ICANN Set To Broaden World of Domain Names

hypnosec writes "ICANN, as a step towards expanding global top level domain names, has approved a new Domain Name Registrar Accreditation Agreement that is expected to bring about waves of continued improvements in the domain name ecosystem (PDF). The new agreement is a result of efforts of over a year of negotiations that took place between ICANN and Registrar Stakeholders Group. The new agreement brings quite a few improvements, including making it mandatory for registrars to appoint a point-of contact for reporting abuse, and to establish registrar responsibilities for reseller compliance, enhancement of compliance tools, audit rights, and certification requirements, among others."

why?

[lister+king+of+smeg]

am I the only one that thinks this is useless complication that will make dns more of a pain to work with simply so icann can grab money.

Re:why?

No, that is the normal thought for anyone who knows what DNS is. This is a money grab and evidence of our need to always feel we have to do something to justify our-self/our-group/our-job/our-ego instead of keeping the status quo. Also called change for the sake of change.

Re:why?

In theory, it's a great idea. The abuse of false domains for "phishing" is a criminal activity that ICANN is compelled to respond to.

In practice, The Great Karnak(tm) predicts that it will be intense rounds of non-open technology solutions, arguing wildly with each other over subtle points of patent abuse, and in the shrieking the longstanding abuse by domain squaters that provides a lot of registrar's income will be very, very carefully protected. It will be a form change, not a substance, and one that actually *fosters* corporate abuse.

They're particularly being lobbied to make it possible to block politically unpopular groups, such as Wikileaks and PirateBay.

Re:why?

[KermodeBear]

The massive flood of new TLDs is nothing more than a money grab. They don't add any value at all. .tv? Really? .name? It's ridiculous.

Re:why?

[rudy_wayne]

ICANN is busy considering over 1800 requests for new gTLDs like .shop, .motocycle, .google, .youtube, and .lol.

All of which are completely useless and will only be used for phishing/scams/spams/malwares.

Re:why?

[sidthegeek]

.tv is the ccTLD for Tuvalu. But they're a small island, so they sell those domains to anyone who wants to build video-related websites.

Re:why?

[hairyfeet]

Now see those I have NO problem with, every country gets their own TLD and if they want to sell them for this or that service? NO problem with that. What I DO have a problem with is the crapflood of TLDs which is gonna be a fricking jackpot for squatters and scammers, I work for ordinary folks and its hard enough to teach them to watch what they type or click on and only stick to .com,.net, and .org. I can just imagine the "fun" I'm gonna have when all those are meaningless because you'll have everything from .fun to .smile, its gonna be hell for us guys in the trenches.

Re:why?

[SuricouRaven]

Well, they still havn't solved the homoglyph problem.

You're quite right, though. It's just a big money-grab. There isn't a shortage of domains. There's a shortage of the really good domains, but adding more isn't going to help with that because it just means every major company is going to need to buy yet more variations of their name to prevent a prankster, porn site or competitor using them.

Re:why?

[SuricouRaven]

Plus it's going to really screw with name resolution. When I type 'ommadon' into my browser, how is it supposed to know if I mean to google on the string 'ommadon'*, or visit the host names 'ommadon' on my local network**, or resolve the gTLD 'ommadon'***? Any of the three possibilities could be valid - or possibly even all three. And none of them is a consistantly correct default. Even worse, 'guessing' wrong could be a security vulnerability - by spoofing broadcast name resolution an attacker could trivially appear on a local network with a hostname of his choice, so every time someone tried to google on a common word they'd be redirected to his own server.

*Cheaply-animated villain with a habbit of laughing evily a lot.
**My NAS box.
*** I can't imagine why anyone would register this, but it could happen.

Re:why?

When I type 'ommadon' into my browser, how is it supposed to know if I mean to google on the string 'ommadon'*, or visit the host names 'ommadon' on my local network**, or resolve the gTLD 'ommadon'***?

the same way it figures out what to do when you type 'net' into the location bar now?

Re:why?

[SpaceLifeForm]

Has .edu become untrustable?

Re:why?

That depends on whether you consider for-profit colleges to be educational solutions or not. But in all seriousness, it bothers me that our local for-profit diploma mills get .edu address but neither all educational levels (such as school districts) nor those outside the US (such as University of Cambridge or McGill) can. If DNS was not so darn helpful and engrained, I'd say screw it and start over.

Re:why?

[AliasMarlowe]

am I the only one that thinks this is useless complication that will make DNS more of a pain to work with simply so ICANN can grab money.

If you thought anything else, you'd definitely be the only one...

Re:why?

[SeaFox]

I work for ordinary folks and its hard enough to teach them to watch what they type or click on and only stick to .com,.net, and .org

Idea a domain shouldn't be trusted just because it's from a foreign country sounds like something the DHS would say.

Maybe you should be teaching these people that a domain doesn't stop at the dot and to learn the entire domain name for something to recognize it properly, instead of following a (rather ethnocentric sounding) maxim.

Re:why?

No one is going to pay $125k to controle the gtld "ommadon". It will never exist.

Re:why?

You're supposed to buy all t he different variations and misspellings of your name from the domain squatters, who do not have to register real contact information for the first 15 days of squatting or actually have to pay anything at all for squatting right after you do a DNS lookup or search for a domain.

Haven't you been paying attention to the ongoing dotcom saga of the domain squatters?

Re:why?

[Lincolnshire+Poacher]

When I type 'ommadon' into my browser, how is it supposed to know if I mean to google on the string 'ommadon'*, or visit the host names 'ommadon' on my local network**, or resolve the gTLD 'ommadon'***?

If browser developers hadn't conflated the address field with the search field it wouldn't be a problem.

Your DCP or static confg sets the search domains. If ommadon doesn't exist in any of those ( that is, not your NAS box ), try to resolve .ommadon. as a eponymous host in that gTLD.

Re:why?

[hairyfeet]

Riiight, and maybe you can pay a couple hundred bucks so i can sit around for a few hours giving lectures to all these people that can't even tell the difference between a keyboard port and a mouse? thought so.

High minded idealism is all well and good when you make 6 figures and have a college degree, i work with ordinary folks, the guys you probably wouldn't give the time to on a bet, and they don't have the hours to spare nor do i have the hours to give teaching how fricking DNS works when simply warning them about the dot three can kill a LOT of phishing dead.

Re:why?

[fast+turtle]

use IPv6 for local network (and place em into the hosts file) - Enforce IPv6 Privacy Extensions and what not on the local net and use encryption (tls/https) to prevent spoofing

Re: why?

Because theycann

Re:why?

[SuricouRaven]

It doesn't. It uses a priority order: First resolve, if resolve fails then assume it was a search term.

Re:why?

[SuricouRaven]

Perhaps prices will be lower in the future - and you can be sure that some organisations, somewhere, have named their servers after brand names. Administrators like memorable names - the first ISP I used named their dialup servers after pokemon - so it's almost certain that someone has been naming their servers after cars or foodstuffs.

World of Domain Names

ICANN is now selling an expansion to the popular World of Domain Names MMORPG. You can now collect even more kinds of names through the real money name acquisition system to upgrade the ascetics of your web presence!

Definition

[girlintraining]

waves of continued improvements in the domain name ecosystem.

ICANN is apparently using a broader definition of "improve"... because to date, very little that they've done has been anything but a cluster fuck of greed, incompetence, and blamestorming. Basically, everything I've come to expect from the committee decision-making process, as overseen by dozens of governments. And this latest "wave" of improvement is basically standardizing that process so that it is easier for corporations and governments to rapidly screw up the internet -- "accountability" in this context is code for "faster domain seizure".

New requirements ...

[PPH]

... for "reporting abuse, registrar responsibilities for reseller compliance, enhancement of compliance tools, audit rights, certification requirements, ...".

Pile enough crap on and small enterprises and individuals won't be able to handle a domain on their own. Enter the management companies, who will extract fees for handling all of this overhead. Worse yet, it will push owners of domains who can no longer afford to maintain them to put them back on the market, where the big corporations can get their hands on them.

I have known a number of people who registered valuable domains, not as squatters but small businesses who were smart or quick enough to get there first. Some have fallen for the trap of companies that 'manage' domains in return for signing over ownership. The result was their losing the domain when their 'manager' unilaterally determined the domain had more value on the market than the present user gave it.

Re:New requirements ...

[Yomers]

New requirements mostly for registrars, not for domain owners. According to TFA domain buyers will have to provide valid phone or address, and registrar will be responsible for verifying those.

Re:New requirements ...

[sound+vision]

As indicated in another reply, these requirements are for the *registrars* of the domain, not the *registrants*. What it means is that GoDaddy (or whoever your registrar is) will have a bit more work to do. Will they pass on the costs to end users? Maybe, but I doubt it's much. The end user might have a bit more difficulty entering fake contact information, since the registrars will be auditing that information better. Other than that there's no difference to the end user, at least from the things you quoted. IWAACTAADR. (I Work At A Company That's Also A Domain Registrar).

These "Domain management companies" you speak of are what I call "scammers". I've gotten similar notices in the mail, after registering my first domain. "Hey, your domain is expiring next year. Give the ownership to us and renew it for only $80 a year!" Of course, this letter fails to note the other option, which is leaving my domain where it's at and continuing to renew for $12 annually.

I can't fathom why anyone would want someone to "manage" their domain registrations, unless they have no clue what a domain registration actually is. This is how you manage it: You pick name. You type in your contact info, and optionally the name servers you want to use. You renew it annually. That's it. The most complicated thing you could ever do is trying to transfer it - which just means clicking the "Unlock" button on the registrar's site, getting the transfer key, and providing that to the new registrar. Way easier than doing taxes.

The only thing hard thing about it is that people don't understand domain registration is separate from DNS management and service hosting (web sites, for example). People commonly get the idea that all of these things are the same. If you have that conception, you're already on bad footing since you're trying to be webmaster and IT with zero skills.

The right thing for those guys to do isn't to succumb to the smooth talker who promises to make all the technical problems go away. (Then steal the domain.) If they don't or can't learn webmaster skills, they need to either (a) employ someone trustworthy who does, or (b) start *from the beginning* with an integrated registration/design/hosting service that takes care of everything end to end. It might seem cheaper to do it DIY in the beginning, but to successfully DIY you have to know how to DI first.

Darknet

How long until we have another layer to the OSI model that specifies which Internet you're on?

Improvement?

So far they've done nothing but fuck things up.

Someone's asleep at the wheel

[WML+MUNSON]

For those that don't RTFA, there's a fairly important detail missing from the summary:

Under the new agreement it would be mandatory for registrars to confirm the phone numbers or addresses of domain name buyers within 15 days of domain registration.

Re:Someone's asleep at the wheel

That is probably the 2nd biggest point to take from this greedy money grab PR stunt, may even be the primary underlying reason. Just think of all the pirates the MAFIAA could grab from their houses, instead of simply taking their domain names?

Re:Someone's asleep at the wheel

I just posted this and it has disappeared?? I didn't know comments can be deleted on slashdot.. But I will just post again:

No need to guess where this is for:

http://www.icann.org/en/n...oposed-raa-21jun13-en.pdf

The highlights of this proposed 2013 RAA include:
  The 12 Law Enforcement Recommendations that served as the impetus for these negotiations are all
addressed in this proposed draft. The attached Law Enforcement Summary Chart identifies the section
or specification of the 2013 RAA that addressed each recommendation. Some of the highlights include
the creation of an abuse point of contact at each registrar, Whois verification and validation
requirements at the registrant and the account holder levels, stronger language on registrar
obligations for resellers, and new data retention obligations.

New name for ICANN

b/cWECANN

European Style Mega Bureaucracy Is Here

This is why ICANN shouldn't have been 'internationalized'.

No need to guess where this is for

http://www.icann.org/en/n...oposed-raa-21jun13-en.pdf

The highlights of this proposed 2013 RAA include:
  The 12 Law Enforcement Recommendations that served as the impetus for these negotiations are all
addressed in this proposed draft. The attached Law Enforcement Summary Chart identifies the section
or specification of the 2013 RAA that addressed each recommendation. Some of the highlights include
the creation of an abuse point of contact at each registrar, Whois verification and validation
requirements at the registrant and the account holder levels, stronger language on registrar
obligations for resellers, and new data retention obligations.

The intelligence agencies need more data!

No need to guess where this is for

I just posted this and it has disappeared?? I didn't know comments can be deleted on slashdot.. But I will just post again:
Icann is very open about it:

http://www.icann.org/en/n...oposed-raa-21jun13-en.pdf

The highlights of this proposed 2013 RAA include:
  The 12 Law Enforcement Recommendations that served as the impetus for these negotiations are all
addressed in this proposed draft. The attached Law Enforcement Summary Chart identifies the section
or specification of the 2013 RAA that addressed each recommendation. Some of the highlights include
the creation of an abuse point of contact at each registrar, Whois verification and validation
requirements at the registrant and the account holder levels, stronger language on registrar
obligations for resellers, and new data retention obligations.

"Diploma mills"

[SteveFoerster]

The joke is that when most people say "diploma mill" what they mean is "Any school less prestigious, however slightly, than the one I attended." But the term means something specific: fake schools that offer no instruction and just sell unrecognized credentials for cash. Many for profit schools may be expensive and unremarkable, but that doesn't mean they're diploma mills.