Archive for July, 2010

A DeLorean, 88 Miles an Hour and a Fully-Charged Flux Capacitor…

Monday, July 12th, 2010

By Tony Kirsch

For a brief moment last week, I thought my days spent dreaming of hover-boards, flying cars and Biff’s elusive Sports Almanac were finally over. From reports circulating online, we had finally reached “Back to the Future Day”.

Those movie buffs out there will know exactly what I’m referring to. It’s the day Doc Brown and Marty McFly pumped their DeLorean up to 88 miles per hour and flew into the future in search of, well I’m not quite sure what… But it was cool whatever it was.

BTTF

Being a guy that has long held a vision of cruising down to my local store decked out in a fluoro hat, self-drying bomber jacket and electric Nikes, it quickly came to me that Back to the Future day was, in fact, October 21, 2015. Great Scott! They had me going there for a second…

But it got me thinking. What would the Domain Name world look like if that crazy cat Doc Brown swung past in his DeLorean, with a fully-charged flux capacitor and a return ticket to October 21st 2015?

Well, you’ll never believe it…I put in a call to into an old Science camp buddy and he was able to get onto the Doc, pull him out of retirement and convince him to fire up the DeLorean, one last time, all for the greater good of the Domain Name industry.

Although I’ve kept a little secret or two to myself (like next week’s lottery numbers), below is a brief insight into what 2015 looks like for the industry:

• The new gTLD program has well and truly taken hold. Following the approval of the final version of the Applicant Guidebook at ICANN 39 in Cartegena, the 45 day registration period in early 2011 drew a massive 865 applications, including a range of generics, corporate, brand and geographic TLDs.

• 526 of those applications made it through to approval and launched. The auction process for generic TLDs created a word-wide buzz with the highlight being the 12 parties that entered into a bidding war for .web, which achieved a whopping $53 million price tag. The total revenue from the auction process was a staggering $437 million. Though much of this windfall was used to support a range of development initiatives around the globe, eyebrows were certainly raised when ICANN decided to purchase their own Airbus A380 (affectionately known as The Flying Starfish). This was deemed to be a cheaper option than sending their 430 staff to each meeting on commercial airlines, and it also solved the problem that it was becoming increasingly difficult to get to ICANN meetings as ICANN themselves had booked out all the flights. This problem came to a head at the October 2012 meeting in Vladivostok, where staff outnumbered participants.

• The kerfuffle about vertical integration is long forgotten. The Board finally lost patience with the GNSO in late 2010 and decided to allow full, unfettered integration between Registries and Registrars. Dozens of registries are creating and retailing generic TLDs with a range of innovative business models and with no detectable harm whatsoever to consumers. On the contrary, consumers and businesses now have a whole world of choice about how they construct their online identities. The massive increase in contracted parties however rendered the GNSO even more unwieldy and dysfunctional, and has led to yet another restructuring, which is taking some years to work out.

• In 2015 the definition of success for a namespace is no longer based purely on registration numbers. Registries have adopted “left of the dot” thinking to create portals that bind tribes of people together from across the globe. A focus on utility seems to have won over the more simplistic measure of volume.

• Those organisations that chose to utilise the full potential of ‘dot Brand’ TLDs and have built a strategy for implementation are reaping the benefits of leading the pack. Many industry watchers were aghast to discover that Facebook had chosen to pass up the opportunity, especially when they saw MySpace reinvent itself under the .myspace TLD, attracting more than 7 million registrants in their first 18 months of operation.

• The search market is no longer as all-powerful as it is back in 2010. The creation of ‘dot Brand’ TLDS has finally pulled users away from the clutter of search engines and back to direct navigation in its traditional and intuitive form. Marketers around the world are enjoying unheard of rates of recall and message efficiency.

• .xxx is still yet to see the light of day, despite being approved by the ICANN Board in late 2010, much to the delight of most of the adult entertainment industry. Meanwhile .sex and .porn are proving successful, even though a number of governments have blocked access to them.

• Linguistic communities across the world have followed the example of .cat and now hold a firm slice of the internet, while IDN TLDs have also been particularly successful. The Chinese language versions of .com and .org are both now well-established, with over 40 million registered names between them, happily co-existing in both Simplified and Traditional scripts. The .china IDN ccTLDs have helped to consign .cn to now almost complete irrelevancy.

• Also on the IDN front, the new IDNA2012 protocol included a number of new scripts and characters including Wing Dings and Vulcan that have caused great excitement in certain sectors of the ‘technical’ community. The inclusion of a number of additional punctuation marks as valid IDN characters also saw Yahoo! finally secure their domain name, including the exclamation mark.

• Many smaller and especially newer ccTLDs have struggled to maintain their relevance in the new Domain Name landscape having missed the window of opportunity to establish themselves before the release of the new gTLDs.

• Interestingly, the future of .tv is now in question, with the last inhabitants of the islands of Tuvalu moving to their new homes in Australia and New Zealand in late 2014 as the rising ocean engulfs the remaining dry land, and the United Nations considers what to do with a country that physically no longer exists.

But what of .com, I hear you ask? Well it’s still around and going strong, but has seen a steady decline in new registration volumes since the new gTLD program launched. A study released in late 2014 highlighted an increasing percentage of .com domains that were simply redirecting to new gTLDs.

And finally, AusRegistry International has continued to create the benchmark for ICANN meeting marketing with their wildly successful campaign involving personalised ‘TLD hover-boards’, unveiled at the March 2015 conference in Nuuk, Greenland.

So there we are, a little insight into what our world will look like when the real Back to the Future Day swings around in a little over 5 years time. While there was no reference to flying cars or talking microwaves, my time with the Doc opened my eyes to the exciting future of an industry that is driving innovation in the world’s largest media channel. I for one can’t wait to be a part of it.

Oh and according to page 286 of Gray’s Sports Almanac, 2010 is the year of Cadel Evans who finally holds on through the mountain stages to claim his first Tour de France.

DNSSEC is but one link in the security chain

Monday, July 12th, 2010

By Chris Wright

As the implementation of DNSSEC continues to gather momentum and with a number of ccTLDs, and the .org gTLD having deployed it into their production systems, I think it is worth pausing to take a look at the entire DNSSEC situation.

Whilst it is absolutely clear that DNSSEC is a significant step forward in terms of securing the DNS, it is but one link in the security chain and is therefore not, in itself, a comprehensive solution to fully securing the DNS system.

The first issue, which is likely to be only a short to medium term problem, is that there are currently no generally available applications, including web browsers that utilise DNSSEC. This means that even where DNSSEC has been implemented and is in active use, there is at present no straightforward means by which users can knowingly benefit from it.

It is possible to configure a DNS service to reject any records that fail DNSSEC validation, but this is an unsophisticated approach that will not differentiate to the user between DNSSEC failures and other DNS errors. Additionally there are currently no applications that (by default) will indicate the ‘success’ of any such validation to the user.

A more serious issue however is the fact that while DNSSEC provides the ability to certify that requested DNS records have come from an authoritative source and have not been tampered with in transit, it does not mean that those authoritative DNS records are themselves legitimate.

As the saying goes, a chain is only as strong as its weakest link. In this case, the chain includes a number of factors, including the registrant themselves, their registrar (and hosting provider, if different) and the registry, each of which is (at least theoretically) a potential route through which malicious DNS records can be introduced.

Arguably the greatest risk sits with the registrant (which may of course be an individual or a large corporation or anything in between), where a variety of threat vectors exist, including insecure passwords, malware and social engineering. Service providers, including registrars and hosting providers should (and, of course, in the vast majority of cases, do) provide relatively high levels of security including secure logins, however with increasing automation comes increasing risk – with a fully automated system, a compromised login provides a malicious user with the freedom to make changes at will, including updating DNS records to divert traffic to phishing or other malicious sites.

Registries are also not immune from security risks and should be held to the highest security standards. In short, in order to ensure a completely secure chain of trust for the DNS, all the links in the chain on both the lookup and provisioning sides need be as secure as possible.

While this may seem to be stating the obvious, the real issue here, as I see it, is the risk that the introduction of DNSSEC may create an unwarranted sense of security. Malicious DNS records, if entered into a DNSSEC-signed zone through a compromised registrant account or via a hacking attack on a hosting provider will potentially be considered to be more ‘secure’ than legitimate, but unsigned DNS records.

Another significant concern is that there are currently no standards in existence relating to the implementation of DNSSEC, with respect to the provisioning side of the equation. Without agreed implementation standards, especially in the area of security and verification, it is likely that a variety of implementation methods will be adopted, leading to a confusing, potentially unworkable and ultimately costly environment for hosting and other service providers, that will only hamper the adoption of DNSSEC at this crucial level. This will be particularly true in the case of transferring DNSSEC-signed domains between hosting providers.

There is currently little evidence of user demand for DNSSEC, making for a challenging business case for most providers without the added complexity of having to cater for a variety of implementations. There are likely to be a small number of niche providers that will recognise an opportunity to provide DNSSEC services to their clients and are forward thinking enough to know that they are ahead of the curve by implementing now, however the success of DNSSEC requires widespread adoption. For a majority of providers, operating on tight margins, implementing DNSSEC will only start to make business sense when not supporting it starts to impact their market share.

ICANN is realistically the only organisation capable, through its gTLD Registry and Registrar contracts, of effectively mandating implementation and security standards for DNSSEC that will be adopted at all levels of the DNS supply chain, so I would encourage the development of such standards as part of ICANN’s ongoing policy development work.

AusRegistry International’s Domain Name Registry software provides full support for DNSSEC-signed zones, including real-time DNS updates, for both signed and unsigned zones.

One Billion Internet Users

Monday, July 12th, 2010

By Jon Lawrence

Last week ICANN took another very significant step forward in the expansion of the internet by approving the delegation of a number of Chinese script IDN ccTLDs.

Although we have all heard statements that portray the introduction of IDN ccTLDs as being perhaps the single most important factor in the achievement of ICANN’s “One World, One Internet” vision, we should take a moment to appreciate the true significance of this latest round of IDN ccTLD approvals.

There are over one billion people in the Chinese language community, an audience that until last week required some knowledge of the Latin alphabet to navigate the internet using the Domain Name System. Even with a basic grasp of the Latin alphabet, the painful usability issue of having to switch between Chinese and Latin keyboard layouts has been a significant barrier for many end-users.

chinese add

The significance of introducing IDN ccTLDs into the Chinese language context is not just about improving accessibility, however.

We should spare a thought for the marketing managers who are tasked with communicating to an audience of over a billion Chinese consumers.

At first glance it seems like a brilliant opportunity, however it becomes a little tougher once you consider the following…

You’re running a traditional advertising campaign. You have the right brand, you’ve developed the right message and you finally have people reading and wanting to respond to your ads. All that’s required from here is the ability to drive website traffic directly from your advertisement, but you only have a Latin-based Domain Name at your disposal.

What do you think your chances of success are if your audience is unable to understand what your Latin-based domain name is?

Very little, next to none, even. In this context, the big bad (and expensive) world of search engine marketing is your only fall-back.

While I don’t profess to be fluent in Chinese, the advertisement I have included above is an example of how difficult it currently is for Chinese marketers to generate effective direct response advertising and achieve messaging efficiency.

The latest round of IDN ccTLD delegations will change all of this and change it in a big way.

Once Chinese IDN ccTLDs are introduced, more consumers will be drawn to the internet as language and usability barriers are removed. Internet penetration should accelerate and marketers will find themselves operating in a world where the doors of direct-response marketing will be flung wide open. Message recall and direct, browser-based website traffic should improve dramatically and Chinese marketers will finally be able to include a website as the primary call to action with a high level of confidence that it will succeed.

When you consider these points in the context of the sheer size of the Chinese language market, it’s easy to see the importance of this latest list of delegations to the overall success of the IDN Fast Track program.

Both China and Taiwan have had Simplified and Traditional script versions of their IDN ccTLDs approved. These are to be managed as ‘Synchronised IDN ccTLDs’, which means that both versions should resolve to the same address.

Hong Kong is spared this additional level of complexity by the simple fact that ‘Hong Kong’ is written using the same characters in both script versions. Domain names registered under .香港 will be issued both Traditional and Simplified variants, however.

The Chinese IDN ccTLDs that will soon be delegated into the root are therefore as follows:

China
.中国 (Simplified)
.中國 (Traditional)

Hong Kong
.香港

TWNIC
.台湾 (Simplified)
.台灣 (Traditional)

Recently, IANA also announced that three further IDN ccTLDs have passed the String Evaluation Phase. These are:

سوريا. (.syria – Arabic)

.新加坡 (.singapore – Chinese)
.சிங்கப்பூர் (.singapore – Tamil)

We would like to congratulate CNNIC, TWNIC and HKIRC on having their Chinese IDN ccTLD delegations approved. We would also like to congratulate SGNIC and Syria’s National Agency for Network Services on passing the String Evaluation Phase.

AusRegistry International is a strong supporter of the IDN ccTLD Fast Track Program and is a leading provider of IDN-enabled Domain Name Registry Software and Consulting Services to ccTLD Managers. We are currently supporting the launch of the Arabic script امارات. (.emarat) IDN ccTLD for the United Arab Emirates as well as the قطر. (.qatar) Arabic script IDN ccTLD for Qatar.