Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
Employ Media asks ICANN for a .jobs landrush
The company behind the .jobs sponsored top-level domain wants to loosen the shackles of sponsorship by vastly liberalizing its namespace.
Employ Media has applied (pdf) to ICANN to get rid of the current restrictions on .jobs domain ownership and open hundreds of thousands of strings to the highest bidder.
The registry wants to amend its contract with ICANN to cut the text that limits .jobs domains to the exact match or abbreviation of a company name, and add:
Domain registrations are permitted for other types of names (e.g., occupational and certain geographic identifiers) in addition to the “company name” designation.
Employ Media is basically asking for the right to open the floodgates to a complete relaunch of the .jobs TLD with very few restrictions on who can register and what strings they can register.
Phase One of the relaunch would be an RFP “to invite interested parties to propose specific plans for registration, use and promotion of domains that are not their company name”.
It sounds a little like the current .co Founders Program, or the marketing initiatives Afilias and Neustar asked for to supplement the auction of their single-character domains.
In practice, I expect that this first phase is when the DirectEmployers Association would expect to grab hundreds of thousands of .jobs domains under its universe.jobs business plan, in which it intends to offer job listings tailored to “city, state, geographic region, country, occupation [and] skill”.
Phase Two would see your basic landrush auction of any premium domains left over.
Phase three would be “A first-come, first-served real-time release of any domains not registered through the RFP or auction processes.”
While I have no strong views on the merits of this particular proposal, I do think that the application and ICANN’s response to it could wind up setting the template for how to operate a bait-and-switch in ICANN’s forthcoming round of new TLD applications.
If you say you want to do one thing with your TLD, and later decide you could make more money doing another, how much will ground will ICANN give when it comes to renegotiating your contract? It will be interesting to find out.
Reactions so far from the HR community have not been positive.
Steven Rothberg of CollegeRecruiter.com wrote that the process by which Employ Media’s sponsor, the Society for Human Resource Management, approved the new proposal “stunk”.
“The only winner here is Employ Media,” he wrote.
Comments posted at ERE.net, which has been on top of this story from the beginning, express what could be easily described as outrage over Employ Media’s plans.
The comment posted by Ted Daywalt of VetJobs.com is especially worth a read.
The Employ Media proposal has been submitted under ICANN’s Registry Services Evaluation Process, which allows comments to be submitted.
WSJ reporting bogus Indian domain name market info?
The Wall Street Journal is reporting that India “passed an Internet milestone of sorts” in the first quarter, when the number of .com domains registered in the country broke through 1 million.
Did it?
This is what the WSJ says:
[India] now has more than one million registered web sites using the suffixes .com or .net, according to data released today by VeriSign Inc., the U.S. company that tracks this sort of thing.
In its Domain Name Industry Brief, it reported that India now has a registered total of 1.037 million .com and .net domain names, up from about 800,000 in the same period the year before.
The number 1.037 million is terribly specific, considering that VeriSign’s Domain Name Industry Brief doesn’t say anything of the sort.
There’s nothing in the DNIB to suggest that anybody in India has ever registered a single .com domain.
The DNIB has never broken down .com registrations by location, and the Q1 report, released on Monday, doesn’t use the word “India” once.
If the WSJ numbers are accurate – the paper does appear to have interviewed a VeriSign India executive – I’m wondering how they were calculated.
It can’t be a case of tallying the number of .com domains managed by Indian registrars. Mumbai-based Directi alone has had more than a million .com names under its belt for a long time.
Could VeriSign be mining Whois records for location data?
It runs a thin registry, so it would have to reference Whois data acquired from its registrars in order to compute the numbers.
Or did the WSJ hit on unreliable sources? It seems possible.
More WordPress attacks at Go Daddy
The Kneber gang has continued its attacks on Go Daddy this week, again targeting hosting customers running self-managed WordPress installations.
Go Daddy said that several hundred accounts were compromised in order to inject malicious code into the PHP scripts.
“The attack injects websites with a fake-antivirus pop-up ad, claiming the visitor’s computer is infected,” Go Daddy security manager Scott Gerlach blogged.
According to the alarmists-in-chief over at WPSecurityLock, the attacks place a link to a script hosted on cloudisthebestnow.com, a domain registered by “Hilary Kneber”.
The script attempts to install bot software on visitors’ machines.
As I’ve written before, the Kneber botnet has been running since at least December 2009. It generally hosts its malware on domains registered with ICANN-accredited BizCN.com, a Chinese registrar.
Go Daddy said it has contacted the registrar to get the domain yanked. It may have been successfully killed already, but I’m too much of a little girl to check manually.
I must confess, as somebody with a number of WordPress installations on Go Daddy servers, it makes me a little nervous that these attacks are now well into their second month and I still don’t know whether I should be worried or not.
ICANN staff need to get their pee tested
I imagine it’s a pretty hard job, largely thankless, working at ICANN. No matter what you do, there’s always somebody on the internet bitching at you for one reason or another.
The job may be about to get even more irksome for some staffers, if ICANN decides to implement new security recommendations made by risk management firm JAS Communications.
In a report published yesterday, JAS suggests that senior IANA staff – basically anyone with critical responsibilities over the DNS root zone – should be made to agree to personal credit checks, drug screening and even psych evaluations.
To anyone now trying to shake mental images of Rod Beckstrom peeing into a cup for the sake of the internet, I can only apologise.
This is what the report says:
JAS recommends a formal program to vet potential new hires, and to periodically re‐vet employees over time. Such a vetting program would include screening for illegal drugs, evaluation of consumer credit, and psychiatric evaluation, which are all established risk factors for unreliable and/or malicious insider activity and are routinely a part of employee screening in government and critical infrastructure providers.
I’ve gone for the cheap headline here, obviously, but there’s plenty in this report to take seriously, if you can penetrate the management consultant yadda yadda.
There are eight other recommendations not related to stoners running the root, covering contingencies such as IANA accidentally unplugging the internet and Los Angeles sinking into the Pacific.
Probably most interesting of all is the bit explaining how ICANN’s custom Root Zone Management System software, intended to reduce the possibility of errors creeping into the root after hundreds of new TLDs are added, apparently isn’t being built with security in mind.
“No formal requirements exist regarding the security and resiliency of these systems, making it impossible to know whether the system has been built to specification,” the report says.
It also notes that ICANN lacks a proper risk management strategy, and suggests that it improve communications both internally and with VeriSign.
It discloses that “nearly all critical resources are physically located in the greater Los Angeles area”, which puts the IANA function at risk of earthquake damage, if nothing else.
JAS recommends spreading the risk geographically, which should give those opposed to ICANN bloat something new to moan about.
There’s a public comment forum over here.
UPDATE (2010-06-13): As Michael Palage points out over at CircleID, ICANN has pulled the PDF from its web site for reasons unknown.
On the off-chance that there’s a good security reason for this, I shall resist the temptation to cause mischief by uploading it here. This post, however, remains unedited.
US government requests root DNSSEC go-ahead
The National Telecommunications and Information Administration, part of the US Department of Commerce, has formally announced its intent to allow the domain name system’s root servers to be digitally signed with DNSSEC.
Largely, I expect, a formality, a public comment period has been opened (pdf) that will run for two weeks, concluding on the first day of ICANN’s Brussels meeting.
NTIA said:
NTIA and NIST have reviewed the testing and evaluation report and conclude that DNSSEC is ready for the final stages of deployment at the authoritative root zone.
DNSSEC is a standard for signing DNS traffic using cryptographic keys, making it much more difficult to spoof domain names.
ICANN is expected to get the next stage of DNSSEC deployment underway next week, when it generates the first set of keys during a six-hour “ceremony” at a secure facility in Culpeper, Virginia.
The signed, validatable root zone is expected to go live July 15.
Council of Europe wants ICANN role
The Council of Europe has decided it wants to play a more hands-on role in ICANN, voting recently to try to get itself an observer’s seat on the Governmental Advisory Committee.
The Council, which comprises ministers from 47 member states, said it “could encourage due consideration of fundamental rights and freedoms in ICANN policy-making processes”.
ICANN’s ostensibly technical mission may at first seem a bit narrow for considerations as lofty as human rights, until you consider areas where it has arguably failed in the past, such as freedom of expression (its clumsy rejection of .xxx) and privacy (currently one-sided Whois policies).
The Council voted to encourage its members to take a more active role in the GAC, and to “make arrangements” for itself to sit as an observer on its meetings.
It also voted to explore ways to help with the creation of a permanent GAC secretariat to replace the current ad hoc provisions.
The resolution was passed in late May and first reported today by IP Watch.
The Council of Europe is a separate entity to the European Union, comprising more countries. Its biggest achievement was the creation of the European Court of Human Rights.
ICANN’s Draft Applicant Guidebook v4 – first reactions
As you probably already know, ICANN late yesterday released version 4 of its Draft Applicant Guidebook, the bible for new top-level domain registry wannabes.
Having spent some time today skimming through the novel-length tome, I can’t say I’ve spotted anything especially surprising in there.
IP interests and governments get more of the protections they asked for, a placeholder banning registries and registrars from owning each other makes its first appearance, and ICANN beefs up the text detailing the influence of public comment periods.
There are also clarifications on the kinds of background checks ICANN will run on applicants, and a modified fee structure that gets prospective registries into the system for $5,000.
DNSSEC, security extensions for the DNS protocol, also gets a firmer mandate, with ICANN now making it clearer that new TLDs will be expected to implement DNSSEC from launch.
It’s still early days, but a number of commentators have already given their early reactions.
Perennial first-off-the-block ICANN watcher George Kirikos quickly took issue with the fact that DAG v4 still does not include “hard price caps” for registrations
[The DAG] demonstrates once again that ICANN has no interests in protecting consumers, but is merely in cahoots with registrars and registries, acting against the interests of the public… registry operators would be open to charge $1000/yr per domain or $1 million/yr per domain, for example, to maximize their profits.
Andrew Allemann of Domain Name Wire reckons ICANN should impose a filter on its newly emphasised comment periods in order to reduce the number of form letters, such as those seen during the recent .xxx consultation.
I can’t say I agree. ICANN could save itself a few headaches but it would immediately open itself up to accusations of avoiding its openness and transparency commitments.
The Internet Governance Project’s Milton Mueller noted that the “Draconian” text banning the cross-ownership of registries and registrars is basically a way to force the GNSO to hammer out a consensus policy on the matter.
Everyone knows this is a silly policy. The reason this is being put forward is that the VI Working Group has not succeeded in coming up with a policy toward cross-ownership and vertical integration that most of the parties can agree on.
I basically agree. It’s been clear since Nairobi that this was the case, but I doubt anybody expected the working group to come to any consensus before the new DAG was drafted, so I wouldn’t really count its work as a failure just yet.
That said, the way it’s looking at the moment, with participants still squabbling about basic definitions and terms of reference, I doubt that a fully comprehensive consensus on vertical integration will emerge before Brussels.
Mueller lays the blame squarely with Afilias and Go Daddy for stalling these talks, so I’m guessing he’s basing his views on more information than is available on the public record.
Antony Van Couvering of prospective registry Minds + Machines has the most comprehensive commentary so far, touching on several issues raised by the new DAG.
He’s not happy about the VI issue either, but his review concludes with a generally ambivalent comment:
Overall, this version of the Draft Applicant Guidebook differs from the previous version by adding some incremental changes and extra back doors for fidgety governments and the IP interests who lobby them. None of the changes are unexpected or especially egregious.
DAG v4 is 312 pages long, 367 pages if you’re reading the redlined version. I expect it will take a few days before we see any more substantial critiques.
One thing is certain: Brussels is going to be fun.
ICANN’s Sword algorithm fails Bulgarian IDN test
ICANN has released version 4 of its new TLD Draft Applicant Guidebook (more on that later) and it still contains references to the controversial “Sword” algorithm.
As I’ve previously reported, this algorithm is designed to compare two strings for visual similarity to help prevent potentially confusing new TLDs being added to the root.
The DAG v4 contains the new text:
The algorithm supports the common characters in Arabic, Chinese, Cyrillic, Devanagari, Greek, Japanese, Korean, and Latin scripts. It can also compare strings in different scripts to each other.
So I thought I’d check how highly the internationalized domain name .бг, the Cyrillic version of Bulgaria’s .bg ccTLD, scores.
As you may recall, .бг was rejected by ICANN two weeks ago due to its visual similarity to .br, Brazil’s ccTLD. As far as I know, it’s the only TLD to date that has been rejected on these grounds.
Plugging “бг” into Sword returns 24 strings that score over 30 out of 100 for similarity. Some, such as “bf” and “bt”, score over 70.
Brazil’s .br is not one of them.
Using the tool to compare “бг” directly to “br” returns a score of 26. That’s a lower score than strings such as “biz” and “org”.
I should note that the Sword web page is ambiguous about whether it is capable of comparing Cyrillic strings to Latin strings, but the new language in the DAG certainly suggests that it is.
Could litigation delay ICANN’s new TLDs?
Intellectual property lawyers are wondering aloud about the possibility of ICANN being sued in order to delay the launch of new top-level domains.
The idea was raised during a panel at the annual meeting of INTA, the International Trademark Association, in Boston yesterday, according to its daily newsletter (pdf).
Kristina Rosette of the law firm Covington & Burling reportedly “suggested litigation is a possibility to slow down the application launch. One source of litigation could be trademark owners, worried about mass cybersquatting”.
That’s reported speech, by the way, not a quote. The article does not make clear the context.
Rosette is Intellectual Property Constituency representative for North America on ICANN’s GNSO Council.
The IP community is worried that the launch of new TLDs will lead to companies splurging more money unnecessarily on defensive registrations.
The current best, arguably most optimistic guess on the new TLD timeline comes from registry hopeful Minds + Machines. M+M has applications opening next April.
A delay in the launch of new TLDs would hurt most the startup companies that intend to apply for them, and the service providers and consultants hoping to facilitate the launches.
Some of these companies make minimal revenue, are dependent on funding, and would prefer applications open sooner rather than later.
Four of the top 100 brands have insecure domain names
Some of the world’s most famous global brands have domain names that are still vulnerable to the Kaminsky exploit and could be hijacked by others.
Earlier today, I ran all of the brands on Deloitte’s list of the top 100 brands through a vulnerability testing tool provided by IANA.
The results show that four of these brands – all household names – have domains classed as “highly vulnerable” to the Kaminsky exploit.
If the IANA test is reliable, this means that false data could be injected into their name servers, potentially redirecting users to a web site belonging to the attacker.
Another eight brands had domains that the IANA tool reported might be “vulnerable” to attacks, but which had measures in place to mitigate the risk.
The Kaminsky bug has been public for almost two years. It’s a cache poisoning attack in which a recursive name server is tricked into providing false data about a domain.
It becomes particularly scary when a domain’s authoritative name servers also have their recursive functions turned on. A successful attack could redirect all traffic to a compromised domain to a server managed by the attacker.
The surest way to avoid vulnerability is to turn off recursion. IANA says: “Authoritative name servers should never be configured to provide recursive name service.”
Alternatively, a method known as source port randomization can make the risk of being compromised by the Kaminsky exploit so small it’s barely a threat at all.
The IANA tool reports that four of the top 100 brands have at least one “highly vulnerable” authoritative name server that has recursion enabled and no source port randomization.
The other eight “vulnerable” domains were identified as running on at least one authoritative server that had recursion turned on and source port randomization enabled.
I’m not an expert, but I don’t believe this second category of companies has a great deal to worry about in terms of Kaminsky.
I picked the Deloitte brand list for this experiment because it is the list of brands Deloitte believes require the most trademark protection under ICANN’s new TLD process.
.CO Internet is already using the list during its sunrise period for the .co domain.
Michele Neylon of Blacknight has found some more vulnerable servers over here.
Recent Comments