Home / Blogs

Introduction: New gTLD Security and Stability Considerations (Part 1 of 5 )

Danny McPherson

Verisign recently published a technical report on new generic top-level domain (gTLD) security and stability considerations. The initial objective of the report was to assess for Verisign's senior management our own operational preparedness for new gTLDs, as both a Registry Service Provider for approximately 200 strings, as well as a direct applicant for 14 new gTLDs (including 12 internationalized domain name (IDN) transliterations of .com and .net). The goal was to help ensure our teams, infrastructure and processes are prepared for the pilot and general pre-delegation testing (PDT) exercises, various bits of which are underway, and the subsequent production delegations and launch of new gTLDs shortly thereafter.

However, in cataloging internal and external risks related to the new gTLD program, we found several far-reaching and long-standing issues that need to be further explored and/or resolved with varying levels of urgency. We felt it necessary to shine a more public light on these issues in order to raise awareness of the effects that could be felt throughout the Internet if proper caution is not exercised in the implementation of new gTLDs.

A Little Background:

In addition to being a direct applicant stakeholder and Registry Service Provider in the new gTLD program, Verisign has long been deeply engaged in various aspects of the Domain Name System (DNS) and broader Internet infrastructure ecosystem. For example, Verisign:

  • Operates two of the Internet's 13 root name servers (letters A & J),
  • Runs the TLD registry services for .com, .net, .gov, and several other TLDs (accounting for more than120 million registered domain names),
  • Works with ICANN and the U.S. Department of Commerce's NTIA to perform the root zone management function itself,
  • Has provided more than 15 years of uninterrupted network availability for .com and .net,
  • Is a public company and maintains hundreds of controls across 8 regulatory compliance frameworks that are periodically audited or continuously monitored by third parties,
  • Has a worldwide network footprint and backbone with approximately 70 data center or regional services locations globally, and
  • Provides Managed DNS, DDoS Protection Services and Cyber threat intelligence services (e.g., iDefense) to a global customer base that includes a number of Fortune 500 companies.

Verisign's expertise and distinct view into the Internet ecosystem enables us to highlight issues that could prove to have significant consequences. In developing the New gTLD Security and Stability Considerations report, we sought to not only understand our own preparedness, but also that of the broader DNS ecosystem, and of the billions of Internet users ultimately dependent on that system. Somewhat ironically in hindsight, it was comments from ICANN leadership in late January 2013, and collaborative work within ICANN's Registry Stakeholders (RySG) Group in February and March to examine concerns about operational preparedness that led Verisign to publicly issue a report in part to help draw due attention and foster more rapid consideration and resolution of these issues, given that ICANN was purportedly months and hours away from launch.

While the New gTLD Security and Stability Considerations report is by no means comprehensive, it provides a clear illustration of the many existing issues and known risks that have been highlighted in various documents, and public, for several years — many of which came from ICANN's very own Security and Stability Advisory Committee (SSAC) — that still need to be addressed or explored further (e.g., namespace collisions issues and administrative boundaries in the DNS), and should be completed before new gTLDs are delegated.

In an effort to make the information within the report more digestible to a broad audience, I will publish several blog posts that will explore some of these outstanding (or resolved) issues. The general objective is to share, in as simple a manner as possible, my perspective on often complex and nuanced Internet infrastructure security and stability issues related to the DNS and new gTLDs in particular. My aim is to simply increase awareness of the issues, risks, and resolutions that face applicants, registry operators and registrars, application developers and OS vendors, security folk, enterprises, and consumers alike.

New gTLD Security and Stability Considerations Blog Series:

1. Introduction: New gTLD Security & Stability Considerations
2. Stability at the Core, Innovation at the Edges
3. Name Collisions, Why Every Enterprise Should Care
4. NXDOMAINS, SSAC's SAC045, and New gTLDs
5. Administrative Boundaries in the DNS

By Danny McPherson, Senior Vice President and Chief Security Officer at Verisign

Related topics: Cybersecurity, DNS, Domain Names, ICANN, Registry Services, Top-Level Domains

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Cybersecurity

Sponsored by Verisign

DNS Security

Sponsored by Afilias

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Domain Registrations Reach 331.9 Million, 6.7 Million Growth Year over Year

.brands Spotlight: Banking and Finance Industries

Google Buys Business.Site Domain for 'Google My Business'

Radix Announces Global Web Design Contest, F3.space

Global Domain Name Registrations Reach 330.6 Million, 1.3 Million Growth in First Quarter of 2017

.TECH Gets Its Big Hollywood Break

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

UDRP: Better Late than Never - ICA Applauds WIPO for Removing Misguided 'Retroactive Bad Faith'

The Rise and Fall of the UDRP Theory of 'Retroactive Bad Faith'

.PRESS Supports Press Freedom Day for 3rd Consecutive Year

Leading Internet Associations Strengthen Cooperation

5 Afilias Top Level Domains Now Licensed for Sale in China

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital