Tuesday, June 26, 2018

A limit of the multistakeholder governance model

I read the ICANN approved board resolutions and a rationale for resolutions on an independent examination. I found that it tells a lot on how the ICANN is becoming an enormous organization which could be compared to some French administration where you sometimes wonder...what people do there.

ITEMS International was appointed as the independent examiner for the At-Large Review (a working group at the ICANN which works on plenty of important things to make Internet better).

Too focused on internal committees and procedures
I stopped on an Input from the ICANN community and I read:
"...many of the problems identified by the ITEMS report do exist. In particular, that: It is too focused on internal committees and procedures, and that it is too focused on enlarging the power and resources received by ALACin the ICANN ecosystem."
I try hard to follow-up with what some groups work on but I not only have a language barrier, I also DON'T HAVE THE NECESSARY TIME for this and with the volumes of documents to understand and the number of calls to participate to, it really takes time. I also sometimes feel that the very small groups working "on their thing"are making it impossible for any new comer to participate...many working group are most of the time the only one to understand what they are doing.

It also takes longer and longer to decide. Isn't it time to simplify procedures and suggest things like "deadlines"?

The ICANN is important for the Internet to keep working properly but aren't we starting to see the limit of the multistakeholder governance model?

The .GAY and .MUSIC new gTLDs
The .GAY and .MUSIC new gTLDs have been in "stand-by" for years: with all the comments, reports, procedures, discussions...can't someone "do something" for a resolution to be taken?

  • Consideration of Reconsideration Request 18-1 for DotMusic Limited: No resolution taken;
  • Consideration of Reconsideration Request 18-2 for dotgay LLC: No resolution taken.
Unless I am wrong, the new gTLD Applicant Guidebook from the first round of the ICANN new gTLD program says that problems of the first round should all be solved before the next round to start: isn't the multistakeholder governance model helping opponents of a future round here? In the case of .GAY ... there are a lot of opponents.

Friday, June 8, 2018

Job: Director of Channel Development

Dominion Domains, a division of Dominion Enterprises (Norfolk, Virginia) is hiring a Director of Channel Development.


Dominion Domains is the Registry Operator for five Top Level Domains (TLDs) including .autos, .homes, .boats, .yachts and .motorcycles.

Saturday, June 2, 2018

Registered in 1998: Guillon.com is 20 years old

I registered guillon.com in 1998-06-02: that was 20 years ago.

It is my oldest domain name and at the time, I had no idea that I would use it for the rest of my life.

I now use the same ending in ".email"...for Email.

Wednesday, May 9, 2018

Introduction of .APP domains by Google

...and how to secure them
.app, the web's first secure-only open top-level domain (TLD) for mobile apps and developers, is launching on May 8. This in-depth technical talk covers use cases for .app domain names, HTTP Strict Transport Security (HSTS), best practices for secure website development, and the unique security benefits of .app domains thanks to TLD-wide HSTS.

Monday, April 30, 2018

How to index a redirection in Google?

I just hit "site:.sncf" to try to find out which are the two new domain names ending in ".sncf" which were just created and I found nothing new but www.wifi.sncf. The picture below is what appears, indexed in Google:


I clicked on it and noticed (again) that it is a redirection.

Question to Bill Hartzer (@bhartzer) : how do you index a redirection in Google?

Friday, April 13, 2018

UPDATE: Phishing, a few weeks after

I wrote a small article (in French) on several procedures that I just tried at the ICANN and at a Registrar hosting a domain name used for phishing.


What we did
Basically, ICANN offers 2 emails to write to and we also used two different procedures at the Registrar concerned: the abuse email and a dedicated form.

The result is the one expected: the ICANN created a case and answered us the below but none of the other two parties we contacted even answered us.

Answer received from ICANN
Dear Jean Guillon,
Thank you for contacting the ICANN Global Support Center.
I will be happy to provide you with further information. Please note, the 2013 Registrar Accreditation Agreement (RAA) requires ICANN-accredited registrars to provide abuse contact information, take steps to investigate reports, and respond appropriately to any reports of abuse. The full abuse contact requirements can be found in Section 3.18 of the 2013 RAA at: https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#3.18 .
For more information about Registrar Abuse Reports and the type of reports, please see: https://www.icann.org/resources/pages/abuse-2014-01-29-en .
If you wish to submit a complaint to our Contractual Compliance about the registrar failing to comply with the requirements, please complete the form at:https://forms.icann.org/en/resources/compliance/complaints/registrars/standards-complaint-form .
Please allow 3-5 business days for our Contractual Compliance Team to respond to your complaint submission.
I hope this information is helpful to you. Please contact us if you have any additional questions or concerns. This case will now be resolved. Thank you for contacting ICANN.
The ICANN form (...)
I submitted a complaint to the Contractual Compliance Team (as suggested in the answer received by the ICANN) but at this stage, I thought that ICANN would already have acted since I already sent all informations: this form is probably going to be sent to the Register.it

26 of March 2018
  • ICANN ask the same informations + a copy of the abuse email that I sent to Register IT with my authorization to contact them (...);
  • They also write that I did not fill in their form correctly (...).
I resend them all this (...).

13 of April 2018(and after informing the ICANN (who answered it would inform the Registrar))
I received an email from Register.it and here what it says: "Dear Sir according to ICANN request, here below a summary of actions taken by our Abuse Team with reference to your request, please be informed that":
  • "on March 8, 2018 we have received your abuse report (copies of emails received are attached)": I never received confirmation of this.
  • "In the following 24 hours our dedicated Abuse Team has examined the issue and taken the necessary steps to solve it": I seriously doubt it but surprisingly, after complaining several times to the ICANN and after more than a month, Register.it returned with this answer.
  • "Each abuse report requests of course different actions, in this case they intervened removing the dangerous involved folders": do I understand that you removed a client's folder hosted with you? I checked the sub-domain and it is still in place and not pointing to an error.
  • "Customer has been then accordingly informed. Just for your further information in this case RNH and AH are the same entity": I have no idea what this means and I would have expected the domain to be a little more investigated because the whois still shows a "Domain Status:ok".
16 of April 2018
After more than one month exchanging with registrar and ICANN and for one single domain name hosting a phishing operation, ICANN considers that the abuse complaint is closed:
"Dear Jean Guillon,
Thank you for submitting an Abuse complaint concerning the registrar REGISTER.IT SPA. ICANN has reviewed and closed your complaint because:
 
- The registrar demonstrated that it took reasonable and prompt steps to investigate and respond appropriately to the report of abuse. 
ICANN considers this matter now closed.
Please do not reply to the email. If you require future assistance, please email compliance@icann.org; if you have a new complaint, please submit it at http://www.icann.org/resources/compliance/complaints .
 
ICANN is requesting your feedback on this closed complaint. Please complete this optional survey at https://www.surveymonkey.com/s/8F2Z6DP?ticket=changed .
Sincerely,
 
ICANN Contractual Compliance
Let's be honest: WHO GOES AS FAR AS THIS WHEN RECEIVING A PHISHING EMAIL AND WHO UNDERSTANDS SUCH ANSWERS?

Score
Phishers / Gmail filter = 1
Icann / Register.it = 0

Useless procedures
This way to proceed against phishing for end users is an absolute nonsense: the ICANN procedures and rules for such common problems are useless.

Read my article in French.

Monday, April 9, 2018

Will it be .ONLINE or .ONL ?

I just noticed that the .ONLINE new gTLD has a competitor: there is a .ONL extension too. As the registry websites states: ".ONL provides limitless access to everything online. It's the natural domain for all of your online activities".


More about this registry can be found here.

A few numbers
  • The .ONLINE new gTLD has 812.000 domain names registered;
  • The .ONL new gTLD has 5,270 domains registered.
I didn't notice the .ONL Top-Level Domain meant "online" until today (...) so I added to it to the similar TLDs' list.

Friday, March 30, 2018

The .BMW new gTLD

While updating the CARS new gTLD report for the month of March 2018, I noticed that the .BMW new gTLD had 53 ".bmw" domain names registered in February to 108 at the end of March.

From the examples that I tested, most are not redirections anymore but real websites such as: http://ratzel.bmw

Monday, March 26, 2018

For .STEPHANE

I just learnt today that Stéphane Van Gelder passed away.

My friend Murielle called me.

Many of us in France have worked with and for Stéphane. I personally worked many years with Stephane to launch new gTLDs at INDOM (which was then acquired by another company). He is the person who taught me everything that I did not know about domain names: he actually taught me that Versign was a thin registry and not a thick one: I did not know the difference...

When I joined INDOM, years ago, he also was the first French guy to have delivered .BRAND new gTLD studies when we did not even know when the first round of the ICANN new gTLD program would start. Actually, we were very good at what we did but he was the guy to think years in advance.

Stéphane was a person of precision. I remember the number of times he asked me to re-write things because I would not have seen a mistake in a word or have missed an accent: I remember going to his office at Indom 10 times a day and getting back to mine ultra pissed because I would have I missed a correction in a study.

...I don't really know what to write in such circumstances...

Today is a sad day.
RIP Stéphane.

More covers here and here.

New gTLDs: homograph attacks on the rise?

The problem with homograph attacks is that the more we talk about them, the mode it gives ideas to frauders.

Note that it is also - and I believe this strongly - a super fantastic way for security providers to scare their clients reminding them to buy their services because if they don't, the world will collapse ;-)

Last May, I wrote (in a very limited english that only non-english speakers can understand) a post about it to explain what an homograph attack is.

This morning, I read a new updated post, written in words that even I understand: it is entitled "Homographs, Attack!": it explains homograph attacks in simple words with cool designs. This is a good read and this is something that operators of large domain name portfolios should read too.

Tuesday, March 6, 2018

New gTLDs: overarching issues

These are recent slides extracted from today's meeting. These topics will be discussed in the next ICANN meeting in Puerto Rico:

Something written about the next new gTLD applicant guidebook's format (the famous AGB):
Exciting, isn't it?
:-)

For action:
  1. Add to the slides for Council planning for PDP WG time at ICANN62 in Panama City.
  2. Take the list of topics in the Initial Report structure and send it to the WG in case we missed any topics.

Notes:
  1. SOI Updates:  No updates.
  2. Work Track updates:
    1. Work Track 1:
      1. Going through all of the topics and trying to make sure we reflected feedback from the calls and the CC2 responses.
      2. Getting that text into the Initial Report.
      3. Call scheduled for 06 March is TBD.
    2. Work Track 3:
      1. Finished meetings and going through topics.
      2. Making sure we've captured all of the input.
      3. Putting the language into the Initial Report.
    3. Work Track 4:
      1. Looked at preparing text for the Initial Report.
      2. Discussed Registry Testing System.
      3. Preparing topics for Puerto Rico.
      4. Name Collisions also will be a topic.
      5. ICANN Board resolution on a longer term study.  See: Draft Project Plan for Name Collision Analysis: https://www.icann.org/public-comments/ncap-project-plan-2018-03-02-en
    4. Work Track 5:
      1. Going through the different categories of Geographic names in the Applicant Guidebook.  Identifying pros and cons.
      2. Looking at how we may want to consider doing the same thing in future or changing the AGB.  Addressing variations between the initial policy work and the final AGB content.
      3. Look at categories that were not in the AGB.
      4. Working Session dedicated to WT5 in San Juan on 14 March 0830.
  3. Review of suggested Initial Report structure/planning for ICANN61
    1. Slide 2: Initial Report
    2. Slide 3:
      1. Complete the Final Report by the end of 2018.
      2. For the Initial Report we are not doing consensus calls. We are putting options out for public comment.  Not the time to take a consensus call on one or more of the recommendations.
      3. Goal is to get out the Draft Initial Report out by the end of March and then have the WG review it in April.
      4. Thinking of changing the meeting schedule to meet every week to help with the review of the Initial Report, starting Monday, 26 March.
      5. In the planning for Panama we need to understand if the PDP WG will need a good chunk of the time at ICANN62.
    3. Slide 4: Work Track 1-4 and overarching issues.
    4. Slide 5:
      1. Overarching Issues and Work Track Topics.
      2. Options and open questions have not gone through a consensus call.
    5. Slide 6:
      1. Status Update Overview.
      2. Overarching Issues.
      3. Recommendations on 4 topics.
      4. Options/questions on 3 topics.
      5. Community Engagement: a lot of overlap with predictability or where we have tried to get feedback on this PDP.
    6. Slide 7:
      1. Status Update Drill-Down.
      2. Overarching Issues.
    7. Slide 8:
      1. Status Update Overview.
      2. Work Track 1.
  4. AOB: ICANN FY19 Budget:
    1. Only a short mention of the Subsequent Procedures PDP, but statement that there are no funds allocated for implementing any GNSO policy on subsequent procedures.
    2. FY19 goes from 01 July 2018 to 30 June 2019.
    3. If the Board waits until FY20 to allocate funds some think this could delay the launch of the next round.
    4. No time for this WG to file formal comments.
    5. PDP WG Co-Chairs may file individual comments.

Structure of the Initial Report (chronological order):
  • Overarching issues
  • Foundational issues
  • Pre-launch activities
  • Application submission
  • Application processing
  • Application evaluation/criteria
  • Dispute proceedings
  • String contention resolution
  • Pre-delegation
  • Contracting
  • Post-delegation

Thursday, February 15, 2018

New gTLDs: 2,700 subscribers on LinkedIn

Friday, January 26, 2018

Could Verisign block the next new gTLD round?

I like to read that letter from the co-chairs of the GNSO’s policy development process on new gTLD subsequent procedures: it is positive and asking the right questions to ICANN. One paragraph caught my attention:
"We would also appreciate input on the total number of TLDs that could be delegated without negative impact to root server performance."
Honorable "new gTLD Boss" and ICANN CTO gave answers and I stopped on that section of a paragraph:

"There are also technical limits placed on capacity by the systems that handle root zone provisioning (operated by PTI as JANA Functions Operator and Verisign as Root Zone Maintainer)..."
Actually, I fell from my chair and broke two legs.

Verisign is the registry for ".com" domain name and has shown signs that new gTLDs were impacting its business: the more new domain name extension spread online, wider is the choice and - unless I am wrong - this reduces the choice to register a ".com" domain name.

I didn't know that the technical infrastructure of domain names relied on Verisign too but I believe that this could be used as a technical reason not to push for another round of new gTLDs.

Friday, January 19, 2018

ICANN for dummies

I just received an ICANN alert on "Operating Standards for ICANN's Specific Reviews" so I clicked to learn more. The purpose is to offer to comment to solicit feedback on "ICANN things" such as: "to assure selected review teams have the necessary skill set and diversity to conduct a successful review ".

What's the point?
The comments were open in october 2017 so I clicked to check the comments and guess what? There are none and comments are closing in 14 days. It's been opened for 4 months...

A staff is going to use this "no feedback" and it is going to do a reporting to...ICANN, take decisions...what's the point if there is no participation?

Zero feedback: why?
I first tried to understand the content of the page offering to participate. Unless you pay a strong interest and have been following this closely, read English, or work at ICANN, I don't see how someone normal can understand the content of this page.

The same for a lot of the ICANN work
I noticed that very few people participate with their comments and I believe that one of the reasons is just this one: potential participants still don't understand what all this is about:
  • There is no communication;
  • It is difficult to understand.
I checked the page again and my first thoughts is: "I don't want to read it completely because the first two bullet points...I just don't understand them clearly".

Criticizing is easy
Yes it is, but the the reason of this post is to offer solutions to ICANN to drive more people to pay interest and participate. I am a person to follow "things that ICANN does" and there are still plenty of things that I just don't follow up with because I have a problem understanding them! Note that I also have a problem with time (following group meetings requires some).

So I do imagine newcomers or law firms trying to participate in all this.

Time for change?
What about a simplified version of the ICANN website entitled "ICANN for Dummies" or just a paragraph added to these pages entitled "In simple words" (with a sumup written using a simple vocabulary)?

I personally like the simple way pages are designed on the ICANN website, and sections are of interest, but who can read this today but ICANN insiders? Isn't the purpose of such a pages to have people to participate and comment to provide ICANN a feedback? Well, if it is, something written by a non expert could make the difference.

Thursday, January 18, 2018

Blogger users will just love that

I was recently informed that Blogger, the free blogger platform from Google, is about to announce that SSL certificates ("https" secured addresses) will soon be activated for personal domain names.
In more simple words:

  • The SSL certificate will become allowed for personal domains and allow visitors to view your blog over an encrypted connection by visiting "https://";
  • It is free.
I am testing this on gtld.club and guillon.blog (this blog). It seems to work.

For information, Google also offers the SSL certificate on the new version of Google Sites, available in its G Suite.

What more do you need to run a company?

Thursday, January 11, 2018

Jovenet Consulting in French

For the second time, I spent the necessary hours to translate the second version of the Jovenet Consulting website...into French.
This is now done and I will be adding a few more things soon.

Friday, January 5, 2018

New gTLDs: a good read

New TLD Launch: Lessons Learned
  1. Far Too Much New GTLDs at Once
  2. High Complexity on the Introduction of New gTLDs
  3. Technical and Operational Challenges Due to Non-Scalability
  4. Marketing and Awareness – the Assumptions Were Wrong
  5. Unpleasant Pitfalls
  6. Future Prospects
Read the article on CicleId