Dotless domains are dead
ICANN has banned dotless gTLDs, putting a halt to Google’s plans to run .search as a dotless search service and confounding the hopes of some portfolio applicants.
ICANN’s New gTLD Program Committee, acting with the powers of its board of directors passed the resolution on Tuesday. It was published this morning. Here’s the important bit (links added):
Resolved (2013.08.13.NG02), in light of the current security and stability risks identified in SAC053, the IAB statement and the Carve Report, and the impracticality of mitigating these risks, the NGPC affirms that the use of dotless domains is prohibited.
The current version of the Applicant Guidebook bans dotless domains (technically, it bans apex A, AAAA and MX records) but leaves the door open for registries to request an exception via Extended Evaluation.
This new decision closes that door.
The decision comes a week after the publication of Carve Systems’ study of the dotless domain issue, which concluded that the idea was potentially “dangerous” and that if ICANN intended to allow them it should do substantial outreach to hardware and software makers, essentially asking them to change their products.
The Internet Architecture Board said earlier that “dotless domains are inherently harmful to Internet security.”
Microsoft, no doubt motivated in part at least by competitive concerns in the search market, had repeatedly implored ICANN to implement a ban on security grounds.
Google had planned to run .search as a browser service that would allow users to specify preferred search engines. I doubt the dotless ban will impact its application’s chances of approval.
Donuts and Uniregistry, which together have applied for almost 400 gTLDs, had also pushed for ICANN to allow dotless domains, although I do not believe their applications explicitly mentioned such services.
IAB gives dotless domains the thumbs down
The Internet Architecture Board believes dotless domain names would be “inherently harmful to Internet security.”
The IAB, the oversight committee which is to internet technical standards what ICANN is to domain names, weighed into the debate with an article apparently published yesterday.
In it, the committee states that over time dotless domains have evolved to be used only on local networks, rather than the internet, and that to start delegating them at the top level of the DNS would be dangerous:
most users entering single-label names want them to be resolved in a local context, and they do not expect a single name to refer to a TLD. The behavior is specified within a succession of standards track documents developed over several decades, and is now implemented by hundreds of millions of Internet hosts.
…
By attempting to change expected behavior, dotless domains introduce potential security vulnerabilities. These include causing traffic intended for local services to be directed onto the global Internet (and vice-versa), which can enable a number of attacks, including theft of credentials and cookies, cross-site scripting attacks, etc. As a result, the deployment of dotless domains has the potential to cause significant harm to the security of the Internet
The article also says (if I understand correctly) that it’s okay for browsers to interpret words entered into address bars without dots as local resources and/or search terms rather than domain names.
It’s pretty unequivocal that dotless domains would be Bad.
The article was written because there’s currently a lot of talk about new gTLD applicants — such as Google, Donuts and Uniregistry — asking ICANN to allow them to run their TLDs without dots.
There’s a ban in the Applicant Guidebook on the “apex A records” that would be required to make dotless TLDs work, but it’s been suggested that applicants could apply to have the ban lifted on a case by case basis.
More recently, ICANN’s Security and Stability Advisory Committee has stated almost as unequivocally as the IAB that dotless domains should not be allowed.
But for some reason ICANN recently commissioned a security company to look into the issue.
This seems to have made some people, such as the At Large Advisory Committee, worried that ICANN is looking for some wiggle room to give its new gTLD paymasters what they want.
Alternatively, ICANN may just be looking for a second opinion to wave in the faces of new gTLD registries when it tells them to take a hike. It was quite vague about its motives.
It’s not just a technical issue, of course. Dotless TLDs would shake up the web search market in a big way, and not necessarily for the better.
Donuts CEO Paul Stahura today published an article on CircleID that makes the case that it is the browser makers, specifically Microsoft, that are implementing DNS all wrong, and that they’re objecting to dotless domains for competitive reasons. The IAB apparently disagrees, but it’s an interesting counterpoint nevertheless.
IPv4 addresses to run out Thursday
ICANN will announce the final depletion of its pool of IPv4 addresses this Thursday.
The Number Resource Organization will hold a “ceremony and press conference to make a significant announcement and to discuss the global transition to the next generation of Internet addresses”.
The NRO is ICANN’s supporting organization representing Regional Internet Registries, the outfits responsible for handing out IP addresses to network operators.
ICANN, the Internet Society and the Internet Architecture Board will also participate in the event, scheduled for Thursday February 3 at 1430 UTC. It will be webcast here.
Today, APNIC, the Asia-Pacific RIR, said that it has been assigned two /8 blocks of addresses, meaning IANA is down to its Final Five chunks.
Thursday’s ceremony will presumably entail ICANN/IANA officially handing out these last five blocks to the five RIRs, one each, as called for by its allocation policy.
After that, it’s all gone. No more IPv4. The age of IPv6 is upon us.
It is currently estimated that the RIRs will themselves run out of IPv4 in September. After that, if they need IP addresses they’ll receive IPv6.
IPv4 is rapidly becoming a scarce commodity.
Many people, including ICANN chairman Peter Dengate Thrush, have predicted a “gray market” for addresses to appear, with address blocks changing hands for less than the cost of upgrading to IPv6.
The focus on Thursday, however, will be all about the measures network operators need to implement in order to remain viable on an internet increasingly running IPv6 equipment.
Recent Comments