2014-12-29

ICANN Admits New gTLDs Compromise Internet Stability and Security

ICANN has admitted it compromised the security and stability of the internet in its expansion of new gTLDs--ICANN CTO David Conrad told The Register that ICANN "struck a balance between fostering innovation and competition [by introducing over 1000 new gTLDs into the DNS] and maintaining the stability and security of the network... the approach we agreed upon was a reasonable compromise."

Apparently Verisign, the Internet Root Zone Maintainer, disagrees with ICANN's characterization of the compromise of the Internet's stability and security as "reasonable," and has warned of DNS security risks in a new 33-page report titled "SSR3: Security, Stability, Resiliency Update: Operational Foreshocks" that has not yet been publicly published by VeriSign. Danny McPherson, chief security officer of VeriSign, told eWEEK:

"There have been domain name collisions that have resulted in network interruptions for enterprises... There have also been cases where confusion and usability with the new top-level domains [new gTLDs] have led to phishing attacks... if the root DNS server systems become unstable in some manner, it could lead to the fragmentation of the Internet"... new gTLDs may not necessarily work deterministically across the Internet, as some carriers or organizations may choose to only support their own view of the Internet domain name space... "Unless you do a qualitative analysis and give people fair warning, some [new] gTLDs will be locked," he said... (source eWEEK, supra, emphasis added).

Domain Mondo previously reported on these failures of new gTLDs (which ICANN euphemistically refers to as a Universal Acceptance problem): see ICANN, New gTLD Domain Names, Universal Acceptance Another #FAIL (14 October 2014). Of course, when it comes to new gTLDs, it seems ICANN doesn't really care about the public interest nor, apparently, internet stability and security-- it's all about the money!

Based on the above, domain name registrants need to be aware that some new gTLD domain names may not "necessarily work... across the Internet"--caveat emptor!

Read more at:
ICANN's technical competence queried by Verisign report • The Register "Verisign has called into question the technical competence of domain name overseer ICANN."
and
VeriSign Warns of DNS Security Risks (eWEEK)

Domain Mondo archive