Domain Mondo's weekly internet domain news review (NR 2018-08-26) with analysis and opinion: Features • 1) ICANN & GDPR EPDP Meetings this week, 'WHOIS Is Mostly DEAD' Says Dr. Paul Vixie, 2) a. KSK Rollover, What to Expect, b.New gTLD .AFRICA, c. Public Comment at ICANN, 3) Names, Domains & Trademarks: a. France.com, b.China, c. Transfers, 4) ICYMI, 5) Most Read.
1) ICANN & GDPR EPDP Meetings this week, 'WHOIS Is Mostly DEAD' Says Dr. Paul Vixie
ICANN EPDP Team Meetings* this week: Tuesday Aug 28
, and Thursday Aug 30
, 13:00 UTC
, 9am EDT. Non-members of the EPDP Team can follow the EPDP meetings via Adobe Connect: https://participate.icann.org/gnso-epdp-observers
, or audio cast via browser
Each EPDP meeting's links to documents, transcripts, MP3 audio and Adobe Connect recording, will be posted here, as made available by ICANN (links to EPDP meetings' transcripts are usually posted on the GNSO calendar
within 24 hours). See also EPDP Team wiki
, mail list
, Temp Spec
, EPDP Charter
(pdf), and AC/SOs responses
to request for early input.
UPDATES 29-30 Aug:
a. Editor's note: the core questions completely missing thus far in the EPDP: Specifically, WHAT registrant data does ICANN need registrars to collect from registrants, and WHY? My answer
(which I have given before
of the legal entity or person registering the domain name (i.e.,
the "registrant"); ADDRESS
of the registrant (for contacting registrant concerning the domain name); EMAIL address
for contacting the registrant concerning the domain name; PHONE number
for contacting the registrant concerning the domain name. Anything more
(for ICANN's purposes
), is redundant, unnecessary, violative of the GDPR
, including data minimization requirements (see ICANN vs EPAG
), and in the case of fax numbers, an even more serious cybersecurity risk
. The registrar may collect billing and other data in compliance with the GDPR, but that is none of ICANN's business, and should be beyond the scope
of the EPDP, Temp Spec
. Frankly, the faster the EPDP can reach consensus on the above, the faster they can begin addressing access & accreditation issues.
b. Special interests push U.S. Congress to override ICANN’s WHOIS policy process--internetgovernance.org
29 Aug 2018--copy of the draft legislation
(pdf) embed in full below:
c. EPDP Meeting #9
(Agenda in slides embed below), Thursday, 30 August 2018, 13:00 UTC, 9am EDT:
UPDATES 28 Aug 2018:
Slides of Aug 28 EPDP Meeting #8
(includes Agenda and "Project Plan"):
Note: input received on Triage Report
and section category allocation
(pdf). Aug 28 chat transcript:
UPDATE from the EPDP mail list 27 Aug 2018:
"... The basic task of ePDP is to ratify or modify the temp spec. Here is the relevant statement from the charter:
"This EPDP Team is being chartered to determine if the Temporary Specification for gTLD Registration Data should become an ICANN Consensus Policy, as is or with modifications, while complying with the GDPR and other relevant privacy and data protection law."
"Regarding access, the charter says, 'Work on this topic shall begin once the gating questions above have been answered and finalized in preparation for the Temporary Specification initial report'
"So: 1) temp spec first; 2) "other relevant privacy and data protection law" is applicable, not just GDPR; 3) we deal with access to redacted Whois data after we have resolved the status of the temp spec."--Professor Milton Mueller (NCSG)
Editor's note: For info and updates on last week's meetings, go to last week's News Review, here's a peek:
Little of substance has been accomplished thus far
, as the EPDP Team
has essentially wasted the month of August preparing a "Triage Report" for the GNSO Council
that could have been completed in the first week with a simple survey, or even better, eliminated from the Charter altogether. EPDP Team Chair Kurt Pritz
continues with his long, rambling monologues, mostly ignoring suggestions
from the more functional, and definitely brighter, EPDP team members
. A face-to-face EPDP meeting
has been scheduled for September 24-26 in Los Angeles
, but at this rate, it's looking increasingly doubtful whether much will get done.
I've yet to see a cogent work plan that first addresses the fundamental questions which ICANN org glossed over or failed to grapple with BEFORE slapping together the Temporary Specification in a rush due to the incompetent ICANN management team wasting 2 years and failing to properly prepare for the GDPR, which became enforceable May 25, 2018 (ICANN management, as late as April, 2018, were laboring under a delusional fantasy that ICANN and its contracted parties would be granted a moratorium from GDPR enforcement.)
The EU GDPR was adopted on 27 April 2016 and published in the EU Official Journal on 4 May 2016
. ICANN has had an office in Brussels for more than 10 years
(pdf) and European Data Protection authorities
have been warning ICANN about its public WHOIS data since 2003
, and yet, neither ICANN nor
the U.S. government's NTIA
warned the "global multistakeholder community"
about the ramifications of GDPR for ICANN
and its public WHOIS directory
the IANA transition
was completed October 1, 2016. Neither the dysfunctional "ICANN Community" nor their expensive law firms
, which received $15 million in legal fees
preparing for the IANA transition, ever mentioned the GDPR
as a "risk factor" or otherwise.
Dr. Paul Vixie
|Definition: "train wreck" (noun) a chaotic or disastrous situation that holds a peculiar fascination for observers.|
on the Uncertain Fate of WHOIS
, & Other Matters of Internet Accountability at Black Hat 2018 USA, "WHOIS is mostly DEAD" (video below):
Dr. Paul Vixie
discusses the uncertain fate of WHOIS
in the age of GDPR
, the risks of domain name homographs, and other underpinnings of the internet that are hard to trust and harder to fix. Video provided by, and also available at darkreading.com
if the above does not play in your browser, recorded at Black Hat 2018 USA
- ICANN Board reaffirmed Temporary Specification for an additional 90-day period on Aug 21.
2) Other ICANN News
a. Internet Root KSK Rollover 11 October 2018, What To Expect
- ICYMI: ICANN's ePDP - An Insider's Perspective | circleid.com: "... There really is no clear path forward if this group is unable to produce a final report with specific policy to replace the temporary specification when it expires in May of 2019. If that were to happen, it's not a stretch to think it would call into question the overall ability of ICANN (and the community) to manage the global DNS ..."--EPDP Team member Matt Serlin.
"... the user will start seeing failure sometime in the 48 hours after the rollover. Users will see different symptoms of failure depending on what program they are running and how that program reacts to failed DNS lookups. In browsers, it is likely that a web page will become unavailable ... In email programs, the user might not be able to get new mail, or parts of message bodies may show errors. The failures will cascade until no program is able to show new information from the Internet. Note that the term “users” here does not just indicate humans. Automated systems that are also using unprepared resolvers for their DNS resolution will start to fail, possibly catastrophically."--What To Expect During the Root KSK Rollover, supra, p. 5, (emphasis added).
Root KSK Rollover--SSAC: Let's 'Roll the Dice' on Crashing the Internet!--SAC102:
SSAC Comment on the Updated Plan for Continuing the Root KSK Rollover English
[PDF] excerpt from the dissenters*
"The decision to proceed with the keyroll is a complex tradeoff of technical and non-technical risks. While there is risk in proceeding with the currently planned roll, we understand that there is also risk in further delay, including loss of confidence in DNSSEC operational planning, potential for more at-risk users as more DNSSEC validation is deployed, etc. While evaluating these risks, the consensus within the SSAC is that proceeding is preferable to delay. We personally evaluate the tradeoffs differently, and we believe that the risks of rolling in accordance with the current schedule are larger than the risks of postponing and focusing heavily on additional research and outreach, and in particular leveraging newly developed techniques that provide better signal and fidelity into potentially impacted parties. We would like to reiterate that we understand our colleagues' position, but evaluate the risks and associated mitigation prospects differently. We believe that the ultimate decision lies with the ICANN Board, and do not envy them with this decision ..."--SAC102 Dissent, p.4
b. DotConnectAfrica Trust v. ICANN (Trial Court Proceeding)
- Danny McPherson (Chief Security Officer for Verisign);
- Warren Kumari (Senior Network Engineer/Senior Network Security Engineer with Google);
- KC Claffy (founder and director of the Center for Applied Internet Data Analysis (CAIDA), based at the University of California's San Diego Supercomputer Center, and Adjunct Professor in the Computer Science and Engineering Department at UCSD);
- Jay Daley (techobscura.com, interim President & CEO PIR.org );
- Lyman Chapin (co-founder and partner at Interisle Consulting Group).
1 August 2018
Court Order: Trial date vacated; Status Conference scheduled for 25 September 2018.
c. ICANN Public Comment Periods
closing in September (on each date indicated at 23:59 UTC) subject to change by ICANN:
d. ICANN Global Domains Division (GDD) General Operations Handbook for Registrars
21 Aug 2018: registrar-handbook-21aug18-en.pdf
[421 KB], and Registrar Billing Frequently Asked Questions (FAQ)
21 Aug 2018 registrar-billing-faq-21aug18-en.pdf
3) Names, Domains & Trademarks
a. France.com: Miami Man Sues France For Seizing His Domain Name--Marketplace.org podcast (MP3) also available here. Includes commentary by University of Miami Law Professor Michael Froomkin.
b. China's first internet court handles over 10,000 cases | xinhuanet.com
: mainly civil cases such as contract disputes involving online shopping, service and small loans, copyright and infringement lawsuits, domain name disputes, internet defamation, and some administrative lawsuits
c. Post GDPR gTLD Domain Name Transfers--realtimeregister.com
4) ICYMI Internet Domain News
- Congress should consider small-business exception to internet sales tax--TheHill.com.
- From laboratory in far west, China's surveillance state spreads quietly--reuters.com.
c. Russian hackers
- Google is welcome to return to China—but only if it complies with the censorship regime enforced by the government of China’s internet regulator, according to a report in Chinese state media (the People's Daily)--Newsweek.com.
targeted U.S. conservative think-tanks, says Microsoft--reuters.com
d. AI: New genre of artificial intelligence programs take computer hacking to another level | trust.org
India Steps Towards Internet Freedom
: DoT Bars ISPs From Blocking Internet Content | inc42.com
5) The Most Read Post
this past week on DomainMondo.com:
-- John Poole, Editor, Domain Mondo