SSAD: Whois privacy-busting white elephant to be shelved

ICANN is likely to put SSAD, the proposed system for handling requests for private Whois data, on the back-burner in favor of a simplified, and far less expensive, temporary fix.

But now ICANN is warning that even the temporary fix might be problematic, potentially delaying unrelated work on the next new gTLD round for months.

The GNSO Council has asked the ICANN board of directors that “consideration of the SSAD recommendations be paused” in favor of what it calls “SSAD Light”.

SSAD, for Standardized System for Access and Disclosure, is a sprawling, multifaceted proposal that would create a system whereby trademark owners, for example, can request Whois data from registrars.

After months of studying the proposal, ICANN decided it could cost as much as $27 million to build and might not go live before 2028.

There’s apparently substantial resistance within ICANN Org to committing to such a project, so the GNSO put together a small team of experts to figure out whether something simpler might be a better idea.

They came up with SSAD Light, which would be basically a stripped-down ticketing system for data requests designed in part to gauge potential uptake and get a better idea of what a full SSAD might cost.

But there’s some strong resistance to SSAD Light, notably from former ICANN chair Steve Crocker, who recently called it “nonsense” with a design that does not match its goals.

Nevertheless, the GNSO Council submitted the bare-bones proposal to the ICANN board in an April 27 letter (pdf).

Since then, it’s emerged that simply fleshing out the design for SSAD Light would add at least six weeks to the separate Operational Design Phase of the next new gTLD application round (known as SubPro). I assume this is due to ICANN staff workload issues as the two projects are not massively interdependent.

This delay could extend to “months” to SubPro if ICANN is then asked to build SSAD Light, according to Jeff Neuman, who’s acting as liaison between the GNSO and ICANN on the SubPro ODP.

In a nutshell, the GNSO Council is being asked what it wants more — Whois reform, or more new gTLDs. It’s a recipe for fireworks, and no mistake.

It will meet May 19 to discuss the matter.

More friction over closed generics

ICANN’s Generic Names Supporting Organization and Governmental Advisory Committee seem to be headed to bilateral talks on the thorny issue of whether “closed generic” gTLDs should be allowed, but not without discontent.

The GNSO’s Non-Commercial Stakeholder Group last week opposed these talks, suggesting that the GAC is trying to acquire more policy-making power and take a second bite at the apple on a issue it has already advised on.

The NCSG wrote (pdf) to the GNSO Council last Thursday to oppose GAC talks, which are being encouraged by ICANN management and board.

Closed generics are dictionary-word gTLDs that do not match the registry’s trademarks but which nevertheless act as though they are a dot-brand, where only the registry may register domains.

There aren’t any right now, because ICANN, acting in 2014 in response to 2013 GAC advice, retroactively banned them from the 2012 application round, even though they were initially permitted.

It’s such a divisive issue that the GNSO working group (known as SubPro) that made the policy recommendations for the next round was, I believe uniquely, unable to come up with a even a fudged recommendation.

The GAC is sticking to its view that closed generics are potentially harmful, and since the GNSO couldn’t make its mind up, ICANN has suggested an informal dialogue between the two parties, to encourage a solution both deem acceptable that could then be thrown back at the GNSO for formal ratification.

The NCSG objected to this idea because it appears, NCSG said, that a new policy process is being created that increases the GAC’s powers to intervene in policy-making when it sees something it doesn’t like.

But the constituency appeared to stand alone during a GNSO Council meeting last Thursday, where the prevailing opinion seemed to be that dialogue is always a good thing and it would be bad optics to refuse to talk.

The Council has formed a small team of four to decide whether to talk to the GAC, which is in favor of the move.

GoDaddy and XYZ sign away rights after UNR’s crypto gambit

ICANN has started asking registries to formally sign away ownership rights to their gTLDs when they acquire them from other registries.

GoDaddy and XYZ.com both had to agree that they don’t “own” their newly acquired strings before ICANN would agree to transfer them from portfolio UNR, which auctioned off its 23 gTLD contracts a year ago.

GoDaddy bought .photo and .blackfriday for undisclosed sums in the auction, it emerged last week. XYZ bought 10 others and newcomer Dot Hip Hop bought .hiphop.

All three transfers were signed off March 10 (though GoDaddy’s were inexplicably not published by ICANN until last Thursday, when much of Christendom was winding down for a long weekend) and all three contain this new language:

The Parties hereby acknowledge that, notwithstanding anything to the contrary in any marketing or auction materials, documentation or communications issued by Assignor or any other agreements between the Parties or otherwise, nothing in the Registry Agreement(s) or in any other agreements between Assignor and Assignee have established or granted to Assignor any property or ownership rights or interest in or to the TLDs or the letters, words, symbols or other characters making up the TLDs’ strings and that Assignee is not being granted any property or ownership rights or interest in or to the TLDs or the letters, words, symbols or other characters making up the TLDs’ strings.

The Parties represent that they understand the scope of ICANN’s Consent, which: (A) does not grant Assignee any actual or purported property or ownership rights or interest in or two the TLDs or the letters, words, symbols or other characters making up the TLDs’s strings; (B) is solely binding and applicable to the assignment of rights and obligations pursuant to the Registry Agreement(s); (C) solely relates to the operation of the TLDs in the Domain Name System as specified in the applicable Registry Agreement(s); and (D) does not convey any rights to the letters, words or symbols making up the TLD string for use outside the Domain Name System.

The TL;DR of this? Registries don’t “own” their gTLDs, ICANN just allows them to use the strings.

The new language is in there because UNR’s auction had offered, as a bonus, ownership of matching non-fungible token “domains” on the blockchain-based alt-root Ethereum Name Service.

Alt-roots arguably present an existential threat to ICANN and a risk to the interoperability of the internet, so ICANN delayed authorization of its approvals for many months while it tried to figure out the legalities.

Dot Hip Hop, for one, has said it couldn’t care less about the Ethereum NFT, and has had it deleted.

Separately, the .ruhr contract has been transferred from regiodot to fellow German geo-TLD operator DotSaarland, a subsidiary of London-based CentralNic, which announced the acquisition in February.

This assignment agreement was signed March 31 — after GoDaddy’s and XYZ’s — and does not include the new ownership waiver language, suggesting that it’s unique to UNR’s auction winners.

However, the friction between blockchain alt-roots is likely to be an issue when the next new gTLD application round opens.

It’s being said that a great many “TLDs” are being registered on various blockchains specifically in order to interfere with matching ICANN applications, and that blockchain fans are attempting to delay the next round to give their own projects more time to take root.

GoDaddy’s two acquisitions bring the total known outcomes of UNR’s auctions to 13 out of 23 gTLDs. At least four more are being processed by ICANN, according to a now month-old statement.

TMCH turning off some brand-blocking services

The Trademark Clearinghouse is closing down two of its brand protection services after apparently failing to attract and retain registry partners.

The company announced recently that TREx, its Trademark Registry Exchange, will shut down after its customers’ existing subscriptions expire, saying:

The communication that we receive from our agents, resellers, clients and other registries that we have reached out to around improving the product shows that there is currently little appetite for such a service.

TMCH said it may revive the service after the new round of new gTLDs happens.

TREx was a service similar to Donuts’ Domain Protected Marks List and others, whereby trademark owners can block their brands across a multitude of TLDs for a substantial discount on the cost of defensive registrations.

But the TMCH offering was not restricted to one registry’s portfolio. Rather, it consolidated TLDs from multiple smaller operators, including at least one ccTLD — .de — into one service.

It seems to have peaked at 43 TLDs, but lost three when XYZ.com pulled out a couple years ago.

Its biggest partner was MMX, which sold its 22 gTLDs to GoDaddy Registry last year. I’d be very surprised if this consolidation was not a big factor in the decision to wind down TREx.

I’d also be surprised if we don’t see a DPML-like service from GoDaddy before long. It already operates AdultBlock on its four porn-themed gTLDs.

The news follows the announcement late last year that TMCH will also close down its BrandPulse service, which notified clients when domains similar to their brands were registered in any TLD, when its existing subscriptions expire.

Both services leveraged TMCH’s contractual relationship with ICANN, under which it provides functions supporting mandatory rights protection mechanisms under the new gTLD program rules, but neither are ICANN-mandated services.

.kids goes live, plans to launch this year

The long-anticipated .kids top-level domain has its first live site, and the registry has announced plans to start selling domains towards the end of the year.

The contractually mandated nic.kids is now resolving, leading to the registry web site of the DotKids Foundation.

Hong Kong-based DotKids, which has close ties to DotAsia and ICANN director Edmon Chung, said the plan is to start a sunrise period in the third quarter and go to general availability in the fourth quarter this year.

There’s also going to be a special registration period for children’s rights groups and a Q3 “Pioneer Program” for early adopters.

The idea behind the gTLD is to provide a space where all content is considered suitable for under-18s, though the exact policing policies have yet to be written. DotKids is using the UN definition of a child.

It will be a tough balancing act. My fifteen-year-old nephew isn’t happy with content that doesn’t involve the laser-beam dismemberment of tentacled beasts, but a decade ago was content to watch Peppa Pig on a loop for hours a day.

DotKids won the rights to .kids, somehow beating rival applicants Amazon and Google, in 2019. It signed a very strange Registry Agreement with ICANN last year.

Previous attempts at creating child-friendly domains have proven unsuccessful.

In the US, there was a government-mandated .kids.us brought in 20 years ago, aimed at under-13s, but it was a spectacular failure, attracting just a handful of registrations. It was killed off in 2012.

Russian speakers have their own equivalent gTLD .дети, a word that has taken on more sinister overtones in recent weeks, but that currently has only about 800 names under management.

DotKids has its work cut out to make .kids a commercial success, but it is a non-profit and it was the only new gTLD applicant to have most of its ICANN fees waived under the Applicant Support Program.

What to make of this strange trend in new domain regs?

Are people getting the shortest domain possible when they register in a new gTLD?

Every month uber-registry Donuts publishes data about its portfolio, such as which gTLDs are most popular, in which region, what its most popular premium names are, and what keywords are most commonly registered at the second-level.

For the past few months, I’ve noticed what may be considered an unusual trend — many of the most popular SLD keywords are already gTLDs in their own right, suggesting registrants may not be getting their optimal domain.

The top 10 second-level keywords in February were: today, meta, letter, first, digital, verse, online, club, life, and home.

Put a dot in front of them, and five are also gTLDs — .today, .digital, .online, .club, and .life — some of which Donuts actually manages. One of them, .home, has multiple outstanding applications but has been essentially banned by ICANN due to high levels of name collision.

It’s even more noticeable in January’s numbers, with seven gTLD matches — online, life, digital, free, green, shop, world — in the top 10 SLD keywords.

In December there are six — today, group, online, digital, world and life. In November, four — online, digital, life, group. In October, six — digital, online, life, tech, shop, group.

It shouldn’t be hugely surprising that there’s a crossover between gTLD strings and popular SLD strings — one of the ways Donuts and others picked their gTLDs was by scouring the .com zone file for the most-common SLD endings.

The idea was that if Peter owned, or was thinking of registering, peterspickledpeppersonline.com, he might reasonably want to upgrade to the shorter peterspickledpeppers.online.

Donuts consistently says that the domains it sells are 20% shorter than domains registered in .com over the comparable period.

But its data suggests that this they’re not always getting their optimal domain. People are registering in new gTLDs, but they’re often not using the gTLD that would make their overall domain shorter.

I wonder why this is.

Cost could certainly be a factor. There’s not a massive amount of difference between a .online and a .live, and both are typically more expensive than .com, but it might be an issue for registrants on tight budgets.

It seems more likely that a lack of awareness among registrants may be the main issue — they don’t know the full breadth of options available to them (hell, even I don’t, and this is my job).

Registrars’ name spinners aren’t always helpful raising this awareness.

I typed the string “peterspickledpeppersonline” into the storefronts of seven popular registrars, all of which carry new gTLDs, and found that two of them didn’t offer peterspickledpeppers.online among their suggestions at all.

On some, the domain was way down the list, after far less-relevant suggestions, even though it is shorter and carries a higher price.

Closed generic gTLDs likely to be allowed, as governments clash with ICANN

So-called “closed generics” seem to be on a path to being permitted in the next new gTLD application round.

The issue reconfirmed itself at ICANN 73 last week as a major point of disagreement between governments and ICANN, and a major barrier to the next round of new gTLDs going ahead.

But a way forward was proposed that seems likely to to permit closed generics in some form in the next round, resolving an argument that has lasted the better part of a decade.

It seems ICANN now expects that closed generics WILL be permitted, but restricted in some yet-to-be-decided way.

A closed generic is a gTLD representing a dictionary word that is not also a brand, operated by a registry that declines to sell domains to anyone other than itself and its close affiliates.

Imagine McDonald’s operating .burgers, but no other fast food chain, cow-masher, or burger afficionado is allowed to register a .burgers domain.

ICANN’s 2012 application round implicitly allowed applications for such gTLDs — at least, it did not disallow them — which prompted outrage from the governments.

The GAC’s Beijing communique (pdf), from April 2013, urged ICANN to retroactively ban these applications unless they “serve a public interest goal”.

The GAC identified 186 applications from the 2012 round that appeared to be for closed generics.

ICANN, taking the GAC’s lead, gave these applicants a choice to either convert their application to an open generic, withdraw for a refund, or maintain their closed generic status and defer their applications to the next round.

Most opted to switch to an open model. Some of those hacked their way around the problem by making registrations prohibitively restrictive or expensive, or simply sitting on their unlaunched gTLDs indefinitely.

The GNSO policy for the next round is inconclusive on whether closed generics should be permitted. The working group contained two or three competing camps, and nobody conceded enough ground for a consensus recommendation to be made.

It’s one of those wedge issues that highlights the limitations of the multistakeholder model.

The working group couldn’t even fall back on the status quo since they couldn’t agree, in light of ICANN’s specific request for a clear policy, what the status quo even was.

Policy-makers are often also those who stand to financially benefit from selling shovels to new gTLD applicants in the next round. The fewer restrictions, the wider the pool of potential clients and the more attractive the sales pitch.

The working group ended up recommending (big pdf) further policy work by disinterested economics and competition law experts, which hasn’t happened, and the GNSO Council asked the ICANN board for guidance, which it refused to provide.

The GAC has continued to press ICANN on the issue, reinforcing its Beijing advice, for the last year or so. It seems to see the disagreement on closed generics as a problem that highlights the ambiguity of its role within the multistakeholder process.

So ICANN, refusing to create policy in a top-down fashion, is forcing the GAC and the GNSO to the table in bilateral talks in an attempt to create community consensus, but the way the Org is framing the issue may prove instructive.

A framework for these discussions (pdf) prepared by ICANN last week suggests that, when it comes to closed generics, an outright-ban policy and an open-door policy would both be ruled out from the outset.

The paper says:

It is evident from the PDP deliberations and the community’s discussions and feedback that either of the two “edge outcomes” are unlikely to achieve consensus; i.e.:

• 1. allowing closed generics without restrictions or limitations OR
• 2. prohibiting closed generics under any circumstance.

As such, the goal could be to focus the dialogue on how to achieve a balanced outcome that does not represent either of these two scenarios. The space to be explored in this dialogue is identifying circumstances where closed generics could be allowed (e.g., when they serve the public interest, as noted by the GAC Advice). This will likely require discussions as to the types of possible safeguards that could apply to closed generics, identifiable public interest goals for that gTLD and how that goal is to be served, with potential consequences if this turns out not to be the case.

It sounds quite prescriptive, but does it amount to top-down policy making? Insert shrugging emoji here. It seems there’s still scope for the GAC and GNSO to set their own ground rules, even if that does mean relitigating entrenched positions.

The GAC, in its ICANN 73 communique (pdf) said yesterday that it welcomes these talks, and the GNSO Council has already started to put together a small team of councillors (so far also former PDP WG members) to review ICANN’s proposal.

ICANN expects the GNSO-GAC group to begin its work, under an ICANN-supplied facilitator, on one or more Zoom calls before ICANN 74 in June.

ICANN hasn’t implemented a policy since 2016

It’s been over five years since ICANN last implemented a policy, and many of its ongoing projects are in limbo.

Beggars belief, doesn’t it?

The ongoing delays to new gTLD program policy and the push-back from ICANN on Whois policy recently got me thinking: when was the last time ICANN actually did anything in the policy arena apart from contemplate its own navel?

The Org’s raison d’être, or at least one of them, is to help the internet community build consensus policies about domain names and then implement them, but it turns out the last time it actually did that was in December 2016.

And the implementation projects that have come about since then are almost all frozen in states of uncertainty.

ICANN policies covering gTLD domains are usually initiated by the Generic Names Supporting Organizations. Sometimes, the ICANN board of directors asks the GNSO Council for a policy, but generally it’s a bottom-up, grass-roots process.

The GNSO Council kicks it off by starting a Policy Development Process, managed by working group stocked with volunteers from different and often divergent special interest groups.

After a few years of meetings and mailing list conversations, the working group produces a Final Report, which is submitted to the Council, and then the ICANN board, for approval. There may be one or more public comment periods along the way.

After the board gives the nod, the work is handed over to an Implementation Review Team, made up of ICANN staff and working group volunteers, which converts the policy into implementation, such as enforceable contract language.

The last time an IRT actually led to a GNSO policy coming into force, was on December 1, 2016. Two GNSO consensus policies became active that day, their IRTs having concluded earlier that year.

One was the Thick WHOIS Transition Policy, which was to force the .com, .net and .jobs registries to transition to a “thick” Whois model by February 2019.

This policy was never actually enforced, and may never be. The General Data Protection Regulation emerged, raising complex privacy questions, and the transition to thick Whois never happened. Verisign requested and obtain multiple deferrals and the board formally put the policy on hold in November 2019.

The other IRT to conclude that day was the Inter-Registrar Transfer Policy Part D, which tweaked the longstanding Transfer Dispute Resolution Policy and IRTP to streamline domain transfers.

That was the last time ICANN actually did anything in terms of enforceable, community-driven gTLD policy.

You may be thinking “So what? If the domain industry is ticking over nicely, who cares whether ICANN is making new policies or not?”, which would be a fair point.

But the ICANN community hasn’t stopped trying to make policy, its work just never seems to make the transition from recommendation to reality.

According to reports compiled by ICANN staff, there are 12 currently active PDP projects. Three are in the working group stage, five are awaiting board attention, one has just this month been approved by the board, and three are in the IRT phase.

Of the five PDPs awaiting board action, the average time these projects have been underway, counted since the start of the GNSO working group, is over 1,640 days (median: 2,191 days). That’s about four and a half years.

Counting since final policy approval by the GNSO Council, these five projects have been waiting an average of 825 days (median: 494 days) for final board action.

Of the five, two are considered “on hold”, meaning no board action is in sight. Two others are on a “revised schedule”. The one project considered “on schedule” was submitted to the board barely a month ago.

The three active projects that have made it past the board, as far as the IRT phase, have been there for an average of 1,770 days (median: 2,001 days), or almost five years, counted from the date of ICANN board approval.

So why the delays?

Five of the nine GNSO-completed PDPs, including all three at the IRT stage, relate to Whois policy, which was thrown into confusion by the introduction of the European Union’s introduction of the GDPR legislation in May 2018.

Two of them pre-date the introduction of GDPR in May 2018, and have been frozen by ICANN staff as a result of it, while three others came out of the Whois EPDP that was specifically designed to bring ICANN policy into line with GDPR.

All five appear to be intertwined and dependent on the outcome of the ICANN board’s consideration of the EPDP recommendations and the subsequent Operational Design Assessment.

As we’ve been reporting, these recommendations could take until 2028 to implement, by which time they’ll likely be obsolete, if indeed they get approved at all.

Unrelated to Whois, two PDPs relate to the protection of the names and acronyms of international governmental and non-governmental organizations (IGOs/INGOs).

Despite being almost 10 years old, these projects are on-hold because they ran into resistance from the Governmental Advisory Committee and ICANN board. A separate PDP has been created to try to untangle the problem that hopes to provide its final report to the board in June.

Finally, there’s the New gTLD Subsequent Procedures PDP, which is in its Operational Design Phase and is expected to come before the board early next year, some 2,500 days (almost seven years) after the PDP was initiated.

I’m not sure what conclusions to draw from all this, other than that ICANN has turned into a convoluted mess of bureaucracy and I thoroughly understand why some community volunteers believe their patience is being tested.

ICANN splits $9 million new gTLD ODP into nine tracks

ICANN has added a little more detail to its plans for the Operational Design Phase for the next round of the new gTLD program.

VP and ODP manager Karen Lentz last night blogged that the project is being split into nine work tracks, each addressing a different aspect of the work.

She also clarified that the ODP officially kicked off January 3, meaning the deadline for completion, barring unforeseen issues, is November 3. The specific dates hadn’t been clear in previous communications.

The nine work tracks are “Project Governance”, “Policy Development and Implementation Materials”, “Operational Readiness”, “Systems and Tools”, “Vendors”, “Communications and Outreach”, “Resources, Staffing, and Logistics”, “Finance”, and “Overarching”.

Thankfully, ICANN has not created nine new acronyms to keep track of. Yet.

Pro-new-gTLD community members observing how ICANN’s first ODP, which addressed Whois reform, seemed to result in ICANN attempting to kill off community recommendations may be worried by how Lenzt described the new ODP:

The purpose of this ODP, which began on 3 January, is to inform the ICANN Board’s determination on whether the recommendations are in the best interests of ICANN and the community.

I’d be hesitant to read too much into this, but it’s one of the clearest public indications yet that subsequent application rounds are not necessarily a fait accompli — the ICANN board could still decide force the community to go back to the drawing board if it decides the current recommendations are harmful or too expensive.

I don’t think that’s a likely outcome, but the thought that it was a possibility hadn’t seriously crossed my mind until quite recently.

Lentz also refers to “the work required to prepare for the next round and subsequent rounds”, which implies ICANN is still working on the assumption that the new gTLD program will go ahead.

The ICANN board has give Org 10 months and a $9 million budget, paid out of 2012-round application fee leftovers, to complete the ODP. The output will be an Operational Design Assessment, likely to be an enormous document, that the board will consider, probably in the first half of next year, before implementation begins.

Battle for .web “far from over”, says Afilias lawyer

Altanovo Domains’ fight with Verisign and ICANN for the .web gTLD is not over, despite an adverse ruling late last month, according to a top lawyer for the company.

Altanovo, the company previously known as Afilias Domains No 3, has not thrown in the towel and left the path clear for Verisign to launch .web, Arif Ali of the law firm Dechert told DI last night.

“Bottom line: this matter is far from over and no, Verisign doesn’t ‘get to run .web after all;’ certainly if the Board does its job objectively and fairly,” he said in an email.

He said this just hours before ICANN published its latest, but by no means final, board resolution on the .web case.

Ali represented Afilias in its Independent Review Process complaint against ICANN’s decision to award .web to Verisign following a 2016 auction, which was won by a company called Nu Dot Co, secretly backed by $135 million of Verisign’s money.

Afilias technically won its IRP, with the panel ruling last May that ICANN broke its bylaws by shirking its duty to address Afilias’ claim that NDC broke new gTLD program rules. Afilias said ICANN should have forced NDC to disclose itself a Verisign pawn before the auction went ahead.

ICANN got close to signing a registry agreement for .web with NDC, despite it being an open question as to whether the auction was legit, the panel ruled. It ordered ICANN to pay Afilias its $450,000 in legal fees and $479,458 of IRP costs.

What the IRP did not do was void the Verisign/NDC bid, nor give Afilias rights to .web.

Instead, it instructed ICANN to stay the .web contract-signing until its board has formally “considered and pronounced upon the question of whether the [Verisign-NDC Domain Acquisition Agreement] complied with the New gTLD Program Rules”.

The board had held a secret, undocumented discussion about the case in November 2016 and decided to keep its mouth shut and just let the IRP play out, according to the IRP ruling, which essentially told the board to stop avoiding difficult questions and to actually make a call on the legitimacy of the Verisign play.

Before the board could do so, Afilias/Altanovo filed an unprecedented appeal with the IRP panel. Technically an “application for an additional decision and interpretation”, Afilias asked the IRP panel to definitively answer the question of whether Verisign broke the rules rather than merely passing the hot potato back to ICANN’s board.

But in a December 21 decision (pdf), the IRP panel denied Afilias’ request as “frivolous” in its entirely, writing:

The Panel has dismissed the [Afilias] Application in its entirety. In the opinion of the Panel, under the guise of seeking an additional decision, the Application is seeking reconsideration of core elements of the Final Decision. Likewise, under the guise of seeking interpretation, the Application is requesting additional declarations and advisory opinions on a number of questions, some of which had not been discussed in the proceedings leading to the Final Decision.

In such circumstances, the Panel cannot escape the conclusion that the Application is “frivolous” in the sense of it “having no sound basis (as in fact or law)”. This finding suffices to entitle the Respondent [ICANN] to the cost shifting decision it is seeking and obviates the necessity of determining whether the Application is also “abusive”.

The panel told Afilias to pay ICANN’s $236,884 legal fees and the panel’s costs of $140,335, leaving Afilias out of pocket and back to square one in terms of getting clarity on whether Verisign’s actions were kosher.

Afilias had basically accused the panel of shirking its duties and punting its decision on Verisign’s auction bid in much the same way as the panel decided that ICANN had shirked its duties and punted its decision on Verisign’s auction bid.

Nobody seems to want to make a call on whether the successful Verisign-NDC ploy to win the .web auction with a secretly bankrolled bid was legit.

On Sunday, the full ICANN board met to discuss the outcome of the IRP and — surprise surprise — it punted again, instructing a subcommittee to look more closely at the matter:

the Board asks the Board Accountability Mechanisms Committee (BAMC) to review, consider, and evaluate the IRP Panel’s Final Declaration and recommendation, and to provide the Board with its findings to consider and act upon before the organization takes any further action toward the processing of the .WEB application(s).

There’s not yet a publicly announced date for the next BAMC meeting. It tends to meet as and when needed, so we might not have too long to wait.

Once the committee has made a decision, it would be referred back to the full board for a final rubber stamp, and it seems that only after that would Afilias make its next move.

Ali, in an email sent to DI just a few hours before ICANN published its Sunday board resolution last night, said:

The [IRP] Panel also made it clear that the Board can’t just punt on the matter as it did previously, but must decide it, and that its decision is subject to review by a future IRP panel.

There’s nothing preventing Afilias filing another IRP to challenge the board’s ultimate decision, should it favor Verisign. Likewise, if it favors Afilias, Verisign could use IRP to appeal.

Verisign has been pursuing a counter-claim against Afilias, albeit so far only in the court of public opinion, accusing the company of breaking ICANN’s rules by trying to secretly “rig” the .web auction during a communications blackout period.

Ali calls this a “red herring”, among other things.

In my view, whichever way ICANN’s board goes, it’s going to wind up back in an IRP.

With IRP proceedings typically measured in years, and no indication that Afilias or Verisign are ready to back down, it seems the .web saga may still have some considerable time left on the clock.

If you’re desperate to register a .web domain, don’t hold your breath.

Note: most of Afilias was acquired by Donuts a year ago, but the .web application was not part of the deal. The IRP proceedings have continued to refer to “Afilias” interchangeably with “Altanovo”, and I’m doing the same in my coverage.