Recent Posts
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
- $2 million Christmas bonus for ICANN
- Another VW car dot-brand crashes out
- Largest back-end switch EVER as GoDaddy loses deal
- Yeah, we got phished, ICANN admits after crypto hack
- ICANN hacked to promote crypto scam
- Super Bowl a bit of a dud for .com?
- More gloom predicted for .com
- These are the .gov domains Trump has deleted so far
- Did Trump just create the world’s next ccTLD?
- $3,000 to do a Whois lookup?
- PIR to join GlobalBlock, but its crown jewel won’t
- LA wildfire victims get domain deletes delay
Second delay for domain security key rollover
ICANN has decided to delay changing the security keys to the DNS for the second time.
The “KSK Rollover” had been rescheduled from October 11 to some time in the first quarter 2018, but that will no longer happen. We’re now looking at Q3 at the earliest.
“We have decided that we do not yet have enough information to set a specific date for the rollover,” VP of research Matt Larson said in a blog post. “We want to make clear, however, that the ICANN org is committed to rolling the root zone KSK”.
The root KSK, or Key Signing Key, is the cryptographic key pair at the very top of the security hierarchy specified by DNSSEC, the security extension for DNS.
The current, first-ever, root KSK has been in operation since 2010, but ICANN’s policy is to roll it every five years or so.
The October date was delayed after newly available data showed that hundreds of DNS resolvers were still only configured to use the 2010 keys and not the 2017 keys that have already been deployed in tandem.
This would mean a rollover would cut off access to DNSSEC-signed zones to potentially millions of internet users.
ICANN found that 4% of the 12,000 DNSSEC-validating resolvers — roughly 500 IP addresses — it surveyed in September were not ready for KSK-2017.
Larson told us last month that at least 176 organizations in 41 countries were affected.
Since the first delay, ICANN has been trying to contact the owners of the 500 incompatible IP addresses but has run into some serious problems, Larson blogged.
First, a significant number of these addresses are dynamically allocated (such as to home broadband hubs) meaning tracking down the owners of the misconfigured devices would be next to impossible. Others were forwarding DNS queries on behalf of other devices, creating a similar problem.
Additionally, it seems ICANN has still not received responses from owners of 80% of the affected IP addresses.
Due to the lack of reliable data, it’s difficult for ICANN to figure out how many users’ internet access will be affected by a rollover.
The threshold called for by current policy is about 20 million people.
So ICANN has delayed the event to some point after Q1. Larson wrote that the organization will publish a plan on January 18 which will be open for public comment and discussed at the ICANN 61 meeting in Puerto Rico next March.
A final plan is not expected until ICANN 62, which happens in late June, so Q3 would be the earliest the rollover could actually occur.
Larson encouraged anyone interested in discussing the plan to join this mailing list.
Justice gives nod to O.com auction
The US Department of Justice does not intend to prevent Verisign from auctioning off the single-letter domain o.com.
Aaron Hoag, chief of the department’s Technology & Financial Services Section, told ICANN in a letter (pdf) that it does not intend to probe Verisign’s proposal.
The letter reads in its entirety:
Your letter dated December 7, 2017, to Makan Delrahim, Assistant Attorney General of the Antitrust Division, regarding VeriSign’s proposal to auction O.COM, has been referred to the Technology & Financial Services Section for review. After careful consideration of the matter, the Division can report that it does not intend to open an investigation into the proposed auction described in the attachment to your letter.
Verisign asked ICANN’s permission to auction o.com, with most of the the proceeds going to good causes, after over a decade of nagging from retailer Overstock.com, which desperately wants to own the currently reserved name.
It would set a precedent for the company to sell off the remaining 22 single-letter domains, not to mention the 10 digits, which are all currently reserved due to a decades-old technical policy no longer considered necessary.
Verisign would only receive its $7.85 base registry fee from the sale, despite the fact that single-letter domains could easily fetch seven or eight figures.
The company asked ICANN for permission to release the name via its Registry Services Evaluation Process last month.
ICANN said earlier this month that it had no objection on technical grounds, but referred it to US competition authorities for a review.
With the DoJ apparently not interested, the door is open for ICANN to approve the RSEP before the end of the year, meaning Verisign could carry out the auction in 2018.
The big question now is whether anyone other than Overstock will want to take part in the auction. Overstock has US trademarks on “O.com”, despite the fact that it’s never actually owned the domain.
Davies named new IANA boss
Kim Davies has been named the new head of IANA.
ICANN said today that he’s been promoted from his role as director of technical services to VP of IANA services and president of Public Technical Identifiers, the company that manages the IANA functions.
With ICANN since 2005, he replaces Elise Gerich, who announced her departure, originally scheduled for October, back in April.
Gerich has been IANA’s top staffer since 2010 and was PTI’s first president.
IANA is responsible for overseeing the top-level domain database, as well as the allocation of IP address blocks and protocol numbers.
Starting January 1, Davies will be in the top spot when ICANN executes the first-ever rollover of the root system’s most important DNSSEC keys, due to delays.
Expect “minor inconveniences” in post-hurricane Puerto Rico
ICANN 61 is going ahead in Puerto Rico despite the continuing fallout of a devastating hurricane season, the organization has confirmed.
The March 10-15 meeting will take place at the convention center in San Juan, and participants can only expect “minor inconveniences”
ICANN said in a statement:
We recognize that Puerto Rico is still in the recovery phase, and while we can expect some minor inconveniences, the convention center and supporting hotels are fully operational and eager to host our event in March.
ICANN has not yet listed its official supporting hotels, where it usually negotiates bulk discounts, on the official ICANN 61 page.
In the event you, like me, always find ICANN’s approved hotels a tad on the pricey side, you’ll probably need to do your own research.
ICANN added that it has been working with the island’s governor and that: “We have been assured that our presence in San Juan will support economic recovery on the island.”
Hurricane Maria made landfall in Puerto Rico on September 20, killing at least 48 people and causing billions of dollars in property damage.
The convention center venue for ICANN 61 escaped relatively unscathed and was actually used as a command and control center during the immediate aftermath of the disaster.
.kids auction is off
ICANN has postponed the planned auction of the .kid(s) gTLDs after an appeal from one of the applicants.
The last-resort auction had been penciled in for January 25, and there was a December 8 deadline for the three participants to submit their info to the auctioneer.
But DotKids Foundation, the shallowest-pocketed of the three, filed a Request for Reconsideration last Wednesday, asking ICANN to put the contention set back on hold.
The cancellation of the January auction appears to be to give ICANN’s board of directors time to consider the RfR under its usual process — it has not yet ruled on it.
DotKids and Amazon have applied for .kids and Google has applied for .kid. A String Confusion Objection won by Google put the two strings in the same contention set, meaning only one will eventually go live.
DotKids comprehensively lost a Community Priority Evaluation, which would negate an auction altogether, but it thinks the CPE got it wrong and wants to be treated the same way as other gTLD applicants whose CPE results are currently under review.
Reconsideration requests take between 30 and 90 days to process, and they rarely go the way of the requester, so the delay to the auction will likely not be too long.
As .wed goes EBERO, did the first new gTLD just fail?
A wedding-themed gTLD with a Bizarro World business model may become the first commercial gTLD to outright fail.
.wed, run by a small US outfit named Atgron, has become the first non-brand gTLD to be placed under ICANN’s emergency control, after it lost its back-end provider.
DI understands that Atgron’s arrangement with its small New Zealand back-end registry services provider CoCCA expired at the end of November and that there was a “controlled” transition to ICANN’s Emergency Back-End Registry Operator program.
The TLD is now being managed by Nominet, one of ICANN’s approved EBERO providers.
It’s the first commercial gTLD to go to EBERO, which is considered a platform of last resort for failing gTLDs.
A couple of unused dot-brands have previously switched to EBERO, but they were single-registrant spaces with no active domains.
.wed, by contrast, had about 40 domains under management at the last count, some apparently belonging to actual third-party registrants.
Under the standard new gTLD Registry Agreement, ICANN can put a TLD in the emergency program if they fail to meet up-time targets in any of five critical registry functions.
In this case, ICANN said that Atgron had failed to provide Whois services as required by contract. The threshold for Whois triggering EBERO is 24 hours downtime over a week.
ICANN said:
Registry operator, Atgron, Inc., which operates gTLD .WED, experienced a Registration Data Directory Services failure, and ICANN designated EBERO provider Nominet as emergency interim registry operator. Nominet has now stepped in and is restoring service for the TLD.
The EBERO program is designed to be activated should a registry operator require assistance to sustain critical registry functions for a period of time. The primary concern of the EBERO program is to protect registrants by ensuring that the five critical registry functions are available. ICANN’s goal is to have the emergency event resolved as soon as possible.
However, the situation looks to me a lot more like a business failure than a technical failure.
Multiple sources with knowledge of the transition tell me that the Whois was turned off deliberately, purely to provide a triggering event for the EBERO failover system, after Atgron’s back-end contract with CoCCA expired.
The logic was that turning off Whois would be far less disruptive for registrants and internet users than losing DNS resolution, DNSSEC, data escrow or EPP.
ICANN was aware of the situation and it all happened in a coordinated fashion. ICANN told DI:
WED’s backend registry operator recently notified ICANN that they would likely cease to provide backend registry services for .WED and provided us with the time and date that this would occur. As such, we were aware of the pending failure worked to minimize impact to registrants and end users during the transition to the Emergency Back-end Registry Operator (EBERO) service provider.
In its first statement, ICANN said that Nominet has only been appointed as the “interim” registry, while Atgron works on its issues.
It’s quite possible that the registry will bounce back and sign a deal with a new back-end provider, or build its own infrastructure.
KSregistry, part of the KeyDrive group, briefly provided services to .wed last week before the EBERO took over, but I gather that no permanent deal has been signed.
One wonders whether it’s worth Atgron’s effort to carry on with the .wed project, which clearly isn’t working out.
The company was founded by an American defense contractor with no previous experience of the domain name industry after she read a newspaper article about the new gTLD program, and has a business model that has so far failed to attract customers.
The key thing keeping registrars and registrants away in droves has been its policy that domains could be registered (for about $50 a year) for a maximum period of two years before a $30,000 renewal fee kicked in.
That wasn’t an attempt to rip anybody off, however, it was an attempt to incentivize registrants to allow their domains to expire and be used by other people, pretty much the antithesis of standard industry practice (and arguably long-term business success).
That’s one among many contractual reasons that only one registrar ever signed up to sell .wed domains.
Atgron’s domains under management peaked at a bit over 300 in March 2016 and were down to 42 in August this year, making it probably the failiest commercial new gTLD from the 2012 round.
In short, .wed isn’t dead, but it certainly appears extremely unwell.
UPDATE: This post was updated December 12 with a statement from ICANN.
ICANN: tell us how you will break Whois rules
ICANN has invited registrars and registries to formally describe how they plan to break the current rules governing Whois in order to come into compliance with European Union law.
The organization today published a set of guidelines for companies to submit proposals for closing off parts of Whois to most internet users.
It’s the latest stage of the increasingly panicky path towards reconciling ICANN’s contracts with the General Data Protection Regulation, the EU law that comes into full effect in a little over five months.
GDPR is designed to protect the privacy of EU citizens. It’s generally thought to essentially ban the full, blanket, open publication of individual registrants’ contact information, but there’s still some confusion about what exactly registries and registrars can do to become compliant.
Fines maxing out at of millions of euros could be levied against companies that break the GDPR.
ICANN said last month that it would not pursue contracted parties that have to breach their agreements in order to avoid breaking the law.
The catch was that they would have to submit their proposals for revised Whois services to ICANN for approval first. Today is the first time since then that ICANN has officially requested such proposals.
The request appears fairly comprehensive.
Registries and registrars will have to describe how their Whois would differ from the norm, how it would affect interoperability, how protected data could be accessed by parties with “legitimate interests”, and so on.
Proposals would be given to ICANN’s legal adviser on GDPR, the Swedish law firm Hamilton, and published on ICANN’s web site.
ICANN notes that submitting a proposal does not guarantee that it will be accepted.
ICANN punts o.com auction to US watchdogs
Verisign’s proposed auction of the domain o.com might have a negative effect on competition and has been referred to US regulators.
That’s according to ICANN’s response to the .com registry’s request to release the domain, which is among the 23 single-letter domains currently reserved under the terms of its contract.
ICANN has determined that the release “might raise significant competition issues” and has therefore been referred to “to the appropriate governmental competition authority”.
It’s forwarded Verisign’s request to the US Department of Justice.
Verisign late last month asked ICANN if it could release o.com to auction as a test that could presumably lead to other single-character .com names being released in future.
The plan is for a charity auction, in which almost all the proceeds are donated to internet-related good causes.
Only the company running the auction would make any significant money; Verisign would just take its standard $7.85 annual fee.
ICANN told the company that it could find no technical reason that the release could not go ahead.
The only barrier is the fact that Verisign arguably has government-approved, cash-printing, market dominance and is therefore in a sensitive political position.
Whether its profitless plan will be enough to see the auction given the nod remains to be seen.
A certain bidder in the proposed auction would be Overstock.com, the online retailer, which has been pressuring ICANN and Verisign for the release of O.com for well over a decade and even owns trademarks covering the domain.
Disclosure: several years ago I briefly provided some consulting/writing services to a third party in support of the Verisign and Overstock positions on the release of single-character domain names, but I have no current financial interest in the matter.
DotKids doesn’t want .kids auction to go ahead
One of the applicants for the .kids gTLD has asked ICANN to stop the planned last-resort auction.
DotKids Foundation is competing with Amazon for .kids and, because the two strings were ruled confusingly similar, with Google’s application for the singular .kid.
ICANN last month set a January 25 date for the three contenders to go to auction, having unfrozen DotKids’ application back in October.
DotKids’ bid had been put on hold due to it losing a Community Priority Evaluation — which found overwhelmingly that the organization did not represent a proper community — and its subsequent appeals of that ruling.
But the foundation now says that its application should be treated the same as .music, .gay, and a few others, which are currently on hold while ICANN waits for the results of a third-party review of the CPE process.
DotKids filed a Request for Reconsideration (pdf) with ICANN yesterday, immediately after being told that there were no plans to put the contention set back on hold.
Tomorrow is the deadline for the three applicants to submit their information to ICANN to participate in next month’s auction.
An ICANN last-resort auction sees the winning bid being placed in a fund for a yet-to-be-determined purpose, as opposed to private auctions where the losing bidders share the loot.
Open Whois must die, Europe privacy chiefs tell ICANN
Unfettered public access to full Whois records is illegal and has to got to go, an influential European Union advisory body has told ICANN.
The Article 29 Working Party on Data Protection, WP29, wrote to ICANN yesterday to say that “that the original purposes of the WHOIS directories can be achieved via layered access” and that the current system “does not appear to meet the criteria” of EU law.
WP29 is made up of representatives of the data protection agencies in each EU member state. It’s named after Article 29 of the EU’s 1995 Data Protection Directive.
This directive is parent legislation of the incoming General Data Protection Regulation, which from May 2018 will see companies fined potentially millions of euros if they fail to protect the privacy of EU citizens’ data.
But WP29 said that there are questions about the legality of full public Whois under even the 1995 directive, claiming to have been warning ICANN about this since 2003:
WP29 wishes to stress that the unlimited publication of personal data of individual domain name holders raises serious concerns regarding the lawfulness of such practice under the current European Data Protection directive (95/46/EC), especially regarding the necessity to have a legitimate purpose and a legal ground for such processing.
Under the directive and GDPR, companies are not allowed to make consent to the publication of private data a precondition of a service, which is currently the case with domain registration, according to WP29.
Registrars cannot even claim the publication is contractually mandated, because registrants are not party to the Registrar Accreditation Agreement, the letter (pdf) says.
WP29 adds that law enforcement should still be able to get access to Whois data, but that a “layered” access control approach should be used to prevent full disclosure to anyone with a web browser.
ICANN recently put a freeze on its contract compliance activities surrounding Whois, asking registries and registrars to supply the organization with the framework and legal advice they’re using to become compliant with GDPR.
Registries and registrars are naturally impatient — after a GDPR-compatible workaround is agreed upon, they’ll still need to invest time and resources into actually implementing it.
But ICANN recently told contracted parties that it hopes to lay out a path forward before school breaks up for Christmas December 22.
Recent Comments