The Soviet Union might be safe after all

The ccTLD from the defunct Soviet Union may be safe from deletion, judging by the ccNSO’s latest pronouncement on the issue.

It seems like, following a bit of a kerfuffle at ICANN 82 in Seattle last month, IANA has been sniffing around behind the scenes trying to figure out whether its own policy on ccTLD retirements applies to .su.

Responding to an unpublished email from IANA chief Kim Davies, the ccNSO seems to have clarified that .su, which has over 100,000 registrations despite its associated territory ceasing to exist 30-odd years ago, is not covered by the policy.

IANA can put a ccTLD into the root if the International Organization for Standardization adds it to its ISO 3166-1 alpha-2 list of two-letter country codes.

SU is not on the main list of codes under 3166 but, along with UK, AC (Ascension Islands) and EU, it is on an “exceptionally reserved” sub-list.

ICANN’s policy on deleting ccTLDs was until quite recently not fully codified, but ICANN in 2022 approved a formal Retirement Policy (PDF, from page 13).

That policy allows ICANN to to set the wheels in motion for a deletion whenever a “triggering event” occurs, and:

For 2 letter ccTLDs which corresponded to an ISO 3166-1 Alpha-2 Code Element – The Trigger is the deletion of that corresponding Alpha-2 Code Element from the ISO 3166-1 Standard by the ISO 3166-1 Maintenance Agency (“ISO 3166/MA”)

IANA seems to have wanted clarification on whether “Alpha-2 Code Element” also means “exceptionally reserved” codes. If it does, then .su probably enjoys the same protected status as .uk.

The policy specifically says that .uk, .ac and .eu are eligible as ccTLDs, but ignores .su entirely for reasons unknown.

The ccNSO told Davies in its April 10 letter (pdf):

it is our view that the Policy is relevant only in circumstances where, as a result of action taken by the ISO, a delegated 2-letter code is no longer on the list of country names or an exceptionally reserved code element.

My read of this is that the ccNSO is saying that, unless ISO removes SU from its “exceptionally reserved” list, there’s no “triggering event” that would compel IANA to delete .su from the DNS root zone.

SU has been removed from the 3166 list once before, back in the 1990s, but it might be a stretch to retroactively accept that as a triggering event, given that it’s been “exceptionally reserved”, apparently at the .su registry’s request, since 2008.

So… is .su safe? It’s certainly looking safer now than it did a few weeks ago, in my view.

This could be seen as good news for ICANN, which might now be able to avoid a damaging confrontation with Russia while also dodging accusations that it’s ignoring its own policies in an embarrassing capitulation to Moscow.

Did Trump just create the world’s next ccTLD?

Could there be a .gz?

I’m sometimes happy that DI has such a narrow beat. Today, it means I don’t have to discuss the legal, political, moral or ethical implications of US President Donald Trump’s just-announced plan for Gaza.

At a press conference last night, Trump said he wants the Palestinians to leave Gaza, to be resettled elsewhere in the region, and for the US to “take over” the territory and have a “long-term ownership position” on it.

The details of Trump’s aspiration are not immediately clear. Is he talking about a military occupation? Annexation? Does he just want to build another golf course?

It’s almost certainly too early to speculate, so let’s speculate.

With Trump talking about US ownership of Gaza, it is not beyond the bounds of possibility that Gaza’s future, should his plan come to fruition, is as a US territory, or something very much like one.

Populated territories of any nation in general get their own ccTLD. Puerto Rico’s .pr and Guam’s .gu are two examples of US territories with their own ccTLDs.

The US annexation of Gaza would not necessarily even have to be legal under international law or recognized by America’s peers in the United Nations to create the possibility of a new ccTLD.

The path to the root involves a lot of buck-passing and at no point includes a qualitative evaluation of whether a territory is legal or otherwise deserving of recognition.

As you may know, ICANN’s IANA department is responsible for adding and removing ccTLDs from the DNS root, but it takes its cues from the International Organization for Standardization.

Under long-standing IANA convention known as ICP-1, any territory with a two-letter code on the ISO 3166-1 alpha-2 list qualifies for a ccTLD. If a registry can show technical nous and local support, it can claim the TLD.

But the ISO takes its cues in turn from the Statistics Division of the United Nations Secretariat, and its M49 standard, “Standard Country or Area Codes for Statistical Use”.

A territory appears on that list as a matter of “statistical convenience” for the UN, and does not imply that the UN or its member states recognize that territory politically.

Palestine itself was granted its ccTLD, .ps, a quarter-century ago, as “Occupied Palestinian Territory”, despite the legal status of the territory being disputed, because UN Stats and ISO decided to put it on their lists.

So Gaza could possibly get its own ccTLD if the US takes it over and splits it from the West Bank, even if it becomes a contested hell-hole where the luxury beachfront hotels are bombed to rubble faster than Trump can build them.

.gz is available, assuming Gaza is not renamed Trumpland or Disneyworld East or something.

Five times ICANN deleted a ccTLD, and what it means for .io

With the future of .io coming into question this week, with the news that the UK will return sovereignty of the British Indian Ocean Territory to Mauritius, I thought it would be a good time to see how ICANN has treated disappearing countries and territories in the past.

As far as I can tell, ccTLDs have been removed from the DNS root on only five occasions since ICANN came into existence in 1998.

While the circumstances differ, in all but one case the trigger for the deletion was a change to the International Standards Organization’s ISO 3166-1 alpha-2 list, which ICANN uses to decide who gets a ccTLD and what ccTLD they get.

.yu — Yugoslavia

The Socialist Federal Republic of Yugoslavia broke up in 1992 due to a bloody civil war, but it wasn’t until 2010 that ICANN finally removed .yu from the root.

Splinter nations Slovenia, Croatia, North Macedonia, and Bosnia and Herzegovina were all assigned their own new country codes — .si, .hr, .mk and .ba — in the 1990s, but the now independent and separate states of Serbia and Montenegro, initially known as the Federal Republic of Yugoslavia, carried on using .yu.

When the country renamed itself the State Union of Serbia and Montenegro in 2003, the ISO list was updated to assign it the new code .cs, but the corresponding ccTLD was never actually delegated before the country broke up again in 2006, getting the ccTLDs .rs and .me the following year.

RNIDS, the .rs registry, carried on running .yu for a few years while it transitioned registrants to the new ccTLD. The process was not entirely painless, and ICANN had to keep .yu live longer than planned, before eventually deleting it April 1, 2010.

.tp — Portuguese Timor

The country we now know as East Timor or Timor Leste started the 21st century as Portuguese Timor, under Indonesian occupation. Its ccTLD was .tp.

After the country gained its independence in 2002, it renamed itself Timor Leste and the ISO assigned it the new code TL, deleting TP from its list.

IANA delegated .tl to the local government in 2005 and encouraged .tp registrants to migrate, but it took a full decade before it followed through and removed .tp from the root, in February 2015.

.zr — Zaire

The first ccTLD to get deleted by IANA under ICANN’s watch was .zr, which was no longer needed after Zaire changed its name to Democratic Republic of the Congo, receiving the code CD from ISO, in 1997.

The pre-ICANN IANA delegated .cd to the newly named country in 1997 and the registry operator set about moving .zr names to .cd. By 2001, that process was completed and .zr was deleted from the root.

.an — Netherlands Antilles

The Netherlands Antilles was a collection of former Dutch colonies in the Caribbean, until the territory split, with its component islands receiving new statuses under Dutch law, in 2010. The ccTLD was .an.

Curaçao got .cw, Sint Maarten (Dutch part) got the sexy-sounding .sx, and Bonaire, Saint Eustatius and Saba got to share .bq. ISO removed AN from its list.

The transition was a bit more complicated than usual, as .an registrants had to transfer to a new ccTLD based on what island they were on, but the local authorities managed it and within five years .an went poof.

.um — United States Minor Outlying Islands

This one’s unique in that it was deleted apparently simply because the registry operator couldn’t be bothered with it any more.

The United States Minor Outlying Islands are pretty much unpopulated, but strategically well-located, islands belonging to the US. There’s eight in the Pacific and one in the Caribbean.

Its ccTLD was operated by the University of Southern California until 2006, when somebody at ICANN noticed it appeared to be broken. When it approached USC for an explanation, it was told “they were no longer interested in managing the .UM domain”.

It had no registered domains, so there was no need for a transition plan and IANA deleted it from the root the following year.

The islands and their code are still on the ISO list and are still eligible for their ccTLD. Presumably it’s only the fact that the US government has asserted its authority over .um that has prevented an opportunist Just Some Guy registry from snapping it up to market .um domains as the leading destination for indecisive people or something.

What does this mean for .io?

ICANN’s policy on ccTLDs is pretty straightforward — your territory has to be on the ISO 3166 list and the ccTLD has to match the code ISO gives you. If your code drops off the list, you have five years, extensible to 10, to conduct an orderly transition before the TLD is retired.

Much like Portuguese Timor changing its name to Timor Leste to shuck off its enforced colonial branding, it seems inconceivable that the Chagos Archipelago will continue to be known as the British Indian Ocean Territory.

The key questions for .io registrants are: will the renamed BIOT keep the IO assignment on the ISO list, and will the archipelago continue to qualify as a distinct territory eligible for ccTLD status?

If BIOT simply becomes part of Mauritius, no longer recognized by the UN as a distinct territory, .io gains an existential threat. It would drop off ISO’s list and ICANN could issue it a retirement notice.

If BIOT remains a distinct territory and remains eligible for a ccTLD, the possibilities become a whole lot more interesting.

If Mauritius decides to change the territory’s name, there’s no problem. But if it asks ISO for a corresponding change of two-letter code to better reflect its new name, .io’s future is in doubt.

If the name is changed to something like “Chagos” and Mauritius wants a “C” code, only CB, CE and CJ are still available.

Theoretically, the government of Mauritius could unilaterally force an undesirable string change on Identity Digital, the American company that runs the .io registry, forcing a years-long migration to the newly chosen ccTLD.

I can’t imagine many of .io’s hundreds of thousands of registrants, particularly those using .io as a domain hack or to hitch themselves to a cool tech-startup bandwagon, being happy with a forced migration to, say, .cj.

The power to decoolify an entire TLD would be a compelling weapon in a redelegation fight. I’m deep into speculative territory here, but I can’t help but feel that Identity Digital is going to have to give Mauritius some money at some point.

Another possibility is that the registry, one of ICANN’s biggest funders, could lobby ICANN to change its policies and somehow grandfather .io in as a stateless ccTLD.

The fact that ICANN hasn’t acted to remove .su from the root, thirty years after the Soviet Union collapsed, could be seen as precedent.

The answers to .io’s future might be found in the proposed UK-Mauritius treaty, but that has yet to be published. As it has to be ratified by the UK Parliament we can expect it to enter the public domain before long.

Future of .io domains uncertain as UK hands over Chagos islands

The future of the .io ccTLD is up in the air today with the announcement that the UK is to hand over the British Indian Ocean Territory, also known as the Chagos Archipelago, to Mauritius.

The two governments announced today that they will sign a treaty agreeing “that Mauritius is sovereign over the Chagos Archipelago”. It’s being called the end of British colonialism in Africa.

Under the broad-ranging 99-year deal, native Chagossians, forcibly exiled since the late 1960s, will be free to return to the islands, apart from Diego Garcia, which is home to a strategically important UK-US military base.

There’s no talk yet of the future the ccTLD, of course — the governments have bigger fish to fry — but the change of sovereignty could have interesting implications for the .io registry and its registrants.

The positive spin is that owning a .io domain could now be seen as a less dubious ethical choice.

For almost a decade, largely unsuccessful boycotts of .io have been organized by tech bros upset with the treatment of the Chagossians. Now that they’re getting their land back, the queasiness of supporting “digital colonialism” might go away.

The bad news is that a change of sovereignty could ultimately lead to a change of registry, or the ccTLD disappearing entirely.

ICANN takes its lead from the International Standards Organization, specifically the ISO 3166-1 alpha-2 list, when it comes to deciding whether a ccTLD deserves to exist and what two-letter code it gets.

If BIOT ceases to exist and is removed from the ISO list, as seems likely, there’s a strong case to be made that .io should cease to exist too.

Whether ICANN would actually remove .io from the DNS root is another matter, of course. While it has removed ccTLDs before when the associated country disappears, it has done so in a measured, managed fashion.

The Org also seems quite happy for .su to stay in the root, thirty-odd years after the Soviet Union fell apart.

But what of redelegation? There’s already a campaign to get .io redelegated to the Chagossians, and now that the UK is relinquishing its control of BIOT to Mauritius, the redelegation claim could be strengthened by the weight of a national government.

However, while .io is assigned to BIOT, the UK government says it has no formal relationship with the registry, so a change of ownership of the territory doesn’t necessarily mean the ccTLD changes owners.

The registry is run by a private UK company, Internet Computer Bureau, which nowadays is basically a shell owned by an Irish company that is in turn owned by US-based Identity Digital and its parent Beignet.

And ICANN typically doesn’t redelegate ccTLDs without the consent of the losing registry, which in many cases is Just Some Guy who spotted a business opportunity in the 1990s.

Niue, the Pacific island nation, has been fighting fruitlessly for control of .nu for two decades, for example, but the extant registry doesn’t want to hand it over so ICANN has not acted.

As I reported earlier this week, .io had turnover of almost $40 million last year, so it seems unlikely that Identity Digital would follow the UK’s lead and just hand it over.

While the registry does not disclose its registration numbers, the revenue suggests it’s possible over a million .io domains have been registered.

Amazon and Google among .internal TLD ban backers

Google and Amazon have publicly backed ICANN’s plan to reserve the top-level domain .internal for private behind-the-firewall uses.

ICANN picked the string “internal” as the one that it will promise to never delegate to the DNS root, allowing network administrators and software developers to confidently use it with a lower risk of data leakage should the TLD come under a registry’s control in future.

The public comment period over its choice is coming to a close tomorrow, with a generally supportive vibe coming from the 30-odd comments submitted so far.

Notably, tech giants Amazon and Google have both filed comments backing .internal, with both companies saying that they already use the TLD extensively for internal purposes (Google in its Cloud services) and that to allow it to be delegated in future would cause big problems.

Some commenters niggled that .internal is too long, and that something like .local or .lan, both already reserved, might be better. Others wondered why strings such as .corp or .home, which are already effectively banned due to the high risk of name collisions, were not chosen instead.

Lebanon’s ccTLD going back to Lebanon after ICANN takeover

ICANN’s board of directors has voted to redelegate Lebanon’s ccTLD to the country’s local Internet Society chapter, six months after the Org took it over as an emergency caretaker.

The resolution, passed at the weekend, as usual with ccTLD redelegations does not get into any depth about the switch, other than to note IANA has ticked all the requisition procedural boxes. IANA will publish a report at a later date.

ICANN took over the ccTLD, .lb, last July after the former registry was left in limbo following the sudden death of its founder and manager. It was only the second time ICANN had made itself a ccTLD’s “caretaker”.

The board also voted at the weekend to redelegate Cameroon’s .cm, best-known in the Anglophone world for enabling .com typos purely by existing, to Agence Nationale des Technologies de l’Information et de la Communication, the local technology ministry.

Group to seek .io TLD takeover after OECD human rights ruling

A group composed of displaced Chagossians will ask ICANN to redelegate the increasingly popular .io top-level domain, according to the group’s lawyer.

The move, still in its very early stages, follows a recent ruling under the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, which mildly chastised the current registry, Identity Digital.

“The next move is domain reassignment,” lawyer Jonathan Levy, who brought the OECD complaint on behalf of the Chagos Refugees Group UK, told us. The proposed beneficiary would be “a group composed of Chagossians” he said.

.io is the ccTLD for the archipelago currently known as the British Indian Ocean Territory. It’s one of those Postel-era “Just Some Guy” developing-world delegations that pre-date ICANN.

But BIOT is a controversial territory. Originally the Chagos Archipelago, the few thousand original inhabitants were forced out by the UK government in the 1970s so the US military could build a base on Diego Garcia, the largest island.

Most of the surviving Chagossians and their descendants live in Mauritius, but have been fighting for their right to return for decades. In 2019, the UN ruled the UK’s current administration of BIOT is unlawful.

In recent years, since .io became popular, the ccTLD has become part of the fight.

The original and technically still-current registry for .io is a UK company called Internet Computer Bureau. ICB was acquired by Afilias in 2017 for $70 million. Afilias was subsequently acquired by Donuts, which is now called Identity Digital.

Corporate accounts filed by ICB name its ultimate owner as Beignet DTLD Holdings of Delaware, which appears to be a part of $2.21 billion private equity firm Ethos Capital, Identity Digital’s owner, which is co-managed by former ICANN CEO Fadi Chehadé.

None of these companies have a connection to BIOT beyond paying a local company called Sure (Diego Garcia) Limited for a mail-forwarding service. The only people believed to reside in the territory at all are US and UK military and contractors.

Levy, on behalf of the Chagossian refugees and a group of victims of cryptocurrency scams operated from .io domains, filed a complaint with the Ireland National Contact Point for the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct — basically a mediation service operated by the Irish government — seeking a share of the money from .io sales and/or redelegation.

According to its most-recent public accounts, ICB had turnover of £16.4 million ($19.8 million) in 2021, up from £12.8 million ($15.5 million) in 2020, but also had absolutely horrible gross margins for a registry with only one employee.

The company had cost of sales of £15.8 million and a gross margin of 3.58%. It pays no ICANN fees and the UK government receives no cut beyond the regular corporate tax ICB pays (about £26,000 in 2021).

The OECD’s Guidelines are voluntary guidelines that countries sign up to that are meant to guide how multinational companies behave with regards human rights and so on. Enforcement seems to be relatively toothless, with national NCPs only having the power to “recommend” actions.

In fact, Afilias declined to participate in mediation and appears to have received only a mild finger-wagging in the Irish NCP’s decision (pdf), which was published in September. One of its recommendations reads:

The NCP recommends that in cases in which a product, including a digital asset, is associated with long-running disputes regarding human rights, multinational enterprises should be able to demonstrate that they have carried out human rights due diligence

Levy thinks the NCP’s decision is a big deal, saying it means the OECD has validated the Chagossians’ concerns. Coupled with the UN sanction on the UK related to BIOT, he reckons it could play in their favor in a future redelegation request.

.io domain owners shouldn’t be too worried right now, however. Redelegation takes a very long time even when the losing party agrees, and it doesn’t tend to happen without the consent of the incumbent.

ICANN takes over country’s ccTLD after Hall of Famer’s death

ICANN has assumed temporary ownership of .lb, the ccTLD for Lebanon, after the death of the man who founded the registry and managed it for 30 years.

IANA, in an unprecedented move, has made itself the “caretaker” sponsor and admin contact for .lb, according to the official record, which changed on Thursday.

The Org replaces the American University in Beirut, which as the name suggests is an American-owned university in Beirut, as sponsor and Lebanese Domain Registry as the admin.

It appears that AUB has not been involved with running .lb for a few years, having terminated its relationship with LBDR in 2020, and has told IANA that it is no longer the ccTLD’s sponsor.

AUB’s disassociation with LBDR, which appears to have been quite acrimonious, forced the registry to move onto CoCCA’s managed registry platform, where it still sits today.

Nabil Bukhalid, LBDR’s founder and a member of ISOC’s Internet Hall of Fame, had been trying to secure a permanent home for .lb for years, according to a history of the domain on the registry’s web site.

But he died unexpectedly of a heart attack while on vacation in January this year, leaving Lebanon’s domain in a bit of a limbo.

Kim Davies, head of IANA, revealed in a letter posted today (pdf) that .lb has been managed by Bukhalid’s “associates” for the last six months.

He said ICANN has approved a new “caretaker” role for IANA, and that the designation “will signal that there is an extraordinary and temporary operational situation”.

“IANA will continue to work with Bukhalid’s known associates to ensure the ongoing operation of the domain, until such time as a qualified successor is identified through a normal ccTLD transfer request process, at which time the caretaker designation will be removed,” he wrote.

.lb is believed to have fewer than 5,000 domains under management.

Bukhalid’s struggle to secure a successor played out against the backdrop of a Lebanese government that has far more important things to worry about. The country has been in a deep financial crisis since 2019, a situation exacerbated by the Covid-19 pandemic, a revolution, and one of the largest accidental non-nuclear explosions in human history.

The economic crisis was such that Bukhalid was forced to incorporate LBDR in Delaware a couple years back.

“We are establishing this designation out of an operational necessity. There appear to be no specific policies that govern a situation where the existing designated ccTLD manager no longer performs its role but there is no obvious successor,” Davies wrote.

He suggested that the ccNSO may want to consider creating a policy for this kind of scenario.

Similar situations could occur in future, I reckon, if increasingly grey and wrinkly Postel-era “Just Some Guy” ccTLD sponsors don’t make arrangements for their heirs.

Davies said in his letter that the “caretaker” designation has been used once before, for Libya’s .ly in 2004. But it’s the first time IANA has been a caretaker, and the Libya experiment went spectacularly badly.

ICANN approves ccTLD-killer policy

ICANN has formally adopted a policy that would enable it to remove ccTLDs from the DNS root when their associated countries cease to exist, raising the possibility of the Soviet Union’s .su being deleted.

Last Thursday at ICANN 75 in Kuala Lumpur, the board of directors rubber-stamped the ccNSO Retirement of ccTLDs Policy, which sets out how ccTLDs can be deleted in an orderly fashion over the course of several years.

The policy calls for ICANN and the ccTLD registry to form a “Retirement Plan” when the ccTLD’s string is removed from the ISO 3166-1 Alpha-2 standard, which defines which two-letter strings are reserved for which countries.

Strings are typically removed from this list when a country changes its name (such as Timor-Leste) or breaks up into smaller countries (such as the Netherlands Antilles).

The Retirement Plan would see the ccTLD removed from the root five years after ISO made the change, though this could be extended if the registry asks and ICANN agrees.

In February, I set out the case for why the policy may allow ICANN to retire .su, the thriving ccTLD for the Soviet Union, three decades after that nation was dismantled.

DNSSEC claims another victim as entire TLD disappears

A country’s top-level domain disappeared from the internet for many people yesterday, apparently due to a DNSSEC key rollover gone wrong.

All domains in Fiji’s ccTLD, .fj, stopped resolving for anyone behind a strict DNSSEC resolver in the early hours of the morning UTC, afternoon local time, and stayed down for over 12 hours.

Some domains may still be affected due to caching, according to the registry and others.

The University of the South Pacific, which runs the domain, said that it had to contact ICANN’s IANA people to get the problem fixed, which took a while because it had to wait for IANA’s US-based support desk to wake up.

IANA head Kim Davies said that in fact its support runs 24/7 and in this case IANA took Fiji’s call at 2.47am local time.

Analyses on mailing lists and by Cloudflare immediately pointed to a misconfiguration in the country’s DNSSEC.

It seems Fiji rolled one of its keys for the first time and messed it up, meaning its zone was signed with a non-existent key.

Resolvers that implement DNSSEC strictly view such misconfigurations as a potential attack and nix the entire affected zone.

It happens surprisingly often, though not usually at the TLD level. That said, a similar problem hit thousands of Sweden’s .se domains, despite the registry having a decade’s more DNSSEC experience than Fiji, last month.

Domain Incite had a similar problem recently when its registrar carried on publishing DNSSEC information for the domain long after I’d stopped paying for it.

UPDATE: This post was updated with comment from IANA.