Recent Posts
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
Is the .home new gTLD doomed? ICANN poses study of security risks
ICANN has set up a study into whether certain applied-for new gTLD strings pose a security risk to the internet, admitting that some gTLDs may be rejected as a result.
Its board of directors on Saturday approved new research into the risk of new gTLD clashes with “internal name certificates”, saying that the results could kill off some gTLD applications.
In its rationale, the board stated:
it is possible that study might uncover risks that result in the requirement to place special safeguards for gTLDs that have conflicts. It is also possible that some new gTLDs may not be eligible for delegation.
Internal name certificates are the same digital certificates used in secure, web-based SSL transactions, but assigned to domain names in private, non-standard namespaces.
Many companies have long used non-existent TLDs such as .corp, .mail and .home on their private networks and quite often they obtain SSL certs from the usual certificate authorities in order to enable encryption between corporate resources and their internal users.
The problem is that browsers and other applications on laptops and other mobile devices can attempt to access these private namespaces from anywhere, not only from the local network.
If ICANN should set these TLD strings live in the authoritative DNS root, registrants of clashing domain names might be able to hijack traffic intended for secure resources and, for example, steal passwords.
That’s obviously a worry, but it’s one that did not occur to ICANN’s Security and Stability Advisory Committee until late last year, when it immediately sought out the help of the CA/Browser Forum.
It turned out the the CA/Browser forum, an alliance of certificate authorities and browser makers, was already on the case. It has put in new rules that state certificates issued to private TLDs that match new gTLDs will be revoked 120 days after ICANN signs a contract with the new gTLD registry.
But it’s still not entirely clear whether this will sufficiently mitigate risk. Not every CA is a member of the Forum, and some enterprises might find 120 day revocation windows challenging to work with.
Verisign recently highlight the internal certificate problem, along with many other potential risks, in an open letter to ICANN.
But both ICANN CEO Fadi Chehade and the chair of SSAC, Patrick Falstrom, have said that the potential security problems are already being addressed and not a reason to delay new gTLDs.
The latest board resolution appears to modify that position.
The board has now asked CEO Fadi Chehade and SSAC to “consider the potential security impacts of applied-for new-gTLD strings in relation to this usage.”
The Root Server Stability Advisory Committee and the CA/Browser Forum will also be tapped for data.
While the study will, one assumes, not be limited to any specific applied-for gTLD strings, it’s well known that some strings are more risky than others.
The root server operators already receive vast amounts of erroneous DNS traffic looking for .home and .corp, for example. If any gTLD applications are at risk, it’s those.
There are 10 remaining applications for .home and five for .corp.
ANA calls for new gTLDs delay, again
The Association of National Advertisers has seized upon Verisign’s recent report into the security risks of ICANN’s new gTLD timetable to call for delays to the program.
In a blog post yesterday, ANA vice president Dan Jaffe said ICANN’s dismissal of the surprising Verisign letter is “like the Captain of the Titanic before the crash saying that the dangers of icebergs had been discussed for years.”
The post highlights the lack of finalized Trademark Clearinghouse specs as “one of the greatest concerns”, saying “millions of customers are the ones who will face harm”.
That’s not strictly true, of course. New gTLD registries are contractually unable to launch until the TMCH is ready, so the risk of registrants being harmed by the lack of specs today is a non-starter.
The ANA also points to ongoing concerns about proposed TLDs such as .corp and .home, which run the risk of clashing with existing private TLDs used on internal corporate and ISP networks.
It’s on much firmer ground here. If a user tries to access a LAN resource on a .corp domain while roaming, what’s to stop them sending sensitive data to a third-party web site instead?
I’ve yet to see a compelling reason why this is not a problem, but it’s not yet known whether the many applications for .corp, .home and similar strings have passed their ICANN technical evaluations.
The ICANN application form asked applicants to disclose potential operational problems such as these, but some applicants that were very familiar with the problem decided not to do so.
But the ANA’s main concern is its belief that new gTLDs will increase cybersquatting and increase the cost of defensive registrations, of course.
“Adequate steps have not been taken to protect Internet users, and we are headed toward uncharted waters with major danger to consumers, brandholders, and the Internet itself,” Jaffe wrote.
“The only prudent action for ICANN now is to delay this arbitrary domain name roll-out until it has fixed these very serious problems.”
Chehade says “no delay” as Verisign drops a security bomb on ICANN
Verisign today said that the new gTLD program presents risks to the security of the internet, but ICANN CEO Fadi Chehade told DI that he’s not expecting any new delays.
The .com behemoth tonight delivered a scathing review of the security and stability risks of launching new gTLDs on ICANN’s current timetable.
The new Verisign report catalogs the myriad ways in which ICANN is not ready to start approving new gTLDs, and the various security problems they could cause if launched without due care.
It strongly suggests that ICANN should delay the program until its concerns are addressed.
But Chehade, in an exclusive interview with DI tonight, rebutted the already-emerging conspiracy theories and said: “There’s nothing new here that would cause me to predict a new delay.”
What does the Verisign report say?
It’s a 21-page document, and it covers a lot of ground.
The gist of it is that ICANN is rushing to launch new gTLDs without paying enough attention to the potential security and stability risks that a vast influx of new gTLDs could cause.
It covers about a dozen main points, but here are the highlights:
- Certificate authorities and browser makers are not ready. CAs have long issued certificates for use on organizations’ internal networks. In many cases, these certs will use TLDs that only exist on that internal network. A company might have a private .mail TLD, for example, and use certs to secure those domains for its users. The CA/Browser Forum, which coordinates CAs and browser makers, has decided (pdf) to deprecate these certs, but not until October 2016. This, Verisign says, creates a “vulnerability window” of three years during which attackers could exploit clashes between certs on internal TLDs and new gTLDs.
- Root server operators are not ready. The organizations that run the 13 DNS root servers do not currently coordinate their performance metrics, Verisign said. This makes it difficult to see what impact new gTLDs will have on root server stability. “The current inability to view the root server system’s performance as a whole presents a risk when combined with the impending delegation of the multitude of new gTLDs,” Verisign said.
- Root zone automation isn’t done yet. ICANN, Verisign and the US Department of Commerce are responsible for adding new gTLDs to the root zone, and work on automating the “TLD add” process is not yet complete. Verisign reckons this could cause “data integrity” problems at the root.
- The Trademark Clearinghouse is not ready. Delays in finalizing the TMCH technical specs mean registries haven’t had sufficient time to build their interfaces and test them, and the TMCH itself is a potential single point of failure with an unknown attack profile.
- Universal acceptance of new TLDs. Verisign points out that new gTLDs won’t be immediately available to users when they go live due to lack of software support. It points specifically to the ill-maintained Public Suffix List, used by browsers to set cookie boundaries, as a potential risk factor.
- A bunch of other stuff. The report highlights issues such as zone file access, data escrow, Whois and pre-delegation testing where Verisign reckons ICANN has not given registries enough time to prepare.
Basically, Verisign has thrown pretty much every risk factor it can think of into the document.
Some of the issues of concern have been well-discussed in the ICANN community at large, others not so much.
Yeah, yeah, but what did Fadi say?
Chehade told DI this evening that he was surprised by the report. He said he’s been briefed on its contents today and that there’s “nothing new” in it. The program is “on track”, he said.
“What is most surprising here is that there is nothing new,” he said. “I’m trying to get my finger on what is new here and I can’t find it.”
“It was very surprising to see this cornucopia of things put together,” he said. “I’m struggling to see how the Trademark Clearinghouse has a security impact, for example.”
He added that some of Verisign’s other concerns, such as the fact that the Emergency Back-End Registry Operator is not yet up and running, are confusing given that existing TLDs don’t have EBEROs.
The report could be divided into two buckets, he said: those things related to ICANN’s operational readiness and those things related to the DNS root.
“Are these operational issues really security and stability risks, and given that we can only launch TLDs when these things are done… what’s the issue there?” he said.
On the DNS root issues, he pointed to a November 2012 report, signed by Verisign, that said the root is ready to take 1,000 new gTLDs a year or 100 a week.
So the Conspiracy Theory is wrong?
When ICANN held a webinar for new gTLD applicants earlier this week, Chehade spent an inordinate amount of time banging home the point that security and stability concerns underpin every stage of the new gTLD program’s timetable.
As this slide from his presentation (click to enlarge) illustrates, security, stability and resiliency or “SSR” is the foundation of every timing assumption.
He said during the webinar:
Nothing will trump the gTLD process, nothing, but the SSR layer. The SSR layer is paramount. It is our number one responsibility to the internet community. Nothing will be done that jeopardizes the security and stability of the internet, period.
At any time if we as a community do not believe that all relevant security and stability matters have been addressed, if we do not believe that’s the case, the program freezes, period.
There is too much riding on the DNS. Hundreds of billions of dollars of commerce. Some may say livelihoods. We will not jeopardize it, not on my watch, not during my administration.
During the webinar, I was lurking on an unofficial chat room of registries, registrars and others, where the mood at that point could be encapsulated by: “Shit, what does Chehade know that he’s not telling us?”
Most people listening to the webinar were immediately suspicious that Chehade was expecting to receive some last-minute security and stability advice and that he was preparing the ground for delay.
The Verisign report was immediately taken as confirmation that their suspicions were correct.
It seemed quite likely that ICANN knew in advance that the report was coming down the pike and was not-so-subtly readying applicants for a serious SSR discussion in Beijing a little over a week from now.
When I asked Chehade a few times whether he knew the Verisign report was coming in advance, he declined to give a straight answer.
My feeling is he probably did, though he may not have known precisely what it was going to say. The question is perhaps less relevant given what he said about its contents.
But what Chehade thinks right now is probably not the biggest concern for new gTLD applicants.
The GAC’s reaction is now critical
The Verisign document could be seen as pure GAC fodder. How the Governmental Advisory Committee reacts to the report, which was CC’d to the US Department of Commerce, is now key.
The GAC has been banging on about root system stability for years and will, in my view, lap up anything that seems to prove that it was right all along.
The GAC will raise the Verisign report with ICANN in Beijing and, if it doesn’t like what it hears, it might advise delay. GAC advice is a lot harder for ICANN’s board to ignore than a self-serving Verisign report.
What’s Verisign playing at?
So why did Verisign issue the report now? I’ve been unable to get the company on the phone at this late hour, but I’ve asked some other industry folk for their responses.
Verisign’s super-lucrative .com contract is the obvious place to start theorizing.
Even though the company has over 200 new gTLD back-end contracts — largely with dot-brand applicants — .com is its cash cow and new gTLDs are a potential threat to that business.
The company has sounded a little more aggressive — talking about enforcing its patents and refusing to comply with ICANN’s audits — since the US Department of Commerce ordered a six-year .com price freeze last November.
But Chehade would not speculate too much about Verisign’s motives.
“I can’t read why this report and why now,” Chehade said. “Especially when there’s nothing new in it. That’s not for me to figure out. It’s for me to look at this report with a critical eye and understand if there’s something we’re not addressing. If there is, and we find it, we’ll address it.”
He pointed to a flurry of phone calls and emails to his desk after the Initial Evaluation results started getting published last week for a possible reason for the report’s timing.
“I think the real change that’s happened in the last few months is that the new gTLD program is now on track and for the first time people are seeing it coming,” he said.
Competitors were more blunt.
“It’s a bloody long report,” said ARI Registry Services CEO Adrian Kinderis. “Had they put the same amount of effort into working with ICANN, we’d be a lot better off on the particular issues.”
Verisign raises .name prices
Verisign plans to add 10% to the price of a .name domain name, judging by published correspondence.
In a price list sent to ICANN last week, the maximum registry fee for a one-year registration at the second level in .name will be set at $6.60 from August 1, 2013.
It appears to be the first such price increase in .name since the current registry contract was signed back in 2007. That contract set the fee at $6, with maximum hikes of 10% a year.
The new price list (pdf) is rather extensive, also covering products such as email forwarding and .name’s rather expensive wildcard-based defensive registrations.
Links to Verisign’s current pricing for these services are currently broken, so I can’t tell right now whether they’re going up, down, or staying the same.
It’s the second price increase Verisign has announced since it lost the right to hike the registry fee for .com last year. It is also raising .net prices later this year.
Ten registrars spanked for ignoring ICANN audit
ICANN has sent breach notices to 10 domain name registrars for failing to respond to its ongoing contract compliance audit.
The 10 registrars with breach notices are: Crosscert, Mat Bao, DomainsToBeSeen.com, USA Webhost, Internet NAYANA Inc, Cheapies.com, Domainmonger.com, Lime Labs, Namevault.com, and Power Brand Center.
According to ICANN, these registrars failed to provide the requested documentation as required by their Registrar Accreditation Agreement.
The Contractual Compliance Audit Program is a proactive three-year effort to check that all registries and registrars are abiding by the terms of their agreements.
ICANN selected 317 registrars at random for the first year of the program. As of January 4, 22 had not responded to these notices.
Only registrars signed up to the 2009 version of the RAA are contractually obliged to respond.
Verisign, which was one of six gTLD registries selected to participate this year, has controversially refused to let ICANN audit .net, saying it is not obliged to do so.
While the .net contract does have some audit requirements, we understand they’re not as wide-ranging as ICANN’s audit envisages.
The 10 registrars have been given until February 1 to provide ICANN with the necessary information or risk losing their accreditations.
In major snub, Verisign refuses to let ICANN audit .net
Verisign has delivered a significant blow to ICANN’s authority by refusing to take part in its contractual compliance audit program.
The snub runs a risk of scuppering ICANN’s plans to make compliance a cornerstone of its new management’s strategy.
In a letter to ICANN’s compliance department this week, Verisign senior vice president Pat Kane said that the company has no obligation to submit to an audit of .net under its ICANN contract.
Kane wrote:
Verisign has no contractual obligations under its .net Registry Agreement with ICANN to comply with the proposed audit. Absent such express contractual obligations, Verisign will not submit itself to an audit by or at the direction of ICANN of its books and records.
The company is basically refusing to take part in ICANN’s Contractual Compliance Audit Program, a proactive three-year plan to make sure all gTLD registries and accredited registrars are sticking to their contracts.
For registries, the plan calls for ICANN to look at things like compliance with Whois, zone file access, data escrow, monthly reporting, and other policies outlined in the registry agreements.
Verisign isn’t necessarily admitting that it thinks it would not pass the .net audit, but it is sending a strong signal that it believes ICANN’s authority over it has limits.
In the program’s FAQ, ICANN admits that it does not have explicit audit rights over all contracted parties, stating:
What’s the basis for including all contracted parties, when the ‘Right to Audit’ clause isn’t present in 2001 RAA and Registry Agreements?
One of ICANN’s responsibilities is to conduct audits of its agreements in order to ensure that all contracted parties are in compliance with those agreements.
If Verisign is refusing to participate, other registries may decide they don’t want to cooperate either. That wouldn’t look good for ICANN, which has made compliance a key strategic priority.
When Fadi Chehade started as CEO last September, one of his first moves was to promote compliance boss Maguy Serad to vice president, reporting directly to him.
He told DI that he would be “bringing a lot more weight and a lot more independent management from my office to the compliance function”.
At his inaugural address to the community in Prague last June, he spoke of how he planned to bring IBM-style contract management prowess to ICANN.
Compliance is also a frequently raised concern of the Governmental Advisory Committee (though generally geared toward rogue registrars rather than registries).
Surprise! Verisign to increase .net fees
Verisign has just announced that it will increase its .net registry fee by 10% next year.
The changes, which will become effective July 1, 2013, see the charge for a one-year registration increase from $5.11 to $5.62.
The increase, which is permitted under Verisign’s contract with ICANN, was inevitable given the fact that the company has just lost the right to increase .com prices.
US Department of Commerce intervention in .com means that prices there are frozen for the next six years, so Verisign can be relied upon to seize every alternative growth opportunity available to it.
The last time .net’s fee was increased was January 2012, when it went up by 10% to the current $5.11.
Verisign’s IDN gTLDs “could increase phishing” say Asian registries
It’s a bad day for Verisign.
As the company pins its growth hopes partially on its applications for IDN gTLDs — in the wake of losing its price-raising powers over .com — ccTLD registries from Asia-Pacific have raised serious concerns about its bids.
The Asia Pacific Top Level Domain Association says that many of its members reckon the proposed IDN transliterations of .com “could give rise to an increased risk of phishing and other malicious abuses”.
Verisign has applied for a dozen transliterations of .com and .net in scripts such as Hebrew, Cyrillic and Arabic. The strings themselves are meaningless, but they sound like “com” and “net”.
It’s for this reason that APTLD reckons they could cause problems. In an October 1 letter to ICANN, published today, the organization said:
In addition to the potential for user confusion, some [Working Group] members also noted that the creation of transliterated TLDs, without the development of adequate registration and eligibility polices and procedures, could give rise to an increased risk of phishing and other malicious abuses of the new spaces.
…
The WG notes that this potential problem manifests itself at the second level, and is not unique to tranlisterated TLDs, but would argue that the very nature of these TLDs, and their close similarity to existing TLDs, makes them particularly high-risk targets.
The letter does not single out Verisign, and does not represent a consensus APTLD view.
There are also worries among APTLD members about the application for .thai in Latin script, which could clash with Thailand’s IDN ccTLD, and various translations of “.site”.
APTLD notes that the new gTLD evaluation process only contains checks for visual similarity between TLDs.
The only way to block an application based on phonetic confusion is to file a String Confusion Objection, but the only entity eligible to object to Verisign’s applications is Verisign itself.
Winners and losers in the new .com pricing regime
Today’s shock news that Verisign will be subject to a .com price freeze for the next six years will have broad implications.
The US Department of Commerce has told the company it will have to continue to sell .coms at $7.85 wholesale until 2018, barring exceptional circumstances.
Here’s my initial take on the winners and losers of this new arrangement.
Domain investors
Volume .com registrants are of course the big winners here. A couple of dollars a year for a single .com is pretty insignificant, but when you own tens or hundreds of thousands of names…
Mike Berkens of Most Wanted Domains calculated that he’s saved $170,000 $400,000 over the lifetime of the new .com deal, and he reckons fellow domainer Mike Mann will have saved closer to $800,000 $2 million.
Brand owners
The other big constituency of volume registrants are the brand owners who spend tens or hundreds of thousands of dollars a year maintaining defensive registrations — mostly in .com — that they don’t need.
Microsoft, for example, owns over 91,000 domain names, according to DomainTools. I’d hazard a guess that most of those are defensive and that most are in .com.
Registries
There’s potentially trouble on the horizon for new gTLD applicants and existing registry operators. Verisign is looking for new ways to grow, and it’s identified its patent portfolio as an under-exploited revenue stream.
The company says it has over 200 patents either granted or pending, so its pool of potential licensees could be quite large.
Its US portfolio includes patents such as 7,774,432, “Registering and using multilingual domain names”, which appear to be quite broad.
Verisign also owns a bunch of patents related to its security business, so companies in that field may also be targeted.
Registrars
Verisign’s registrars will no longer have to pass their cost increases on to consumers every year.
While this may help with renewal rates, it also means registrars won’t be able to sneak in their own margin increases whenever Verisign ups its annual fees.
IDN buyers
Another area Verisign plans to grow is in internationalized domain names, where it’s applied to ICANN for about a dozen non-Latin variants of .com and .net.
Those registry deals, assuming they’re approved by ICANN, will not be governed by the .com pricing restrictions. Now that Verisign’s growth is getting squeezed, we might expect higher prices for IDN .com variants.
ICANN
ICANN may have suffered a small reputational hit today, with Commerce demonstrating it has the balls to do what ICANN failed to do six years ago, but money-wise it’s doing okay.
The new .com contract changes the way Verisign pays ICANN fees, and Commerce does not appear to have made any changes to that structure. ICANN still stands to get about $8 million a year more from the deal.
The Department of Commerce
Unless you’re a Verisign shareholder, Commerce comes out of this deal looking pretty good. It played hard-ball and seems to have won a lot of credibility points as a result.
Verisign loses right to increase .com prices
Verisign has sensationally lost the right to increase .com prices under a new deal struck with the US Department of Commerce.
In a statement to the markets just now, the company announced that the .com contract approved by ICANN earlier this year has now also been approved by Commerce, but with no more price increases:
Verisign’s current pricing of $7.85 per domain name registration will continue for the six-year term of the Agreement. Second, Verisign no longer has the right to four price increases of up to seven percent over the six-year term.
The company will only be able to increase prices with prior Commerce approval in response to “extraordinary” circumstances such as a security problem, or when the competitive landscape changes.
For example, if .com loses its “market power”, pricing restrictions could be lifted entirely, subject to Commerce approval.
Similarly, if ICANN approves a Consensus Policy that changes Verisign’s cost structure, the company could apply for price-increasing powers.
The deal is a huge blow for Verisign’s shareholders, wiping tens — potentially hundreds — of millions of dollars from the company’s top line over the coming six years.
Its share price is sure to nose-dive today. It’s already trading down 15% before the New York markets open.
It’s also an embarrassment to ICANN, which seems to have demonstrated that it’s less capable of looking after the interests of registrants than the US government.
That said, the new contract appears to have kept ICANN’s new fee structure, meaning the organization will be about $8 million a year richer than before.
In a Securities and Exchange Commission filing, Verisign said the new pricing provisions came in Amendment 32 to its Cooperative Agreement with Commerce:
Amendment 32 provides that the Maximum Price (as defined in the 2012 .com Registry Agreement) of a .com domain name shall not exceed $7.85 for the term of the 2012 .com Registry Agreement, except that the Company is entitled to increase the Maximum Price of a .com domain name due to the imposition of any new Consensus Policy or documented extraordinary expense resulting from an attack or threat of attack on the Security or Stability of the DNS as described in the 2012 .com Registry Agreement, provided that the Company may not exercise such right unless the DOC provides prior written approval that the exercise of such right will serve the public interest, such approval not to be unreasonably withheld. Amendment 32 further provides that the Company shall be entitled at any time during the term of the 2012 . com Registry Agreement to seek to remove the pricing restrictions contained in the 2012 .com Registry Agreement if the Company demonstrates to the DOC that market conditions no longer warrant pricing restrictions in the 2012 .com Registry Agreement, as determined by the DOC. Amendment 32 also provides that the DOC’s approval of the 2012 .com Registry Agreement is not intended to confer federal antitrust immunity on the Company with respect to the 2012 .com Registry Agreement and extends the term of the Cooperative Agreement through November 30, 2018.
On a conference call with analysts, Verisign CEO Jim Bidzos said that the deal was in the best interests of the company. It still gives the company the presumptive right for renewal, he said.
Growth, he said, will come in future from an expansion of its .com installed base, new IDN gTLD variants, and providing back-end registry services to other new gTLDs.
“We’re still a growth company,” he said.
“We have a patent portfolio we haven’t really exploited,” he said, referring to about 200 patents granted and pending. “We think there’s a revenue opportunity there.”
Larry Strickling, assistant secretary at Commerce, said in a statement:
Consumers will benefit from Verisign’s removal of the automatic price increases. At the same time, the agreement protects the security and stability of the Internet by allowing Verisign to take cost-based price increases where justified.
The full Amendment 32 is posted here.
Recent Comments