SUMMARY: AT A GLANCE

1. Recently-delegated TLDs

2. Gandi Events: Peru (virtually)

3. In-depth: What's a premium domain and checking on new TLDs


4. Visualizations: Domain lifecycle, domain uses and transfer quest

5. Tech Fundamentals: Cryptography and IANA

6. TLD release calendar

7. Promo roundup

We know that August, being at that sweet spot in the business cycle, the scholastic calendar and the seasonal pattern is often a slower month for some and that many opt to take a break and head to the beach, the woods or the lake (or all three?).

So this month, we’re taking a look back at some of the information we’ve shared in 2016, with a view towards more news to come (no spoilers, though).

We’ll be looking back at two pertinent in-depth topics we covered this year: What’s a premium domain and Checking in on new TLDs.

This year we started a series of visualizations. We’ll look back at three of them: domain lifecycle, how to choose hosting and Transfer Quest.

And we also delved into some internet history this year with two Tech Fundamentals on IANA and on Public-key cryptography.

But first: we’ll look at recently-delegated TLDs over the past month, and check in on recent Events we’ve been involved in.

Rounding things off this month as always, we’ll look at the new TLD release calendar and check out August promos in our Promo Roundup.

Recently-Delegated TLDs

This month there were just three truly generic TLDs delegated to the root by ICANN and close to a hundred Brand TLDs. So we took the opportunity to look at those Brand TLDs.

TLDs such as .latino, .doctor, and .beauty were added this month

Read about the Brand TLDs and more | Back to top

Gandi Events

Through the magic of the interwebs (and some help from shipping services), Gandi is popping up in Peru this month.

Gandi Events

Earlier this month, we gave a virtual presentation to an audience at UbuConLA (i.e. Ubuntu Conference Latin America)  where we talked about the new extensions, ccTLDs, new gTLDs including .tv, .guru and .ninja through a video conference to interested attendees.

While we would have liked to have gone out for beers (or Pisco Sours?) with our Latin American fans ourselves, we’re happy to have been able to participate at least remotely.

Back to top

In-depth: What's a premium domain and Checking in on new TLDs

We’ve covered a number of topics in depth so far this year, but we wanted to highlight two for your summer reading needs. First, this spring we gave a run-down on Premium domains.

For those who want to know

Next, it was only at the beginning of the summer we checked in on the new gTLD program, but we’re looking back at them again this month while the information is still fresh. It’s a landmark program and we’re only at the halfway point.

Read about Premium domains | Check in on the nTLD program | Back to top

Visualizations: Domain lifecycle, Choosing hosting and Transfer Quest

Some concepts are better explained with visuals. That’s why we started a series of visualizations focusing on our areas of expertise.

A picture is worth a thousand words. Here’s the equivalent of three thousand, then:

The Lifecycle of a Domain:

.com and .net lifecycle

How to choose a hosting option

Find the option that meets your technical knowledge and the level of control you need

Transfer Quest

Domain name transfer procedure

Back to top

Tech fundamentals: IANA and Public-key cryptography

With our Tech fundamentals series, we’ve been getting back to basics and seeing the stories of the people who built those basics. In March, we remembered IANA nd in May, we traced the history of public-key cryptography.

Public Key Encryption

If you’ve liked our two entries so far in this series, also check out the series of talks we put on this year with our friends at CloudFlare, we called the Root Zone.

Remember IANA | Trace the history of public-key cryptography | Back to top

TLD release Calendar

And now here's a look at TLD releases at Gandi for the month of August 2016:

Releases

Thursday August 18:

.blog (Sunrise)

Tuesday August 30:

.닷컴 Korean for .com, punycode .xn--mk1bu44c (GoLive)

.닷넷 Korean for .net, punycode .xn--t60b56a (GoLive)

August 2016
Sun Mon Tue Wed Thu Fri Sat
1


2
3
4
5
6
7
8


9
10
11
12
13
14
15
16
17
18
.blog
(Sunrise)
19
20
21
22


23
24
25
26
27
28
29
30
.닷컴 & .닷넷
(GoLive)
31

Stay tuned for updates and, of course, for next month's releases.

Back to top

Promo Roundup

There are plenty of opportunities this month to plant the seeds to be reaped later by taking advantage of new and ongoing promos:

Promos this month

Don't miss these promos ending in August:

.je, .gg 50%-off new creations, 25%-off renewals until August 28

 .cat $5.00 per year through August 31

.online, .tech $1.50 until August 31

.college, .rent $9.00 until August 31

Ongoing promotions:

.stream $2.00 per year in GoLive

.me $14.40 through December 31

.accountant, .bid, .cricket, .date, .download, .faith, .loan, .party, .racing, .review, .science, .trade, .webcam, .win $2.00 per year through December 31

.live, .studio, .video 50% off through December 31

.online, .press, .website, .site, .host, .space, .pw, .tech on promo through December 31

.tech, .online, .site renewals 50% off through December 31

 .xyz $3.99 per year through December 31

.black, .blue, .pink, .red, .lgbt, .kim, .shiksha, .poker, .pro, .info, .mobi, .移动 50% off until December 31 (previously June 30)

.gdn $1.50 until until December 31

Back to top

 

That about wraps up our review of featured articles so far this year. Of course, not only have we been working on content to share with you each month, but also on our products and services. Stay tuned, we have exciting projects in the works.

Maybe we missed something, though? Let us know.: tweet us @gandibar, email us at feedback@gandi.net, on Facebook, G+, or contact us on the #gandi channel on Freenode. \o/

 

Sincerely,

Gandi.net


Since we last checked in, only three new truly generic TLDs have been delegated in ICANN’s new TLD program, and we’ll get to those.

Also in that timeframe, around a hundred new Brand TLDs have been delegated. Since they’re outside the scope of what we’ll be able to offer (Brand TLDs are “single registrant TLDs”, i.e. no registrar necessary), since so many are being delegated right now, we thought it was as good a time as any to address this trend head on.

But first, our three (truly) generic TLDs added this past month:

.beautyJuly 15

Overall, there were just three applications for this domain, including Top Level Domain Holdings (aka Minds + Machines) and Donuts, both of whom submitted PIC (we detailed PIC back in April).

But it was L’Oréal’s application that ultimately prevailed. It looks as though L’Oréal will open up registrations to everyone, but .beauty may in fact be yet another brand TLD of the many delegated this month.

.doctorJuly 21

There were also three applications for .doctor as well, two of which were a couple of usual suspects: Radix and Donuts whose application joined The Medical Registry Limited’s application. However, Donuts was the only applicant to submit a PIC and it may well be for this reason that their application prevailed.

.latinoAugust 4

There were only two applicants for .latino, Dish DBS Corporation (i.e. Dish Network) and Top Level Domain Holdings (i.e. Minds + Machines). After a private auction in the fall of 2014, TLDH withdrew their application and this month .latino was delegated to Dish DBS Corporation.

This is the only “community”-oriented application that Dish submitted, catering to the global Latino community, though interestingly only TLDH’s application contained a PIC.

The Brand TLDs

In 2013 when the first round of new TLDs was announced, it was estimated that around 680 of applied-for TLDs were so-called “Brand TLDs” or .brands. This amounts to more than a third of all TLD applications in the initial round of the new TLD program.

As of yet, though, Brand TLDs are not a separate category of gTLDs as is the case with GeoTLDs and Community TLDs and the reasons companies might have applied for one are varied.

Some companies, most notably Canon, had specific marketing in mind, while others applied defensively for their .brand. Others applied not totally certain of how they would use their .brands when they were delegated.

As such, some .brands may eventually be available on the public market and while the fact that many brands have outsourced the registry backend management to companies with experience in this area (i.e. companies that operate registries that do offer domains for sale on the public market), doing so undercuts many of the main advantages of a Brand TLD.

It’s not hard to see how having a public, proprietary namespace might be beneficial to a company, even if used for purely internal purposes and some Brand TLDs may never be used for the web. But those that do will benefit from stronger branding (no generic “.com” required) and better assurance of reputation. After all, a domain name can cost less than a dollar while a TLD is much more expensive and much harder to get, which in turn insures a certain level of security in itself.

Most Brand TLDs fall under the category of single-registrant, a category created by ICANN for the new TLD program. This suggests that more than a few of the companies who have been delegated these TLDs intend to use them to more directly manage their brands online, especially on the web.

To give you an idea of just how many Brand TLDs are currently being delegated, we’ve put a list of the ones this past month. To give you an idea of what kinds of companies are interested in these, we’ve broken them down by category:

Sports and Entertainment:

  • .comcast
  • .xfinity
  • .abc
  • .nba
  • .blockbuster
  • .showtime
  • .cbs

Retail and Apparel:

  • .loft
  • .gap
  • .oldnavy
  • .bananarepublic
  • .calvinklein
  • .target
  • .staples
  • .marshalls
  • .lancome
  • .tjmaxx
  • .nike
  • .macys
  • .athleta
  • .bestbuy

Insurance:

  • .allstate
  • .goodhands
  • .nationwide
  • .onyourside
  • .esurance
  • .americanfamily
  • .prudential

Pharmaceuticals:

  • .off
  • .duck
  • .scjohnson
  • .pfizer
  • .afamilycompany

Hospitality:

  • .booking
  • .hyatt

Automotive, Electronics, Manufacturing:

  • .dodge
  • .maserati
  • .ferrari
  • .fiat
  • .intel
  • .jeep
  • .honeywell
  • .chrysler
  • .zippo

Finance and Commerce:

  • .visa
  • .citi
  • .duns
  • .fidelity
  • .ladbrokers
  • .lplfinancial

 

As more of these Brand TLDs are delegated, expect to see more companies using these proprietary namespaces in the wild.

And remember: these are new TLDs on the cutting edge of having been added by ICANN. As such, any discussion of one of these TLDs should not be interpreted as meaning any of these extensions will be imminently available on Gandi (though we, of course, try to offer all the extensions we possibly can). That especially applies to Brand TLDs.


SUMMARY: AT A GLANCE

1. Recently-delegated TLDs

2. Gandi Events: The Root Zone

3. In-Depth: Checking in on new TLDs

4. TLD release calendar

5. Promo roundup

This past month Paul Vixie visited our office in San Francisco to talk about DNS. When he was asked what fights were worth fighting on today’s internet, he reflected on two phases in his career: the time he spent at ISC heading the organization that wrote BIND 9 and the time spent building MAPS, trying to stamp out internet abuse completely.

In the first case, he paved the way for the modern internet. In the second, he tried to hold back a growing tide of spam.

“Build roads,” he said, “don’t build walls.”

It’s good sense. It’s better to make something work than try to stop people from using something already out there.

This month, we’re building roads.  Some of them are open now, some of them will be opening shortly.

We also looked at Recently-delegated TLDs and summed up our The Root Zone. series. Then we looked into how ICANN’s nTLD program is coming along.

As always, of course, we’re summing up this month’s TLD release calendar and we rounded up all our current TLD promos for your convenience.

Paul’s words make good sense and are a good mantra to live by. And it’s a wish for the world as well. We hope this month and the rest of this year, we can all focus on building roads, not walls.

Recently-Delegated TLDs

The TLDs added in June this year all seemed to have been a bit contentious, with objections for string confusion, legal use rights and one attempt to game the system represented in this past month’s delegated TLDs.

TLDs such as .art, .save, and .now were added this month

Embrace the controversy | Back to top

Gandi Events

 When Paul Vixie came to our The Root Zone. DNS meetup organized in collaboration with CloudFlare this month, he inadvertently gave us the theme of this month’s newsletter but also a lot of interesting stories and fascinating technical details.

The Root Zone. w/ Dr. Paul Vixie

So come see what we’re all excited about.

See the video or read our summary | Back to top

In-depth: Checking in on new TLDs

ICANN launched the nTLD program in October 2013 and a little under three years later more than a thousand new TLDs have been delegated. By the beginning of June, 20 million domains in over 1,000 nTLDs had been registered, so we thought it was as good a time as any to check in on how things are going.

ICANN's nTLD program situation to date

Check in with us on ICANN’s nTLD program | Back to top

TLD release Calendar

Here's a look at TLD releases at Gandi for the month of July 2016:

Releases

Thursday July 7:

.tube (GoLive)

Tuesday July 12:

 .games (Sunrise)

Tuesday July 19:

 .shopping (Sunrise)

July 2016
Sun Mon Tue Wed Thu Fri Sat
1
2
3
4
5
6
7
.tube
(GoLive)
8
9
10
11
12
.games
(Sunrise)
13
14
15
16
17
18
19
.shopping
(Sunrise)

 

20
21
22
23
24
25
26
27
28
29
30
31

ALSO: You can now register .网络 (punycode .xn--io0a7i, the Chinese equivalent of “.net”) and .公司 (punycode .xn--55qx5d the Chinese equivalent of “.com”).

Stay tuned for updates and, of course, for next month's releases.

Back to top

Promo Roundup

There are plenty of opportunities this month to plant the seeds to be reaped later by taking advantage of new and ongoing promos:

Promos this month

Starting July 1:

.live, .studio, .video 50% off through December 31

.online, .press, .website, .site, .host, .space, .pw, .tech on promo through December 31

Starting July 8:

.tech, .online, .site renewals 50% off through December 31

Starting July 12:

.xyz $3.99 per year through December 31

Don't miss these ending July 31:

.club premium domains 25% off through July 31

.eu 50% off per year through July 31

Extended:

.black, .blue, .pink, .red, .lgbt, .kim, .shiksha, .poker, .pro, .info, .mobi, .移动 50% off until December 31 (previously June 30)

Ongoing promotions:

.cat $5.00 per year through August 31

.store $14.99 per year in GoLive until August 14

.stream $2.00 per year in GoLive

.me $14.40 through December 31

.accountant, .bid, .cricket, .date, .download, .faith, .loan, .party, .racing, .review, .science, .trade, .webcam, .win $2.00 per year through December 31

Back to top

 

It's summer. Which means it's construction season. Can we build some roads for you? Or, maybe you have a road for us. In any case, we're always happy to hear from you. And many roads lead to Gandi: tweet us @gandibar, email us at feedback@gandi.net, on Facebook, G+, or contact us on the #gandi channel on Freenode. \o/

 

Sincerely,

Gandi.net


This month for Gandi Events, we wrapped up the first round of scheduled talks at our The Root Zone. meetup we’ve been coordinating with Cloudflare. Guests have included Paul Mockapetris, Dan Kaminsky, and Paul Vixie. We've found that this first round went quite well, so we're now looking to schedule a second round as soon as we can.

 The Root Zone. with Paul Vixie

On June 21, we welcomed Paul Vixie to our offices in San Francisco. Paul explained how he wrote BIND version 8 by patching bugs while at DEC and then recruited and managed the team that wrote BIND 9. He described how he’s seen DNS go from something nobody ever thought of themselves as “in the business of” (BIND “looked as though it had been pounded on by a bunch of undergraduate monkeys”) to being a business in and of itself, and how he went from never having read an RFC in his life to repeating the mantra “If you can get an RFC approved, I’ll take a patch, if you don’t I won’t,” for anyone requesting a patch to BIND.

Then he went on to talk about building ISC, the YETI DNS project, why domain names don’t have underscores, and rounded out the main portion of his visit with some talk about spam (he feels partly responsible for how widespread it is because he slowed it down enough that we call got used to it).

A highlight in the lightning round Q&A section was when Paul was asked about the coolest takedown he’s been a part of. He then described his role in taking down a group of cyber criminals who managed to hijack 600,000 people’s DNS resolution through a change route.

Altogether, a fascinating talk, filled with plenty of other gems from Paul not mentioned in this summary. So really, you might as well just watch it. Here’s the video:

With Paul's visit last month, The Root Zone. talks are, for the moment, complete. We are, however, seeking future speakers for the next series. So if you or someone you know—friends, family, bosses, loved ones, or anybody else you think would make for an interesting guest speaker on DNS—send them our way! Tweet us @gandibar with #TheRootZone.

Otherwise, be sure to watch out on the meetup page for more information and update.


This month, the new generic TLDs delegated to the root zone seemed to have been TLDs that weathered a bit more contention than in a typical month. Objections were filed for applications for TLDs delegated in June for string confusion, when a TLD is supposedly so close to another that the two could be easily confused, and for legal rights. One applicant for .art even attempted to game the system to favor their application.

.now, .deal, .saveJune 7

July 12 was Amazon Prime Day and only just on June 7, .prime was delegated by ICANN as a Brand TLD but on the same day, Amazon also had some success with generic TLDs with .now, .deal and .save all being delegated on that day.

These were not all totally without controversy, however.

The application for .now was objected to by Starbucks (HK) Limited. This isn’t the coffee company, but the owners of now TV, a pay TV service launched in Hong Kong in 2003. The objection was filed as a Legal Rights Objection. Starbucks claimed that their ownership of the “now” trademark meant that other applicants would be infringing. The same company succeeded in its application for .nowtv, which they have yet to assign a regsitry to, so it seems that they are very concerned about protecting their brand. Perhaps this was an earnest case of trademark protection or perhaps it was an attempt to use the objection process to favor their own bid.

.camJune 16

Verisign filed separate String Confusion objections for each of the three .cam applications submitted, claiming that its proximity to .com would cause confusion. Oddly, the objection to Demand Media’s application prevailed even though the objections to AC Webconnecting Holding B.V.’s application and to Famous Four Media’s application were dismissed.

After appealing the decision, though, Demand Media was able to win against the objection and AC Webconnecting Holding B.V. won .cam in an auction.

.shoppingJune 21

Last month, .shop was delegated to GMO, who wanted it so much they applied for it twice. GMO ultimately prevailed, but another applicant for the .shop TLD, Commercial Connect, tried to protect their application by filing an objection to Donut’s .shopping application.

Interestingly, no objection was filed to Uniregistry’s application and as the only remaining applicant, Uniregistry’s application won.

.artJune 23

The .art TLD was one of the most applied-for new gTLDs in the entire program, with ten initial applications, including two community applications. One of those was from dadotart inc., a subsidiary of DeviantArt evidently created to serve as the registry of .art domains.

DeviantArt’s counsel commented on another application from an applicant who took an unorthodox approach. Aremi Group registered trademarks for .art and dotart in the EU, a way in which certain players have tried to game the TLD release process.

Neither Aremi Group’s or DeviantArt’s application for .art prevailed, though, and after half the registrants withdrew their applications, including Aremi Group, UK Creative Ideas Limited won .art in a private auction.

.politieJune 23

Similar to a Brand TLD, the Dutch national police had their applied-for TLD, .politie, added to the root zone this month as well. The word “politie” is Dutch for “police,” and the Dutch police intend to use it to fight phishing attempts using the name of the Dutch police. Citizens can know, instead, that any communications or information coming from a .politie domain is actually from the police and not someone else. It’s certainly interesting to see a public institution tech-savvy enough to take advantage of the new gTLD program to improve their services to the public they serve.

As always: these are new TLDs on the cutting edge of having been added by ICANN. As such, any discussion of one of these TLDs should not be interpreted as meaning any of these extensions will be imminently available on Gandi (though we, of course, try to offer all the extensions we possibly can).


SUMMARY: AT A GLANCE
---------------------------------------------------------------

1. Ten new currencies now available at Gandi

2. Update: PHP 7 + MySQL 5.6 (Percona) and PostgreSQL 9.4 on Simple Hosting
3. Recently-delegated TLDs
4. Gandi events
5. In-Depth: When your mail is delayed
6. Visualization: How to choose a hosting option
7. TLD release calendar
8. Promo roundup

---------------------------------------------------------------

As we round into the summer months, we want you to be able to relax a bit. Kick back on the porch with a glass of lemonade (or a mint julep if you’re so inclined) and just take it easy because making things easier is what we’re all about this month.

To start out with, we’re making it easier for our global customers to buy products and services with us because now we’re proud to accept payment in ten more new currencies than before. We’ve also just updated Simple Hosting with PHP 7 and MySQL 5.6. We have some plans with that which aren’t quite ready yet that should make things easier for you too.

As always, we’ll be looking at some recently-delegated TLDs as well as Gandi Events, which this month we’re using to focus on our meetup The Root Zone., where we make DNS easy.

Next, we hopefully ease some anxiety with our look at one of the reasons mail can be delayed. We’re also making it easier to pick out a hosting option with our Visualization of the levels of complexity and technical knowledge associated with different levels at which you might want control of a site.

And as always, we’re rounding out this month’s newsletter with a look at this month’s promos and TLD releases.

Ten new currencies now available at Gandi
---------------------------------------------------------------

We’re making it easier this month for customers who may not have ready access to a bank account with funds in USD by accepting payments in ten new currencies, increasing our total number of accepted currencies to 15 (well, 16 if you count Bitcoin).

We’re especially happy to be accepting payments in Canadian Dollars. We feel like we have a special affinity with Canada. Maybe it’s a French thing.


Read about all currencies Gandi now accepts | Back to top

Update: PHP 7 + MySQL 5.6 (Percona) and PostgreSQL 9.4 on Simple Hosting
---------------------------------------------------------------

We are also making it easier to use our Simple Hosting platform for hosting web applications by adding PHP 7, MySQL 5.6, PostgreSQL 9.4 and MongoDB 2.4 to Simple Hosting.


Find out how to try it out here | Back to top

Recently-Delegated TLDs
---------------------------------------------------------------

This past month it seemed like all the strings that were delegated were attractive properties on a Monopoly board getting snatched up by all the usual players.

TLDs such as .shop, .blog, and .dot were added this month

TLDs like .blog, .dot, and .shop were all delegated this past month.


See if anyone got a monopoly this month | Back to top

Gandi Events
---------------------------------------------------------------

Last month we welcomed Dan Kaminsky to our offices for our meetup organized in collaboration with CloudFlare: The Root Zone.

Dan covered a range of topics but we teased out a few salient themes for our summary.

The Root Zone. w/ Dr. Paul Vixie

Don't miss this month's meetup with Paul Vixie, one of the original inventors of DNS. It should be great.


See the video or read our summary | Back to top

In-depth: When your mail is delayed
---------------------------------------------------------------

Email is great and reliable when it gets there on time. But it can cause serious stress when on rare occasions it can be delayed for reasons beyond either your control or ours.

Sometimes email can arrive late

We thought we’d at least provide you with an explanation of one possible reason for this and what you can do about it this month to relieve a bit of that anxiety.

 

Get answers on why your mail can get delayed | Back to top

Visualization: How to choose a hosting option
---------------------------------------------------------------

With the goal of making choosing a hosting option simpler and easier, we’ve peeled away hosting, layer by layer, to tease out a convenient hosting options diagram that illustrates the level of control you get at each level and the technical knowledge level you need to manage hosting at that level.

 

Find your hosting option | Back to top

TLD release Calendar
---------------------------------------------------------------

Here's a look at TLD releases at Gandi for the month of June 2016:

Wednesday June 1:

.moi (Sunrise)

Monday June 6:

.group (Landrush)

.salon (Landrush)

Tuesday June 7:

 .store (Landrush)

 

Monday June 8:

.group (GoLive)

.salon (GoLive)

Tuesday June 14:

 .store (GoLive)

Monday June 20:

.gmbh (Landrush )

.ltd (Landrush )

Wednesday June 22:

.gmbh (GoLive)

.ltd (GoLive)

Wednesday June 29:

 .store (GoLive)

Stay tuned for updates and, of course, for next month's releases.

Back to top

Promo Roundup
---------------------------------------------------------------

There are plenty of opportunities this month to plant the seeds to be reaped later by taking advantage of new and ongoing promos:

Starting June 1:

.irish $6.50 per year through June 30

.lgbt $11.45 per year (60% off)through June 30

.space $1.99 per year through June 30

.club $6.72 per year (50% off) through June 30

.ngo|.ong 50% off through June 30

Starting June 3:

.xyz 22¢ per year through June 30

Starting June 20:

.online, .site, .tech, .website, .space, .host, .press stay tuned for more information …

Ongoing promotions:

.green $47.65 (50% off) per year through June 30

.store $14.99 per year in GoLive until August 14

.stream $2.00 per year in GoLive

.me $14.40 through December 31

.accountant, .bid, .cricket, .date, .download, .faith, .loan, .party, .racing, .review, .science, .trade, .webcam, .win $2.00 per year through December 31

Last chance for these promos ending June 30:

.boutique, .immo, .maison, .sarl, .voyage $10.00 through June 30

.live $15.57 per year through June 30

.family $8.00 per year through June 30

.in $7.75 through June 30

.link $4.21 and .click $3.62 through June 30

 

Back to top

 

We hope while you were reading this newsletter you had a chance to pop your shoes off, sip something cool and refrseshing and know that you're in good hands with Gandi. We try to make it easy for you but you, our customers, make it easy for us when we hear from you. So please, don't hesitate to tweet us @gandibar, email us at feedback@gandi.net, on Facebook, G+, or contact us on the #gandi channel on Freenode. \o/

 

Sincerely,

Gandi.net

 

 


This month, our main event to talk about is our series of talks about DNS that we’ve been coordinating with Cloudflare on what we’re calling The Root Zone. First, we’ll wrap up last month’s meetup with Dan Kaminsky and then we’ll move on to talk about our talk coming up with Paul Vixie at Gandi's Offices on Tuesday June 21.

 The Root Zone. with Dan Kaminsky

This past month on May 10, we welcomed Dan Kaminsky at the Gandi offices in San Francisco. Dan is the namesake of the Kaminsky Vulnerability and has worked in cybersecurity for almost two decades.

Here’s the full video:

The range of topics covered was extensive (though not necessarily exhaustive). As we spoke with Dan over the course of the evening, a few themes emerged.

First of all, DNS just works. It works so well that most people don’t really understand it even though it’s essential to the functioning of the internet. Dan linked this to a range of consequences.

Some of you who might work in organizations with larger networks are probably familiar with a phenomenon that Dan talked about where somebody messes with DNS somewhere along the line, it causes an error in a totally unrelated area that takes weeks to track down and then the poor intern who made the mistake of touching DNS is out of a job.

But because people don’t understand the technology well, nobody knows how to do cool things with it (And by “cool things” Dan doesn’t just mean streaming Darth Vader doing the river dance through DNS).

Of course it’s hard to talk about DNS for too long without getting into questions of internet architecture. In particular, Dan talked about the government’s role in internet architecture and his experiences serving as the one engineer in meetings with lobbyist, policymakers, and aides who only pretend to know what The Pirate Bay is.

One interesting viewpoint he shared was that he believes the government does have a role in the internet. Namely, the internet needs organizations involved capable of thinking in 10 year timeframes, which is an almost unthinkably long timeframe in the current start-up obsessed tech culture. The point is that needed technologies like DNSSEC can only really develop with this kind of long-term view.

The problem is, according to Dan, the government can’t go around regulating the internet by doing things like sticking its finger into DNS or being the biggest, baddest hacker in the room. He stressed the need for an NIH-style institute that is immune from meddling by the feds or the NSA. He also stressed that he doesn’t think the internet should be balkanized. After all, as one of the seven “key shareholders” who can restore the DNS system if necessary, Dan likes the fact that there’s just one root.

Overall it was an interesting talk with a lot of interesting points made by Dan. We recommend watching it, or at least pieces of it.

The Root Zone. w/ Dr. Paul Vixie

The Root Zone. with Paul Vixie

Coming up this Tuesday June 21, Gandi and CloudFlare will be welcoming Paul Vixie to our next The Root Zone. meetup at Gandi's offices. Paul, of course, is considered an inventor of DNS. We’re set to discuss things like alternative DNS root servers, email security and spam, and the omnipresent topic of DNS security. Come grab a beer with us at 6:00 PM. The talk starts around 6:30pm. 

Keep an eye on the meetup page for more information and updates


In the past 30 or so days since we reported on recently-delegated TLDs there have been some pretty high-profile strings delegated to the root. Their high desirability and the competition to lock-down lucrative virtual real estate this month makes it seem like a big game of Monopoly. Let’s take a look.

 

.blog — May 18

This TLD is an obviously valuable property. Of all new gTLDs, .blog would probably be considered the Boardwalk or Park Place of the board, so it’s no surprise that ICANN received nine applications for this TLD.

A lot of the major players submitted their bids: Donuts, Top Level Domain Holdings Ltd. (its subsidiary and technical provider Minds + Machines is a better-known name), Afilias, Radix and also Google, who received a GAC warning, presumably because of the perception that if awarded this application, they might use it to unfairly promote their blogging platforms.

In the end, Panamanian registry Primer Nivel, who also acts as registry for .legal and .news (more like the St. James Place and Marvin Gardens than another Boardwalk or Park Place), won out against the rest.

Edit: It has come to our attention that .blog was ultimately delegated to the registry with the punny name Knock Knock, WHOIS There, a subsidiary of Automattic creators of the popular open-source blogging platform Wordpress.

 

.dot — May 18

Another one that’s tempting to think of as fairly desirable, maybe the awkwardness of the repetition —“dot-dot”— dissuaded too many applicants. This one was between Google and DISH Network. In November 2014, DISH Network won an auction, paying $700,000 for .dot. Now, ICANN has delegated .dot to the root zone.

 

.shop — May 23

With the prevalence of online shopping, it’s no surprise that there were also nine applicants for .shop as well, including, again, many of the usual Monopoly players: Amazon, Donuts, Radix, Google and Famous Four Media. But one applicant stood out for wanting this more than anyone: GMO Registry. GMO wanted .shop so badly, they applied for it twice: once as a community application (we discussed that back in April) and once as a “standard” application.

Perhaps not surprisingly, then, GMO prevailed (their community application was approved). But .shop is not quite the prime real estate it seems. Uniregistry’s application for .shopping has also been approved and is pending delegation and so has Amazon’s application for .通販 (.xn--gk3at1e) which means “online shopping” in Japanese.

 

.realestate — May 23

Speaking of real estate, .realestate also joined the ranks of delegated TLDs this month, with dotRealEstate LLC prevailing against three rivals. This was the sole application which did not receive a Community Objection by the National Association of Realtors, so this organization was apparently their favored vehicle for their association.

 

.games — June 2

Interestingly enough, after the debacle of .game’s scheduled release by the registry, withdrawal, re-coordination, and re-release that concluded recently, on June 2, .games was delegated to the root.

 

.ups — May 28, .netflix — May 31

We’ve generally refrained from discussing brand TLDs much here, but two big brand names joined the root zone as TLDs this month: .ups and .netflix. It’s not clear what companies will do with their brand TLDs, if anything besides sit on them, but should either UPS or Netflix decide to make use of these TLDs, you can be sure they will be high-profile.

Those are the changes to the great, big Monopoly board of new gTLDs this month. You can keep track of future developments on this page from ICANN.

 

Remember: these are new TLDs on the cutting edge of having been added by ICANN. As such, any discussion of one of these TLDs should not be interpreted as meaning any of these extensions will be imminently available on Gandi (though we, of course, try to offer all the extensions we possibly can).


Greetings, intrepid domain name adventurer! This month in our ongoing infographic series we travel through time and space to a land of magic and mystery, in which previously only the brave have dared venture.

We are here to guide you on your quest through the unforgiving territory between registrars: the no man’s land of domain name transfers.

Before we begin, remember, in this land, the registry is king. The route we’ve mapped is valid in most kingdoms, that is, most generic TLDs (.com, .net, etc.).

However, the laws of the land can vary, depending on the registry.

The journey between the losing registrar and the gaining registrar has four verifications

As in any quest, it’s foolhardy to leave your home castle without being properly prepared for the road ahead. For us, that means unlocking your domain by removing the transfer protection status, and obtaining the authorization code (the Auth code) from your registrar.

Get your domain unlocked from the losing registrar and ask for your authorization code

Once you have properly prepared, launch your volley to the gaining registrar. If that’s Gandi, that means placing the order to transfer your domain.

Next, you will face four challenges, represented here by four towers along the road to transfer.

First is the Auth code verification challenge. If your key, which you obtained from your losing registrar, matches the one from the registry, you may proceed. If not, you are thrown in the dungeon. Well, not really, you just won’t be able to transfer your domain.

Next, you come to a moat which can only be crossed if the drawbridge is lowered. To lower the drawbridge, your domain must be “unlocked.

In other words, it must not have either a clientTransferProhibited or serverTransferProhibited status. Otherwise, you will be fed to the moat monsters. And by that we mean you’ll get an error message.

The gaining registrar checks the authorization code and the domain status

The next tower you come to is home to two little birdies. These carry messages to the registrant email address listed in the whois (either the Owner address or the Admin address provided by your previous registrar) and to the email address provided to your new registrar.

Only when the transfer is confirmed by following the link in both emails (that is, only when both birds fly home) can you proceed. Otherwise, in the words of a great meme wizard: “You. Shall. Not. Pass!”

Emails to the address in the whois and the one provided must be confirmed

At last, at the final tower, a flag is raised notifying the losing registrar of the transfer. This comes in the form of a message sent by the registry. This is the last chance the losing registrar has to prevent the transfer, which they can and should do if appropriate. Generally, this would be in cases of fraud, theft, etc.

A positive confirmation from the registrar allows you to proceed on your quest immediately. Otherwise, if no word comes from the previous registrar within five days, you may also proceed.

If the losing registrar accepts or if five days pass the transfer goes through

After that, congratulations! You’ve made it! Your domain is transferred.

A few other notes: you may want to prepare things at your new registrar a bit before launching the transfer. This includes configuring your DNS settings and even setting up email, hosting, etc.

Also, we would be remiss not to mention, that however arduous the journey, you are never alone when seeking to transfer your domain. If your quest seems too daunting and too dangerous, our Customer Care knights are available for guidance along the way and/or dragon slaying (when applicable). You can reach them using our online contact form.

Finally, for detailed instructions, our sage scribes have compiled a complete guide to domain name transfers in our wiki.


The amazing explosion in modern computing, networking, and cryptography in the past eighty some years all grew out of collaborations between the miltary, academia, and ocassionally business contractors. As the three fields blossomed into new technology that would change the way humanity connects, it created friction between those in the military establishment who wanted to limit these fields to the security interests they represent and those who saw the potential for such technical advances to be used for lofty goals like human rights.

When Whitfield Diffie and Martin Hellman published “New Directions in Cryptography” in 1976, they noted in the introduction that computer communication would soon be connecting people around the world and that communication between individuals—not militaries or financial institutions—would need to be made secure.

This was their preamble to their solution to the age-old cryptographic riddle of secure distribution of ciphers. The system they went on to describe enables two people who have never met face-to-face to communicate with one another without third-parties listening.

They proposed using mathematical functions to create pairs of keys: one public, one private. A publicly visible key would be used to encrypt a message that only a privately-held key could decrypt.

Diffie and Hellman solved the problem of key exchange, but they left open the problem of implementing it using a one-way function.

This problem intrigued three researchers at MIT: Ron Rivest, Adi Shamir and Leonard Adleman.

They spent nearly a year trying to find a solution. Then, in April 1977, the trio spent Passover together, drinking wine and talking. That night Rivest developed a bad case of insomnia.

So he spent the night formalizing what would became the RSA algorithm, named for Rivest, Shamir and Adleman. After the trio verified and refined the system they’d invented, they published it in August 1977 and filed a patent through MIT in December.

Their patent became the basis of RSA Security, the company founded in 1982 by Rivest, Shamir and Adleman to market implementations of their RSA algorithm.

These developments, though, were not exactly welcomed by the military establishment. Cryptographic tools have long figured on the U.S. Munitions List and as early as July 1977, the NSA started signaling that they felt threatened by private developments in cryptography like public-key encryption and RSA.

Meanwhile, the 1980s brought computers and networking out of government and university laboratories and into homes and offices.

A bill in the House of Representatives which would have restricted public use of cryptography prompted Phil Zimmerman, an anti-nuclear protestor in Colorado, to start what he would later call a “human rights project,”: to apply public-key encryption to email communication.

Zimmerman thought the RSA algorithm was just be used for what he called “petri dish cryptography.” So he “borrowed” it to create a scrambling function he named Bass-O-Matic after an SNL skit.

Then in June 1991 he released “Pretty Good Privacy” or PGP version 1 which used the Bass-O-Matic function to encrypt emails.

In the documentation, Zimmerman wrote: “it would be nice if everyone routinely used encryption for all their e-mail, innocent or not, so that no one drew suspicion by asserting their e-mail privacy with encryption,” describing encryption as a “form of solidarity.”

Mere hours after posting it online, PGP went global.

Soon its distribution on the Internet got Zimmerman into trouble, both with US Customs and with RSA Security.

In the first case, because PGP was distributed outside of the US, posting PGP online made Zimmerman guilty of arms trafficking.

His solution to the first problem was unique: print the PGP source code in a hardcopy book through MIT Press, then sell and distribute it with First Amendment protection.

People who wanted a copy of PGP could buy the book, take out the pages and scan them in (or type it by hand).

It wasn’t until later that US courts would extend first amendment protection to all software source code but the US Customs case was eventually dropped.

In the second case, Zimmerman’s use of RSA violated RSA’s patent protection.

This proved harder to beat. PGP 3 abandoned RSA for the unpatented DSA and ElGamal algorithms.

The new PGP Inc. then merged with Viacrypt, who had an RSA license, but patent issues plagued PGP through multiple acquisitions.

In the meantime, another technology was being developed by Netscape using RSA.

Netscape’s case was a different problem than email encryption.

PGP is an application level solution. Netscape needed to provide Transport (or Socket) layer security. The solution that Netscape engineers developed was called Secure Socket Layer or SSL.

Version 1, never made it outside of Netscape. Version 2 was released in 1995 but due to serious security flaws, Netscape began working on version 3.

Netscape engineers Phil Karlton and Alan Freier worked with cryptographer Paul Kocher. While Kocher was a biology major at Stanford, he worked part-time with none other than Martin Hellman. The three soon released SSL version 3.

In 1997, Zimmerman took PGP to the Internet Engineering Task Force (IETF) to propose an OpenPGP standard.

Today, the patent on the RSA algorithm has been released and OpenPGP is an official internet standard.

The SSL protocol proposed as an Internet Standard in 1999 and renamed TLS.

Diffie and Hellman’s predictions about the future of networking played out and their revolutionary discovery inspired RSA. The raw potential of this discovery was enough to make the military powers-that-be nervous.

Yet, Phil Zimmerman’s desire to encrypt all email “in solidarity” still hasn’t come about. TLS-level security far outstrips email encryption in terms of adoption but TLS/SSL is far from universal.

Public key encryption continues to be an invaluable human rights tool. The battle between encryption-for-all and the more narrow interests of law enforcement and the military continue to make headlines. Encryption is far from universal and the conflict is far from resolved.


Page 1 2 3 4
Change the news ticker size