Recent Posts
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
The ICANN Brussels schwag bag – full details
I’ve just landed at ICANN 38, in the really rather lovely setting of the Mont des Arts in Brussels.
Either I’m lost, or it’s a bit quiet at the moment, so I thought I’d get the most important news out of the way first – what’s in the schwag bag?
A heck of a lot more than the last ICANN meeting I attended, in Mar Del Plata, Argentina three five years ago.
Consider this a disclosure statement – I am now forever beholden to all of these companies, in no particular order:
- T-shirt (Hanes) from ICANN.
- T-shirt (Fruit of the Loom) from RegistryPro.
- Empty Belgian chocolate bag from Iron Mountain (visit the booth for the choccie, presumably).
- Fan with party invite printed on it from GMO (dotShop).
- Pen from .CO Internet.
- Keyring (foam) from dns.be.
- Pen from Nic.ru.
- Belgian chocolate box (full) from Centr.
- Keyring (metal) from PIR (slogan: “PracticeSafeDNS.org”)
- Badge/button (small) from .quebec.
- Badge/button (huge) from ICM Registry (slogan: “Yes to .XXX”)
- Bumper sticker from .quebec.
- Notebook from PIR (.org “Celebrating 25 years”)
- Playing cards (one-way backs) from Ausregistry.
- “Multi-purpose retractable lock” from SIDN.
- USB Flash drive (4GB) from Afnic.
- Notebook from .eu.
- A good-sized tree’s worth of flyers, booklets and sales pitches from the meeting’s sponsors – very strong contingent of new TLD players and consultancies.
- The bag itself is sponsored by Afilias.
I heard a rumor that ICM was giving away .xxx vuvuzelas, but if they were they appear to have already run out.
Register.com sold at a $65 million loss
Register.com has been acquired by web hosting company Web.com for $135 million, substantially less than the $200 million Vector Capital paid for it five years ago.
Web.com said the acquisition will help it access new small business customers for lead generation, to cross-sell its existing products.
The company’s customer base will increase by over 400% to more than one million customers, Web.com said. The combined firm will have annual revenue of $180 million.
Register.com was one of the first five ICANN-accredited registrars. It failed as a public company, and after years of financial wrangling was finally taken private by Vector in 2005.
Vector specializes in buying up troubled companies and turning them around, but it doesn’t appear to have increased the value of this particular asset over the last five years.
Will ICANN punt .xxx in Brussels?
Is ICANN set to delay approval of the proposed .xxx top-level domain – again – in Brussels?
That’s my reading of ICANN’s latest document concerning ICM Registry’s long-running and controversial battle for a porn-only TLD.
This week, ICANN submitted its summary of the public comment period that ran to May 10. It’s a fair bit shorter than the one Kieren McCarthy compiled for ICM last month.
As usual, it’s written in a fairly neutral tone. But, if you’re feeling conspiratorial, the mask does slip on occasion, perhaps giving a sense of where the .xxx application could head next.
The ICANN summary occasionally breaks from reporting what a commenter actually said in order to highlight a potential problem they did not address.
Example (my emphasis):
Only two commenters directly addressed the question of further interaction with the Governmental Advisory Committee (GAC) on the .XXX sTLD Application. Both of those commenters were against seeking any further input from the GAC outside of any public comment period. Neither of these commenters – nor any other – addressed the potential violation of the ICANN Bylaws that could result from the Board’s failure to properly consider the advice of the GAC
This suggests, to me, that the ICANN board will be receiving advice to the effect that further GAC input needs to be forthcoming before it can move forward with .xxx.
If this is the case, the GAC might have to produce some advice before next Friday’s board meeting if ICM has any hope of getting back around the negotiating table prior to Cartagena in December.
That’s not the only reason to believe ICANN may punt .xxx again, however. Elsewhere in the report, we read (my emphasis again):
For those in favor of proceeding with the .XXX sTLD Application, many created an alternative option – that ICM and ICANN should proceed to a contract right away. There was substantial discussion on this point in the ICM submissions. Few commenters addressed the technical realities identified within the Process Report ‐ that prompt execution of the agreement negotiated in 2007 is not feasible.
The Process Report referenced says that it is not possible to go straight into contract talks because ICM first applied for .xxx more than six years ago.
This has been a bone of contention. ICM points to .post, which was applied for at the same time as .xxx and only approved late last year, as proof that the passage of time should be no barrier.
But ICANN president Rod Beckstrom doesn’t buy that comparison. He wrote to ICM (pdf) at the end of March noting that .post was backed by the International Postal Union, whereas .xxx is “sponsored” by IFFOR, an organization created by ICM purely to act as its sponsor.
In that letter, Beckstrom talks about due diligence to make sure ICM and IFFOR still satisfy financial and technical criteria, and a review of whether .xxx “can still satisfy the requisite sponsorship criteria”.
I’ll admit that I’m breaking out the crystal ball a bit here, and I’ve been wrong before, but I don’t think it’s looking great for ICM in Brussels.
ICANN creates DNSSEC root keys
ICANN took the penultimate step towards adding DNSSEC to the root of the domain name system, during in a lengthy ceremony in Virginia yesterday.
The move means we’re still on track to have the DNSSEC “trust anchor” go live in the root on July 15, which will make end-to-end validation of DNS answers feasible for the first time.
DNSSEC is an extension to the DNS protocol that enables resolvers to validate that the DNS answers they receive come from the true owner of the domain.
Yesterday, ICANN generated the Key Signing Key for the root zone. That’s one of two keys required when adding DNSSEC to a zone.
The KSK is used to sign the DNSKey record, the public half of a key pair used to validate DNS responses. It has a longer expiration date than the Zone Signing Key used to sign other records in the zone, so its security is more important.
The videotaped ceremony, held at a facility in Culpeper, Virginia, was expected to take six hours, due to a lengthy check-list of precautions designed to instil confidence in the security of the KSK.
ICANN said:
During the ceremony, participants were present within a secure facility and witnessed the preparations required to ensure that the so-called key-signing-key (KSK) was not only generated correctly, but that almost every aspect of the equipment, software and procedures associated with its generation were also verified to be correct and trustworthy.
Ten hand-picked independent observers were present to bear witness.
ICANN expects to perform the ceremony four times a year. The second will be held at a backup facility in California next month.
Employ Media asks ICANN for a .jobs landrush
The company behind the .jobs sponsored top-level domain wants to loosen the shackles of sponsorship by vastly liberalizing its namespace.
Employ Media has applied (pdf) to ICANN to get rid of the current restrictions on .jobs domain ownership and open hundreds of thousands of strings to the highest bidder.
The registry wants to amend its contract with ICANN to cut the text that limits .jobs domains to the exact match or abbreviation of a company name, and add:
Domain registrations are permitted for other types of names (e.g., occupational and certain geographic identifiers) in addition to the “company name” designation.
Employ Media is basically asking for the right to open the floodgates to a complete relaunch of the .jobs TLD with very few restrictions on who can register and what strings they can register.
Phase One of the relaunch would be an RFP “to invite interested parties to propose specific plans for registration, use and promotion of domains that are not their company name”.
It sounds a little like the current .co Founders Program, or the marketing initiatives Afilias and Neustar asked for to supplement the auction of their single-character domains.
In practice, I expect that this first phase is when the DirectEmployers Association would expect to grab hundreds of thousands of .jobs domains under its universe.jobs business plan, in which it intends to offer job listings tailored to “city, state, geographic region, country, occupation [and] skill”.
Phase Two would see your basic landrush auction of any premium domains left over.
Phase three would be “A first-come, first-served real-time release of any domains not registered through the RFP or auction processes.”
While I have no strong views on the merits of this particular proposal, I do think that the application and ICANN’s response to it could wind up setting the template for how to operate a bait-and-switch in ICANN’s forthcoming round of new TLD applications.
If you say you want to do one thing with your TLD, and later decide you could make more money doing another, how much will ground will ICANN give when it comes to renegotiating your contract? It will be interesting to find out.
Reactions so far from the HR community have not been positive.
Steven Rothberg of CollegeRecruiter.com wrote that the process by which Employ Media’s sponsor, the Society for Human Resource Management, approved the new proposal “stunk”.
“The only winner here is Employ Media,” he wrote.
Comments posted at ERE.net, which has been on top of this story from the beginning, express what could be easily described as outrage over Employ Media’s plans.
The comment posted by Ted Daywalt of VetJobs.com is especially worth a read.
The Employ Media proposal has been submitted under ICANN’s Registry Services Evaluation Process, which allows comments to be submitted.
WSJ reporting bogus Indian domain name market info?
The Wall Street Journal is reporting that India “passed an Internet milestone of sorts” in the first quarter, when the number of .com domains registered in the country broke through 1 million.
Did it?
This is what the WSJ says:
[India] now has more than one million registered web sites using the suffixes .com or .net, according to data released today by VeriSign Inc., the U.S. company that tracks this sort of thing.
In its Domain Name Industry Brief, it reported that India now has a registered total of 1.037 million .com and .net domain names, up from about 800,000 in the same period the year before.
The number 1.037 million is terribly specific, considering that VeriSign’s Domain Name Industry Brief doesn’t say anything of the sort.
There’s nothing in the DNIB to suggest that anybody in India has ever registered a single .com domain.
The DNIB has never broken down .com registrations by location, and the Q1 report, released on Monday, doesn’t use the word “India” once.
If the WSJ numbers are accurate – the paper does appear to have interviewed a VeriSign India executive – I’m wondering how they were calculated.
It can’t be a case of tallying the number of .com domains managed by Indian registrars. Mumbai-based Directi alone has had more than a million .com names under its belt for a long time.
Could VeriSign be mining Whois records for location data?
It runs a thin registry, so it would have to reference Whois data acquired from its registrars in order to compute the numbers.
Or did the WSJ hit on unreliable sources? It seems possible.
More WordPress attacks at Go Daddy
The Kneber gang has continued its attacks on Go Daddy this week, again targeting hosting customers running self-managed WordPress installations.
Go Daddy said that several hundred accounts were compromised in order to inject malicious code into the PHP scripts.
“The attack injects websites with a fake-antivirus pop-up ad, claiming the visitor’s computer is infected,” Go Daddy security manager Scott Gerlach blogged.
According to the alarmists-in-chief over at WPSecurityLock, the attacks place a link to a script hosted on cloudisthebestnow.com, a domain registered by “Hilary Kneber”.
The script attempts to install bot software on visitors’ machines.
As I’ve written before, the Kneber botnet has been running since at least December 2009. It generally hosts its malware on domains registered with ICANN-accredited BizCN.com, a Chinese registrar.
Go Daddy said it has contacted the registrar to get the domain yanked. It may have been successfully killed already, but I’m too much of a little girl to check manually.
I must confess, as somebody with a number of WordPress installations on Go Daddy servers, it makes me a little nervous that these attacks are now well into their second month and I still don’t know whether I should be worried or not.
ICANN staff need to get their pee tested
I imagine it’s a pretty hard job, largely thankless, working at ICANN. No matter what you do, there’s always somebody on the internet bitching at you for one reason or another.
The job may be about to get even more irksome for some staffers, if ICANN decides to implement new security recommendations made by risk management firm JAS Communications.
In a report published yesterday, JAS suggests that senior IANA staff – basically anyone with critical responsibilities over the DNS root zone – should be made to agree to personal credit checks, drug screening and even psych evaluations.
To anyone now trying to shake mental images of Rod Beckstrom peeing into a cup for the sake of the internet, I can only apologise.
This is what the report says:
JAS recommends a formal program to vet potential new hires, and to periodically re‐vet employees over time. Such a vetting program would include screening for illegal drugs, evaluation of consumer credit, and psychiatric evaluation, which are all established risk factors for unreliable and/or malicious insider activity and are routinely a part of employee screening in government and critical infrastructure providers.
I’ve gone for the cheap headline here, obviously, but there’s plenty in this report to take seriously, if you can penetrate the management consultant yadda yadda.
There are eight other recommendations not related to stoners running the root, covering contingencies such as IANA accidentally unplugging the internet and Los Angeles sinking into the Pacific.
Probably most interesting of all is the bit explaining how ICANN’s custom Root Zone Management System software, intended to reduce the possibility of errors creeping into the root after hundreds of new TLDs are added, apparently isn’t being built with security in mind.
“No formal requirements exist regarding the security and resiliency of these systems, making it impossible to know whether the system has been built to specification,” the report says.
It also notes that ICANN lacks a proper risk management strategy, and suggests that it improve communications both internally and with VeriSign.
It discloses that “nearly all critical resources are physically located in the greater Los Angeles area”, which puts the IANA function at risk of earthquake damage, if nothing else.
JAS recommends spreading the risk geographically, which should give those opposed to ICANN bloat something new to moan about.
There’s a public comment forum over here.
UPDATE (2010-06-13): As Michael Palage points out over at CircleID, ICANN has pulled the PDF from its web site for reasons unknown.
On the off-chance that there’s a good security reason for this, I shall resist the temptation to cause mischief by uploading it here. This post, however, remains unedited.
US government requests root DNSSEC go-ahead
The National Telecommunications and Information Administration, part of the US Department of Commerce, has formally announced its intent to allow the domain name system’s root servers to be digitally signed with DNSSEC.
Largely, I expect, a formality, a public comment period has been opened (pdf) that will run for two weeks, concluding on the first day of ICANN’s Brussels meeting.
NTIA said:
NTIA and NIST have reviewed the testing and evaluation report and conclude that DNSSEC is ready for the final stages of deployment at the authoritative root zone.
DNSSEC is a standard for signing DNS traffic using cryptographic keys, making it much more difficult to spoof domain names.
ICANN is expected to get the next stage of DNSSEC deployment underway next week, when it generates the first set of keys during a six-hour “ceremony” at a secure facility in Culpeper, Virginia.
The signed, validatable root zone is expected to go live July 15.
Council of Europe wants ICANN role
The Council of Europe has decided it wants to play a more hands-on role in ICANN, voting recently to try to get itself an observer’s seat on the Governmental Advisory Committee.
The Council, which comprises ministers from 47 member states, said it “could encourage due consideration of fundamental rights and freedoms in ICANN policy-making processes”.
ICANN’s ostensibly technical mission may at first seem a bit narrow for considerations as lofty as human rights, until you consider areas where it has arguably failed in the past, such as freedom of expression (its clumsy rejection of .xxx) and privacy (currently one-sided Whois policies).
The Council voted to encourage its members to take a more active role in the GAC, and to “make arrangements” for itself to sit as an observer on its meetings.
It also voted to explore ways to help with the creation of a permanent GAC secretariat to replace the current ad hoc provisions.
The resolution was passed in late May and first reported today by IP Watch.
The Council of Europe is a separate entity to the European Union, comprising more countries. Its biggest achievement was the creation of the European Court of Human Rights.
Recent Comments