Recent Posts
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
London meeting already ICANN’s second-biggest
Over 2,200 people have already registered for ICANN 50, which kicks off this coming weekend in London.
According to ICANN, that puts the upcoming meeting second only to last year’s one in Beijing, which had 3,141 pre-registrations and 2,532 eventual attendees.
London’s a pretty convenient “hub” city to fly to, but I suspect a lot of the interest might be related to the IANA transition process, which has put a new spotlight on ICANN in recent months.
ICANN has already laid on overflow viewing rooms for discussions related to the IANA topic.
The meeting officially starts with the welcome ceremony on Monday, but the work begins as usual on Saturday, when the various constituencies gather to decide what they want to moan about this time.
As usual, you don’t have to actually be in London to “attend” the meeting — there’s a full schedule of remote participation opportunities if your diary, bandwidth and time zone permits.
It’s a packed schedule as usual, and it could look overwhelming to a newbie.
A good trick is to simply follow the board of directors around on the Tuesday, when it invites each constituency into the room in turn for some passive-aggressive feedback sessions.
You’ll get a relatively concise breakdown of the top three or four issues on the mind of ICANN participants in that way, but probably not a great deal of insight into the board’s thought process.
The public forum on Thursday is also a highlight. Anyone can take to the mic to say or ask anything (relevant) they please. Comments and questions can also be submitted remotely.
For ICANN 50 the forum has actually been shortened to two hours to accommodate discussions of the IANA process, causing some in the community to question whether ICANN is trying to stifle the crazy.
Whois “killer” is a recipe for a clusterfuck
An ICANN working group has come up with a proposal to completely replace the current Whois system for all gTLDs.
Outlined in 180 recommendations spread over 166 pages (pdf), it’s designed to settle controversies over Whois that have raged for 15 years or more, in one fell swoop.
But it’s a sprawling, I’d say confusing, mess that could turn domain name registration and the process of figuring out who owns a domain name into an unnecessarily bureaucratic pain in the rear.
That’s if the proposal is ever accepted by the ICANN community, which, while it’s early days, seems like a challenge.
The Expert Working Group, which was controversially convened by ICANN president Fadi Chehade in December 2012, proposes a Registration Data Service that would ultimately replace Whois.
It’s a complex document, which basically proposes rebuilding Whois from the ground up based on ideas first explored by George Orwell, Franz Kafka and Douglas Adams.
Having read it, I’ll do my best in this post to explain what the proposed Registration Data Service seems to entail and why I think it seems like a lot of hard work for very little benefit.
I note in advance as a matter of disclosure that the RDS as proposed would very possibly disenfranchise me professionally, making it harder for me to do my job. I explain why later in this post.
I also apologize in advance for, and will correct if notified of, any errors. It’s taken me a week from its publication to read and digest the proposal and I’m still not sure it’s all sunk in.
Anyway, first:
What’s RDS?
RDS would be a centralized Whois database covering all domains in all gTLDs, new and old, operated by a single entity.
What’s in an RDS record?
Under the hood, RDS records wouldn’t look a heck of a lot different than Whois records look today, in terms of what data they store.
There would be some new optional elements, such as social media user names, but otherwise it’s pretty much the same data as we’re used to seeing in Whois records today.
The big difference is which of these elements would be visible by default to an anonymous internet user doing a regular Whois look-up somewhere.
Some fields would be “public” and some would be “gated” or hidden. Some fields would always be public and some could be toggled between public and gated by the registrant.
Gated fields would not be visible to people doing normal Whois look-ups. To see gated data, you’d need to be accredited to a certain role (cop, trademark owner, etc) and have an RDS account.
By default, much of the data about the “registrant” — including their name, physical address, country, and phone number — would be gated.
No, you’re not reading that wrong — the name of the registrant would be hidden from regular Whois users by default. Their email address, however, would be always be public.
There would also be up to six “Purpose Based Contacts” — an Admin Contact, a Legal Contact, a Technical Contact, an Abuse Contact, a Privacy/Proxy Contact and a Business Contact.
So, for example, a registrant could specify his registrar as his technical PBC and his lawyer as his legal PBC.
The admin, legal, technical and abuse contacts would be mandatory, and would default to the registrant’s own personal contact info.
A newly registered domain would not be activated in the DNS until the mandatory PBCs had been provided.
Each of these four mandatory PBCs would have different levels of disclosure for each data element.
For example, the Admin PBC would be able to hide their mailing address and phone number (both public by default) but not their name, email address or country.
The Legal PBC would not be able to opt out of having their mailing address disclosed, but the Technical and Abuse PBCs would be able to opt out of disclosing pretty much everything including their own name.
Those are just examples. Several tables starting on page 49 of the report (pdf) give all the details about which data fields would be disclosed and which could be hidden.
I think it’s expected by the EWG that most registrants would just accept the defaults and publish the same data in each PBC, in much the same way as they do today.
“This PBC approach preserves simplicity for Registrants with basic contact needs and offers additional granularity for Registrants with more extensive contact needs,” the EWG says.
Who gets the see the hidden stuff?
In order to see the hidden or “gated” elements, you’d have to be an accredited user of the centralized RDS system.
The level of access you got to the hidden data would depend on the role assigned to your RDS account.
The name of the registrant, for example, would be available to anyone with an RDS account.
If you wanted access to the registrant’s mailing address or phone number, you’d need an RDS account that accredited you for one or more of seven defined purposes:
- Domain Name Control (ie, the registrant herself)
- Domain Name Certification (ie SSL Certificate Authorities)
- Business Domain Name Purchase/Sale (anyone who says they might be interested in buying the domain in question)
- Academic/Public Interest DNS Research
- Legal Actions (eg lawyers investigating fraud or trademark infringement)
- Regulatory/Contractual Enforcement (could be ICANN-related, such as UDRP, or unrelated stuff like tax investigations)
- Criminal Investigation/DNS Abuse Mitigation
Hopefully this all makes sense so far, but it gets more complicated.
Beware of the leopard!
In today’s gTLD environment, Whois records are either stored with the registry or the registrar. You can do Whois lookups on the registrar/y’s site, or via a third-party commercial service.
As a registrant, you need only interact with your registrar. As a Whois user, you don’t need to sign up for an account anywhere, unless you want value-added services from a company such as DomainTools.
Under RDS, a whole lot of other entities start to come into play.
First, there’s RDS itself — a centralized Whois replacement.
It’s basically two databases. One contains contact details, each record containing a unique Contact ID identifier. The other database maps Contact IDs to the PBCs for each gTLD domain name.
It’s unclear who’d manage this service, but it looks like IBM is probably gunning for the contract.
Second, there would be Validators.
A Validator’s job would be to collect and validate contact information from registrants and PBCs.
While registrars and registries could also act as Validators — and the EWG envisages most registrars becoming Validators — this is essentially a new entity/role in the domain name ecosystem.
Third and Fourth, we’ve got newly created Accrediting Bodies and Accreditation Operators.
These entities would be responsible for accrediting users of the RDS system (that is, people who want to do a simple goddamn Whois lookup).
The EWG explains that an Accrediting Body “establishes membership rules, terms of service, and application and enforcement processes, etc., for a given RDS User community.”
An Accreditation Operator would “create and manage RDS User accounts, issue RDS access credentials, authenticate RDS access requests, and provide first-level abuse handling”.
Because it’s not complicated enough already, each industry (lawyers, academics, police, etc) would have their own different combination of Accrediting Bodies and Accreditation Operators.
Who benefits from all this?
The reason the EWG was set up in the first place was to try to resolve the conflict between those who think Whois accuracy should be more strictly enforced (generally law enforcement and IP owners) and those who think there should be greater registrant privacy (generally civil society types).
In the middle you’ve got the registries and registrars, who are generally resistant to anything that adds friction to their shopping carts or causes even moderate implementation costs.
The debate has been raging for years, and the EWG was told to:
1) define the purpose of collecting and maintaining gTLD registration data, and consider how to safeguard the data, and 2) provide a proposed model for managing gTLD directory services that addresses related data accuracy and access issues, while taking into account safeguards for protecting data.
So the EWG proposal could be seen as successful if a) privacy advocates are happy and b) trademark lawyers and the FBI are happy, c) registrars/ries are happy and d) Whois users are happy.
Are the privacy dudes happy?
No, they’re not.
The EWG only had one full-on privacy advocate: Stephanie Perrin, who’s a bit of a big deal when it comes to data privacy in Canada, having held senior privacy roles in public and private sectors there.
Perrin isn’t happy. Perrin thinks the RDS proposal as it stands won’t protect regular registrants’ privacy.
She wrote a Dissenting Report that seems to have been intended as an addendum to the EWG’s official report, but it was not published by the EWG or ICANN. The EWG report makes only a vague, fleeting reference, in a footnote, to the fact that the was any dissent at all.
Milton Mueller at the Internet Governance Project got his hands on it regardless and put it out there earlier this week.
Perrin disagrees with the recommendation (outlined above) that each domain name must have a Legal Contact (or Legal PBC) who is not permitted to hide their name and mailing address from public view.
She argues, quite reasonably I think, that regular registrants don’t have lawyers they can outsource this function to, which means their own name and mailing address will comprise their publicly visible Legal PBC.
This basically voids any privacy protection they’d get from having these details “gated” in the “registrant” record of the RDS. Perrin wrote:
the purpose of the gate is to screen out bad actors from harassing innocent registrants, deter identity theft, and ensure that only legitimate complaints arrive directly at the door of the registrants. It is also to protect the ability of registrants to express themselves anonymously. Placing all contact data outside the gate defeats certain aspects of having a gate in the first place.
The EWG report envisages the use of privacy/proxy services for people who don’t want their sensitive data published publicly.
But we already have privacy/proxy services today, so I’m unclear what benefit RDS brings to the table in terms of privacy protection.
It’s also worth noting that there are no circumstances under which a registrant’s email address is protected, not even from anonymous RDS queries. So there’s no question of RDS stopping Whois-based spam.
Are the trademark dudes going to be happy?
I don’t know. They do seem to be getting a better deal out of the recommendations than the other side (there were at least three intellectual property advocates on the EWG) but if you’re in the IP community the report still leaves much to be desired.
The RDS proposal would create a great big centralized repository of domain registrant information, which would probably be located in a friendly jurisdiction such as the US.
That would make tracking down miscreants a bit easier than in today’s distributed Whois environment.
RDS would also include a WhoWas service, so users can see who has historically owned domain names, and a Reverse Query service, so that users can pull up a list of all the other domains that share the same contact field(s).
Both services (commercially available via the likes of DomainTools already) would prove valuable when collating data for a UDRP complaint or cybersquatting lawsuit.
But it’s important to note that while the EWG report says all contact information should be validated, it stops short of saying that it should be authenticated.
That’s a big difference. Validation would reveal whether a mailing address actually exists, but not whether the registrant actually lives there.
You’d need authentication — something law enforcement and IP interests have been pushing for but do not seem to have received with the EWG proposal — for that.
The EWG suggests that giving registrants more control over which bits of their data are public will discourage them from providing phony contact information for Whois/RDS.
The RDS proposes a lot more carrot than stick on this count.
But if Perrin is correct that it’s a false comfort (given that your name and address will be published as Legal PBC anyway) then wouldn’t a registrant be just as motivated to call themselves Daffy Duck, or use a proxy/privacy service, as they are today?
Are the registrar dudes going to be happy?
If the EWG’s recommendations become a reality registrars could get increased friction in their sales path, depending on how disruptive it is to create a “Contact ID” and populate all the different PBCs.
I think it’s certainly going to increase demand on support channels, as customers try to figure out the new regime.
Remember, the simple requirement to click on a link in an email is causing registrants and registrars all kinds of bother, including suspended domains, under recently introduced rules.
And there’s obviously going to be a bunch of (potentially costly) up-front implementation work registrars will need to do to hook themselves into RDS and the other new entities the system relies on.
I doubt the registrars are going to wholeheartedly embrace the proposal en masse, in other words.
Is Kevin Murphy happy?
No, I’m not happy.
It bugs me, personally, that the EWG completely ignored the needs of the media in its report. It strikes me as a bit of a slap in the face.
The “media” and “bloggers” (I’m definitely in one of those categories) would be given the same rights to gated RDS data as the “general public”, under the EWG proposal.
In other words, no special privileges and no ability to access the registrant name and address fields of an RDS record.
RDS may well give somebody who owns a trademark (such as a reverse domain name hijacker or a sunrise gamer) more rights to Whois records than the New York Times or The Guardian.
That can’t be cool, can it?
Murphy, brah, why you gotta cuss in your headline?
Good question. I do use swearwords on DI occasionally, but only to annoy people who don’t like them, and usually only in posts dated April 1 or in stories that seem to deserve it.
This post is dated June 13.
I think I’ve established that the EWG’s proposal as it stands today is a pretty big overhaul of the current system and that it’s not immediately obvious how the benefits to all sides warrant the massive effort that will have to be undertaken to get RDS to replace Whois.
But the clusterfuckery is going to begin not with the implementation of the proposal, but with the attempt to pass it through the ICANN process.
The proposal has to pass through the ICANN community before becoming a reality.
The Expert Working Group has no power under the ICANN bylaws.
It was created by Chehade while he was still relatively new to the CEO’s job and did not yet appreciate how seriously community members take their established procedures for creating policy.
I think it was a pretty decent idea — getting a bunch of people in a room and persuading them to think outside the box, in an effort to find radical solutions to a a long-stagnant debate.
But that doesn’t change the fact that the EWG’s proposals don’t become law until they’ve been subject to the Generic Names Supporting Organization’s lengthy Policy Development Process.
Some GNSO members were not happy when the EWG was first announced — they thought their sovereignty was being usurped by the uppity new CEO — and they’re probably not going to be happy about some of the language the EWG has chosen to use in its final report.
The EWG said:
The proposed RDS, while not perfect, reflects carefully crafted and balanced compromises with interdependent elements that should not be separated.
…
The RDS should be adopted as a whole. Adopting some but not all of the design principles recommended herein undermines benefits for the entire ecosystem.
It’s actually quite an audacious turn of phrase for a working group with no actual authority under ICANN bylaws.
It sounds a bit like “take it or leave it”.
But there’s no chance whatsoever of the report being adopted wholesale.
It’s going into the GNSO process, where the same vested interests (IP, LEA, registry, registrar, civil society) that have kept the debate stagnant for the duration of ICANN’s existence will continue to try (and probably fail) to come to an agreement about how Whois should evolve.
Amazon snubs ICANN auction to win .coupon privately
Amazon has won the new gTLD .coupon, after Minds + Machines withdrew its application this week.
I understand that the two-way contention set was settled privately via a third party intermediary, possibly via some kind of auction, with M+M ultimately being paid off to withdraw its bid.
.coupon was the only ICANN-managed “auction of last resort” scheduled for July, following the $600,000 sale of .信息 last week.
The next batch of ICANN auctions is now not due to happen until August, unless of course ICANN rejigs its schedule in light of the .coupon settlement.
It’s not clear why Amazon has suddenly decided it prefers the idea of a private commercial settlement after all, but it appears to be good news for M+M, which will see the majority of the cash.
However, it could be related to the fact that .coupon, and dozens of other Amazon new gTLD applications, recently made the switch from being “closed generics” to more inclusive proposals.
Amazon had originally intended that itself and its subsidiaries would be the “only eligible registrants” for .coupon, but in March it changed the application, among many others.
Now, Amazon talks in vague terms about .coupon names being available to “eligible trusted third parties”, a term that doesn’t seem ready to define before the TLDs are actually delegated.
It seems to me, from Amazon’s revised applications, that .coupon and its other gTLDs will be locked down tight enough that they could wind up being effectively closed generics after all.
When Amazon publishes its first eligibility requirements document with ICANN, I expect members of the Governmental Advisory Committee will be watching closely.
.hotel avoids auction with CPE win
A new gTLD applicant backed by the hotel industry has won a Community Priority Evaluation, meaning it gets to automatically win the .hotel contention set without going to auction.
If the decision stands, no fewer than six rival applicants for the string — including the likes of Donuts, Radix, Famous Four and Minds + Machines — are going to have to withdraw their applications.
It’s a bit of a shocker.
The CPE winner is HOTEL Top-Level-Domain, which scored 15 out of 16 available points in the CPE. The minimum required to vanquish all foes is 14 points.
The company will have spent a fair bit of cash fighting the CPE, but nothing compared to the millions of dollars an auction for .hotel would be likely to fetch.
Crucially, where HOTEL prevailed was on the “Nexus” criterion — demonstrating a link between the string and the community supporting the application — where four points are available.
In the first four CPE results to come through, back in March, each applicant scored a 0 on Nexus and none scored more than 11 points overall.
Dot Registry, which failed four CPEs (.inc, .llc, .corp and .llp) this week, also repeatedly flunked on this count.
HOTEL, however, scored a 3.
Rival applicants such as Donuts and M+M had argued that HOTEL’s stated community failed to take into account smaller hoteliers, such as bed and breakfast owners.
But the CPE panelist decided that the application did not “substantially overreach”:
The string nexus closely describes the community, without overreaching substantially beyond the community. The string identifies the name of the core community members (i.e. hotels and associations representing hotels). However, the community also includes some entities that are related to hotels, such as hotel marketing associations that represent hotels and hotel chains and which may not be automatically associated with the gTLD. However, these entities are considered to comprise only a small part of the community. Therefore, the string identifies the community, but does not over-reach substantially beyond the community, as the general public will generally associate the string with the community as defined by the applicant.
There’s no formal appeals mechanism for CPE, but rival applicants could try their luck with more general ICANN procedures such as Requests for Reconsideration.
HOTEL Top-Level-Domain is a Luxembourg-based entity, founded in 2008 to apply for the gTLD, backed by about a dozen international hotelier associations, including the International Hotel and Restaurant Association.
The IHRA counts 50 major hotel chain brands among its members and claims to be officially recognized by the UN for its lobbying work on behalf of the hospitality industry.
HOTEL intends to keep the .hotel gTLD restricted “initially” to only hotels as defined in the international standard ISO 18513.
Registrants will be verified against hotel industry databases. This will happen post-registration, but before the domain name can be activated in the DNS.
In other words, unless you’re a member of the hotel industry, you won’t be getting to use a .hotel domain name. Domainers are apparently not wanted.
All .hotel names will also be checked a year from registration to ensure that they have a web site displaying relevant content. Redirection to other TLDs may be allowed.
I was so convinced that the CPE was designed in such a way that it would be failed by all the applicants which had applied for it, I bet $50 (to go to an applicant-nominated charity) that none would.
If HOTEL wants to let me know which charity they want the $50 to go to, I’ll get it donated forthwith. I’m just glad I didn’t offer to eat my underwear.
Three more dot-brands dumped
Two companies have yanked three bids for dot-brand new gTLDs this week.
The German financial advisor Allfinanz Deutsche Vermögensberatung withdrew its applications for .allfinanzberatung and .allfinanzberater, which mean Allfinanz “advice” and “advisers”.
As well as being a bit of a mouthful, they both appear to be unnecessary given that the company also applied for .allfinanz by itself. That application has passed evaluation and is still active.
Meanwhile, in Finland, one of the world’s biggest elevator/escalator manufacturers, KONE, has withdrawn its equally unfathomable application for .kone.
Roughly 55 dot-brand applications have been withdrawn to date. Hundreds remain.
Afilias loses $600,000 auction for Chinese “.info”
The results of the first “auction of last resort” in the new gTLD program are in, and it’s a bit of a head-scratcher.
Afilias lost out to rival applicant Beijing Tele-info Network Technology in the ICANN-backed auction for .信息 which means “info” or “information” in Chinese.
The winning bid was $600,000, ICANN said.
That money goes into a special ICANN fund, which will be put to some kind of unspecified purpose (to be determined by the ICANN community) at a later date.
It seems like quite a low price. Given what little we know about new gTLD auctions conducted privately, over a million dollars seems to be pretty standard for a gTLD.
It also strikes me as odd that Afilias wasn’t willing to shell out over $600,000 for a gTLD that could take a localized version of its existing .info brand into the world’s largest market.
It’s the only contention set to be settled by ICANN auction so far. The next will take place July 9, and will see Minds + Machines take on Amazon for .coupon.
The third, which will see 22 strings hit the block, will take place August 6.
RADAR to be down at least two weeks after hack
ICANN expects its RADAR registrar database to be offline for “at least two weeks” following the discovery of a security vulnerability that exposed users’ login names and encrypted passwords.
ICANN seems to have been quick to act and to disclose the hack.
The attack happened last weekend and ICANN was informed about it by an “internet user” on Tuesday May 27, according to an ICANN spokesperson. RADAR was taken offline and the problem disclosed late May 28.
The spokesperson added that “we do not believe the user is affiliated with a current or previously accredited registrar.”
ICANN isn’t disclosing the nature of the vulnerability, but said RADAR will be offline for some time for a security audit. The spokesperson told DI in an email:
It will be at least two weeks. It is more important to complete a thorough security assessment of the site than to rush this process. First of all, we’re keeping the system offline until we complete a thorough audit of the system. We are also currently engaged in a security review of all systems and procedures at ICANN to assess and implement ongoing improvements as appropriate.
RADAR is a database used by registrars to coordinate stuff like emergency contacts and IP address whitelisting for bulk Whois access.
The downtime is not expected to impact registrants, according to ICANN. The spokesperson said: “Nothing that occurred has raised any concerns that registrants could or would be adversely affected.”
ICANN registrar database hacked
ICANN’s database of registrar contact information has been hacked and user data has been stolen.
The organization announced this morning that the database, known as RADAR, has been taken offline while ICANN conducts a “thorough review” of its security.
ICANN said:
This action was taken as a precautionary measure after it was learned that an unauthorized party viewed data in the system. ICANN has found no evidence of any unauthorized changes to the data in the system. Although the vulnerability has been corrected, RADAR will remain offline until a thorough review of the system is completed.
Users of the system — all registrars — have had their usernames, email addresses and encrypted passwords compromised, ICANN added.
ICANN noted that it’s possible to brute-force a hashed password into plaintext, so it’s enforcing a password reset on all users, but it has no evidence of any user accounts being accessed.
RADAR users may want to think about whether they have the same username/password combinations at other sites.
RADAR is a database used by registrars in critical functions such as domain name transfers.
Registrars can use it, for example, to white-list the IP addresses of rival registrars, enabling them to execute large amounts of Whois queries that would usually be throttled.
The news follows hot on the heels of a screwup in the Centralized Zone Data Service, which enabled any new gTLD registry to view data belonging to rival registries and other CZDS users.
US House passes anti-ICANN bill
The US House of Representatives has passed the DOTCOM Act, which would prevent the Department of Commerce from walking away from its oversight of the DNS root zone.
The bill was approved as an amendment to a defense authorization act, with a 245-177 vote that reportedly saw 17 Democrats vote in line with their Republican opponents.
The DOTCOM Act has nothing whatsoever to do with .com. Rather, it’s a response to the National Telecommunications and Information Administration’s plan to relinquish its role in root zone management.
The bill as passed (pdf) would prevent NTIA from agreeing to any multistakeholder community-created IANA transition proposal until the Government Accountability Office had issued a study on the proposal.
The GAO would have one year from the point ICANN submits the proposal to come up with this report.
That means that if ICANN and NTIA want to stick to their September 2015 target date for the transition, either the ICANN community would need to produce a proposal at unprecedented and unlikely speed or the GAO would need to take substantially less than a year to write its report.
I don’t think it’s an impossible target, but it’s certainly looking more likely that NTIA will have to exercise one of the two-year automatic renewal options in the current IANA contract.
That’s all assuming that a matching bill passes through the Democrat-controlled Senate and then receives a presidential signature, of course, which is not a certainty.
Assuming a bloc vote by the 47 Republican Senators, only four Democrats (or independents) would need to switch sides in order for the DOTCOM Act to become, barring an unlikely presidential veto, law.
To the best of my knowledge there is not currently a matching bill in the Senate.
ICANN says Verisign should stay in charge of root zone
Verisign should stay in its key role in root zone management after the IANA transition process is complete, according to ICANN CEO Fadi Chehade.
The company currently acts as “maintainer”, alongside the US government as “administrator” and ICANN/IANA as “operator”.
This means Verisign is responsible for actually making changes — adding, deleting or amending the records for TLDs — in the root zone file.
In a blog post yesterday, Chehade said that ICANN will “establish a relationship directly with the third-party Maintainer”, adding:
As a means to help ensure stability, ICANN’s recommended implementation option is to have Verisign continue its role as the Maintainer. However, we will be working closely with all relevant parties including the Root Zone Operators to ensure there are contingency options in place to meet our absolute commitment to the stability, security and resiliency of the Domain Name System.
I wholeheartedly agree that Verisign should stay in its role, or at the very least that ICANN should not take over.
As we’ve learned over the last couple of years of software glitches in the new gTLD program, some of them security-related, ICANN would be a poor choice today to maintain this critical resource.
Chehade noted that the US National Telecommunications and Information Administration would be replaced in its “administrator” role by whatever mechanism the ICANN community comes up with during the transition process.
Recent Comments