Home / Blogs

Introduction: New gTLD Security and Stability Considerations (Part 1 of 5 )

Danny McPherson

Verisign recently published a technical report on new generic top-level domain (gTLD) security and stability considerations. The initial objective of the report was to assess for Verisign's senior management our own operational preparedness for new gTLDs, as both a Registry Service Provider for approximately 200 strings, as well as a direct applicant for 14 new gTLDs (including 12 internationalized domain name (IDN) transliterations of .com and .net). The goal was to help ensure our teams, infrastructure and processes are prepared for the pilot and general pre-delegation testing (PDT) exercises, various bits of which are underway, and the subsequent production delegations and launch of new gTLDs shortly thereafter.

However, in cataloging internal and external risks related to the new gTLD program, we found several far-reaching and long-standing issues that need to be further explored and/or resolved with varying levels of urgency. We felt it necessary to shine a more public light on these issues in order to raise awareness of the effects that could be felt throughout the Internet if proper caution is not exercised in the implementation of new gTLDs.

A Little Background:

In addition to being a direct applicant stakeholder and Registry Service Provider in the new gTLD program, Verisign has long been deeply engaged in various aspects of the Domain Name System (DNS) and broader Internet infrastructure ecosystem. For example, Verisign:

  • Operates two of the Internet's 13 root name servers (letters A & J),
  • Runs the TLD registry services for .com, .net, .gov, and several other TLDs (accounting for more than120 million registered domain names),
  • Works with ICANN and the U.S. Department of Commerce's NTIA to perform the root zone management function itself,
  • Has provided more than 15 years of uninterrupted network availability for .com and .net,
  • Is a public company and maintains hundreds of controls across 8 regulatory compliance frameworks that are periodically audited or continuously monitored by third parties,
  • Has a worldwide network footprint and backbone with approximately 70 data center or regional services locations globally, and
  • Provides Managed DNS, DDoS Protection Services and Cyber threat intelligence services (e.g., iDefense) to a global customer base that includes a number of Fortune 500 companies.

Verisign's expertise and distinct view into the Internet ecosystem enables us to highlight issues that could prove to have significant consequences. In developing the New gTLD Security and Stability Considerations report, we sought to not only understand our own preparedness, but also that of the broader DNS ecosystem, and of the billions of Internet users ultimately dependent on that system. Somewhat ironically in hindsight, it was comments from ICANN leadership in late January 2013, and collaborative work within ICANN's Registry Stakeholders (RySG) Group in February and March to examine concerns about operational preparedness that led Verisign to publicly issue a report in part to help draw due attention and foster more rapid consideration and resolution of these issues, given that ICANN was purportedly months and hours away from launch.

While the New gTLD Security and Stability Considerations report is by no means comprehensive, it provides a clear illustration of the many existing issues and known risks that have been highlighted in various documents, and public, for several years — many of which came from ICANN's very own Security and Stability Advisory Committee (SSAC) — that still need to be addressed or explored further (e.g., namespace collisions issues and administrative boundaries in the DNS), and should be completed before new gTLDs are delegated.

In an effort to make the information within the report more digestible to a broad audience, I will publish several blog posts that will explore some of these outstanding (or resolved) issues. The general objective is to share, in as simple a manner as possible, my perspective on often complex and nuanced Internet infrastructure security and stability issues related to the DNS and new gTLDs in particular. My aim is to simply increase awareness of the issues, risks, and resolutions that face applicants, registry operators and registrars, application developers and OS vendors, security folk, enterprises, and consumers alike.

New gTLD Security and Stability Considerations Blog Series:

1. Introduction: New gTLD Security & Stability Considerations
2. Stability at the Core, Innovation at the Edges
3. Name Collisions, Why Every Enterprise Should Care
4. NXDOMAINS, SSAC's SAC045, and New gTLDs
5. Administrative Boundaries in the DNS

By Danny McPherson, Vice President and Chief Security Officer at Verisign

Related topics: DNS, Domain Names, Registry Services, ICANN, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

ICANN London Recap Webinar

Four Reasons to Move from .COM to Your .BRAND Domain

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Neustar to Launch usTLD Stakeholder Council

Introducing the New .ORGANIC Domain: A Trusted, Credible Space for Organic Products on the Web

.WANG - 15,000 Registrations on Day One of General Availability

Dot Brand: Why Your Brand Needs Its Own Top-Level Domain

Afilias Announces Start of .BLACK Sunrise Period

Radix Launches Three New TLDs in Sunrise With Backing from 50+ Registrar Partners

.WANG General Availability Opens on June 30, 2014

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

.Press Domain Names - The Changing Face of Journalism

LogicBoxes Waives Upfront Fees for New gTLD Vertical Integration Solutions

Radix Announces .Website Launch Timeline

.Host Timeline Released As Pioneer Program Kicks Off

Verisign Named to the OTA's 2014 Online Trust Honor Roll

TLD Registry Sponsored Xinnet's Partner Conference in Nanjing

Afilias Selected for CIO 100 Award

Victorian Government & ARI Agree to Long-Term .melbourne Partnership

Sponsored Topics