It’s Drazek vs Dammak for GNSO Council chair

The chair of ICANN’s Generic Names Supporting Organization Council is contested this year, with a registry veep facing off against a software engineer.
The nomination from the contracted parties house is US-based Keith Drazek, Verisign’s VP of policy and government relations.
He’ll be opposed by non-contracted parties nominee and current vice-chair Rafik Dammak, a Tunisian working as a software engineer for NTT Communications (which is technically a contracted party due its dot-brand gTLD) in Japan.
Both men are long-time, active members of the ICANN community and GNSO.
The Council will pick its new chair about a month from now at the ICANN 63 meeting in Barcelona.
The winner will replace lawyer Heather Forrest, the non-contracted party who took the seat after an unopposed vote a year ago.

Cloudflare selling all domains at cost: “All we’re doing is pinging an API”

Content delivery network provider Cloudflare has promised to sell domains in all TLDs at the wholesale cost, with no markup, forever.
The company made the commitment yesterday as it announced its intention to get into the registrar business.
Founder Matthew Price used the announcement to launch a blistering attack on the current registrar market, which he said is charging “crazy” prices and endlessly upselling their customers with unwanted, worthless products. He blogged:

why should registrars charge any markup over what the TLDs charge? That seemed as nutty to us as certificate authorities charging to run a bit of math. When we see a broken market on the Internet we like to do something about it.
…
we promise to never charge you anything more than the wholesale price each TLD charges. That’s true the first year and it’s true every subsequent year. If you register your domain with Cloudflare Registrar you’ll always pay the wholesale price with no markup.
For instance, Verisign, which administers the .com TLD, currently charges $7.85 per year to register a .com domain. ICANN imposes a $0.18 per year fee on top of that for every domain registered. Today, if you transfer your .com domain to Cloudflare, that’s what we’ll charge you per year: $8.03/year. No markup. All we’re doing is pinging an API, there’s no incremental cost to us, so why should you have to pay more than wholesale?

There are catches, of course.
For starters, the service is not available yet.
Price wrote that Cloudflare will roll it out gradually — for inbound transfers only — to its “most loyal” customers over an unspecified period. Even customers on its cheapest plans will get access to the queue, he wrote.
Eventually, he said, it will be available “more broadly”.
It will be interesting to see if the no-markup pricing could become available to non-customers too, and whether it sticks to its business model when its support lines start ringing and it becomes apparent the business is actually big ole cash vampire.
Cloudflare has been ICANN-accredited for several years, but it’s only been offering registrations to high-value enterprise customers so far.
My records show that it has not much more than 800 domains under management, all in .com, .net, .org and .info.
The announcement was made, perhaps not coincidentally, a couple days after CRM software provider Zoho made headlines when its 40 million customers were taken offline because its former registrar suspended zoho.com over a trivial level of abuse. In response to the screw-up, Zoho transferred the domain to Cloudflare.

Chutzpah alert! DotKids wants ICANN handout to fight gTLD auction

New gTLD applicant DotKids Foundation has asked ICANN for money to help it fight for .kids in an auction against Amazon and Google.
The not-for-profit was the only new gTLD applicant back in 2012 to meet the criteria for ICANN’s Applicant Support Program, meaning its application fee was reduced by $138,000 to just $47,000.
Now, DotKids reckons ICANN has a duty to carry on financially supporting it through the “later stages of the process” — namely, an auction with two of the world’s top three most-valuable companies.
The organization even suggests that ICANN dip into its original $2 million allocation to support the program to help fund its bids.
Because .kids is slated for a “last resort” auction, an ICANN-funded winning bid would be immediately returned to ICANN, minus auction provider fees.
It’s a ludicrously, hilariously ballsy move by the applicant, which is headed by DotAsia CEO Edmon Chung.
It’s difficult to see it as anything other than a delaying tactic.
DotKids is currently scheduled to go to auction against Google’s .kid and Amazon’s .kids application on October 10.
But after ICANN denied its request for funding last month, DotKids last week filed a Request for Reconsideration (pdf), which may wind up delaying the auction yet again.
According to DotKids, the original intent of the Applicant Support Program was to provide support for worthy applicants not just in terms of application fees, but throughout the application process.
It points to the recommendations of the Joint Applicant Support working group of the GNSO, which came up with the rules for the support program, as evidence of this intent.
It says ICANN needs to address the JAS recommendations it ignored in 2012 — something that could time quite some time — and put the .kids auction on hold until then.

KSK vote was NOT unanimous

ICANN’s board of directors on Sunday voted to approve the forthcoming security key change at the DNS root, but there was some dissent.
Director Avri Doria, a Nominating Committee appointee, said today that she provided the lone vote against the DNSSEC KSK rollover, which is expected to cause temporary internet access problems for potentially a couple million people next month.
I understand there was also a single abstention to Sunday’s vote.
Doria has released a dissenting statement, in which she said the absence of an external, peer-reviewed study of the risks could prove a problem.

The greatest risk is that out of the millions that will fail after the roll over, some that are serious and may even be critical, may occur; if this happens the lack of peer reviewed studies may be a liability for ICANN, perhaps not legal, but in terms of our reputation as protectors of the stability & security of internet system of names.

She added that she was concerned about the extent that the public has been notified of the rollover plan, and questioned whether the current risk mitigation plan is sufficient.
Doria said she found comments filed by Verisign (pdf) particularly informative to her eventual vote, as well as comments from the At-Large Advisory Committee (pdf), Business Constituency (pdf) and Registries Stakeholder Group (pdf).
These groups had called for more study and data, better outreach, more clearly defined success/failure benchmarks, and more delay.
Doria noted in her dissenting statement that the ICANN board did not have a chance to quiz any of the minority of the members of the Security and Stability Advisory Committee who had called for further delay.
The board’s resolution, apparently arrived at after two hours of formal in-person discussions in Brussels at the weekend, is expected to be published shortly.
The rollover, which has already been delayed a year, is now scheduled to go ahead October 11.
Any impact is expected to be felt within a couple of days, as the change ripples out across the DNS.
ICANN says that any network operator impacted by the change has a simple fix: turn off DNSSEC. Then, if they want, they can update their keys and turn it back on again.

ICANN turns 20 today (or maybe not)

ICANN is expected to celebrate its 20th anniversary at its Barcelona meeting next month, but by some measures it has already had its birthday.
If you ask Wikipedia, it asserts that ICANN was “created” on September 18, 1998, 20 years ago today.
But that claim, which has been on Wikipedia since 2003, is unsourced and probably incorrect.
While it’s been repeated elsewhere online for the last 15 years, I’ve been unable to figure out why September 18 has any significance to ICANN’s formation.
I think it’s probably the wrong date.
It seems that September 16, 1998 was the day that IANA’s Jon Postel and Network Solutions jointly published the organization’s original bylaws and articles of incorporation, and first unveiled the name “ICANN”.
That’s according to my former colleague and spiritual predecessor Nick Patience (probably the most obsessive journalist following DNS politics in the pre-ICANN days), writing in now-defunct Computergram International on September 17, 1998.
The Computergram headline, helpfully for the purposes of the post you are reading, is “IANA & NSI PUBLISH PLAN FOR DNS ENTITY: ICANN IS BORN”.
Back then, before the invention of the paragraph and when ALL CAPS HEADLINES were considered acceptable, Computergram was published daily, so Patience undoubtedly wrote the story September 16, the same day the ICANN proposal was published.
A joint Postel/NetSol statement on the proposal was also published September 17.
The organization was not formally incorporated until September 30, which is probably a better candidate date for ICANN’s official birthday, archived records show.
Birthday meriments are expected to commence during ICANN 63, which runs from October 20 to 25. There’s probably free booze in it, for those on-site in Barcelona.
As an aside that amused me, the Computergram article notes that Jones Day lawyer Joe Sims very kindly provided Postel with his services during ICANN’s creation on a “pro bono basis”.
Jones Day has arguably been the biggest beneficiary of ICANN cash over the intervening two decades, billing over $8.7 million in fees in ICANN’s most recently reported tax year alone.

Van der Laan to leave ICANN board

Former Dutch politician Lousewies van der Laan is to leave the ICANN board of directors next month and be replaced with the former CEO of the Serbian ccTLD.
ICANN said yesterday that Danko Jevtovic, who headed RNIDS from 2013 until July last year, has been selected to occupy van der Laan’s seat following the Annual General Meeting in Barcelona.
Van der Laan, who had been selected by the Nominating Committee for a second term, has had to decline the offer “due to unforeseen family obligations”, ICANN said.
Jevtovic will take his seat at the same time as fellow NomCom appointee, Tripti Sinha of the University of Maryland, who oversees management of the DNS D-root server and replaces term-limited George Sadowsky.
El Salvadorean ccTLD founder Rafael “Lito” Ibarra is the third NomCom appointee this year, starting his second term next month.

Set buttocks to clench! ICANN approves risky KSK rollover

ICANN has approved the first rollover of the domain name system’s master security key, setting the clock ticking on a change that could cause internet access issues for millions.
The so-called KSK rollover, when ICANN deletes the key-signing key that has been used as the trust anchor for the DNSSEC ecosystem since 2011 and replaces it with the new one — will now go ahead as planned on October 11.
The decision was made yesterday at the ICANN board of directors’ retreat in Brussels.
ICANN chief technology officer David Conrad posted this to an ICANN mailing list this morning:

The Board voted to approve the resolution for ICANN org to move forward with the revised KSK rollover plan. So barring unforeseen circumstances, the KSK-2017-signed ZSK will be used to sign the root zone on 11 October 2018.

The rollover was due to happen October 11 last year, but ICANN delayed it when it emerged that many DNS resolvers weren’t yet configured to use the new key.
That’s still a problem, and nobody knows for sure how many endpoints will stop functioning properly when the new KSK goes solo.
While most experts weighing in on the rollover, including Conrad, agreed that the risk of more delay outweighed the risk of rolling now, that feeling was not unanimous.
Five members of the 22-member Security and Stability Advisory Committee — including top guys from Google and Verisign — last month dissented from the majority view and said ICANN should delay again.
The question now is not whether internet users will see a disruption in the days following October 11, but how many users will be affected and how serious their disruptions will be.
Based on current information, as many as two million internet users could be affected.
ICANN is likely to take flak for even relatively minor disruptions, but the alternative was to continue with the delays and risk an even bigger impact, and even more flak, in future.
The text of ICANN’s resolution and the rationale behind it will be published in the next day or so.

Mediators hired as Whois reformers butt heads

ICANN has hired professional mediators to help resolve strong disagreements in the working group tasked with reforming Whois for the post-GDPR world.
Kurt Pritz, chair of the Expedited Policy Development Process for Whois, last week told the group that ICANN has drafted in the Consensus Building Institute, with which it has worked before, to help “narrow issues and reach consensus”.
Three CBI mediators will brief the EPDP group today, and join them when the WG meets face-to-face for the first time at a three-day session in Los Angeles later this month.
Their goal is not to secure any particular outcome, but to help the disparate viewpoints find common ground, Pritz told the group.
It’s been Pritz’s intention to get the mediators in since day one — he knew in advance how divisive Whois policy is — but it’s taken until now to get the contracts signed.
The EPDP WG’s job is to create a new, privacy-conscious, consensus Whois policy that will apply to all gTLD registries and registrars. Its output will replace ICANN’s post-GDPR Temporary Specification for Registration Data, which in turn replaced the longstanding Whois policy attached to all ICANN registry and registrar contracts.
Since the working group first convened in early August — about 500 emails and 24 hours of painful teleconferences ago — common ground has been hard to find, and in fact the EPDP group did not even attempt to find consensus for the first several weeks of discussions.
Instead, they worked on its first deliverable, which was finalized last week, a “triage report” that sought to compile each faction‘s opinion of each section of ICANN’s Temp Spec.
The idea seemed sensible at the time, but with hindsight it’s arguable whether this was the best use of the group’s time.
The expectation, I believe, was that opposing factions would at least agree on some sections of text, which could then be safely removed from future debate.
But what emerged instead was this, a matrix of disagreement in which no part of the Temp Spec did not have have at least one group in opposition:
The table is potentially misleading, however. Because groups were presented with a binary yes/no option for each part of the spec, “no” votes were sometimes recorded over minor language quibbles where in fact there was agreement in principle.
By restricting the first few weeks of conversation to the language of the Temp Spec, the debate was arguably prematurely hamstrung, causing precious minutes to trickle away.
And time is important — the EPDP is supposed to deliver its consensus-based Initial Report to the ICANN 63 meeting in Barcelona about five weeks from now.
That’s going to be tough.
What’s becoming increasingly clear to me from the post-triage talks is that the WG’s task could be seen as not much less than a wholesale, ground-up, reinvention of the Whois wheel, recreated with GDPR as the legal framework.
Who is Whois for?
Discussions so far have been quite mind-expanding, forcing some fundamental rethinking of long-held, easy assumptions, at least for this lurker. Here’s an example.
One of the fundamental pillars of GDPR is the notion of “purposes”. Companies that collect private data on individuals have to do so only with specific, enumerated purposes in mind.
The WG has started by discussing registrars. What purpose does a registrar have when it collects Whois data from its registrants?
None whatsoever, it was claimed.
“To execute the contract between the registrant and the registrar, it’s really not necessary for registrars to collect any of this information,” GoDaddy head of policy James Bladel, representing registrars, told the group on its latest call Thursday.
Registrars collect data on their customers (not just contact data, but also stuff like credit card details) for billing and support purposes, but this is not the same as Whois data. It’s stored separately and never published anywhere. While covered by GDPR, it’s not covered by Whois policy.
Whois data is only collected by registrars for third parties’ purposes, whether that third party be a registry, ICANN, a data escrow agent, a cop, or an intellectual property enforcer.
“Other than a few elements such as domain name servers, there is nothing that is collected in Whois that is needed for the registrar to do their business,” At-Large Advisory Committee chair Alan Greenberg told the WG. “All of them are being collected for their availability to third parties, should they need it.”
While this may seem like a trivial distinction, drawing a hard line between the purposes of registries, registrars and ICANN itself on the one hand and law enforcement, cybersecurity and IP lawyers on the other is one of the few pieces of concrete advice ICANN has received from European data protection regulators.
There’s by no means unanimous agreement that the registrars’ position is correct, but it’s this kind of back-to-basics discussion that makes me feel it’s very unlikely that the EPDP is going to be able to produce an Initial Report with anything more than middling consensus by the October deadline.
I may be overly pessimistic, but (mediators or no mediators) I expect its output will be weighted more towards outlining and soliciting public comment on areas of disagreement than consent.
And the WG has not yet even looked in depth at the far thornier issue of “access” — the policy governing when third parties such as IP lawyers will be able to see redacted Whois data.
Parties on the pro-access side of the WG have been champing at the bit to bring access into the debate at every opportunity, but have been
Hey, look, a squirrel!
The WG has also been beset by its fair share of distractions, petty squabbles and internal power struggles.
The issues of “alternates” — people appointed by the various constituencies to sit in on the WG sessions when the principles are unavailable — caused some gnashing of teeth, first over their mailing list and teleconference privileges and then over how much access they should get to the upcoming LA meeting.
Debates about GDPR training — which some say should have been a prerequisite to WG participation — have also emerged, after claims that not every participant appeared clued-in as to what the law actually requires. After ICANN offered a brief third-party course, there were complaints that it was inadequate.
Most recently, prickly Iranian GAC rep Kavouss Arasteh last week filed a formal Ombudsman complaint over a throwaway god-themed pun made by Non-Com Milton Mueller, and subsequently defended by fellow non-resident Iranian Farzaneh Badii, in the Adobe Connect chat room at the September 6 meeting.
Mueller has been asked to apologize.

Donuts gets bought by former ICANN CEO’s firm

Donuts is to be bought by a private equity firm that has a former ICANN CEO as a partner.
The company, which holds the largest portfolio of new gTLDs, has agreed to be acquired by Boston-based private equity firm Abry Partners for an undisclosed sum.
Not much info about the deal has been released, but one senses an ICANN alum’s hand at the wheel.
Former ICANN chief Fadi Chehade is a partner at Abry, having been initially employed as senior advisor on digital strategy back in 2016 after he left ICANN.
Abry, on its web site, says it focuses its investments on profitable companies, adding:

Depending on the type of fund, we target investments from $20 million to $200 million.
Since Abry’s inception, we’ve developed deep industry expertise in Broadband, Business Services, Communications, Cybersecurity, Healthcare IT, Information Services, Insurance Services, Internet-of-Things, Logistics, Media, and Software as a Service.

Since its formation in 1989, Abry has “completed more than $77 billion of transactions, representing investments in more than 650 properties.”
Donuts was founded by domain veterans Paul Stahura, Jon Nevett, Richard Tindal and Daniel Schindler in order to take advantage of ICANN’s new gTLD program..
It was initially funded by $100 million from Austin Ventures, Adams Street Partners, Emergence Capital Partners, TL Ventures, Generation Partners and Stahurricane.
It currently runs over 200 TLDs, the most populous of which I believe is .ltd, with over 400,000 names.
Donuts is the latest of a series of domain companies to exit via the private equity route, notably following Neustar and Web.com.
Chehade was ICANN’s CEO between 2012 and 2015. While he was not involved in the industry during the new gTLD’s program’s inception, he did oversee its early years.

.tel’s second-biggest registrar gets canned

A Chinese registrar that focused exclusively on selling .tel domain names has been shut down by ICANN.
Tong Ji Ming Lian (Beijing) Technology Corporation Ltd, which did business as Trename, had its registrar contract terminated last week.
ICANN claims the company had failed to pay its accreditation fees and failed to escrow its registration data.
The organization had been sending breach notices since June, but got no responses. Trename’s web site domain currently resolves to a web server error, for me at least.
Trename is a rare example of a single-TLD registrar, accredited only to sell .tel domains. It didn’t even sell .com.
It is Telnames’ second-largest registrar after Name.com, accounting for about 6,000 names at the last count. At its peak, it had about 55,000.
Its share seems to be primarily as a result of a deal the registry made with a Chinese e-commerce company way back in 2011.
I’m a bit fuzzy on the details of that deal, but it saw Trename add 50,000 .tel names pretty much all at once.
Back then, .tel still had its original business model of hosting all the domains it sold and publishing web sites containing the registrant’s contact information.
Since June 2017, .tel has been available as a general, anything-goes gTLD, after ICANN agreed to liberalize its contract.
That liberalization doesn’t seem to have done much to stave off .tel’s general decline in numbers, however. It currently stands at about 75,000 names, from an early 2011 peak of over 305,000.
ICANN told Trename that its contract will end September 19, and that it’s looking for another registrar to take over its domains.
With escrow apparently an issue, it may not be a smooth transition.