Home / Blogs

A Mexican Standoff in Wonderland

Internet governance stakeholders need to do their job—and end strategic impasse in the DNS.

Wikipedia defines a Mexican standoff as “a confrontation in which no strategy exists that allows any party to achieve victory. As a result, all participants need to maintain the strategic tension, which remains unresolved until some outside event makes it possible to resolve it.” This would be an apt way to describe what may be possibly occurring presently between the Internet Corporation for Assigned Names and Numbers (ICANN) and its largest ratepayer, VeriSign.

Understanding any potential strategic stalemate requires stakeholders to ask two questions:

First, when will the auction for O.COM be announced? VeriSign’s proposed Registry Service Extension Proposal, or RSEP, was approved in March and the necessary conforming language has been incorporated into the .COM registry agreement (RA) as Amendment 2. In fact, enough time has passed that Amendment 2 has, itself, been amended in order to redact the list of non-profit organizations that have been anointed to receive the auction proceeds.

If stakeholders were doing their job then one or two courageous stalwarts might be found to be inquiring why the identity of these non-profit organizations are being kept secret—and how does this opacity serve the public interest? Heck, at this point, a few conspiracy-theorizing crackpots sporting tinfoil chapeaus would be preferable to deafening silence of the sort that makes one wonder whether it is caused by complicity or cowardice. That the list of organizations selected to receive the auction vig is redacted—and the fact that this has been met with a chorus of crickets—speaks volumes and is truly “Exhibit A” of the whole single-character domain name dumpster fire. (See the full and un-redacted version here.)

Secondly, stakeholders should be asking when VeriSign and ICANN will conclude their negotiations on Amendment 3 to the .COM registry agreement and put the draft text out for public comment. Amendment 3, of course, will be the conforming language that is still required to align the .COM registry agreement with Amendment 35 to the Cooperative Agreement that was agreed to by the National Telecommunications and Information Administration (NTIA) and VeriSign in late October of last year.

An Amendment 3 to the RA is necessary because of Amendment 1, which was made effective in 2016 as part of the package of agreements and accountability reforms that effectuated the IANA transition and whereby the U.S. Government absented itself from its historical role as the guarantor of the Internet’s DNS. In this case, Amendment 1 was done in conjunction with the then-new Root Zone Maintenance Agreement (RZMA) between ICANN and VeriSign—which, by the way, also remunerates VeriSign for providing root zone maintenance services that were previously provided as a public service—and extends the term of the .COM registry agreement until 2024, when both agreements expire and will need to be renewed.

Ostensibly, this was done for the security and stability of the Internet, but the .COM registry agreement, like all registry agreements, has a presumptive right of renewal. So, if there is no real likelihood that VeriSign will lose its cash cow concession any time soon, and therefore, it is improbable that operation of the .COM registry and performance of root zone maintenance functions will be bifurcated between different entities, then why was the registry agreement extended in 2016?

The answer to that $73 million question is tucked neatly into Section 1(b) of the First Amendment to .COM Registry Agreement, which states (emphasis added):

”(b) Section 7.3(d)(i) of the Agreement is hereby deleted and replaced in its entirety by the following new Section 7.3(d)(i):

‘(i) from the Effective Date through November 30, 2024, US $7.85;’”


Now, one begins to see that events are transpiring on the other side of Alice’s looking-glass as the curtain comes up on Kabuki in Wonderland.

The recent negotiations pertaining to amending the .ORG RA left a lot to be desired in terms of good governance—but ICANN demonstrated clearly that it knows how to make a deal. During the negotiation process, PIR sought the removal of pricing restrictions that have existed as a consumer protection mechanism since the very first registry agreement in 1999, which also included .COM and .NET. In exchange, ICANN countered by proposing the addition of intellectual property rights protection mechanisms and anti-abuse provisions that are similar or identical to requirements imposed upon new gTLDs even though they lack the scale and recurring revenue enjoyed by a legacy gTLD such as .ORG—or, for that matter, .COM and .NET.

As an aside, to help illustrate what this means, consider what would have happened if the European Union had enacted the General Data Privacy Regulation (GDPR) and exempted Facebook, Google and other established market leader from complying with its requirements while subjecting start-ups to its provisions for twenty-plus years and then decided that—maybe, just maybe—it’s a good idea to require the platforms with the largest populations of users and, therefore, personal information to implement the same burden of compliance which every other competitor is subjected to. If you think this scenario sounds preposterous, then welcome to Wonderland.

This author, along with others, has noted the appalling disregard exhibited by ICANN during this amendment process to the views of stakeholders—more than 3,000 of whom voiced opposition to the removal of price caps during the requisite public comment period, compared to only six in support. However, by securing the inclusion of community-designed public interest safeguards in exchange for a benefit sought by the registry operator, ICANN exhibited a passable grasp of Negotiation 101.

Add to this Amendment 1 which—considering the absence of any pressing need for extending an RA that includes a so-called presumptive right of renewal—is looking increasingly like a clever-to-the-point-of-insidious trap laid by ICANN for its largest ratepayer. Given all that can be known without being a fly on the wall during tete-a-tete’s between ICANN and VeriSign, the responsible thing to do is to assume that ICANN knows how to make a deal and the safest bet as to what is driving all of this is the same answer that Willie Sutton gave when asked why he robbed banks: because that’s where the money is.

Practically speaking, what does this mean? On July 25th, VeriSign will release earnings for the quarter that ended on June 30th and will have to face financial analysts in an earnings call—and, as they say, inquiring minds want to know. That’s because beginning in a little more than five months—on January 1st, 2020—VeriSign has approval from NTIA to raise, for the first time since 2012, the annual wholesale registration price for a .COM domain name by up to 7%, or about $0.55, which translates to around $73 million in annual revenue. Partly in anticipation of this windfall—most or all of which will be profit—the company’s stock price has increased 50% since the beginning of the year. There is just one itsy-bitsy, teeny-weeny, polka-dotted ICANN meanie standing between the company and redemption.

Under these circumstances, who has all the leverage—along with a recently reported $23 million loss last year? To paraphrase Scooby-Doo: ruh-roh!

This author has repeatedly tried to warn stakeholders—beginning with comments submitted to NTIA in July 2018—by pointing out that a “special development fund” has been included in the .NET RA since 2006 that requires VeriSign to remit to ICANN an extra $0.75—on top of the standard $0.25 paid by all registries—for every registered .NET domain name. Doing the math, this works out to be around $67 million over the six-year life of a registry agreement, or more than $145 million in unaccountable cash remitted to ICANN since 2006.

The .COM registry contains around nine times the number of registered domain names as .NET and that sort of scale means that ICANN can close its budget gap and have plenty left over for a whole host of new and improved shenanigans with a much smaller remittance per domain name—perhaps a mere $0.25, which would be a little less than half of the maximum price increase approved by NTIA for 2020 but still would result in around $33 million in additional—and annually recurring—slushy funds for ICANN. Based upon even a cursory reading of past history, one can reasonably surmise that this is a non-starter for the company—as it should be for every single stakeholder of the DNS.

This also offers a possible partial explanation as to why the O.COM auction has not been announced. VeriSign is set to earn $7.85 from a process that is certain to generate much more cash. But why would the company move forward with an auction that benefits ICANN, even if indirectly, while the non-profit organization is channeling the outlaw Jessie James by trying to commit highway robbery? Hence, the Mexican standoff in Wonderland and strategic standstill.

What VeriSign ought to do is tell ICANN to go to hell—the organization has mismanaged the resources it has already been given, and this doesn’t warrant the provision of additional funds, nor is it VeriSign’s job to bail ICANN out. Expediency doesn’t work here because if this is permitted to occur, then where does it end? The road to hell is paved with good intentions and, if the DNS is ending up there anyway, then it is preferable to see VeriSign hold the line and return the value to their shareholders than remit it to the fiscally irresponsible, corrupt, and corrupting organization that currently has a death grip on the root of the Internet. (Disclosure: I do not own any VeriSign stock—a situation that, considering the current stock price, I deeply regret).

The seemingly simplest way to remedy this situation is for VeriSign to follow through on the commitment it made in a February 2013 earnings call with financial analysts and investors. During that call there was the following exchange between J.P. Morgan’s Sterling P. Auty and VeriSign’s Pat Kane, pulled from the transcript:

Sterling P. Auty - JP Morgan Chase & Co, Research Division: Just a quick follow-up on that line of conversation. Pat, you mentioned, to protect trademarks and the IDNs, that may take longer. I guess it was our understanding that there was that period of time that the trademark clearinghouse was supposed to do that. Are you saying that you’re doing something above and beyond what the trademark clearinghouse is doing?

Patrick S. Kane: Yes. Essentially I haven’t said that we’re doing something different, and because what we’re doing—we may have talked about this in previous calls, but the idea of applying for the transliterations of .com and .net, one of the benefits of that was to protect the applicant—or protect the registrant that has invested in .com today. So if there’s a transliteration of .com in Chinese, what we have proposed to do is to make certain that only the registrant that is—or if the registrant has already registered in .com, that they’re the only one that has the opportunity to register that domain name in the transliterated version for Chinese or for Hangul or for whatever TLD that we’ve operated. So that’s something that’s unique to what we’re doing within our applications. And so that’s an additional protection for intellectual property and trademarks.

Or, that was re-iterated in a July 12, 2013 blog post detailing plans for Internationalized Domain Name(IDN) implementation:

“Use Case No. 2: John Doe does not have a registration for an IDN.com second-level domain name. John Doe registers a second-level domain name in our Thai transliteration of .com but in no other TLD. That second-level domain name will be unavailable in all other transliterations of .com IDN TLDs and in the .com registry unless and until John Doe (and only John Doe) registers it in another .com IDN TLD or in the .com registry.”

This blog was posted a day after the company sent a letter to ICANN, making the same commitment and using the exact same language. Which brings us to the third question that stakeholders would be asking if they were doing their job: what other motive would VeriSign—an otherwise rational actor—possibly have for engaging in such Kabuki when the most money they stand to make at the end of this auction process—regardless of who is the eventual registrant and who is the beneficiary of auction largesse—is $7.85?

But, there’s something blocking VeriSign’s ability to live up to its commitment: a one-eyed, one-horned, flying purple profit-eater named ICANN.

Untangling this part of the plot requires a brief look at history. In 1993, the reservation of single-character domain names was undertaken by Jon Postel using the only feasible means available and, in any event, what would have occurred naturally to the man who was IANA—he registered them. It wasn’t until 1999 when the first registry agreement would make available another method of reserving domain names—by contract.

Section 3(C)(iii) of the 1999 registry agreement stated:

(iii) reservation of SLD names that may not be registered initially or that may not be renewed due to reasons reasonably related to (a) avoidance of confusion among or misleading of users, (b) intellectual property, or (c) the technical management of the DNS or the Internet (e.g., “example.com” and single-letter/digit names);

At this point, registration was no longer necessary for reservation. That’s because in order to comply with the contractual obligation, the registry operator would be required to deny any aspiring registrant while still being permitted to renew—and, importantly, to transfer—existing registrations of “single-letter/digit” domain names in the .COM registry. This is how, for example, Elon Musk was able to acquire X.COM—not once, but twice. Yet ICANN did not delete its registration of SCDNs—at which point they would have ceased to exist, and the registry operator would have been contractually prohibited from registering them to a new registrant. Instead, it has held onto them for 20 years—until now. Why?

The wisdom of Willie Sutton likely answers that question: because that’s where the money is. Cash in sufficient quantity to entice ICANN to disregard the recommendations of its own Intellectual Property and Business Constituencies to require VeriSign to subject the release of O.COM to community-developed RPMs—the same RPMs that it recently has negotiated into the .ORG registry agreement. Implementation of VeriSign’s commitment along with Trademark Clearinghouse protections including Sunrise and Priority Access periods might result in some of the single-character domain names being acquired at or near the wholesale price for a .COM domain name registration. But why would VeriSign care if this occurs when the most they stand to receive—under any circumstances—is $7.85?

The answer is overwhelmingly simple: they don’t. But ICANN certainly does and every single stakeholder of the DNS should be vigorously and loudly questioning this state of affairs. In short, playtime is over, and stakeholders need to do their job by stepping in and ending the stand-off—the future of the Internet hangs in the balance.

And with that, let’s get on with the show.

By Greg Thomas, Founder of DNSDecrypt

Greg Thomas is founder of DNSDecrypt and author of How to Save the Internet in Three Simple Steps: The Netizen’s Guide to Reboot the Root. The views expressed in this article are solely those of Greg Thomas and and are not made on behalf of or for any other individual or organization.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC