Home / Blogs

Who is Keeping TAS Down?

Today, Friday April 27, ICANN had promised an update on the problems that led to its TLD Registration System (TAS) being taken offline on April 12.

As the working day ends in Europe, that update has yet to come. Even if it does, I would not expect anything more concrete than the “we are still working on the issue, thanks for your patience” message of recent days.

So what’s really going on here? Does anyone at ICANN seriously expect us to believe that the tech team is “still reviewing the TAS data and checking the integrity of each and every application”?

TAS is a purpose-built system designed to allow users to input data in simple text format. It doesn’t really do much more. It’s not rocket science. It’s far simpler than the systems that control, say, air traffic in the US. Yet if those systems went offline (and I understand there are frequent problems with what is basically an ad-hoc mix of antiques), you can bet it wouldn’t take much more than a few hours to get them back up. No-one would expect the US to grind to a halt for a month because its air traffic computer experts are taking their time “carefully reviewing all the data”...

So who can we blame? The obvious candidate is ICANN CEO Rod Beckstrom. But can this really be his doing? Although he is no doubt bitter about the Board not renewing his employment contract beyond July, I just do not see him scuppering the ship this badly.

True, some of his recent comments have felt a little too anti-ICANN to me. His speech at the Costa Rica meeting opening ceremony against industry knowledge on the Board for example. And if anything, the TAS glitch only serves to highlight the need for a balanced Board, with both non-industry and industry experts.

I mean, who isn’t thankful that we have Steve Crocker as ICANN Chair at the moment? Having one of the creators of the Internet at the helm is reassuring at the best of times. Right now, it feels like a godsend. And the Board Vice Chair Bruce Tonkin, a domain industry insider, has proven invaluable over the years as an anchor for a Board that didn’t always have the full facts on domain name practices.

Right now, because of this problem, I actually wish we had more industry insiders and computer experts on the Board to act as counterweights to an existing ICANN management that is clearly letting this problem go on too long. And making it harder and harder for anyone to believe the official ICANN line on TAS.

If something else really is happening here, then the real question we should all be asking ourselves is not “when will TAS go back up?”, but “who is keeping TAS down?”

That is a question I’d like to ask Beckstrom. He’s been unusually quiet since the start of this debacle, but I just cannot see how he can avoid speaking publicly on this for much longer. Until he does, all we have is conjecture. The US government, Doctor Evil, extremely well organised lobbyists, little green men…? At this point, I think I’d actually prefer it to be the Martians’ fault. Because if TAS really is being held up this long to do some data checking, then I fear ICANN may never be taken seriously again.

By Stéphane Van Gelder, Consultant

Filed Under


"Today, Friday April 27, ICANN had promised an update" John Berryhill  –  Apr 27, 2012 7:33 PM

Awww…. keep your culottes on, Stephane, it’s not even the end of lunchtime on the 27th in California.

But, as predicted, the update had zero Stephane Bortzmeyer  –  Apr 29, 2012 4:43 PM

But, as predicted, the update had zero content http://newgtlds.icann.org/en/announcements-and-media/announcement-27apr12-en As an engineer, I always feel on the side of the people in the trenches fighting to get things back on line, when other people stay inactive and comment. But, here, this is incredibly long and I cannot remember a security breach in any computer system which took so long to be analyzed and repaired.

"As an engineer" John Berryhill  –  Apr 29, 2012 5:49 PM

I'm not sure what you mean to imply by "as an engineer" when addressing another engineer, unless you believe you are the only one, but perhaps you missed this part: "To do that, we are reviewing internal system logs and full packet-level capture of all traffic to and from the application system from 12 January through 12 April." Do tell of your experience in reviewing "full packet level capture of all traffic to and from" a thousand user system over a four month period. It suggests they are doing a complete recapitulation of system behavior over that period to know with certainty what may have been visible to any user. That's very different from "finding a hole and patching it". It is an extraordinary undertaking.

John, to your point about ICANN doing Stéphane Van Gelder  –  Apr 30, 2012 10:47 AM

John, to your point about ICANN doing a complete check of the system since it went online, you are right, that is an extraordinary undertaking. I think the point that I, Stéphane and others are making is that crisis management is also about knowing when to stop checking and to start getting the system back on line. Systems could be checked for years and no-one could tell the engineers they weren't doing their jobs by wanting to be thorough. Which is why this also takes strong management to decide, at some point, to cut to the chase and just turn things back on. The time being spent on this would be easier to understand if we were talking some vital system where a glitch could result in loss of life. But that's hardly the case here. So my argument is that by taking so long, ICANN is doing itself a great disservice by appearing inept to the outside world. And that's a pity for everyone, us included, who have put in so much of their time and effort into this great governance model for the Internet that ICANN is.

"when to stop checking and to start getting the system back on line" John Berryhill  –  Apr 30, 2012 2:04 PM

I agree that is a management decision. The thing is, when the applications are revealed, the first question among many people with contending strings is going to be, "Did the other applicant base their string decision on having seen a file name or user name which would have informed them of my string?" A related question would be, "Did the other applicant have another string, saw that it was a contender through that mechanism, and then switch and become a contender with me?" It's inevitable that there will be those kinds of suspicions. So, you have a choice between two scenarios (assuming ICANN can actually simulate the entire run of the TAS from the data they have): The day after reveal, applicants for contending strings are beating on ICANN's door demanding to know whether Applicant X could have seen a username or file name revealing TLD Y. It is a better situation in that event for ICANN to be able to rule out Applicant X having potentially seen that user name or file name, than ICANN only being able to say, "We don't know." There is more breathing room to recapitulate the I/O stream now, then there would be under the pressure of two Applicants for ".obscure" pointing fingers at each other and ICANN. The political tensions at ICANN have always been interesting, but we all know that once the world has crystallized into dualities of "TLD applicants / non-applicants"; "contending strings / non-contending strings"; "brands who applied / brands who didn't"; then the ordinary polarizing forces within ICANN will be more intense, and there will be de-alignment and re-alignment of various actors even within interest groups. In other words, the post-reveal environment is going to be more volatile than it is now, even with the delay. IMHO, ICANN would do well to have a complete picture of TAS I/O operations prior to the reveal, to avoid being dragged into someone else's bar fight. I'm willing to bet that the incidence of inadvertent label display was low. But it's the unknown scope of it that would be a nagging problem going forward, and the only way to avoid that is to nail down the scope with precision. If we want to talk about being uncommunicative, ICANN is not the only player here. Has a single TLD applicant come forward and said "we saw something" or "we didn't see something". These applicants, after all, are applying to be registries. Is the general silence among the applicants themselves indicative of what we may expect from each and all of them after they are entrusted with TLD delegations?

Well, it does not look like the Volker Greimann  –  Apr 30, 2012 12:31 PM

Well, it does not look like the window will reopen anytime soon:


That is a possible reveal at least two months behind schedule, and they are not even willing to commit to that.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign


Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign