My Comments to ICANN Opposing the 2024 .COM Renewal

The public comment period regarding the .COM renewal ends today (November 5, 2024). ICANN routinely ignores public input, and I expect that will continue with this comment period.

Regardless, I’ve submitted a comment opposing to the .COM renewal, in order to be on the record. You can also read it here (PDF).

Continue reading “My Comments to ICANN Opposing the 2024 .COM Renewal”

AI-generated Audio Podcast about ICANN IGO Issues and Domain Disputes

(if you’re having trouble using the media player, the MP3 is here)

In January 2023, I submitted extensive comments to ICANN, regarding IGO Issues and domain name disputes. There were 3 quite detailed PDFs in that submission (as there were other comment periods over the years), that many may not have read.

Using the NotebookLM AI tool I mentioned in an earlier post today, that generated an excellent podcast regarding domain name transfer policy, I figured I’d let the AI summarize my IGO-related submissions. The result is the embedded audio in this blog post. It did a fairly good job of explaining things at a high-level, although it missed an important detail, namely that IGOs are able to assert immunity when they’re the defendant, and thus the “role reversal” gives them a big advantage (especially if they’re no longer agreeing to the mutual jurisdiction clause). I hope this piques the interest of those who’ve not followed this important issue, and causes them to dive deeper into the PDFs (which have more detailed arguments).

 

 

Push system for domain name transfers already in place for .co.uk!

Theo Develegas, the author of DomainGang, has a personal blog. He wrote about a .co.uk transfer today:

https://acro.net/blog/enom-end-of-an-era-the-fastest-domain-transfer-ever/

which noted:

What surprised me was the way .co.uk domains are transferred to another registrar, in this case Spaceship. After unlocking the domain, I went to Spaceship to begin the transfer out which required to copy an IPS tag into the domain’s record.

What is an IPS tag for domains, you may ask. It’s like a reverse authentication code: You get it from the registrar you move your .co.uk domain to and provide it to the registrar where the domain sits at.

The moment the IPS tag was updated at eNom the domain was no longer there. It was an instant change of registrar! All I had to do next was complete the transfer at Spaceship by submitting the request. The domain appeared in my account, once again instantly.

That’s the kind of “push” system  for domain name transfers that I’ve been advocating for more than 2 years at ICANN, for gTLD domain names like .com. It’s already in production. There’s no excuse now for ICANN not to adopt this, at least as a pilot project, for gTLD domain names.

 

AI-generated Audio Podcast about ICANN Transfer Policy

Prepare to be blown away! 

As regular readers of this blog will be aware, I’ve written extensively about proposed changes to the ICANN Transfer Policy.  Last week, I blogged about my 2024 submission to ICANN. It also mentioned my previous extensive submissions in 2022.

Today, I read about an interesting AI tool created by Google called NotebookLM which is able to summarize documents and even create audio podcasts. So, as an experiment, I uploaded my 2024 and 2022 ICANN submissions into NotebookLM, and here’s the result (7 minutes and 41 seconds in length).

(if you’re having trouble using the media player, the MP3 file is here)

Isn’t that simply incredible?

Continue reading “AI-generated Audio Podcast about ICANN Transfer Policy”

My 2024 Submission To ICANN Regarding Transfer Policy, ahead of September 30 deadline

ICANN has another public comment period regarding transfer policy. The deadline to submit comments is Monday September 30, 2024 at 23:59 UTC time.

My company’s submission can be read here. I focused on the lack of consideration of a “push” system of transfers, and lack of overall consideration of registrants’ input.

This isn’t the first time that ICANN has asked for input on transfer policy. My company submitted substantial comments in 2022 as well, which the captured working group, dominated by registrars, has not incorporated into its latest set of recommendations.

As this is likely the final opportunity to impact the working group’s final recommendations before they’re sent to the GNSO Council (despite being misleadingly labelled as an “Inital Report“, which I called out in my latest comments), now is the time to make a submission on this important topic which affects registrants.

Hopefully my company’s submission of today, and also from 2022, will help stimulate your own thinking, before you submit your own comments.

[For posterity and archival purposes, one can find a PDF version of my submitted comments here.]

 

Millions Of Sensitive US Military Emails Misdirected To Mali, Despite 2014 Warning From Me

In August 2014, I noticed a potential security vulnerability in relation to the .mil top-level domain, which is operated by the US military. As such, I reported the issue to CERT, describing the issue in sufficient detail that they could understand the problem.

Today, I learned via a tweet from Elliot Silver:

about the report in the Financial Times concerning millions of US military emails being misdirected, and quote-tweeted that I had reported the issue many years ago:

https://twitter.com/GeorgeKirikos/status/1680925062621216768

Elliot Silver later blogged about it, and it’s been reported on by many other news outlets.

You can read my August 6, 2014 CERT “Vulnerability Report” here (I had prudently saved a copy), and the confirmation was VRF#HYIXW4Z4. [The PDF is redacted, as it had contained my cell phone number, which I rarely disclose.]

Continue reading “Millions Of Sensitive US Military Emails Misdirected To Mali, Despite 2014 Warning From Me”

Another ICANN Sham Review of Public Comments

ICANN has posted their Public Comment Summary Report of the Proposed Renewal of the Registry Agreement for .NET. Once again, it is another sham review of the submissions of the public.

Not only do they dismiss comments and concerns relating to the changes in the RRA, which we wrote about extensively. ICANN staff went even further, and LIED about past comment submissions! At the bottom of page 13, they wrote:

Continue reading “Another ICANN Sham Review of Public Comments”

Red Alert: ICANN and Verisign Proposal Would Allow Any Government In The World To Seize Domain Names

ICANN, the organization that regulates global domain name policy, and Verisign, the abusive monopolist that operates the .COM and .NET top-level domains, have quietly proposed enormous changes to global domain name policy in their recently published “Proposed Renewal of the Registry Agreement for .NET”, which is now open for public comment.

Either by design, or unintentionally, they’ve proposed allowing any government in the world to cancel, redirect, or transfer to their control applicable domain names! This is an outrageous and dangerous proposal that must be stopped. While this proposal is currently only for .NET domain names, presumably they would want to also apply it to other extensions like .COM as those contracts come up for renewal.

Continue reading “Red Alert: ICANN and Verisign Proposal Would Allow Any Government In The World To Seize Domain Names”

Our January 30, 2023 Comments to ICANN Regarding IGO Issues and Preserving The Rights of Registrants

ICANN has a public comment period for the Final Report from the EPDP on Specific Curative Rights Protections for IGOs, which proposes to harm registrants’ rights, by making IGOs (intergovernmental organizations like the UN) exempt from the mutual jurisdiction clause of the UDRP/URS. This would mean that a domain owner’s rights to judicial review of an adverse UDRP/URS decision would be prejudiced.

Our comments can be read on the ICANN site, along with all the other public comment submissions. [including those of the Internet Commerce Association]

Continue reading “Our January 30, 2023 Comments to ICANN Regarding IGO Issues and Preserving The Rights of Registrants”

Visualizing the Security Benefits of the Losing FOA for Domain Name Transfers

I’ve written extensively about the security implications of the “Losing FOA” step of domain name transfers. It’s the opportunity for registrants to “ACK” or “NACK” a pending transfer, before it completes. I wrote about this again yesterday,  and that post linked to all prior writings.

I wanted to give readers direct visual evidence of why the Losing FOA is so important as a security mechanism, so I intiated a transfer of a domain name from my company’s portfolio at Tucows/OpenSRS to GoDaddy. After I input the transfer code (currently called the “AuthInfo Code”, but it will be renamed the “Transfer Authorization Code” or “TAC”) at GoDaddy, Tucows/OpenSRS sent me (as registrant) an email, with a link to a page that would allow me to immediately approve the transfer (i.e. “ACK” it), or to reject the transfer (“NAK” it). Here’s a screenshot:

Example of OpenSRS Losing FOA page, allowing registrants to accept or reject an outgoing transfer request
Example of OpenSRS Losing FOA page, allowing registrants to accept or reject an outgoing transfer request

As you can clearly see, the page contains text saying:

The domain name listed above will be transferred to:

New Registrar
GoDaddy.com, Inc.

and gives me the opportunity to accept the transfer, or decline it (I’ve just left things in a pending state for now; I’ll perhaps “ACK” the transfer in a few days).

Continue reading “Visualizing the Security Benefits of the Losing FOA for Domain Name Transfers”