Archive

Archive for the ‘verisign’ Category

Verisign Publishes Last Part Of Series On Possible Domain Collision: “SLD Blocking Is Too Risky Without TLD Rollback”

November 21st, 2013 Comments off

Verisign Published its final part of its 4 part series on domain collision and the new gTLD program entitled  “SLD Blocking Is Too Risky Without TLD Rollback”on the final day of the ICANN Meeting in Argentina.

Here it is:

“ICANN’s second level domain (SLD) blocking proposal includes a provision that a party may demonstrate that an SLD not in the initial sample set could cause “severe harm,” and that SLD can potentially be blocked for a certain period of time.

The extent to which that provision would need to be exercised remains to be determined.  However, given the concerns outlined in Part 2 and Part 3 of this series, it seems likely that there could be many additions (and deletions!) from the blocked list given the lack of correlation between the DITL data and actual at-risk queries.

If the accumulated risk from non-blocked SLDs were to become too large, it could become necessary for ICANN to withdraw the entire gTLD from the global DNS root.

Changes to the DNS root, once properly approved and authorized, can be implemented rapidly by updating the root zone file and notifying root server operators that a new zone file is available.

This part of the process is as straightforward for deletions as for additions.

The approval and authorization process, however, would need to be much faster for a deletion than it currently is for an addition because of the urgency of making the change or “rollback” after a determination was reached that a gTLD’s delegation needed to be revoked.  The importance of rapid delegation is affirmed in Recommendation 3 of SAC062:  Advisory Concerning the Mitigation of Name Collision Risk, published Nov. 7 by ICANN’s Security and Stability Advisory Committee (SSAC):

Recommendation 3: ICANN should explicitly consider under what circumstances un-delegation of a TLD is the appropriate mitigation for a security or stability issue. In the case where a TLD has an established namespace, ICANN should clearly identify why the risk and harm of the TLD remaining in the root zone is greater than the risk and harm of removing a viable and in-use namespace from the DNS. Finally, ICANN should work in consultation with the community, in particular the root zone management partners, to create additional processes or update existing processes to accommodate the potential need for rapid reversal of the delegation of a TLD.

For similar reasons, the DNS resource record TTLs for a new gTLD needs to be managed carefully to minimize residual effects that may occur should a problematic TLD delegation be removed.…

Categories: External Articles, verisign Tags:

265 Million Domains: We Asked What Happened To The Verisign Report & Tonight Verisign Answered With The Numbers

November 15th, 2013 Comments off

Earlier today we asked what happened to the Verisign Quarterly  Domain Name Industry Brief that has been missing for 2013 and tonight Verisign answered us.

In in a post on the company blog Verisign releasing an series of three infographics showing that current worldwide domain name registrations sit at 265 Million domains as of the end of the 3rd quarter of 2013, up from 252 million reported by Verisign as of December 31, 2012.”

In the blog post Verisign writes:

“Today Verisign announced that we are updating the Domain Name Industry Brief (DNIB) and a new version of the DNIB is expected to be released in the first quarter of 2014.”

“With the Internet continuing to evolve in new ways, we have been evaluating how best to align the DNIB with that evolution so it better addresses the interests of our readers and expands the scope of the trends we’re tracking. ”

“We remain committed to continuing to provide informative content on the latest industry trends that are most relevant to our readers.”

“Along with this announcement, we have also released infographics containing select DNIB data for the first three quarters of 2013

Here are the infographics and we at TheDomains.com appreciate  the quick response

domain-name-industry-brief--q1-2013_528694728c57b_w587

 

domain-name-industry-brief--q2-2013_528694fa1a2a3_w587

 

domain-name-industry-brief--q3-2013_52869583aaec5_w587

 …

What Happened To Verisign’s Quarterly Domain Name Industry Report?

November 15th, 2013 Comments off

Verisign logo

 

Verisign which had been releasing a quarterly report on the domain name industry seems to be  Missing in Action.

The last Domain Name Industry Report was  published for the quarter ending December 31, 2012.

Verisign had been issuing quarterly reports containing the number of total domain names registrations with a break down ccTLD’s has been a no show in 2013.

Verisign’s last quarterly report it issued was for December 2012 showed 252 million domain names registered  worldwide.

As you can see from Verisign’s own archive, since at least  2008 Verisign has issued 4 quarterly reports on the domain industry, however there are no quarterly reports issued in 2013.

We are now in the fourth quarter of 2013 so there are 3 reports missing for 2013.

TheDomains.com reached out to Verisign’s representatives a few weeks ago but did not get an explanation of why they haven’t produced any quarterly reports or when the next report will be issued.

 …

Verisign Publishes 3rd Part of Four Part Series On Name Collisions

November 14th, 2013 Comments off

Verisign publishes the 3rd part of a new 4 part series on name collisions last night.

“Blocking a second level domain (SLD) simply on the basis that it was queried for in a past sample set runs a significant risk of false positives.  SLDs that could have been delegated safely may be excluded on quantitative evidence alone, limiting the value of the new gTLD until the status of the SLD can be proven otherwise.

Similarly, not blocking an SLD on the basis that it was not queried for in a past sample set runs a comparable risk of false negatives.

A better way to deal with the risk is to treat not the symptoms but the underlying problem:  that queries are being made by installed systems (or internal certificates are being employed by them) under the assumption that certain gTLDs won’t be delegated.

A query for an applied-for generic top-level domain (gTLD) provides initial evidence that an installed system may be at risk from name collisions.  ”

“Depending on what data is collected, that evidence may also include one or more SLDs, the IP address of the resolver that sent the query, and other forensic information such as the full query string. ”

“This information can be a good starting point for understanding why an installed system has made certain queries, what could happen if the responses to the queries were changed, and what other queries, not in the particular sample set, could also put the installed system at risk.  A comprehensive analysis requires much more than just a count of the number of queries for a given gTLD and/or SLD.  It also requires a set of measurements such as those described in detail in the New gTLD Security, Stability, Resiliency Update: Exploratory Consumer Impact Analysis, incorporating the context of those queries:

  • Periodicity:  Do the queries repeat at a regular frequency?  This can help determine whether the queries are a result of user browsing, or of an automated process that depends on a certain response.
  • Affinity:  Where are the queries coming from?  Are they correlated with one country?  One network?
  • Impact:  Which network protocol generated the query?  The WPAD, ISATAP and DNS-SD protocols all generate DNS queries in support of internal network configuration that could result in queries to the global DNS.

The analysis in the New gTLD Security, Stability, Resiliency Update: Exploratory Consumer Impact Analysis applied these measurements to produce a qualitative “risk matrix” for applied-for gTLDs including risk vectors based on frequency of occurrence of WPAD, ISATAP, DNS-SD queries, internal name certificates, HTML references, and regional affinities, among other factors (such as queries that appear to be related to McAfee antivirus defenses).…

Categories: External Articles, verisign Tags:

Verisign Publishes 2nd Part of 4 Part Series On Why Domain Blocking Of New gTLD’s Isn’t Good Enough

November 8th, 2013 Comments off

Verisign just released the second in a four part series of why ICANN’s effort to fix the potential collision issue caused by the release of new gTLD’s, by blocking domain registrations, isn’t good enough to fix the potential problems

Here is the second post of the promised four part series:

For several years, DNS-OARC has been collecting DNS query data “from busy and interesting DNS name servers” as part of an annual “Day-in-the-Life” (DITL) effort (an effort originated by CAIDA in 2002) that I discussed in the first blog post in this series.

DNS-OARC currently offers eight such data sets, covering the queries to many but not all of the 13 DNS root servers (and some non-root data) over a two-day period or longer each year from 2006 to present.

With tens of billions of queries, the data sets provide researchers with a broad base of information about how the world is interacting with the global DNS as seen from the perspective of root and other name server operators.

In order for second level domain (SLD) blocking to mitigate the risk of name collisions for a given gTLD, it must be the case that the SLDs associated with at-risk queries occur with sufficient frequency and geographical distribution to be captured in the DITL data sets with high probability.  Because it is a purely quantitative countermeasure, based only on the occurrence of a query, not the context around it, SLD blocking does not offer a model for distinguishing at-risk queries from queries that are not at risk.  Consequently, SLD blocking must make a stronger assumption to be effective:  that any queries involving a given SLD occur with sufficient frequency and geographical distribution to be captured with high probability.

Put another way, the DITL data set – limited in time to an annual two-day period and in space to the name servers that participate in the DITL study – offers only a sample of the queries from installed systems, not statistically significant evidence of their behavior and of which at-risk queries are actually occurring.

A concrete example will illustrate the point.  Continuing the observations and analysis started in New gTLD Security and Stability Considerations and New gTLD Security, Stability, Resiliency Update: Exploratory Consumer Impact Analysis, Verisign Labs analyzed the SLDs in queries for 14 applied-for gTLDs at the A and J root servers during the period from July 16 to October 19, 2013.…

Categories: External Articles, new gTLDs, verisign Tags:

Verisign Rolls Out 4 Part Series On Why Second Level Domain Blocking For New gTLD’s Isn’t Good Enough

November 6th, 2013 Comments off

Verisign just published the 1st of a new 4 part series on the potential collision issue arising from new gTLD’s this one authored by Burt Kaliski.

Verisign message is  “the introduction of a new generic top-level domain (gTLD) at the global DNS root could result in name collisions with previously installed systems” and that ICANN  “alternate path” for new gTLD’s to launch of blocking any SLDs associated with the new gTLD in the “Day-in-the-Life of the Internet” (DITL) and other relevant data sets” is not good enough to fix the problem.

“The problem, as is often the case for new proposals, is in the details.”

“In the next three blog posts, I will outline three main concerns with ICANN’s alternative path to new gTLD delegation:

  • Part 2 of 4 – DITL Isn’t Statistically Valid for This Purpose
  • Part 3 of 4 – Name Collision Mitigation Requires Qualitative Analysis
  • Part 4 of 4 – Conclusion: SLD Blocking Is Too Risky without TLD Rollback”

“Verisign Labs conducted two research studies earlier this year on the evidence for and risks of potential name collisions between installed systems and applied-for gTLDs.  The studies confirmed that a large number of queries currently processed by the DNS root servers do indeed include domain name suffixes that match applied-for gTLDs and therefore could be at risk if the behavior of the global DNS were to change.  ”

“Without appropriate countermeasures, changing the global DNS by delegating a new gTLD could introduce significant cybersecurity and operational risks, as explored further in two recent Verisign Labs Technical Reports: New gTLD Security and Stability Considerations and New gTLD Security, Stability, Resiliency Update: Exploratory Consumer Impact Analysis.  For example:

  • When a colliding gTLD is delegated, the name server for the gTLD might direct installed systems to resources in the global name space in response to a DNS query, rather than indicating that a domain does not exist.  If this were to happen, resources within the installed system would be connected unexpectedly with resources outside, possibly leading to operational instability and potentially opening the door to attacks.
  • Name collisions resulting from new gTLDs could also result in vulnerabilities based on internal-name certificates, which sometimes employ domain names with suffixes that were intended only to be assigned internally.  If colliding gTLDs were delegated in the global DNS, a certificate obtained externally could potentially be misused to impersonate a user or a server within the internal network.
Categories: External Articles, ICANN, new gTLDs, verisign Tags:

Verisign Reports: 125.9 Million .Com/.Net Domains Registered Up 5% From Last Year

October 24th, 2013 Comments off

VeriSign, Inc. (NASDAQ: VRSN), reported financial results for the third quarter ended Sept. 30, 2013 reporting revenue of $244 million up 9% from the same quarter in 2012.

Verisign reported net income of $81 million and diluted earnings per share (EPS) of $0.53 for the third quarter of 2013, compared to net income of $78 million and diluted EPS of $0.47 in the same quarter in 2012.

The operating margin was 54.5% for the third quarter of 2013 compared to 51.9% for the same quarter in 2012.

Business Highlights

  • Verisign Registry Services added 1.55 million net new names during the third quarter, ending with 125.9 million active domain names in the zone for .com and .net, which represents a 5 percent increase over the zone at the end of the third quarter in 2012.

 

  • In the third quarter, Verisign processed 8.3 million new domain name registrations as compared to 7.8 million in the same quarter in 2012.

 

  • The final .com and .net renewal rate for the second quarter of 2013 was 72.7% compared with 72.9% for the same quarter in 2012. Renewal rates are not fully measurable until 45 days after the end of the quarter.

In the earnings call that followed, Verisign estimated the  number of .com/.net registrations will increase by the end of the 4th quarter of 2013 by 1.1 to 1.5 million domain names.

 

Financial Highlights

    Verisign ended the third quarter with Cash, Cash Equivalents and Marketable Securities of $1.8 billion, an increase of $250 million from year-end 2012.
  • During the third quarter, Verisign repurchased 6.8 million shares of its common stock for $331 million. At Sept. 30, 2013, $697 million remained available and authorized under the current share repurchase program.

 

 …

Verisign Vs ICANN Round 3

October 22nd, 2013 Comments off

In a letter sent to ICANN yesterday by Verisign’s Chuck Gomes,  Vice President, Policy of VeriSign, Inc. responded to the response he received from his initil letter to ICANN seeking to “set the record straight”

As the previous two letters its worth a read:

Dear Cyrus,

I was disappointed by your October 3, 2013, response to my August 30 letter to Fadi.

But before I tell you why, let me start by saying that I am not interested in starting an unending chain of correspondence.

That said, I do want to communicate several things to set the record straight and ask one final question for which I would request a response.

First of all, in reference to my August 30 letter to Fadi, you said, “We also understand that you write this letter as a representative of your company, Verisign.” I did not say in my letter that I was commenting on behalf of Verisign, nor was it my intent to do so.

My intent was to respond to Fadi’s request in my personal capacity, as one who has been involved in the ICANN community since 1999.

That aside, it appears that your purpose in making this assertion was to impliedly discredit the specific examples of ICANN’s lack of accountability that I provided as requested by Fadi.

Your statement reveals your, and I assume Fadi’s, desire to dismiss my company as a credible source of information.

Our credibility however is not at issue.

Second, and most importantly, you have missed the main points of my comments in Durban and in my response letter to Fadi.

My main point in Durban was that ICANN doesn’t serve the public interest by continually refusing to take accountability for its actions and instead flows all risks down to members of the community.

In my response to Fadi, I provided specific and detailed examples – as he requested me to do. His request of me is quoted here: “I invite you to send me a list of the areas you think we can increase our accountability.”

In assuming that I was just a disgruntled community participant that didn’t get what I wanted, you appear to have either missed or ignored the thrust of what I tried to communicate, which was to provide some areas where I thought accountability was lacking and could be improved.

In your letter you accused me of making “vague and unsupported accusations about ICANN not operating as a multi-stakeholder, accountable organization.” This statement is odd given that my letter contained six enumerated and specific examples.…

Categories: External Articles, ICANN, verisign Tags:

Verisign Launches of DomainScope: Domain Discovery Tool To Find Available .Com. .Net & .Tv Domains

October 18th, 2013 Comments off

Verisign launched DomainScope.com today which they say “a new domain name discovery tool designed to enhance the search for unique, relevant domain name choices in the .com, .net, .tv and .cc top-level domains”, for which it is the registry for.

“Incorporating the same functionality found in our DomainFinder, DomainScore and DomainCountdown tools, DomainScope replaces these tools and allows users to focus their domain search and uncover new domain name registration opportunities in one place.*

“DomainScope enables users to focus their search and uncover new domain registration opportunities, while providing more information about a domain name prior to registering it. To start the process, users simply enter keywords and DomainScope’s engine renders suggestions for domain names that are available.”

“From there, DomainScope enables users to discover domain name registration opportunities through learning about the recent history of a domain name, understanding a domain name’s DNS traffic patterns, and knowing which domains are available that are receiving traffic.”

“DomainScope offers a robust toolset for developers and domain investors, with access to a number of application programming interfaces (APIs) to connect to their own websites or applications.”

We are excited to offer those looking for their next great domain name a product that offers distinctive name suggestions, and relevant details about a domain name. We’ve consolidated our domain name acquisition tools into one easy-to-use website and will be adding new features in the future that add to the name discovery process.”

Registered users of DomainFinder, DomainScore and DomainCountdown can still access these tools during the products’ sunset period, which ends Dec. 15, 2013.…

Verisign: Over 150 Domains Registered Over Government ShutDown

October 9th, 2013 Comments off

Verisign the registry for the .com and .net registry just released a graph showing a lot of activity with people registering domain names involving the Government Shutdown.  It appears from the graph there have been over 150 domain names registered since October 1st containing the word :”shutdown”

We also wrote a post about the domain name GovernmentShutdown.com on October 1st, so we are going to take partial credit for the volume of registrations since that date.

Using our DomainView-Grapher (a beta tool available from Verisign Labs) we examined the number of domains registered over the last 3 months containing the word “shutdown.”

55e5d812-bb70-4685-958b-d37179854ebf

 

 

 

 

 

 

 

 

 

 

 

We did a search and found 126 .com and .net domain name registrations since October 1 containing the word Government some of which would also be on the shutdown list.  I guess starting next week the hot topic might be default. Actually there are three of those registered as well since October 1

govdefault.com
usgovdefault.com
governmentdefault.com

Here are the Government domains that were registered since October 1

• 2013governmentshutdown.com
• advisorgovernmentservices.com
• advisorgovernmentservices.net
• advisorgovernmentsolutions.com
• advisorgovernmentsolutions.net
• behindgovernment.com
• bipartisangovernment.com
• ccgovernment.com
• cdsgovernment.com
• cdsgovernmentservices.com
• chugachgovernmentservices.com
• cpgovernment.com
• crowdfundedgovernment.com
• crowdfundgovernment.com
• crowdfundthegovernment.com
• crowdfundthegovernment.net
• dealingwithgovernment.com
• didthegovernmentshutdown.com
• dumpinggovernmentofficials.com
• federalgovernmentrecall.com
• federalgovernmentshutdown.com
• firstroleofgovernment.com
• free-government-money.net
• freegovernmentid.com
• fuckyagovernment.com
• goodenoughforgovernmentwork.com
• gopgovernmentshutdown.com
• government-insider.com
• government-jyouhouarea.com
• government-of-the-universe.com
• government-vs-kim.com
• governmentalissues.com
• governmentalpolitcs.com
• governmentceasefire.com
• governmentceasefire.net
• governmentcontractcheatsheet.com
• governmentdefault.com
• governmentdevelopers.com
• governmentdownforeveryoneorjustme.com
• governmentdowntime.com
• governmentfor.com
• governmenthelptobuy.com
• governmenthouseus.com
• governmentjbs.com
• governmentjobsnotifications.com
• governmentloanmodification.com
• governmentlying.com
• governmentpropertysolutions.com
• governmentrecall.net
• governmentshitdown.com
• governmentshutdown2013.net
• governmentshutdown2014.com
• governmentshutdownnow.com
• governmentshutdownpickuplines.com
• governmentshutdowns.com
• governmentshutdownsale.com
• governmentshutdowntees.com
• governmentshutsdown.com
• governmentslimdown.com
• governmentsynergies.com
• governmenttower.com
• governmenttower.net
• governmentwebdevelopers.com
• gsagovernmentsupply.com
• hastheusgovernmentshutdownendedyet.com
• hawaiiankingdomgovernment.com
• hawaiiankingdomgovernment.net
• howgovernmentshutdowneffectyourhealth.com
• howlonghasthegovernmentbeenshutdown.com
• igiveupontheusgovernment.com
• indiangovernmentscams.com
• isgovernmentshutdown.com
• isourgovernmentdown.com
• isthefederalgovernmentdown.com
• isthegovernmentclosed.com
• isthegovernmentdownforeveryoneorjustme.com
• isthegovernmenton.com
• isthegovernmentopenyet.com
• isthegovernmentrunning.com
• isthegovernmentshut.com
• isthegovernmentshutdownoveryet.com
• isthegovernmentstillshutdown.com
• isthegovernmentstillshutdown.net
• istheusagovernmentstillshutdown.com
• istheusgovernmentopen.com
• istheusgovernmentopenyet.com
• ivotewefirethegovernment.com
• ivotewefirethegovernment.net
• kickstartthegovernment.com
• latestgovernmentjob.com
• moargovernment.com
• moargovernment.net
• mobilegovernment-conference.com
• nongovernmentalmiddies.com
• nongovernmentalorganisation.com
• nwgovernment.com
• obamagovernmentshutdown.com
• ournewgovernment.com
• pingovernment.com
• puertoricognmausgovernmenttargetmaturityfundlosses.com
• recallourgovernment.com
• republicangovernmentshutdown.com
• republicangovernmentshutdown.net
• responsiblegovernmentpledge.com
• restartmygovernment.com
• sellmoreingovernment.com
• shutdown-government.com
• shutdownusgovernment.com
• sikkimstategovernmentlotteries.com
• takebackgovernment.com
• takebackgovernment.net
• thegovernmenthasnopower.com
• thegovernmentshutdown.com
• thisworldgovernment.com
• thomsongovernmentcloudservices.com
• thomsongovernmentcloudservices.net
• ufundgovernment.com
• us-government-shutdown.com
• usagovernmentpoll.com
• usgovernmentpoll.com
• usgovernmentshutdown.com
• wearefedupwithourgovernment.com
• whereismygovernmentlead.com
• whydidthegovernmentshutdown.com
• youfundgovernment.com
• yourgovernmentthatworks.com…

Categories: Domains, External Articles, verisign Tags: