Home / Blogs

Introduction: New gTLD Security and Stability Considerations (Part 1 of 5 )

Danny McPherson

Verisign recently published a technical report on new generic top-level domain (gTLD) security and stability considerations. The initial objective of the report was to assess for Verisign's senior management our own operational preparedness for new gTLDs, as both a Registry Service Provider for approximately 200 strings, as well as a direct applicant for 14 new gTLDs (including 12 internationalized domain name (IDN) transliterations of .com and .net). The goal was to help ensure our teams, infrastructure and processes are prepared for the pilot and general pre-delegation testing (PDT) exercises, various bits of which are underway, and the subsequent production delegations and launch of new gTLDs shortly thereafter.

However, in cataloging internal and external risks related to the new gTLD program, we found several far-reaching and long-standing issues that need to be further explored and/or resolved with varying levels of urgency. We felt it necessary to shine a more public light on these issues in order to raise awareness of the effects that could be felt throughout the Internet if proper caution is not exercised in the implementation of new gTLDs.

A Little Background:

In addition to being a direct applicant stakeholder and Registry Service Provider in the new gTLD program, Verisign has long been deeply engaged in various aspects of the Domain Name System (DNS) and broader Internet infrastructure ecosystem. For example, Verisign:

  • Operates two of the Internet's 13 root name servers (letters A & J),
  • Runs the TLD registry services for .com, .net, .gov, and several other TLDs (accounting for more than120 million registered domain names),
  • Works with ICANN and the U.S. Department of Commerce's NTIA to perform the root zone management function itself,
  • Has provided more than 15 years of uninterrupted network availability for .com and .net,
  • Is a public company and maintains hundreds of controls across 8 regulatory compliance frameworks that are periodically audited or continuously monitored by third parties,
  • Has a worldwide network footprint and backbone with approximately 70 data center or regional services locations globally, and
  • Provides Managed DNS, DDoS Protection Services and Cyber threat intelligence services (e.g., iDefense) to a global customer base that includes a number of Fortune 500 companies.

Verisign's expertise and distinct view into the Internet ecosystem enables us to highlight issues that could prove to have significant consequences. In developing the New gTLD Security and Stability Considerations report, we sought to not only understand our own preparedness, but also that of the broader DNS ecosystem, and of the billions of Internet users ultimately dependent on that system. Somewhat ironically in hindsight, it was comments from ICANN leadership in late January 2013, and collaborative work within ICANN's Registry Stakeholders (RySG) Group in February and March to examine concerns about operational preparedness that led Verisign to publicly issue a report in part to help draw due attention and foster more rapid consideration and resolution of these issues, given that ICANN was purportedly months and hours away from launch.

While the New gTLD Security and Stability Considerations report is by no means comprehensive, it provides a clear illustration of the many existing issues and known risks that have been highlighted in various documents, and public, for several years — many of which came from ICANN's very own Security and Stability Advisory Committee (SSAC) — that still need to be addressed or explored further (e.g., namespace collisions issues and administrative boundaries in the DNS), and should be completed before new gTLDs are delegated.

In an effort to make the information within the report more digestible to a broad audience, I will publish several blog posts that will explore some of these outstanding (or resolved) issues. The general objective is to share, in as simple a manner as possible, my perspective on often complex and nuanced Internet infrastructure security and stability issues related to the DNS and new gTLDs in particular. My aim is to simply increase awareness of the issues, risks, and resolutions that face applicants, registry operators and registrars, application developers and OS vendors, security folk, enterprises, and consumers alike.

New gTLD Security and Stability Considerations Blog Series:

1. Introduction: New gTLD Security & Stability Considerations
2. Stability at the Core, Innovation at the Edges
3. Name Collisions, Why Every Enterprise Should Care
4. NXDOMAINS, SSAC's SAC045, and New gTLDs
5. Administrative Boundaries in the DNS

By Danny McPherson, Senior Vice President and Chief Security Officer at Verisign

Related topics: DNS, Domain Names, Registry Services, ICANN, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Season's Greetings - 2014 End of Year Message from DotConnectAfrica

Minds + Machines in 2014 and 2015

New .VOTE and .VOTO Domains Launched

Consumers Prefer the .ORGANIC Domain for True-Organic Goods

DNW Podcast Interview with Antony Van Couvering

TLD Registry and Right of the Dot Establish a Domain Name Industry "Dream Team"

TLD Registry Ltd Welcomes New Board Members

New .LGBT Top-Level Domain Launched

.sydney Domain Names Now Available in Pre-Release

"Chinese Domaining Masterclass" to be Presented at NamesCon Las Vegas in January 2015

Auction and Sales Channel Update

Radix Set to Launch .SITE TLD in 2015

Annual Manthan Award Event This Week

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

List of New gTLD Availability & Key Information Provided for Download

Radix Launches .Space for Individuals, Freelancers and Professionals

TLD Registry Wins Best Marketing Award at China New gTLD Roadshow

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Afilias

DNSSEC

Sponsored by
Afilias
dotMobi

Mobile

Sponsored by
dotMobi
Verisign

Security

Sponsored by
Verisign