Home / Blogs

Introduction: New gTLD Security and Stability Considerations (Part 1 of 5 )

Danny McPherson

Verisign recently published a technical report on new generic top-level domain (gTLD) security and stability considerations. The initial objective of the report was to assess for Verisign's senior management our own operational preparedness for new gTLDs, as both a Registry Service Provider for approximately 200 strings, as well as a direct applicant for 14 new gTLDs (including 12 internationalized domain name (IDN) transliterations of .com and .net). The goal was to help ensure our teams, infrastructure and processes are prepared for the pilot and general pre-delegation testing (PDT) exercises, various bits of which are underway, and the subsequent production delegations and launch of new gTLDs shortly thereafter.

However, in cataloging internal and external risks related to the new gTLD program, we found several far-reaching and long-standing issues that need to be further explored and/or resolved with varying levels of urgency. We felt it necessary to shine a more public light on these issues in order to raise awareness of the effects that could be felt throughout the Internet if proper caution is not exercised in the implementation of new gTLDs.

A Little Background:

In addition to being a direct applicant stakeholder and Registry Service Provider in the new gTLD program, Verisign has long been deeply engaged in various aspects of the Domain Name System (DNS) and broader Internet infrastructure ecosystem. For example, Verisign:

  • Operates two of the Internet's 13 root name servers (letters A & J),
  • Runs the TLD registry services for .com, .net, .gov, and several other TLDs (accounting for more than120 million registered domain names),
  • Works with ICANN and the U.S. Department of Commerce's NTIA to perform the root zone management function itself,
  • Has provided more than 15 years of uninterrupted network availability for .com and .net,
  • Is a public company and maintains hundreds of controls across 8 regulatory compliance frameworks that are periodically audited or continuously monitored by third parties,
  • Has a worldwide network footprint and backbone with approximately 70 data center or regional services locations globally, and
  • Provides Managed DNS, DDoS Protection Services and Cyber threat intelligence services (e.g., iDefense) to a global customer base that includes a number of Fortune 500 companies.

Verisign's expertise and distinct view into the Internet ecosystem enables us to highlight issues that could prove to have significant consequences. In developing the New gTLD Security and Stability Considerations report, we sought to not only understand our own preparedness, but also that of the broader DNS ecosystem, and of the billions of Internet users ultimately dependent on that system. Somewhat ironically in hindsight, it was comments from ICANN leadership in late January 2013, and collaborative work within ICANN's Registry Stakeholders (RySG) Group in February and March to examine concerns about operational preparedness that led Verisign to publicly issue a report in part to help draw due attention and foster more rapid consideration and resolution of these issues, given that ICANN was purportedly months and hours away from launch.

While the New gTLD Security and Stability Considerations report is by no means comprehensive, it provides a clear illustration of the many existing issues and known risks that have been highlighted in various documents, and public, for several years — many of which came from ICANN's very own Security and Stability Advisory Committee (SSAC) — that still need to be addressed or explored further (e.g., namespace collisions issues and administrative boundaries in the DNS), and should be completed before new gTLDs are delegated.

In an effort to make the information within the report more digestible to a broad audience, I will publish several blog posts that will explore some of these outstanding (or resolved) issues. The general objective is to share, in as simple a manner as possible, my perspective on often complex and nuanced Internet infrastructure security and stability issues related to the DNS and new gTLDs in particular. My aim is to simply increase awareness of the issues, risks, and resolutions that face applicants, registry operators and registrars, application developers and OS vendors, security folk, enterprises, and consumers alike.

New gTLD Security and Stability Considerations Blog Series:

1. Introduction: New gTLD Security & Stability Considerations
2. Stability at the Core, Innovation at the Edges
3. Name Collisions, Why Every Enterprise Should Care
4. NXDOMAINS, SSAC's SAC045, and New gTLDs
5. Administrative Boundaries in the DNS

By Danny McPherson, Senior Vice President and Chief Security Officer at Verisign

Related topics: DNS, Domain Names, Registry Services, ICANN, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Alabama Joins dotVOTE Movement - Announces Alabama.vote for Its Election Site

LogicBoxes Partners With Domains.Green to Setup Retail & Wholesale Channels for .green Domains

New Top-Level Domain .fit Launches, Announces Partnership with the Arnold Sports Festival

Bauer Media Joins Minds + Machines as a .fishing Pioneer

New .vote TLD Used for Arizona Voters

First Premium .yoga Domains Up for Auction

Afilias Releases 160,000+ Names Across 8 New TLDs

Deal Yourself In: .POKER Names Now Open to All

Verisign OpenHybrid for Corero and Amazon Web Services Now Available

Lou Andreozzi to Lead New .Law Top-Level Domain

ICANN Business Constituency Elects Elisa Cooper of MarkMonitor as Chair

PIR Releases Report Detailing Steady Growth of .org Domain in 2014

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

.film to Provide New Home Online for the Film Industry

.VOTE Solves Presidential Candidate Ted Cruz's Domain Name Problem

.green Now in General Availability

ICANN's Registry Audits Begin Next Week. Are You Prepared?

Sunrise Period Begins for .NGO and .ONG

.study & .courses to Launch with Support of ARI Registry Services

We Know This .Sucks

Sponsored Topics

dotMobi

Mobile

Sponsored by
dotMobi
Verisign

Security

Sponsored by
Verisign
Port25

Email

Sponsored by
Port25
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Afilias

DNS Security

Sponsored by
Afilias