take-up when it opened the IDN .РФ (.RF for Russian Federation) to general consumption on November 11, 2010. Registration volumes were explosive, with almost 600,000 names registered in the first month. Strong growth continued for a year, hitting a peak of 937,913 registered names in December 2011.
No profit
But the following month, that number fell off a cliff. Total registrations dropped to 844,153 in January 2012. “Initial registrations were driven in part by speculators,” explains ccTLD .RU’s Leonid Todorov. “But when people saw they couldn’t make huge profits on the domains, they started letting them go.”
Even so, .РФ remains a real success. Although November 2012 figures show a year on year decline of 8.63%, the TLD still sports a whopping 845,037 names.
At 66%, .РФ has a slightly lower renewal rate than ASCII Russian equivalent .ru (73%), probably because of those day-one speculators, but it remains widely used. Current delegation figures (i.e. the number of domain names that are actually used for email or websites) stand at a commendable 70% and have not stopped rising since .РФ opened in 2010 with a 45% delegation rate.
The Cyrillic Russian domain sees a vast predominance of personal use, with 77% percent of domains being registered by individuals. “Russians care deeply about their national identity,” says my Bulgarian friend when I suggest that IDNs do seem to matter in some Cyrillic-using countries. “To them, Dot RF is a matter of national pride.”
National pride
So IDNs may not really be all that different from ASCII domain names, with take-up depending on perceived use or value. Europe’s IDN experience seems to confirm this, as European registry EURid’s Giovanni Seppia explained in Sofia.
He revealed that since EURid introduced IDNs on December 11, 2009, registrations reached a peak of around 70,000 (a mere fraction of the 3.7 million names currently registered in the .eu space) before dropping off quite sharply.
Why? Well .eu IDNs may not hold much potential for real use or investment value for Europeans. Although web use is possible with IDNs, software primarily designed for an ASCII-only world does not always make it easy.
Email capability would be a real boost, but so far only the Chinese seem to have enabled it for their local script domains. The Chinese registry recently announced this, without giving details on how the use of all-Chinese character email addresses has been implemented or which email clients support IDNs.
Whatever the technology, countries which combine national pride and a character set far removed from our own probably see more desire for IDNs. With two years of hindsight, Russia obviously loves its IDN. And as other countries like China bring more elaborate IDN capabilities online, demand should grow and force even this IDN skeptic to recognize the new character(s) of the internet.
This is a guest post written by Stéphane Van Gelder, strategy director for NetNames. He has served as chair of the GNSO Council and is currently a member of ICANN’s Nominating Committee.

Brussels’ biggest winner?

(Editor’s Note: This is a guest post by consultant Michael Palage).
Analyzing the aftermath of last week’s ICANN Board-GAC non-bylaws consultation in Brussels, the biggest winner may be Rod Beckstrom. Many who attended the meeting or followed it remotely may have found it unusual how little he spoke during the three-day session. Why was Rod so quiet in Brussels?
Soon Beckstrom will begin the third and final year of the contract that he executed in June 2009 – yes, it has been almost two years since Rod assumed the mantle as ICANN’s fourth President and CEO. He got off to a quick start with the successful expiration of the Joint Project Agreement (JPA), the execution of the Affirmation of Commitments (AoC), and the introduction of Internationalized Domain Names (IDN) in country code top-level domains (ccTLDs) earning the accolades of myself and others.
Then came the ICANN meeting in Kenya and Rod’s statement that “[t]he domain name system is more fragile and vulnerable today than it has ever been. It could stop at any given point in time, literally.” To say that this was not warmly received by many within the broader ICANN community would be an understatement. However, instead of back-tracking, Beckstrom doubled down with his high-profile DNS Vulnerabilities and Risk Management panel discussion in Brussels reinforcing his claims about the fragile nature of the Internet.
Some in the community have also voiced concern about the continued exodus of senior ICANN staff, while others have questioned some of Rod’s recent hires. While I have not yet had the opportunity to meet with John Nakamura, Advisor to the CEO on Government Affairs, and Elad Levinson, Vice-President of Organization Efficiency, these are two hires which I myself have a hard time reconciling while other key positions remain unfilled.
However, to Rod’s credit a number of his new senior hires appear to be making positive impacts and look to increase the overall professional skill set within ICANN staff. Although Paul Twomey’s original two senior staff hires, John Jeffrey and Kurt Pritz, continue to dominate important policy and operational matters within ICANN, this may be in part due to the fact that there is so little institutional knowledge left within the senior staff.
Since the June 2010 Brussels meeting, Rod has maintained a lower profile, focusing on ICANN’s continued accomplishments in the areas of new IDN ccTLDs being added to the root and the final allocation of IPv4 address space by IANA. Whether Rod would seek a second term is still an unknown. Of ICANN’s four Presidents, only Twomey ever made it to a second contract renewal, although the high churn rate can in large part be attributed to the stresses associated with the job.
This is why Beckstrom’s silence in Brussels was so interesting. While there were some pointed exchanges between ICANN Chair Peter Dengate Thrush and certain GAC members, Rod left the meeting unscathed. Over the next couple of months as the ICANN Board and GAC resolve their outstanding issues regarding the new gTLD implementation process, Beckstrom positions himself well for a potential contract extension as his Chairman continues to serve as a lightning rod in these consultations.
For the moment, only Beckstrom knows if he is actively seeking a contract extension. While he can go out on a high note listing the following high profile accomplishments during his three year tenure: AoC, IDN TLDs, new gTLDs, exhaustion of IPv4 address space, and a new IANA contract; Rod may wish to stick around and achieve some yet unknown additional accomplishments.
Michael Palage is an intellectual property attorney and an information technology consultant. He has been actively involved in ICANN operational and policy matters since its formation in both an individual and leadership role, including a three-year term on the ICANN Board of Directors.
Palage is President and CEO of Pharos Global, Inc, which provides consulting and management services to domain name registration authorities and other technology related companies.

How will new TLDs affect your portfolio?

(Editor’s Note: this is a guest post by Shane Cultra, author of the popular domain investment blog DomainShane. I was interested in hearing new perspectives on new top-level domains, and Shane was good enough to provide his thoughts.)
It was inevitable. The growth of the internet and the ever increasing number of people using the web, was going to cause a shortage in domain names.
As the big three – .com, .net, and .org – reached the point that available domains were merely comprised of unpronounceable and hard-to-spell leftovers, internet users began looking for more.
Countries began to market their own ccTLDs as generics, trying to appeal to both local and international users alike. Domain name registries saw the dollar signs and began clamoring to introduce alternatives.
So now that they’re on their way, how will new TLDs affect the value of your domains? Will .web, .car, .love and all the other endless possible TLD options impact the value of your portfolio?
My answer to this question is simple: yes.
There is no doubt all the new TLDs will impact your portfolio’s value. If you own anything other than .com, I think the value of your domains will fall. I feel that .net and .org will fall the least.
The real answer comes down to how the search engines rank the new TLDs. The TLDs that hold the most value will be able to compete in both the US and the international search market.
If Google treats them well, then they will be in the upper tier. The problem is the more TLDs that Google ranks, the more choices a domain owner will have.
As we know, the more choices the lesser the value and chance of a sale. If there are only three shoes on the shelf from which to choose it bodes better for the seller than a shelf with 100 shoes.
In my opinion, the real money being made is by the companies selling these new TLDs. The new releases will leave the domain investing community and domain buyers in general “holding the bag”.
The .travel and .mobi TLDs showed early what will happen as people shy away from a TLD after a short period of time. Speculators were left with worthless domains.
In order for a new TLD to work it takes massive adoption. The local geographic community, the domain investing community, business, and the general public must be a part for it to succeed.
The new .co TLD has come as close as any in the last five years to getting over this hump; .tv, and .me, have also found their place.
A profitable endeavor for the companies managing the release , but only profitable for a handful of people that hold the best of the names.
So back to the original question, will this hurt the value of my portfolio? My second response to my “yes” answer is I think it will increase the value of your .coms.
Dot-com domains are king and will always be the king. They are scarce , wanted and all those that hold the same keyword in alternative TLDs wish they held the .com. Those that tell you different are either naïve or lying.
Domains are often compared to real estate and .com to beachfront property, and I think it’s a good analogy. Beachfront has continued to be considered the most-wanted and highest-priced real estate.
I would throw in big city real estate in this comparison too. You can still buy homes and land outside the cities and away from the beach. Homes just as nice or nicer. Areas of land that are twice as big but still don’t have the value of the beach and city.
When people think of the internet they immediately think .com. When they think of high priced real estate they think of the beach and city. Along with beach and city property, I believe people will always perceive the .com as the highest value.
This is how I am approaching my investment in newer TLDs. I am treading lightly. I continue to invest heavily in .com with a 10% investment in other TLDs. That 10% is invested in super high-quality keywords.
I have no plans to invest in lesser domains, as I think the only possible way to make a profit on my investment is development and I don’t feel comfortable developing domains outside of my field or keywords from random categories.
When I buy outside of .com, I tend to buy in my niche (the names of plants) as they are in my “comfort zone”. For example, I purchased hosta.me because hosta.com is taken and would cost me a ton of money.
I have all the photos and information to develop a site and with hosta being a very collectable plant I thought hosta.me would work. I also can target US Internet users using my webmaster tools – the audience I am trying to reach.
That same domain was a hand-register which tells me that although that has value to me, I would have very little chance of reselling that domain. In short, a bad investment for a flip. In my opinion, this will be the case with 98% percent of all the new TLDs so be very dot-careful.

Ready to apply for a gTLD? No, you’re not. Not even remotely

Editor’s Note: This is a guest post by Kieren McCarthy.
So, yes, it’s been a long, drawn-out and dispiriting exercise to get to the point where the structure of the internet will be radically changed forever.
But even if the US government invades ICANN’s offices in Los Angeles, trademark lawyers kidnap Rod Beckstrom, and Marilyn Cade clones herself 100 times, nothing can stop the raw reality that 2011 is the year of the gTLD. It’s happening. So stop sulking and start getting excited about it.
It’s been a long 30 months since Paris in June 2008. Plenty of time to talk and plan and consider the future. The biggest negative impact of this delay however has not been on the process but on the gTLD applicants themselves who have started to persuade themselves they know what they’re doing.
We don’t need a four-month communication period, they cry, we are ready to go. We have been ready to go for two years!
The sad truth however is that you’re not. You’re not even remotely ready to face a brave new world of internet extensions that fit around its users, rather than the other way around.
Sure, you know the rules in the Applicant Guidebook. Well, most of them. And you know how the application process will work (but you don’t though, do you?). But that’s all just paperwork, as soon as you get through the doors of bureaucracy there standing in the brilliant light will be hundreds of thousands of internet users clamoring to hear what you have to tell them, basking in the glory of a new dawn.
Except they won’t.
Instead you are more likely to find yourself coming out of a cinema in a bad part of town just as the sun sets, looking for a taxi and realizing you haven’t got enough cash left to get home.
Make no mistake: new internet extensions are the future of this extraordinary global network. VeriSign doesn’t drop half a million dollars for a one-hour session at an ICANN meeting if it’s doesn’t think it’s critical to its future. But there was a long gap between the invention of the steam engine and the Japanese bullet train. The Wright Brothers took off in 1903 but it took 32 years for the DC-3 to bring air travel to commercial travelers.
The big boys will be fine of course; they have the money and resources to flex and change. But if you are not VeriSign or GoDaddy, how are you going to ensure that your internet dream isn’t just a pipe-dream or, worse still, a nightmare?
The answer is terrifying simple: talk to people.
The fact is that no one knows how the domain name market will pan out in the next few years. There are plenty of ideas, some new, some radical. Some of these will take root; others will fade or fail. The only way to get a sense of what will be a rapidly changing market is to find out what everyone else thinks. You need to talk to everyone, and they need to talk to you.
The other side of this coin is learning from the past. We have had two previous extensions of the internet namespace, albeit much smaller. But those that started up the dot-infos and dot-names were once in the same place as new applicants will be in six months’ time: full of ideas and staring at an uncertain path forward.
The domain name industry, though still maturing, is also not an empty space anymore. There are enough established companies and there have been enough conferences and meetings about that market for relationships to be formed. A status quo of sorts is in place, and a collective sense of how things work has emerged.
Even so, was it only me that listened to person after person in 2010 call ICANN’s economic studies inaccurate and incomplete and thought: “Not one of you has the same idea about the industry you live within.”
How much do new gTLD applicants know or even understanding the different sides of this industry?
If you go to ICANN meetings, you may know some of the politics of it. You may even have grasped some of the multitude of processes that accompany internet infrastructure. But you won’t have got a feel for the sheer business of the internet.
If you come from the domainer industry, chances are you have a sense of the intrinsic value of domains and what makes them move or not move. But even the CEO of Oversee.net, Jeff Kupietsky, said this time last year there needs to be some kind of organized effort to turn what is an ad hoc market into something more stable. Domainers know how auctions work – but not how to build the factory to make the products that are sold.
If you have run a registry in the past, you may have a leg up. But how do you differentiate between useful lessons from the past, and old ways of thinking that will put you at a competitive disadvantage?
How many of those wonderful, market-tested systems have in fact been dangerously patched and cobbled together over the past decade? How will you recognize the market-changing products when they appear?
And, of course, the biggest, the most unknown and yet the most crucially important aspect of new gTLDs: marketing.
In an industry where the epitome of marketing prowess is a woman making double entendres in a tight T-shirt, we all have much to learn from the marketing crowd. When you enter the market alongside 499 other new extensions, you better be damn sure you have a plan to persuade people why they should choose yours.
So what is the solution? Well a big part of one solution is to attend the first ever conference that is dedicated to figuring out this new market.
The .nxt conference on 9-10 February in San Francisco will feature everyone from ICANN’s CEO and the ICANN staff in charge of running the process, to the established players, the visionaries as well as the heretics, the observers and the advisers.
Over two days, you will get a masterclass in what we all collectively know, and are still figuring out, about new internet extensions. It’s the one place where you can check your assumptions and learn about others’. Miss that opportunity and in 12 months’ time you’ll be wondering how you managed to get it all so wrong.
Kieren McCarthy is an author and consultant, formerly ICANN’s general manager of public participation. He is a founder of the Global Internet Business Coalition and general manager of the .nxt conference.