Gandi Bar - Internet

New extensions on the way!

Thomas — Mon, 25 Mar 2013 12:48:00 -0700

Unless you have spent the last year studiously avoiding Domain Name news, you probably know that there is something happening at ICANN this year. Yes, that's right, ICANN has authorized the creation of nearly 2,000 new top-level extensions over the next 3 years. That's a big number! Probably more than you will want to register. While this flood of new possibilities is exciting, and we do hope that it enables a lot of creative activity, we expect the new extensions to be seriously underutilized, for the most part.

Over a third of these domain extensions are in the hands of brand-name owners, and will not be made available for public registration. Take Amazon for example, who has filed for at least 76 extensions. Amazon can soon publish sites dedicated to their reading lamps, if they want to, thanks to their exclusive ownership of the .kindle extension.

There are also extensions for whom several parties are vying, and ICANN must decide who is the most worthy contestant. Sticking with Amazon for our example, they have requested .book, but there are nine applicants and an objection has been filed against Amazon (though not against the other 8). There are even extensions where all applicants are objected to (for example .gmbh), and these can't be created at all until the objections are resolved.

There are also a number of extensions known as IDNs, or Internationalized Domain Names. These extensions contain non-ASCII characters (see this post on IDN if you want more details). IDNs represent a little over a hundred new extensions, of which we propose a dozen candidates.

So with all these complicated rules and disputes, it's probably going to be pretty hard to decide which of these new opportunities for domain name registration you will want to take advantage of for your online presence. To help you hack through this jungle, we have selected an initial set of some 600 interesting extensions to consider offering, with edited summaries based on the documentation filed by the requestors. So far it's been a big job, and we need your help to select the most important candidates in this set.

If you click here right now, you can pre-select for free any terms you might like to eventually register, along with the corresponding extensions. This will allow us to see fairly quickly where the demand is, and to keep you informed of the latest news about the extensions you wish to acquire.

When we eventually receive the information (release dates, conditions, prices, etc) on the new extensions you select, before they are activated at the Registry we will contact you and give you the opportunity to change your free pre-booking to a genuine registration request, for a fee. We won't do this automatically, or without asking you first, we promise.

Finally, to avoid the ethically repugnant system of internal auction that some other registrars have created, we have implemented first-come-first-served registration for any domain name that has multiple requests. For example, if the domain name choucroute.alsace is pre-booked by 3 people at Gandi, the first customer to ask for it will be in first place. But, if at the time of changing from a pre-reservation to an actual booking, the first customer does not confirm their desire to register the domain, then the second client will get the chance to do so. But wait! What if, say, the registry for .alsace for reasons of their own, requires a certificate of residence in the Alsace region? If the second customer to request "choucroute.alsace" can't provide this, then the third customer to pre-register will move up, and if they can provide the required documents, they will get the chance to register the domain at Gandi at the opening of the extension. Obviously, this will not give you the guarantee of obtaining the domain name, since other registrars file their applications at the same time, but at least we will not have asked you for money for the dubious practice of moving up your request. That would be just... wrong.

The history of prices for Domain Names, updated

Thomas — Wed, 13 Mar 2013 11:05:00 -0700

Like a bad dream that keeps coming back, once again the old registries leverage their position and take advantage of what ICANN allows: A unilateral price increase for Domain Name registrations.

Like a bad dream that keeps coming back, once again the old registries leverage their position and take advantage of what ICANN allows: A unilateral price increase for Domain Name registrations.

This time we are getting off easy. Only 5 extensions are going up: .ORG, .NET, .BIZ, .INFO and .NAME. The price increase is different for each one, and ranges from $0.51 to $0.78 (you can find more information at the end of this article).

The reason this is possible is that the registries are in a dominant position, in that they control the extensions. Add to this the indulgence of the ICANN (the master of domain names), and the prices creep higher each year. As you may know, at Gandi we have absorbed most of those increases in the past, even though we were increasing our quality of service, adding extensions, and hiring more highly-qualified support agents. As was the case last year, it is once again impossible for us not to pass along these prices increases. With the number of domains we handle, these few cents make up a lot of our operational budget.

Nevertheless, there is some good news. The .COM extension, which was set to increase by 10%, was blocked by the US government. The increase was seen as abusive of a dominant market position.

When will the price increases stop? Sadly, we don't know if they ever will… However, with the arrival next year of around 1500 new general extensions, with around two thirds of these for public registration, it seems that the sale of domain names will undergo a small revolution. Buying-habits will have to evolve. If you forgo the old extensions and chose the new ones, or those that don't increase in price, maybe the registries will have to think twice before requesting increases in the future. You have the power, use it properly!

Here is the list of planned increases this year, by date:
1 July 2013:
- The .ORG will go up by $0.55 (€ 0.43), for price level A, to $16.05 instead of $15.50 today
- The. NET will go up by $ 0.51 (€ 0.40), for price level A, to $16.01 instead of $15.50 today

1 August 2013:
- The .NAME will go up by $0.60 (€ 0.47), for price level A, to $15.60 instead of $15.00 today

1 September 2013:
- The .BIZ will go up by $0.78 (€ 0.60), for price level A, to $16.28 instead of $15.50 today
- The .INFO will go up by $0.74 (€ 0.57), for price level A, to $15.74 instead of $15.00 today

Obviously, renewals are also affected, and are subject to the same increases (though for some extensions, the renewal price is different from the creation price).

Come to CloudConf 2013!

Thomas — Mon, 25 Feb 2013 10:28:00 -0800

Here's a conference we can wholeheartedly recommend. It's so completely without the usual hype and BS, we are even presenting!

We can wholeheartedly recommend attending this conference. It's completely without marketing fluff or hype, and so is entirely our style. Plus, Gandi is giving a talk!

CloudConf 2013 is one of this years great tech events (we will tell you about the other one a little later), dedicated to Cloud Computing in Paris. We have enthusiastic and exciting speakers talking about what's really happening in the market. These people know what they are talking about, and they aren't trying to sell you anything: they talk tech, and are masters in their field.
We will have some of the biggest names in the industry, and imagine... we will be there too! Gandi will be represented by Thomas , responsible for our U.S. operations. We have been bust coming up with ideas we want to expose and share, with the aim of helping the whole industry advance.

So if you are a confirmed geek interested in cloud computing, storage methods, issues related to tomorrow's Internet, or any of the many other exciting topics to be presented, and especially if you like big Parisian venues (CloudConf will take place at the French Comedy), we recommend you visit the the official site of the event and book your place soon.
Places are limited, of course, and priced at € 79.00 - but if you book your place in the next 15 days (until March 12) and you enter the code GANDI , you will receive a 15% discount!

WCIT ends, the Internet goes on

Thomas — Mon, 17 Dec 2012 16:33:00 -0800

In an interesting twist to the World Conference on International Communications in Dubai last week, the US and it's allies walked out and refused to sign the treaty proposed, since it amounted to regulation of the Internet by the ITU. What does this mean for the future of the Internet?

When we wrote about Gandi lobbying the US Congress for better laws to safeguard the Internet, we anticipated that some countries would attempt to assert control over the free flow of information for their own purposes. Well, it's happening, and the debate is complex, with billions of dollars at stake. The governance model that is emerging, though, is "multistakeholder", where lots of interested parties have to cooperate to get anything done. This model is what has allowed the Internet to grow up till now, and governments and standards bodies are struggling to fit this concept into their world views.

The past couple of months have seen Syria slice the connection to the Internet for the whole country, officials in Egypt banning some content as obscene, and most recently, the International Telecommunications Union attempt to gain power as a regulatory agency over the Internet at the WCIT.

All of these attempts to centralize control and police the global communications network underscore of the importance of the Internet as a social force. As governments worry that their populations can access information without restriction, and agencies like the ITU come to grips with the fact that technology has outstripped their abilities to adapt their regulatory frameworks out of the telephone age, the Internet itself has defied (in most cases) these attempts at regulation, and grown, using the multistakeholder model, thanks to the efforts and committed advocacy of many disparate organizations.

The Internet Infrastructure Coalition, of which Gandi is a founding member, actively disagrees with the ITU approach. In the last hours of the WCIT a new treaty was put up for vote that gives the ITU a greater role in governing the Internet, and some 70 countries signed up. The ITU declared victory and moved on, but the fact remains that without consensus there will not be a change in the governance of the internet. That's a good thing, since the multistakeholder system is working, and allows the contribution of many parties. The ITU has the opportunity to prove it's worth in that model as does the i2Coalition, the EFF, and every other body of officials, technologists, and members of civil society that wants to advocate for Internet development along a given path.

Gandi looks forward to the next opportunity to contribute to the development of an Internet that is accessible to everyone, and where information from everyone to everyone flows freely. We all have a role to play.

Phishing and your domains at Gandi

Thomas — Mon, 26 Nov 2012 11:48:00 -0800

The trend in phishing attacks affects your Gandi account, but not in the way you might expect. See what the trends are that drive this malicious activity, and how it affects your online presence at Gandi. First of all, what is "phishing"?

It's basically the theft of your credentials (user name and password, credit card number, bank account numbers, etc.) by people who then sell that information to other parties. It's then used for other more serious crimes like robbing banks, identity theft, international terrorism, and good old fashioned fraud.

While most phishing is aimed at banks and other financial institutions, we have seen some aimed at Gandi customers. This might seem odd, since Gandi has all low-value transactions. We also don't store any credit card data, paypal logins, or anything really intrinsically valuable that would help a hacker access your account at a financial institution. Why then try to steal your Gandi account?

The answer lies in what you have already bought at Gandi that does have intrinsic value: your domain name.
Phishers want to impersonate banks and financial entities, and they don't want to be caught. If they register a domain for this, Gandi generally shuts them down pretty fast, and the contact data and other information they enter can potentially be used to track them down. It's less useful than a legitimate domain with no visible connection to them, that is... your domain.

Recent trends in phishing attacks tend to bear this out. The first half of 2012 saw a large increase in the use of hacked domains for phishing attacks, and a decrease in the overall number of domains registered for phishing purposes. The phishers are smart, and they are after your Gandi account. They want it so that they can use your legitimate domains for no good purpose.
Everyone should use caution: use a strong password. Never share your password with anyone. Use different passwords for your email, Gandi handle, and online bank accounts, etc. Never click on links or attachments in email unless you are sure of where they come from and where they go. Don't be a Phish!

Gandi helps to found the Internet Infrastructure Coalition

Thomas — Mon, 17 Sep 2012 16:00:00 -0700

A new organization is forming to fight for a free and open internet. Gandi is proud to be a founding member!

The Internet Infrastructure Coalition (I2Coaliton.com) has been created by more than 40 leading companies in the hosting industry. The mission is to help protect the Internet from improperly formulated regulation, like the SOPA/PIPA and CISPA legislation in the US, and to drive the investment, innovation, and openness that allows the Internet to be an engine for continued growth.

Of course, Gandi is a founding member!

Gandi took a position opposing SOPA and PIPA, and more recently CISPA. Our joining together with other organizations that also opposed this flawed legislation gives Gandi more of a voice in shaping policy, and helps us to achieve our goal of keeping the Internet safe for the free flow of information.

Gandi cares about our customers rights, and we want to see all our customers have a safe, rich, and uncensored online experience. These goals are shared by the I2C, who has made part of it's mission the education of law and policy makers about issues of privacy, freedom of information, security, and innovation. We at Gandi look forward to contributing our perspective to this important, powerful industry group.

Good luck ICANN: The GTLD submissions lists

Thomas — Wed, 13 Jun 2012 15:37:00 -0700

ICANN Released the gTLD submissions list. It's going to be fun figuring out winners and losers, but the list reveals a popularity contest.

As many of you loyal readers of this blog know, ICANN has been cooking up something new for a while now. Today, June 13th, they released the list of new gTLD strings and the applicants for those strings.

This is really a list of the prizes and the contestants for those prizes, since only 1000 of the 1,930 strings applied for will actually be released next year, and many of the more interesting TLDs have more than one applicant. The applicants chosen will get to manage all domains under the given extension, and registrars like Gandi will contract with them to offer domains with these extensions to our customers, if the holders are willing to sell.
Being a statistician by training, I'm drawn to lists like this. They look like datasets to me, so I'll take the opportunity to run some numbers on it.

There are a lot of rather boring sorts of "trademark" TLDs in the list. These are applied for by one applicant to protect their brand, like everyone who went to business school is always saying you need to do. Interesting that they decided to set up essentially as registries to do so, since you would think they might want to wait and just buy all the important domains with that TLD when the registry winner is picked. Apple Computer (the lone applicant for .APPLE) presumably ran the numbers and decided it was worth it to control everything .APPLE. Google is also a big bidder for its brand TLDs, via its management entity, Charleston Road Registry Inc.
There are also a lot of one-applicant strings that are being gone after by registries that appear to be set up just for this chance, or existing registries looking to expand, like Verisign.
Sometimes it's not clear (from the list, anyway) just who is really applying, but the email address may give you a hint. Charleston Road Registry Inc., for instance, has all google.com addresses, and the fact that they are managing this application for Google is being widely reported.

There are 1,179 of these one-applicant TLDs. That's great, but let's filter these out. The TLDs where there are two or more applicants are where it gets interesting, since this is where ICANN has to pick winners and losers.
Remember, these were not cheap (application fees were $185,000, with actual costs estimated at up to a million).

So how many TLDs had 2 applications? 115.

It looks like there are going to be some interesting conflicts for ICANN to sort out among these 2-applicant competitions, and not just among the Latin alphabet-based TLDs. For example:

Beijing Tele-info Network Technology Co., Ltd. vs. Afilias Limited, over 信息 (meaning "info" or "message") should be interesting. Or how about Guardian News and Media Limited vs The Guardian Life Insurance Company of America, over .GUARDIAN?
Who has the moral right to the TLD there?

More numbers, since they tell a story. 3 applicants? There are 50 of these TLDs, and at this level they get more recognizable, like .HOT, .LIFE, .BROADWAY, or even .HOSTING. Still, some oddballs pop out to me. .YOGA? Really? .MERCK? You would think that one would have only one applicant...

4 Applicants: Now big interests are clearly playing the game; only 20 TLDs, and .LLP, .HEALTH, .SOCCER, and .VIDEO are in contention.

5 applicants, and the number drops to single digits: 8 TLDs, and these clearly are hot tickets, with short and sweet .BUY, popular (or sure to be so) .FREE and .GAME, or .SALE.

6 applicants are going for each of 9 TLDs, including the predictable .CORP, .GMBH, and .LAW.

7 applicants each want 8 TLDS, including .WEB, .CLOUD, and .LOVE (.SEX has only 2 applicants).

8 people want each of .DESIGN, .MOVIE, and .MUSIC, 9 want each of .BLOG, .BOOK, .LLC, and .SHOP.
10 want .ART, 11 want .HOME, and .INC, and the most popular at 13 applicants is:
.APP

I would not want to be working at ICANN this year. Disputes will be settled along disclosed rules and guidelines, but some may come down to auctions. One hopes the process of selecting winners will at least be transparent, with influence and conflicts of interest disclosed, or ICANN may find itself in a pool of hot litigative soup, with contention sauce.

Mozilla Thunderbird uses Gandi!

Thomas — Wed, 06 Jun 2012 06:52:00 -0700

What's new in version 13 of Thunderbird? An option to create a new email address with your preferred registrar. And yes, Gandi is the first (and currently only) choice in Europe!

Mozilla Thunderbird, for those who do not know, is the popular open source email client, with 25 million users. It's excellent, totally free, and very secure.

Mozilla has selected Gandi as their European partner for Thunderbird integration.

What does that mean? Well, in Europe, with the new version (v13), you can directly create a personalized email address based on a domain name you specify. Thunderbird will then allow you to directly purchase the domain name you want, and automatically configure the mail account so that it retrieves emails from your new address!

More than any possible commercial potential, what really makes us happy is the vote of confidence in Gandi that Mozilla cast. It's great to be working with such a dedicated, efficient team who share many of our core values.

Our teams have worked on the integration of this offer in Thunderbird in recent weeks, and we have streamlined the process of account creation to make the transaction as smooth as possible.

If you do not know Mozilla Thunderbird, check out their official page. If you already use this wonderful application, why not upgrade your version to lucky 13?

DNSSEC at Gandi (UPDATED)

Thomas — Tue, 20 Mar 2012 11:06:00 -0700

DNSSEC (Domain Name System Security Extensions) is a way to secure a previously insecure protocol: DNS. The most technically adept among Gandi’s customer community have been asking for DNSSEC support for a long time, and now, we are pleased to say, it is available!

This option is useful only if you know how to configure your own DNS servers, and at this point, it is enabled only for a relatively small number of popular domain name extensions.

The basic principle is to use digital keys and signatures to secure DNS from attack, such as DNS cache poisoning. When properly deployed, DNSSEC enables visitors to a secured domain to have an additional level of assurance that they have reached the site they intended to reach (authentication). The Registry for the domain stores the public key, and the authoritative DNS server stores tha private key. The resolving client checks the digital signature of the response to see if it is complete and authentic, i.e. that it comes from the authoritative DNS server.

For detailed information, see: http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions

To allow domain name owners at Gandi to use this facility, Gandi has created a tool that allows posting the public key(s) to the registry.

There are some prerequisites: first, you must possess the skills needed to set up and manage your own DNS server, generate a key, and install the private key on your DNS server. Your domain name cannot use Gandi's DNS as it’s primary server, but you can still have ns6.gandi.net as a secondary DNS if you like. Finally, your domain has to be in one of the following extensions:

Several other extensions are managed by Gandi and are also compatible with DNSSEC. They will soon have the option added. They are:

When you have your DNS server and private key in place, just use the new DNSSEC Management screens to populate the Registry with your public key. If you need help, please take a look at our Wiki page about the use of DNSSEC at Gandi. http://wiki.gandi.net/en/domains/dnssec

Update (08/03/2012): DNSSEC is now available for .ORG

Update (19/03/2012): DNSSEC is now available for .CO.UK, .ORG.UK and .ME.UK

On the Management and Coherence - of the Internet

Stephan — Fri, 02 Mar 2012 16:51:00 +0100

All of us here have seen this article, written by the head of EasyDNS, in which he gives his opinion as to the decision by Verisign, the operator of .com domains, to yield to the demand of the American judicial system.

The latter ordered them to forward two domain names to a page of their choice, specifically one that warns against online gaming and describes the legal actions taken by the authorities against the owners of those websites.

If I'm not mistaken, along with the MegaUpload affair, this is the second time that we have had to deal with this sort of thing. Here is a copy of the article:

----------------------------------------------
"Verisign seizes .com domain registered via foreign Registrar on behalf of US Authorities.

Yesterday Forbes broke the news that Canadian Calvin Ayre and partners who operate the Bodog online gambling empire have been indicted in the U.S., and in a blog post Calvin Ayre confirmed that their bodog.com domain had been seized by homeland security. As reported in Forbes (hat tip to The Domains for the cite),

According to the six-page indictment filed by Rosenstein, Ayre worked with Philip, Ferguson and Maloney to supervise an illegal gambling business from June 2005 to January 2012 in violation of Maryland law. The indictment focuses on the movement of funds from accounts outside the U.S., in Switzerland, England, Malta, and Canada, and the hiring of media resellers and advertisers to promote Internet gambling.

Sports betting is illegal in Maryland, and federal law prohibits bookmakers from flouting that law simply because they are located outside the country,” Rosenstein said in a statement. “Many of the harms that underlie gambling prohibitions are exacerbated when the enterprises operate over the Internet without regulation.”

That is a truly scary quote but we'll emphasize that: "The indictment focuses on the movement of funds outside the U.S." and that you can't just "flout US law" by not being in the US. What also needs to be understood is that the domain bodog.com was registered to via a non-US Registrar, namely Vancouver's domainclip. So Here's Where It Get's Scary…

No Bodog.com for you!We all know that with some US-based Registrars (*cough* Godaddy *cough*), all it takes is a badge out of a box of crackerjacks and you have the authority to fax in a takedown request which has a good shot at being honoured. We also know that some non-US registrars, it takes a lot more "due process-iness" to get a domain taken down.

But now, none of that matters, because in this case the State of Maryland simply issued a federal warrant was issued in the State of Maryland[1] to .com operator Verisign, (who is headquartered in California) who then duly updated the rootzone for .com with two new NS records for bodog.com which now redirect the domain to the takedown page.

This is exactly the scenario we were worried about when Verisign originally tabled their very troubling takedown proposal. Said proposal was quickly retracted, but here we have the same situation playing out anyway. Granted, this was an actual court order, to Verisign – not a "request" from a governmental or "quasi-governmental" agency as originally proposed.

But at the end of the day what has happened is that US law (in fact, Maryland state law) as been imposed on a .com domain operating outside the USA, which is the subtext we were very worried about when we commented on SOPA. Even though SOPA is currently in limbo, the reality that US law can now be asserted over all domains registered under .com, .net, org, .biz and maybe .info (Afilias is headquartered in Ireland by operates out of the US).

This is no longer a doom-and-gloom theory by some guy in a tin foil hat. It just happened.

The ramifications of this are no less than chilling and every single organization branded or operating under .com, .net, .org, .biz etc needs to ask themselves about their vulnerability to the whims of US federal and state lawmakers (not exactly known their cluefulness nor even-handedness, especially with regard to matters of the internet). The larger picture: root monopolies and the need to replace ICANN

The .com root will never be opened to a truly competitive bidding process. Verisign has pretty well ensconced themselves into the .com and .net roots indefinitely with built-in price hikes baked into the cake. I recall a conversation I once had with Tucows CEO Elliot Noss, back when they still owned Liberty RMS (which ran the .info registry and later sold to Afilias) – he lamented that if the .com registry bidding process were truly competitive, you would see a registry operator in there doing it for about $2 per domain. At the time the wholesale cost of a .com domain was $6 and is now $7.85 after their latest annual increase which is hard-coded into their contract.

I mention this because a truly competitive bidding process for the registry operator job would bring out both cost competition and stewardship competition: players who would table proposals on just how they would respect the rights of all their stakeholders, not to mention operators who may operate outside the United States.

Where the fsck is ICANN in all of this?

They are nowhere. They are collecting their fees, pushing their agenda of as many possible new-top-level domains and despite the fact that SOPA, ACTA, PIPA et aim directly at the interests of their core stakeholders, for whom they are supposed to be advocates and stewards. ICANN is conspicuous in their absence from the debate, save for a smug and trite abdication of involvement (i.e. "ICANN Doesn't Take Down Websites") – translation: "This isn't our problem".

And therein lies the issue. ICANN needs to make this their problem, because it very much is. If ICANN isn't going to stand up, and vigorously campaign for global stakeholder representation in these matters, than they are not only abdicating any responsibility in the ongoing and escalating crackdown on internet freedom, they are also abdicating their right to govern and oversee it.

They need to be visible, they need to be loud and they need to come down on the right side of these issues or they need to be replaced.

Of course, the replacement of ICANN will never happen. At least not by a non-US entity, which means we are once again headed to the unthinkable place that only crackpots and conspiracy theorists think possible: a fractured internet with competing roots. On the bright side, life will go on, and companies like mine will probably become exceedingly wealthy charging every internet user in the world fees to gain and project visibility across all the myriad internet roots that will someday exist because governments will refuse to approach it co-operatively. The only thing that will remain to be seen is whether we'll be deemed "criminals" for doing so."

----------------------------------------------
What about Gandi in all this?

My opinion on this topic? (since there may be some significant differences within Gandi). Let's just say that I am a fatalist and strongly believe in consumer freedom. In short, I am not sure that we can avoid this kind of a mess, however if consumers/citizens wake up (since yes, with the exception of our customers and what we saw during the boycott of GoDaddy, this type of reaction is rare) they may decide that no extension is irreplaceable, even the original one (.com).

If you don't agree with the policies and decisions of your provider or product manufacturer, then work to change it. Change provider as well. Make a decision and take a stand and act. Exercise your greatest power: that of where you spend your money.

With regards to the uniqueness of the web, it's a fact that it is American, and that it will probably explode one day, though this is not something that we want to see. But, as long as they manage to "talk" together and the whole thing "works"... yes I know I always had a utopian side

PS: It so happens that in this case, the persons targeted by the authorities are known to us, and, how can I say this...I am not going to shed any tears. This does not touch upon the root of the problem of course.

The Evolution of Domain Names

Thomas — Mon, 16 Jan 2012 17:08:00 -0800

Here is a bit of context for Domain Names, where they have been, and where they are going, especially with the new gTLDs on the way.

Back in the late 70s, in the early days of the Internet, the network designers needed a method of telling the hosts on their network apart. They went through several iterations and changes to address schemes and communication protocols, eventually coming up with the Internet Protocol (IP) address scheme. They initially assigned names to addresses in a single file called HOSTS.TXT, which they copied to all of the small number of interconnected hosts.

After passing this file around to all their hosts got a little impractical, they created the domain name system or DNS, in 1983. This grew into a global infrastructure, which, despite it’s relatively simple mission (returning a unique numeric IP address when given a text-format name) is now a multi level hierachical database, comprised of thousands of DNS and bind servers.

The Evolution of the Registry and the Registrar

At first, the US government doled out domain names for free, mainly to universities and research institutiuons. After the Internet migrated out of these institutions, and companies and individuals got involved, the free distribution of domain names soon came to an end. In 1993, registration of domain names became a private, subsidized business, at least for .com, .org, and .net extensions. In 1995, fees were introduced.

NSI (Network solutions), who had operated the handing out of free domain names, became the sole Domain Name authority for the Internet, taking over this function from InterNIC, who had contracted it to them in 1991. The initial fee was $100 per name, for two years.

This changed in 1998, with the delegation for DNS management to ICANN, originally formed to take over for IANA in the distribution of IP addresses. With this came the separation of the registry (the database administration portion of the task of updating the DNS system) and the registrar (the commercial business of collecting registration fees and administering the Domain Name registration process).

Dozens of registrar companies like Gandi SAS began to form, offering services that complement the ownership of a domain name, such as hosting services for web and email. NSI maintained a monopoly on .com, .net, and .org, but NSI was purchased by Verisign in 2000, and Verisign sold off the registrar portion of the business in 2003. NSI still runs as a registrar, and Verisign remains the accredited registry for .com and .net extensions.

Domain names continue to evolve. The separation of the registry and the registrar has allowed entities such as governments to form part of the picture once again. The ccTLDs (Country-Code Top-Level Domains), introduced in 2010, are mostly managed by different registries. These registries are sometimes government agencies or offices, sometimes independent companies on contract to governments. They are delegated the authority by IANA (http://www.iana.org/domains/root/db/), and may implement a variety of restrictions and rules for who may register and for what purpose. This is why you need to be a resident of the EU to have a .it domain, for example, or an address in Germany for a .de.

In 2011, after long discussion, the .xxx domain was introduced, ostensibly to allow pornographers to more easily designate their domains as hosting adult material, though certainly not all pornographers agree that this is a good thing for their business, or that ICANN acted appropriately in allowing the xxx extension (see this lawsuit).

That’s where we are now, or where we were until last week.

Avoiding Friday the 13th , on the 12th of January, ICANN announced unrestricted gTLDs as available for application. If you are wondering what an unrestricted gTLD is, think “dot brand” instead of “dot com” and you will get the idea. Here’s a link to more info.

The new gTLDs certainly have the potential to disrupt the relatively settled state of domain names we know now and are more or less comfortable with. ICANN is moving ahead with the proposal despite the obvious potential for confusion, the need to rebrand millions of products and services around new names, and the resistance that is being put up from many entrenched interests like the ANA.

Critics of ICANN’s handling of the initial gTLD proposal in 2008 point out that the registries (and, for that matter the registrars, like Gandi) stand to make a lot of money when the new monikers start to be allowed. It is not unlike a real estate boom, with green fields to be developed. It is up to ICANN to prove to it’s critics that it is not bowing to inappropriate pressure from those who star to gain, and that it’s interests are not in conflict when it approves such regulations.

As big a deal as this is, we will have time to adjust to it gradually. Only 1000 gTLDs will be released a year, and the first of them won’t show up for about a year at the earliest. The application price is so high ($185,000 USD), that it puts a gTLD name out of the reach of most small businesses. The ability to obtain and resell a name that is not related to the business you do, or one that relates to many businesses, not just yours, will be restricted severely. It will be very hard to “typo-squat” or snap up gTLDs and resell them to later claimants.

Still, to really manage one of these names and all of it’s ancillary brand protection provisions is probably much more expensive than just the application fee.

Gandi is cautiously optimistic that ICANN will be able to manage the release well, and we are looking forward to what the creative minds in the community will do with the new digital real estate. It certainly will cost some businesses a significant amount of money to take advantage of the opportunity, but that’s true for a lot of things. It’s the businesses that manage opportunities and take risks that reap the benefits, and having more opportunities is never a bad thing.

The United States Congress is Set to Enable Internet Censorship Tools

Thomas — Fri, 16 Dec 2011 16:01:00 -0800

The US Congress is pushing through a controversial set of bills to protect copyrighted material from piracy, but that also threaten innovation and the free flow of information on the Internet.

In an open letter to lawmakers, the CEOs and founders of several innovative tech companies have cautioned that the Stop Online Piracy Act (SOPA) and the senate version, the PROTECT IP act, would have a "chilling effect" on innovation.
Some critics go so far as to compare the provisions of the bills to laws in place in counties such as China, which routinely blocks sites that the government deems undesirable. Certainly a lot of people see this legislation as a threat to the free flow of information. Mozilla went so far as to modify their Firefox browser logo (that gets displayed when you upgrade Firefox) to have a blackout bar across it.

Some in congress are suggesting alternative proposals, such as Rep. Darrell Issa (R-CA), who offered the Online Protection and ENforcement of Digital Trade Act ( OPEN act ). Others have offered amendments that would reign in the most radical powers that SOPA would grant the US Attorney General, but these amendments have so far been rejected by the committee.
The issues with SOPA are many: it would effectively end the DMCA safe harbor provision, in favor of immediate takedowns. It would even ban linking in search results or social media to offending sites. Because of these provisions, Youtube would likely not exist if SOPA had ben in effect when it was invented. Others complain that the definitions of criminal activity as so vague that they could be used to criminalize common uses of the Internet.
SOPA may not even accomplish it's stated goals: many, including Google Executive Chairman Eric Schmidt say that SOPA will be ineffective against piracy, and that it will fundamentally change the way the internet works.
It also may force companies to introduce instability to systems like DNS. For example, SOPA could require ISPs to cause DNS resolution to fail for sites that are suspected of piracy, even when such failures compromise the integrity of the Domain Name resolution system.
Who would benefit if SOPA passes? Apparently, RIAA, no stranger to copyright infringement lawsuits, and others with large investments in copyrighted material. See their open letter of support here.
It remains to be seen whether the interests that back SOPA as written will prove more powerful than the tech innovators and citizens groups who value the free flow of information.

XXX almost live!

Ryan — Fri, 25 Nov 2011 17:01:00 +0100

The new XXX extension that is dedicated to the adult entertainment industry will be officially open to the public on December 6th, 2011.

After a launch consisting of Sunrise period (over 100,000 reservations), and then a Landrush phase (reserved to just the porn industry), it is now time for the general opening of the extension to the general public. This latest phase will also allow those who were unable to protect their name before to try again.

If you are not part of the adult entertainment industry, then there is nothing more that you need to do than do register the domain, which will be blocked. By "blocked" we mean that it may not be used in any way at all: no link, no DNS, no forwarding, or mail etc.

If, however, you are a member of the sponsored community, you must, after purchasing your domain name, go to the Registry's website to fill out a form to confirm that you participate in the porn industry in order to make your .XXX domain active, and therefore, usable.

In both cases, the domain must be renewed each year, for €65 per year excl. vat under A rates (see all .XXX prices). Only those that blocked their domain during the Sunrise period will have their domain blocked for life and will not need to renew it.

The first orders for the general opening must be sent to the registry on December 6th at 5 PM CET. Also, since the landrush is over, we are now be able to take your per-registration requests.

These will be sent to the registry upon the opening of its technical platform. As usual, and without being able to guarantee that you will indeed get the domain you requested (many people will be simultaneously trying to register), we will do everything possible to send the orders in the order that they were received. Failed orders will be fully refunded to the prepaid account of the handle used to pay (or to the credit card used, upon request to support).

.FR domains available to Europe

Ryan — Thu, 17 Nov 2011 17:39:00 +0100

The registry in charge of .fr domain names, AFNIC, will soon be changing many of their rules, as well as taking over the management of several other French extensions. On Tuesday, December 6th 2011 at 10:00 Paris time, AFNIC's changes will take affect. But what will change precisely?

The new extensions that AFNIC will manage are .YT (Mayotte), .PM (St-Pierre and Miquelon), .TF (The French Southern and Antarctic Lands), and .WF (Wallis and Futuna).

Also, all of the various prerequisites will be homogenized: there will no longer be different rules for .fr, or .re, etc. All of the extensions managed by AFNIC will have the same rules.

What are these rules?

Both individuals and companies are now able to register domains in these extensions, as long as they are located in the European Economic Area or in Switzerland. Organizations no longer need to provide a license number, though it is strongly encouraged, as this will facilitate any verification that AFNIC might perform at a later date.

Concerning reserved domain names, it is necessary to prove that you are registering the domain in good faith. The list of reserved/forbidden terms is still not public however it includes city names and is identical to what is reserved with the .fr.

When can you start to register them?

You can already place your orders for these extensions via our usual registration interface! Prices for .YT, .WF, .TF, and .PM are identical to those of .FR and .RE. In the event that the domain you requested is reserved, you'll be able to provide your justification for registering it from your Orders in Progress page. As always, orders that are unsuccessful will be fully refunded to your prepaid account (or to your bank account if you request this).

Update on the new gTLDs

Ryan — Thu, 11 Aug 2011 16:30:00 +0200

After much discussion, ICANN finally met in Singapore this July and confirmed the launch of the new gTLD process that began in Paris three years ago. As a result of this meeting, in 2 to 3 years from now, we will see a major change in the internet, and an increase in the number of extensions to choose from.

It is only natural to wonder what interest there is in launching tens, hundreds, or (in a few years) thousands of new extensions, knowing that there is already over 240 of them to choose from.

It is widely known that the domain name space (and particularly that of .com) is currently saturated, and yet that extension is the most popular on the web. .com domains are clearly recognized as a generic worldwide extension for company websites. Only a few markets such as the United Kingdom and Germany more readily identify with their national extensions (.co.uk and .de).

If these new extensions turn out to be a success, how long will it take before we change our habits? The opening of each new extension will require colossal efforts in terms of communication.
You will see your favorite shoe brand have websites such as lunarglide3.nike instead of http://nikerunning.nike.com/nikeos/p/nikeplus/fr_FR/products/lunarglide3?pid=408950 for example...

And it's not hard to imagine adds with something like

...or having an address such as arcdetriomphe.paris

We're not there yet, but this is what we can expect to see in the near future, say, in 2014-2015.

For those who wish to manage an extension like .brand, .country, .continent, .sport, etc. applications will begin on January 12th 2012 and will end on April 12th 2012.

There are a few reasons why a company might like to have their own TLD:

- Marketing, because having your own TLD amounts to owning your own piece of the internet, since it is you that define your own naming policy. It is difficult at this time to measure the impact that these new extensions will have on search engine algorithms, however.
The new extensions nonetheless provide for a very interesting opportunity for companies that are holders of a trademark. By registering a larger number of domain names, searching becomes more intuitive for customers, and can even sidestep using search engines. For example: f-150.ford.
This requires, however, a lot of configuration and forwarding towards the appropriate content. Nonetheless it will help assure that the customer does not land on a page that does not correspond to unofficial content that is not under the control of the company. This is a way to put the URL bar back in the center of navigation, which is all to often ignored by users in favor if the search form on the various search engines.
The existing TLDs and notably the country extensions, will remain precious assets in domain name policies, however they may not have the same role as they do today. They must be maintained for a certain number of years however.

- Legal, because once the TLD will have gained a certain notoriety, the company will have a "space" all to themselves, that they control, and that they will have a stronger legal hold over.
Third party attacks on other TLDs than the official TLD will therefore be less important, even though one should not ignore them altogether.

- in terms of security too, since a unique TLD may offer more security for its users, even if criminals are never short of ideas in terms of phishing.

So, are we really going to witness a big change? What is certain, is that the launch has taken place during the ICANN meeting last June in Singapore. The new extensions will therefore most certainly see the light of day.

It will become essential to assure domain name monitoring, as both the scope of the research and the number of results will be larger. It will be, of course, necessary to increase the budgets ties to domain name portfolios.

We hope that this information has been useful. Feel free to contact our Corporate division if you envision launching your own .brand, as we would be more than happy to help you in the preparation of your application to submit to ICANN, as well as the technical aspects inherent to the role of a registry.

Time is running out: despite the calm summer we're having, it is nonetheless the calm before the most important revolution that our industry has seen since the beginning of the internet.

TheRegister.co.uk comments on gandi's removal of SSL certificate for googlesharing.net

Joe — Tue, 06 Apr 2010 10:36:00 +0100

TheRegister.co.uk ( http://www.theregister.co.uk/2010/04/05/googlesharing_cert_revoked/ ) last night published an article describing how Gandi.net had enforced its policies by removing a certificate for a domain name googlesharing.net that had infringed on our terms and conditions in a number of ways. According to the article the known ‘hacker’ who admitted to falsifying his whois information on the registration was surprised that the certificate was removed.

Our policy has always been to respect our customers and protect their rights, but also protect the rights of other companies and customers. The ‘whois’ accuracy requirement is not only an important part of the ICANN regulations, but also a key aspect in us knowing who are customers are and allowing us to contact them in event of a problem. If you falsify your whois information, we may not be able to contact you if there is a problem, and we don’t know who you are which means we can’t protect you as much as other customers that we can vouch for and validate. Ours is a relationship of mutual trust and respect. Please respect us by giving us accurate information. If you want to enforce privacy, use the various privacy settings to obscure your whois data, but don’t falsify it.

Certificates represent an extra layer of security and trust on the internet. They give customers a sense of security that the website they are visiting can be trusted and the owner is a known individual or entity. If the whois data behind a domain is falsified, a valid certificate cannot be issued, because the owner is not a trusted source. It would be wrong to give an accredited level of trust to a site that is based on deliberately misleading information.

The customer in this case was trying to setup and promote a service to offer users a greater degree of privacy from the information that google collects. This is a noble cause and one that we would be happy to host, but only if it plays by the rules. The customer could have avoided this by:

Providing accurate whois information so we know who they are and can vouch for them and issue a certificate with certainty
Register a domain that describes the service but does not risk any potential trademark infringement, e.g. Searchengineprivacy.com (or some combination of that that is avaialbe).

This way we would know who they are and defend their rights to the teeth as we do with all of our customers.

Please note that we weren't contacted by google in this case, but took action based on the falsified Whois data. Google could object to this domain, so it's always good to avoid potential infringement that could cause you to lose a domain in a dispute.

In the spirit of our ‘no bullshit’ policy, what we could have done better in this example was make more of an effort to contact the customer direct at the point when we knew the certificate was going to be revoked. The address and phone number on the Whois were fake but we should have followed up by email. This was our error and we'll do better next time.

.PT domains available at Gandi

Ryan — Mon, 07 Dec 2009 10:05:00 +0100

With the addition of this highly-anticipated extension, we have completed the coverage of southwestern European countries!

In order to register a .PT domain, you must have a Portuguese taxpayer ID, as well as a document that proves that the domain name corresponds to a trademark, family name etc. (for example: the TVA number of the company Martin would be needed to register martin.pt).

If you do not meet this criteria, you can nonetheless register a .COM.PT domain. These domains are open to everyone, with the condition that individuals must provide a national ID number or passport number, and companies must provide their intra-Community VAT number.

The registration .PT and .COM.PT domains are sold at €24 ($35, or £22) excl. VAT per year under A rates. Transfers of .PT or .COM.PT to Gandi are available at only €1 ($1, or £1) for all.

See the .PT information page.

Accented .EU domain names - pre-reservations have started!

Ryan — Mon, 09 Nov 2009 15:33:00 +0100

From December 10th 2009 EURid, the registry that is in charge of the .EU zone, will allow domain names to be registered that include accented characters for the first time. This is of course a great benefit to the 28 countries of the European Union where accented characters are very common: http://www.eurid.eu/en/eu-domain-names/idns-eu.

There will not be a Sunrise period to guarantee protection of existing trademarks. The registry has chosen to use the "first-come, first-served" approach. This means that if you already own a domain name in its unaccented version, you will not be given priority for buying the same domain in its accented version. For more information on .EU Internationalized Domain Names (IDN), we recommend visiting their FAQ on the topic.

You can already start placing your accented .EU domain order requests at Gandi! All pre-registration requests will be sent to the registry (in the order that we received them) on December 10th. Orders that cannot be completed will be fully refunded. To pre-register an accented .EU domain name at Gandi, simply write it in its accented form in the domain name search box on Gandi's home page.

As a reminder, the IDN System is specified by RFC standards 3490, 3491 and 3492. This system is now recognized by all modern web browsers (ex. http://www.스타벅스코리아.com). However when using IDNs for email, only the encoded version (below) is recognized at present. It is not possible, for example to have an email address like ryan@스타벅스코리아.com.

Technically, the "special" characters are encoded using a conversion table. This is why an IDN domain name will begin with the four characters: xn––. For example: bébé.eu becomes xn-–bb-bjab.eu. So ryan@bébé.eu would become ryan@xn-–bb-bjab.eu for use in email.

IDNs are also now available on a first-come, first-served basis!

Stay Tuned! .AM and .FM domains are now available

Ryan — Thu, 05 Nov 2009 08:32:00 +0100

We are pleased to announce that Gandi now manages .am and .fm domains.

These ccTLD, while being the official extensions for Armenia and Micronesia, are frequently used for online radio stations, and who among us has not listened to internet radio?

I know I enjoy the benefits of seeing the name of an artist while playing, having a personalized playlist at work, or even just having a higher quality of sound than the old analogue radio. They were so 20th century

More and more radio stations are being created on the web and letting amateurs be heard all over the world. Radio is not just for the big guys anymore.

Here is the list of these extensions, with A rates shown (excl. VAT) and the link to the information page of each:

.AM from €54 ($78, £49) per year
.FM from €54 ($78, £49) per year

6 new domain name extensions at Gandi: .GS .HT .SB .TL .MU .CX

Ryan — Wed, 04 Nov 2009 16:42:00 +0100

Our previous domain name discovery tour took us over the world's oceans, and introduced you to 5 new extensions managed by Gandi.

Here is another journey, where you can discover 6 new extensions that you can manage at your favorite domain name registrar. And since we went by sail last time, today's tour will be by plane.

Our trip begins in an archipelago without an airport, where less than 200 people live (mainly researchers), and where the temperature is frequently below zero. The archipelago of South Georgia is less than 1,000 nautical miles off the coast of Antarctica and from here we leave the .GS (South Georgia) archipelago and set a Northerly course towards warmer latitudes.

After traveling more than 5,000 nautical miles, and after flying over nearly all of South America, we come to the tropical climate of the Caribbean Sea, where we will land on the tumultuous Haiti home of the .HT (Haiti).

After sipping on a Piña Colada, a plate of local Shrimp, and then sunbathing for a few hours on one of the magnificent local beaches, we board the plane again. After refueling and taking off, we change course by 260 degrees for a loooooooong flight of nearly 8,000 nautical miles that will take us across the pacific ocean, the international date line, and the Tropic of Cancer. We will land on runway 24 of the Solomon Islands, home of the .SB.

A brief historic visit of this island that has played such a large role during the the Pacific War, and we take off again, this time for a shorter flight of only 2,000 nautical miles, due West, to a country where it best to have the authorization pass into its airspace, as internal conflict has given more voice to arms than diplomats. Welcome to East Timor and the .TL!

We continue 1,000 nautical miles west along our route, and there we see the o' so very small but charming .CX with the festive name (Christmas Islands). The beaches there are magnificent, the scenery is enchanting, and the local cuisine is rich is flavor (and spices ;)). Relaxed, and full of wonderful memories of our stay, we board out flight and head out to our last destination.

With our course set West-South-West to 255, we can sit back and enjoy the 3,000 nautical mile flight over the Indian Ocean. There, an island suddenly appears on the blue horizon, welcoming and bathed in sunlight.

Having the authorization to land on runway 32 we arrive at Mauritius home of the .MU!!

After a long journey far above the waves, we find ourselves on the most diverse island on the Indian Ocean. Halfway between Africa and Asia, colonized by the Europeans, here is a charming melting pot of people, language, and culture...

Our plane is in the Hangar, and so we will profit from our presence on this island paradise to wait for the new batch of extensions. We hope that you have had a pleasant flight, and we wish you a wonderful stay! See you again soon on Air Gandi!

Here is the list of extensions, with A rates shown (excl. VAT) and the link to the information page of each:

.GS: €30 ($40, £25) per year
.HT: €64 ($90, £55) per year
.SB: €44 ($60, £8.30) per year
.TL: €26 ($35, £18) per year
.MU: €42 ($58, £36) per year
.CX: €26 ($35, £18) per year