Listening today to the U.S. Congress' House of Representatives Subcommittee on Communications and Technology hearing on ICANN governance reminded me just how often Vox Populi Registry, the company bringing dotSucks names to the Internet, is a guest at parties to which it has never been invited. Sometimes, like today, we are able to view it all from a distance and mostly we have refrained from trying to correct every misstatement or argue each odd point. more
It is pretty common knowledge now that domain name growth started to drop around two years ago and is falling still. At this rate there is every chance that TLDs that have only ever seen growth will start to see a decline sometime in the next few years. What follows is a theory on where that growth has gone. It is widely stated that the greater choice provided by hundreds of new gTLDs means that demand is dissipating across them and that's where the growth has gone. more
Yesterday, egregious financial truth-tellers (a client of ours at easyDNS) ZeroHedge broke the news that parties unknown, engineered what looks to be a textbook "pump-and-dump" on Twitter's stock by putting up a fake "Bloomberg Financial News" site on the domain bloomberg.market and proceeded to run a story on it about Twitter being acquired. The story spread and shares of Twitter stock promptly spiked on volume, Twitter finishing the day on nearly double the average daily volume. more
This week in Singapore, important decisions are being made about the future of the Internet at the Internet Corporation for Assigned Names and Numbers (ICANN) 52 conference. At stake are fundamental questions: Should the American people surrender stewardship over core technical functions that have preserved the open and neutral operation of the Internet since its inception? Should the Obama Administration cede this authority to an organization many consider to be non-transparent, unaccountable and insular? more
There has been a lot of criticism about the worthiness of DNSSEC. Low adoption rates and resistance and reluctance by Registrars to take on the perceived burden of signing domains and passing-on cryptographic material are at the crux of the criticism. I'm a believer in DNSSEC as a unique and worthwhile security protocol and as a new platform for innovation. It's the reason I've long advocated for and continue to work toward a new model of DNSSEC provisioning. more
We, domain name and Trademark professionals, think end-users know about domain names. The truth is that few of them have ever heard of what a domain name is and worth; very few have heard about new descriptive domain names so I asked a Club manager my questions... Representatives of a famous French sports club were there and I bumped into them to ask my question: "any plan to change to a .club domain name?" more
The following is the easyDNS response to ICANN's public comment period on GNSO Privacy & Proxy Services Accreditation Issues Working Group Initial Report. The public comment period is open until July 7, 2015. We strongly urge you to make your voice known by signing the petition over at Save Domain Privacy. I submit these comments as a CEO of an ICANN accredited registrar, a former director to CIRA and a lifelong anti spam contributor with an unblemished record of running a managed DNS provider that maintains zero tolerance for net abuse or cybercrime... more
The 30-day .BANK Sunrise Period just concluded this week and is notable for several reasons. The .BANK TLD is highly restricted to members of the banking industry. The .BANK Registry (which also has rights to .INSURANCE, launching this fall), was founded by 24 companies and organizations from the banking and insurance industries, The Registry's founders include industry leaders such as the American Banking Association, Citigroup, Dollar Bank, Independent Community Bankers of America, JPMorgan, Visa and Wells Fargo. more
Until the launch of the New gTLD Program, TLD launches were relatively straightforward. They generally consisted of a Sunrise Period, a Landrush Phase, and then General Availability. We would see the occasional Grandfather Phase or "Founders" program, but all in all, launches were pretty standard and straightforward. Things started to change with the launch of the new gTLD program. more
More than six hundred brands have applied for their own dotBrand (a new top level domain associated with a trademarked brand). These represent every segment of our economy: banks, tech companies, media, food, luxury goods, etc. Quite a few dotbrands have already gone live. The current application period is closed, but the next round will likely begin in 24 months or so. more
DNSSEC is a mechanism where clients can verify the authenticity of the answers they receive from servers. There are two sides here. The server must supply signed answers, and the client must verify the signatures on those answers. The validation/verification side is widely implemented, but there are very few signed zones... However, if no one signs their zones, those validating resolvers don't have many signatures to check. more
Universal Acceptance is the topic of the moment, explained in one simple sentence: in the new gTLD world, it means that various groups (the DNS, ICANN and a few others) are working hard to make new domain names better accepted by the existing technical Internet infrastructure. A video extracted from the "ICANN 52" meeting explains it in 50 slides but I suggest a pause on slide 17, because it shows where the issues are and what remains to be fixed to give the ultimate answer to that question. more
Recently there have been a number of news reports/articles that are incorrect or misleading in interpreting China's domain name management policy. James has posted an article aiming to clarify what is going to in China's domain name market. Considering the potential negative impact of those reports on the participants of this market, I supplement James's post by pointing out three things, which I believe critical for any TLD registries that hope to have a better understand of China's domain name regulation and the special action based on it. more
RHEL6/Centos6 (and presumably RHEL7/Centos7) machines with the latest openssl packages now refuse SSL connections with DH keys shorter than 768 bits. Consider RHEL6 sendmail operating as a client, sending mail out to a target server. If the target server advertises STARTTLS, sendmail will try to negotiate a secure connection. This negotiation uses openssl, which will now refuse to connect to mail servers that have 512 bit DH keys. The maillog will contain entries with "reject=403 4.7.0 TLS handshake failed". more
Not so long ago, the notion of introducing laws and other regulatory responses to address cyber security issues was regarded with significant hesitation by governments and policy makers. To some extent, this hesitation may well have stemmed from a general perception by those who do not work directly in the field that the world of cyber security is somewhat of a 'dark art'. More recently, however, there has been a substantial shift in this attitude, with proposals to regulate a range of cyber security related matters becoming increasingly numerous. more