June 2nd, 2015

What’s going on in China domain name industy?

» , ,

Recently, there have been a lot of noise about China tightening control on new top levels and how it could severely damper domain names registrations in China and one should make preparation for the worst.

Initially, I tried to stay out of this as I know all the players behind this. But given there are at least 3 people who have email me to ask me what’s going on, I think let me clear the air here.

It started with a report by Brandma on China’s “Special Operation” to regulate Domain Name Registrations which warns that “Getting the license requires understanding on how the regulatory system works and how one should respond as it evolves. It’s also like a mini ICANN application process, but this time in Mandarin.”

Contrary to these “doomsayer” report, there is really no need to panic.

Read the rest of this entry »

August 15th, 2014

美国宣布有意移交IANA监督权到底意味着什么?

» , ,

最近一直在关注NTIA移交IANA监督权的话题,也去参加了一些相关的国际会议,产生了一些想法,想和大家分享。在此之前,先分享一些背景吧。

今年3月14日,NTIA(美国国家电信和信息管理局)宣布有意将IANA(互联网号码分配机构)的监督权移交至全球多利益相关方社群。NTIA称,它不会接受采用以一家政府主导或一家政府间合作组织来取代NTIA职责的解决方案(也就是说,不能让联合国或类似主体接手)。而从1998年起,ICANN(互联网名称与数字地址分配机构)一直在通过与NITA的合同行使IANA管理职能。所以,美国政府希望ICANN召集多利益相关方来制定一套移交提案。

先从美国政府的这一声明说起吧。与业内同行聊天,达成的共识是,美国政府选择在这个时间点宣布放权IANA,从国际政治的角度看,是明智之举。

这个时间点是指什么?

是指巴西时间4月23日召开的全球互联网治理大会之前。这场全球大会的诉求,缘起2013年的美国窃听事件。随着全球被美国NSA窃听的政要名单大白于天下,巴西总统罗塞夫和德国总理默克尔的名字赫然在列,二者都对美国的窃听行径怒不可遏。巴西总统罗塞夫表示,巴西将会避免使用服务器在美国的网络服务;德国总理默克尔发表声明,她支持建立一个独立欧洲网络。在经过多个互联网机构协调,ICANN CEO于巴西总统罗塞夫见面后, 共同牵头在4月23日主办这场旨在推动互联网“多利益相关方模式”治理模式的全球大会(NetMundial),以此批判美国行为,挑战单一的全球互联网政治格局。

Read the rest of this entry »

August 1st, 2013

China’s Category of Telecommunications Services

» , , , ,

This morning I read a catchy titled article on CircleID “China Closing the Door to New Technologies”. I was trying to make sense of what’s all the fuss is about …

So I called up my friends in Ministry of Industry and Information for lunch to find out what’s going.

Background

The document is called 电信业务分类目录 (Category of Telecommunications Services) that is now calling for public comments. This has been something MIIT have been working on for a quite some time now. Many companies, domestic and international companies, have been consulted and provided feedback before this publication.

Read the rest of this entry »

July 20th, 2009

JET Open Letter to ICANN

» ,

Rod Beckstrom
President and Chief Executive Officer
Internet Corporation for Assigned Names and Numbers (ICANN)
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6601

Cc: Tina Dam
Director, IDN Program
Internet Corporation for Assigned Names and Numbers (ICANN)
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6601

Dear Mr. Beckstrom,

In July 2000, CNNIC, JPNIC (now JPRS), KRNIC (now part of NIDA) and TWNIC jointly established Joint Engineering Team (JET) to develop and implement IDN technology. JET is responsible for drafting RFC 3743 that is commonly known as JET Guidelines for Chinese, Japanese and Korean IDN.

1) IDN Variant Problem. On 27th March 2003, ICANN Board endorsed the “Guidelines for the Implementation of Internationalized Domain Names” 1 with the following:

3. In implementing the IDN standards, top-level domain registries will (a) associate each registered internationalized domain name with one language or set of languages, (b) employ language-specific registration and administration rules that are documented and publicly available, such as the reservation of all domain names with equivalent character variants in the languages associated with the registered domain name, and, (c) where the registry finds that the registration and administration rules for a given language would benefit from a character variants table, allow registrations in that language only when an appropriate table is available.


Read the rest of this entry »

March 6th, 2009

ICANN Public Forum – Plea from CJK

»

This is James Seng.

First, I would like to thank the staff who have work very hard for the revised gTLD RFP. The quality of the RFP clearly show the effort the staff have put into the document, despite facing very challenging and sometimes conflicting comments from the community.

It is important for me to pay tribute to the staff because what I am going to say may sound ungrateful, and I am certainly not.

When I started using the Internet in the early 90s, it was an Angelo-centric Internet.  We dream about an Internet that is truly international where English is not a prerequisite.  There is a slogan then from ISOC – “Internet for everyone, everywhere”, remember?

In 1999, I demonstrated IDN at APRICOT/ICANN. I went on to chair the IETF IDN WG in 2000 defining the standard for IDN as we know now. I have conducted numerous workshops here at ICANN, also at ITU and other international forum on IDN.

I have dedicated nearly a decade of my life on IDN. I have no regrets and gladly doing it all over again.

So I am really proud that I finally get to see my dream, a 10 dream, of a fully-internationalized domain name coming true.

Yet, as we embark on the next great step forward, of IDN TLD, I am also disappointed that despite all these years, ICANN remains as Angelo-centric as ever.

Why do I say that? Two examples.

In the latest revision of the RFP, there is a legacy 3 character limitation on GTLD. The arcane rule has extended from 3 ASCII character to 3 Unicode character, assuming an Angelo-centric view of “character” apply to the rest of the world. A “Unicode character” in CJK is not a “character” but a “word”.

Imaging having a rule that say “Your English TLD has to be at least 3 words long”. That what ICANN is telling the CJK community.

Second example, despite our work on JET Guidelines, the RFP is silent on IDN variants. I shall not go into the technicality of variants but imaging ICANN saying “.shop” in small letter goes to A but “.shop” in upper case to goes to B. The confusion it will cause to the CJK community is unimaginable.

I spent a lot of time with the ICANN staff this week on these issues. I am happy to say that the staff, Tina, Kurt and Patrick, are extremely understanding to our problem.

I thank them very much for their time and effort.

I am not here to whine but to bring proposals. I won’t go into detail right now but I hope it will be accepted.

Let me end with a story: At the Joint SO/AC meeting this week, the moderator posted a question to the audience, “In the RFP, do you agree that IDN TLD has the most well-defined need?”. It is the only question that has 100% green flags. So if there is such thing as a “priority” in this RFP, then the priority MUST be IDN TLDs.

In 2008, the largest growth of domain names, excluding .com comes from Asia.

If ICANN is sincere about making GTLD successful, I beg you, please do not fumble in Asia.

Thank you.

July 14th, 2008

Anti-Phishing in Hong Kong

» , , ,

Planning for a short trip to Hong Kong tomorrow reminded me of Jonathan Shea, something I want to blog about but was waiting for the hype around the new generic TLDs to cool down. Jonathan Shea is an old friend who is in-charge of “.hk”. I have the pleasure to catch up with him in Paris ICANN meeting.

Before Jonathan, let me talk about something related that happened in Paris. At the Cross Constituency Meeting, there is a presentation by the Anti-Phishing Working Group (APWG). In summary, they were proposing working with registries to take down domain names that is suspected to be involved in phishing.

Now, I am as anti-phishing as any other reasonable person, that we should do our best to combat the scamming on the Internet. But what they are proposing raised scare the hell out of me: Take down domain names for suspected of phishing?

What happened to the legal maxim, “Innocent Until Proven Guilty”.

Now, I could hear some objections; these phishers are sneaky bastards who adopted the “hit-and-run” tactics. The entire phishing attack could be done within 24 hours or less and thus we need to react before they got more innocents victims.

That’s true but this is not an excuse to override the basic principle of legal enforcement. Just because a thief could commit their crime within less than 5min does not mean we don’t treat the suspect as innocent until proven guilty. Neither do we lock down the house or the store while we investigate, which is in a way, what was proposed.

After Wendy Seltzer raised some concerns, I stood up and asked two questions:

(1) how does APWG determine if one is a phishing domain for take down?

All I got is a a hand-waving answer that it is complicated and there is no time to go into details. I am not sure if they differentiate between an intentional phishing vs a site/domain which was hack or hijacked. I am not even sure how they determine if the site is indeed phishing. If I put up a spoof making fun of the bank’s bad service, would I be target of a take down?

(2) how effective is the domain name take down the phishers could easily use IP address instead of domain names?

Once again, he dodge the question without giving any data but at least his answer is more plausible: one should make use of all mechanism available to fight the problem. Nevertheless, i remain unconvinced that taking down domain names would deter the phishers as they could easily use IP address instead. Do we then go to RIR and ISPs to blackhole the routing for an attack that might last merely hours?

I might be more open if the takedown is temporary, as an emergency one-off measure if it significantly threaten the general public or the normal operation of the Internet. And we can proof that the best way to stop that specific attack is in the DNS.

However, I am not convince ICANN and registries is the best way to deal with the problem on the long term continuous basis. I think this is a classic case of “if we have a hammer (ie. ICANN), everything looks like a nail”.

This is not to say I don’t think registries don’t play a part in the anti-phishing. This is where I go back to Jonathan and HKIRC (.hk).

McAfee published a report on Mapping the Mal Web Revisited in May. This report said “Hong Kong (.HK) soared in 2008 to become the most risky country TLD”.

Obviously, this report upset quite a few people, including Hong Kong Internet veterans like Charles Mok and Pindar Wong (see IT360). Jonathan contested that the report is unfair because the data point for the report is based on 2007 whereas the problem have being substantially improved in early 2008.

What have being done by HKIRC is a model of what I think the registries should adopt.

1. In March 2007, HKIRC working with HKCERT and the HK Police Force on a procedures to verify whether a .hk domain name has been used for phishing. They also work with OFTA, the local regulatory body, who will provide a definite list of .hk domain names that is involved in spamvertising in Jul 2008.

2. In July 2007, HKIRC tighten their online payment (HKIRC is also the registrar) so that stolen cards and lost credit cards cannot be used. In early 2008, they also developed an internal auditing system where they would flag suspicious registrations, which would then be process manually for additional documentary proof from registrant.

An example which would trigger the flagging is when a domain name is known to be phishing site from a definite list by OFTA, the other domain names registered by the same registrants would be considered suspicious.

What was done by HKIRC is non-intrusive, nor disruptive to the registrants. Neither do they presume guilty before innocent, and take down domain names on suspicion notes. They work with regulators and polices to make sure they got the right person. They let judges do their job, of determine one guilty or innocent.

Most importantly, these have being effectively in curbing the problem.

August 28th, 2007

.test in 10 scripts

» ,

Wohoo! Finally we getting our IDN Top Level domains :-)

Update: IDN .test Root-Zone Evaluation

Specifically, the Board approved the delegation of eleven evaluative top-level domains representing the term ‘test’ translated into: Arabic, Persian, Chinese (simplified and traditional), Russian, Hindi, Greek, Korean, Yiddish, Japanese and Tamil. Following this ICANN Board approval, the delegation request will now go through standard IANA procedures for insertion of top-level domains into the root zone. The technical evaluations of IDN TLDs and their usability in various applications will proceed following their delegation.

(Yea, I am kind of late :-)

May 22nd, 2007

Late thoughts on .XXX

»

It is kind of silly to talk about .XXX, especially it is a forgo conclusion that it is not proceed, not to mention a couple of months late. Nevertheless, I was discussing this with a friend recently and said something I like to share:

“.XXX is (perhaps) the first time the pornography industry and the conservative Christians stand along the same side”, ie against .XXX.

It is like as if democrats and republicans have the same position as gun control.

Perhaps the conservative Christians should sit back and really think if they have any clue what they are protesting.

January 14th, 2007

Peace …

» ,

Finally, after nearly 8 years of tug-of-war, ITU finally comes to terms that it needs to work with ICANN as I noted a few years ago (here and here).

The Internet should continue to be overseen by major agencies including ICANN and the ITU, rather than any new “superstructure,” the new head of the International Telecommunications Union said on Friday…

“We all must work together, each agency has its role to play. We must come to a better cooperation … and avoid setting up a superstructure which would be very controversial and very difficult to put into effect,” Toure told a news conference.

I am glad we can all put this behind us and focus on other more important things :-)

March 15th, 2006

Timetable for IDN TLD testbed

»

ICANN announced the Timetable of Proposed Testing of IDNS in Top-Level Domains:

ICANN released today a statement outlining a proposal by the President’s Committee on IDNs (co-chaired by Hualin Qian, Mouhamet Diop and Paul Twomey) for a timetable leading to the technical testing of IDNs at the TLD level. The timetable contains a series of consultations and collaborations to ensure that the testing, when launched, will preserve DNS stability and security. It does not purport to be a presumption on any related policy issues which are in the perview of the ICANN policy bodies. The timetable calls for the start of testing in July 2006.

Basically, they are trying two DNS technique, a direct NS delegation vs DNAME assignment (think “soft linking” in Unix). I remember speaking to Prof. Qian in Perth about these briefly and oh gosh, finally!