Tucows President and CEO Elliot Noss talks to Antony Van Couvering about new gTLDs, trends, speculation, brand protection and Internet governance.
Tucows President and CEO Elliot Noss talks to Antony Van Couvering about new gTLDs, trends, speculation, brand protection and Internet governance.
We have spoken to our technical support teams from all of our SSL vendors in regards to this issue and if your server runs the version of OpenSSL that is being affected by this bug (OpenSSL 1.0.1 through 1.0.1f), there are potential vulnerabilities. The first step is to have your servers patched with the new version of OpenSSL (1.0.1g) released on April 7th, 2014. As a precaution we suggest that you re-issue the SSL. Re-issuing the SSL will have the server administrators generate a new private key on their client’s servers. Please note that re-issuing a certificate will deactivate the old one. However, if you would like your certificate’s serial number added to the CRL (Certificate Revocation List), you can contact the vendor and have the old certificate manually revoked.
Below you will find a list of URLs to the portals that will allow you to re-issue your clients’ certificates:
How to use the portals
Comodo and Trustwave
Please send an email to firstname.lastname@example.org with the new CSR and the domain or supplier id to be reissued.
If you have any additional questions, please contact OpenSRS Support at email@example.com
The Canadian Internet Registration Authority (CIRA) has recently launched a new Community Investment Program designed to provide funding to community groups, not-for-profits, and academic institutions for projects that enhance the Internet for the benefit of all Canadians.
If you are pursuing an interesting initiative that requires funding you can apply to have your initiative considered.
When and how?
Apply through CIRA’s website. The deadline for applications is 2 p.m. ET February 28, 2014.
The typical grant will be approximately $25,000 – $50,000 although some may be larger and some smaller. Grants will not exceed $100,000.
Who can apply?
The information about applicant eligibility and the application process is available on CIRA’s website.
As we have detailed in previous posts, the 2013 Registrar Accreditation Agreement (RAA), which is the formal contract between ICANN and registrars, contains a number of new provisions around selling and managing domain names. One important component which has not garnered much attention thus far, however, has to do with WHOIS privacy and proxy services.
There is a provision in the new RAA which requires registrars to comply with “any ICANN-adopted Specification or Policy that establishes a Proxy Accredited Program.” In practical terms, this means that by signing the 2013 RAA, registrars agree to follow any accreditation program ICANN should subsequently introduce. Note any such program wouldn’t be developed overnight; a group of volunteers would work together to develop recommendations that would either be accepted or rejected by the ICANN Board.
So what could possibly be in the program? While it’s a bit early to tell, this Working Group Charter outlines a number of important discussion topics:
- Whether registrars should abide by and publish standard service practices;
- The possibility of introducing base guidelines/rules around the relaying and revealing of contact information;
- Performing regular checks to ensure the accuracy of customer contact information;
- Labelling WHOIS entries to indicate when a registration is made through a privacy or proxy service;
- Maintaining dedicated points of contact for abuse;
- Discussing whether standardized processes can be introduced to provide law enforcement with access and data;
- Restricting WHOIS privacy/proxy services for commercial or personal purposes; specifically, the Working Group Charter states, “is the use of privacy/proxy services appropriate when a domain name is registered for commercial purposes?” It also asks, “Should the use of privacy/proxy services be restricted only to registrants who are private individuals using the domain name for non-commercial purposes?”
It’s important to note that while the Working Group Charter has established these topics (and others) as discussion points, there is no guarantee any of the points will be made into policy. It does, however, illustrate some of the concerns the community has with the current state of WHOIS privacy and proxy services, and some of the ideas which have been floated to solve them.
Forming a working group is an early step in the policy making process. It will be many months before we’ll know whether some (or all) of these topics will be formed into policy. Our plan is to participate in the group and provide input; be sure to keep an eye on this blog as the group begins its work.
Last week’s post regarding pre-registration resonated with a lot of readers, and it also sparked a conversation internally about where pre-registration fits in the bigger picture. We ultimately boiled it down to the needs and intentions of registrants, and some recommendations on what you can do as a reseller.
What pre-registrations really are
What is being marketed as “pre-registration” in the context of new TLDs is generally more an “expression of interest”. It doesn’t give any guarantee to get a domain, but merely says “whenever this new TLD becomes available for everyone, please let me know, because I would be interested in purchasing this name.” They can however help registrants to not miss the launch of their desired extension. It’s just important to note that those “expressions of interest” do not help to secure a specific name.
So, what do you tell clients who want to secure specific names upon the launch of a new gTLD, if pre-registrations don’t help? The answer depends on what kind of name it is.
How to secure your brand or trademark
There’s good news for holders of registered trademarks: you’re among the first in line for every new TLD that launches! But still, to reserve this prime spot in the queue and get a domain ahead of everyone else, you need to do two things:
If your brand is registered with the TMCH, it will then be eligible to be registered as a domain name in every registry sunrise phase (some exceptions may apply). There’s a charge for submitting a mark to the TMCH, and a separate charge for every sunrise application. OpenSRS will enable you as a reseller to submit marks to the TMCH and apply for names during sunrise on behalf of your clients.
A nice additional benefit of using the TMCH is the Claims service, which will warn others intending to register your trademark that they are potentially violating your intellectual property. In case they still go ahead and register, the trademark owner will be notified and can take the necessary steps to suspend the name.
While the TMCH and sunrise phases are a good solution for holders of registered marks, what if your brand or product name isn’t a trademark, but you still want to secure the name?
How to secure your “Very Important” Domains
Landrush is your friend. Once a new gTLD has completed their mandatory sunrise launch phase for trademarks, we expect most registries to offer priority registrations during a landrush phase. Landrush means anybody can apply for any name that hasn’t already been taken during sunrise, but for a premium registration fee. Auctions will typically resolve multiple applications for the same name. Some registries will also sell high-value names as premium names, with a specific price tag on each of them.
Although Landrush registrations have a higher cost, you will still be ahead of the crowd waiting for general availability.
But what if this all sounds too expensive, and you just want to try your luck securing a regular name?
Getting a name at the regular price
After the names in highest demand have already been taken during sunrise and landrush, new gTLDs will enter their general availability phase. During this phase, we will conduct real pre-registrations, which is placing a binding order on hold in a queue at a time when the launch date, pricing and requirements are known. OpenSRS will open such pre-registration queues for general availability phases only prior to launch. At launch, those queued orders will be submitted to the registry one after the other, and you might be lucky enough to get a name.
So if you are a reseller and have decided to take “expressions of interest” from your clients, you would contact the client prior to launch with info on launch phases and dates of that TLD, and invite him to place a Sunrise or Landrush application or a binding pre-registration for General Availability.
If you want to get active now, taking expressions of interest is one thing you can do, the other is preparing the brand owners among your client base to submit their marks to the TMCH.
Congratulations are in order as Verisign announced .net has surpassed 15 million registrations, putting it in fourth place behind .com. With more than 110 million .com domains registered, .net is proving itself to be a great alternative that works on a global scale.
15 Facts about .net:
You’ve heard us talk about new TLDs quite a bit in the recent past, and we promise that there’s even more to come. While the launch of the first new extension is probably still a few months away, there is one thing you should start talking about to your customers now – the Trademark Clearinghouse (TMCH).
As we have mentioned in an earlier post, the TMCH will be the central repository of trademark data, to be used by each and every new top-level domain to protect trademark holders at launch. But why is the TMCH relevant to you and your clients? It’s a domain add-on service you can make money on, and it can make the life of your business customers a lot easier.
To explain this and better understand the benefits of the TMCH, let me give some more background on what it actually does. Any registered trademark of at least national effect in any country in the world can go into the Clearinghouse, with a few funny exceptions – no dots (.) and no existing TLDs (e.g. mytradmark.org) are allowed.
Once submitted, the TMCH will check with the relevant trademark register if the trademark exists and if it really belongs to the holder who submitted it. If the application is approved, it’s inserted to the TMCH database, which is the entry ticket to two great priority services: Sunrise and Claims Notices.
What’s so great about Sunrise – isn’t it super complicated and a big mess after all? Well, it might have been in the past. The TMCH however makes Sunrise phases what they really should be – an easy, standardized and cost-effective way to secure your trademark as a domain name ahead of everyone else in any new TLD you want.
And that is really everyone – any new TLD to come will be required to launch with a Sunrise phase for trademarks that are in the TMCH. The intellectual property community has been fighting for this over years and years, and they succeeded – if you own a trademark, you stand first in line at launch.
Claims Notices is another unique service available through the TMCH. It kicks in after the Sunrise phase of each new TLD, and does two things.
First, whenever somebody tries to register a domain that matches a trademark in the TMCH, that person will receive a notice and acknowledge this fact before it’s possible to complete the registration.
Second, if that person continues the registration anyway, a second notice will be sent to the trademark holder, making him aware that this registrant potentially infringes on his trademark. That service comes at no additional cost, and it’s available during the first 90 days of each new TLD’s public launch phase.
No other third-party domain monitoring service can step in and warn registrants before they even unintentionally infringe on a mark.
While I truely believe that the TMCH is a great service, it will be most interesting to your SMB and corporate customers. The potential customer base is huge, it’s not only the handful of globally known brands. In the US alone, there are currently over 1.8 million registered trademarks, with over 400,000 new filings in 2012. Germany has close to 800,000 registered marks, and the World Intellectual Property Organization (WIPO) reports a total number of over 3 million internationally valid trademarks.
This is large base of potential customers, and if you have any business customers, it is very likely at least some of them will have a trademark. You don’t want to send those high-value customers somewhere else.
So the TMCH is a great service that has a lot of value for what trademark owners usually consider a discount price – expect the TMCH charge from us to be at around $200 per year. The one drawback is – most businesses are not aware yet that new TLDs and the TMCH are coming. You will need to tell them about it, and we recommend to start doing that rather now to give your customers plenty of time to make up their minds.
Over the next couple of months, we’ll provide you with non-branded education materials that you can use to convey the message to your clients. We’ll keep you posted.
Earlier this year, we set up an informational page detailing our position and outlook on the topic of new TLDs. Since then, and particularly since the conclusion of ICANN’s 46th international meeting last month in Beijing, we have received many inquiries from resellers about our plans for this exciting development. As a result, I thought it would be a good time to address some of the frequently asked questions we are receiving.
What do the current launch timelines look like for new TLDs?
We believe the most optimistic view currently puts the first TLDs live and launching their sunrise phases in the third quarter of 2013.
Most applicants are currently being evaluated by ICANN. Exactly when a specific extension will become available depends on several factors:
The net result of this is we expect extensions with no objections and only one application to launch first; many of these are Internationalized Domain Names and geographic/regional domain names.
What extensions are you planning to carry, anyway?
Unfortunately, it’s still a little bit too early to tell. That said, there are some high-level things we can say at this point:
We will relay more details about what extensions will be going live when as we get them.
What about the Trademark Clearinghouse (TMCH)?
The TMCH will be an important part of the launch process. Every extension will be required to offer a sunrise period; if you are thinking of securing any names during this phase, want to protect any trademarks your company may have, or want to do the same for your customers, you’ll want to start thinking about the TMCH.
The purpose of the TMCH is to accept and validate records of registered trademarks, to add them to a central trademark database, and to subsequently a) allow them to be registered during the sunrise phase, and b) notify potential registrants during the general availability phase that the name is a registered trademark (and inform the trademark holder).
All trademark holders will be able to provide their trademark details to the TMCH via OpenSRS and its resellers. As a result, we expect to support the sunrise and landrush phases for many extensions.
While we’re not quite at the starting line for launching new TLDs yet, we’re getting close. Expect many updates in the coming months about the launch of new gTLDs. Stay tuned.
By now you’ve heard about the new gTLD program in the works at ICANN; concerning the text right of the dot. It has been in the works for quite a while now and looks like it will be another year or two before all the dust settles on the initial 2,000+ applications. So far we haven’t really talked about it, unlike some of the other registrars, because frankly there isn’t a whole lot of actionable news yet to share. We have however been following the developments quite closely, and like the rest of our domain business we’re going to bring our resellers as many of the new public gTLDs as possible.
In the meantime, we’ve set up a new page on the site explaining our position and outlook, along with a high-level overview of the roll-out timeline. We’ll be updating the page as new major developments come out, and when we get closer to actually having a new gTLD in the OpenSRS platform we’ll make sure you know about it in advance. We also invite you to hop into our community forum and ask us and the community any questions you have about the new gTLDs.
We just found some interesting third-party research from the Baymard Institute regarding consumer’s perceptions of SSL and Trust seals. The survey, from January 2013, specifically focused in on e-commerce websites and gave the following results, showing Trust seals outpacing all of the SSL seals with the exception of Norton.
Its an interesting article and I recommend clicking through to read more about the results and some of the implications. Including their suggestion sites show multiple seals to increase perceived site security; while also of course improving site security.
The hosting business is young and has a bright future ahead of it. But the market is getting tougher and big names like Amazon, Google and Microsoft are circling the sector. What can hosters do to fend them off? What are the keys to competing and winning long-term?
The best place to find the answer is to look at the sector’s success stories. In the cloud we only need to look as far as Amazon Web Services. In dedicated hosting SoftLayer went on a massive run with its automation mantra and in shared hosting we have seen hosters succeed by unlocking the up-sell challenge. What do these three success cases have in common? They were driven by a platform.
What is a “platform”?
What do we mean by a platform? In a nutshell, a platform is a unified and consolidated infrastructure delivery system built on a single back end (provisioning, management and billing) and consumed by the end user on-demand and in a highly automated fashion.
Amazon’s platform might not be the easiest thing in the world to use but for technical users it is a highly cohesive set of virtualized infrastructure services available through a single set of APIs. SoftLayer does the same but with a much better user experience and for a much wider range of infrastructure types (dedicated, virtual, cloud). And in shared hosting the providers that have prevailed have grown ARPU by enabling existing customers to easily buy additional services. A good example of a platform in the shared hosting market is Parallels Automation, which is user by hosters to deliver hosting infrastructure and SaaS applications from one back-end with a single front-end user experience.
Why is the platform so crucial? Because it is the foundation of the two main ingredients for hosting success: backend efficiency and an enjoyable end user experience. Backend efficiency translates into margins. And margins mean more available resources for investment in marketing, customer support or product development. An enjoyable and efficient user experience means happy customers that renew and buy more services. It also means easier and faster up-sells. All this translates into margin and higher ARPU, which reinforces customer stickiness.
Make no mistake. The platform is the key to the sector’s future. Hosters have to continually be ruthless about efficiency and margins and the platform ensures that. There are well-resourced challengers encroaching on the sector and hosters will not be able to leave anything to chance. With an increasingly competitive landscape and tightening prices hosters will also have to boldly differentiate. The platform is uniquely positioned to solve that problem by creating user experiences that convince customers to eschew other options.
Platforms are not a new thing and they are far from revolutionary. But the sector will need to continually perfect and refine them in order to keep the challengers at bay. For those hosters with messy and legacy-oriented backend systems they should be thinking now about how to integrate them into a platform. The good news for hosters is that there are few fundamental game changes in hosting. The sector moves at a deliberate and evolutionary pace. There is time for hosters to get this right and remain a viable and valuable option for infrastructure service delivery.
This morning, it was announced that Verisign and the US Department of Commerce had come to an agreement that allows Verisign to continue to operate the .com domain for another six years.
What was missing from that contract was the hot topic of conversation this morning – Verisign no longer has the right to four price increases of 7% over the term of the agreement. In other words, .com domains will likely remain prices at $7.85 until November, 2018 when the new agreement comes up for renewal again.
Verisign does have the right to increase prices if they can prove “extraordinary” expense resulting from and attack or threat of attack on the security or stability of the DNS. Any price increase would require Verisign to prove that the increase served the public interest before the Department of Commerce would approve.
Verisign could also seek a price increase if it could prove that market conditions no longer warranted the new restrictions that are put in place with this agreement. Again, that would require Department of Commerce approval.
Elliot Noss, Tucows President and CEO, says that the new agreement between the Department of Commerce and Verisign “rights a wrong in the last contract.”
Tucows has been very outspoken about .com pricing, and we were clear at the time of the last renewal that we did not believe Verisign should have been given the right to price increases.
It’s good news for registrants and the Internet as a whole.
Elliot also suggests that the new contract could even turn out to be good for Verisign going forward. The previous contract provided them with an opportunity to raise prices. As a public company with a fiduciary responsibility to maximize shareholder value, Elliot notes that investors, who often think in the short term, would put immense pressure on Verisign to exercise those price increases.
He goes on to suggest that having the option to raise prices four times in the next six years may have turned into a competitive disadvantage for Verisign given the new gTLDs coming online within the next 12 to 18 months.
By not having price increases available to them as a way to grow revenues, Verisign is will be driven to more efficiency and innovation. Certainly, the conference call Verisign hosted this morning featured a lot of talk of innovation, patents, and the addition of new value-added and revenue generating services like Distributed Denial of Service attack protection.
One thing is for sure, and perhaps this is the most important part of the contract extension announcement: Verisign continuing to be the operator of the .com extension for the next six years is great news for everyone. Verisign has proven itself to be an exceptionally good operator of the root. From a technology and service perspective, .com is clearly in good hands.
You can read the US Department of Commerce statement here.
Last week marked the two-year anniversary of the relaunch of the .CO domain extension.
It was July 20, 2010 when .CO officially set its sights on becoming the go-to web address for the world’s entrepreneurs, innovators and next great businesses. Although there was some skepticism as to whether the world needed yet another domain extension, the market showed a real hunger for a space where creativity and innovation could thrive.
In those two short years, over 1.3 million .CO domains have been registered…and .CO continues to grow! .CO has proven to be a global success story. Just over half of .CO domains were bought by registrants in the US and Canada, the UK, Australia, India and China all are well represented amongst the more than 200 countries where a .CO registrant can be found.
The most used .CO domain is probably one you see yourself quite often: t.co. This single-letter .CO domain is used by Twitter as its built-in URL shortening service, exposing .CO domains to the millions and millions of Twitter users around the world every day.
To help celebrate two years of .CO, we have a special promotion underway at OpenSRS. Between now and September 30, 2012, .CO domains are priced at just $15 (that’s $10 savings per domain off the regular price).
To help you learn more about .CO, the registry created this awesome infographic. Feel free to use it in your own marketing efforts along with a discounted price to highlight .CO and to drive sales. Click the image to get the full-sized version.
The recent outage suffered by the Amazon Web Services cloud is another stark reminder that despite the best efforts of service providers, outsourced hosting and cloud infrastructure is fundamentally imperfect. Obviously you don’t want outages to happen very often and there is plenty service providers can do in the areas of engineering and software architecture to minimize risk and impact. But the ideal of 100% uptime, while desirable, is impossible to achieve. Things can and will go down. You can bet on it. Because of this simple fact, service providers need to understand that it is not just about preventing and avoiding outages. It is about how you deal with them when they unfortunately do happen. I
The most important thing to do when an outage happens is to be transparent. There is no getting around this and it can’t be emphasized enough. While it might hurt to tell your customers that the failure in your service delivery has caused a disruption to their business it is a necessary position to take. Being secretive, elusive or worse, dishonest, breaks down the trust a customer has placed in the hands of the service provider when they hand over their mission-critial content and applications. Break this trust and there is nothing left.
Transparency is the first step. The next step is communication. And not just communication but effective and proactive communication. When there is an outage hosters must go on the offensive and reach out to customers directly … and fast. You don’t want customers going to Twitter for information about your service. You don’t want to risk having customers get false or misleading information. To mitigate that from happening hosters must communicate accurate and detailed information immediately. Get on Twitter, post on a company blog or Facebook page. Send a mass email to customers. Call as many customers as you can or at least call your top customers. And be sure to keep the updates coming regularly through and after the outage. Not reaching out to customers could result in customers making decisions about your service based on false information. And this almost always will have an undesirable outcome.
Being transparent and providing clear and accurate information also plays a role before the outage happens. Be careful to look over your SLA terms with a lawyer and make sure you can deliver on all the stipulations. Both the customer and provider need to have a frame of reference for when things go wrong. A concise SLA sets expectations for customers and delineates service provider responsibilities. It also keeps you out of legal hot water. And be sure not to promise what you can’t deliver on. The 100% SLA is just a disaster waiting to happen. Even if you have liberal definitions of downtime, when things go wrong you are going to look pretty silly with a claim of 100% downtime. Just don’t do it.
This is not to say, however, that covering your bases is enough. This is just a staring point. Preparation and a legal frame of reference is just a foundation that shapes a conversation. Hosters still have to engage in that conversation and it is often with customers that are downright irate. Going above and beyond for your customers might be a necessary response. Understand how far you are willing to go for customers in the event of an outage well before it happens.
It is worth repeating. Things can and do go wrong. A good outage management strategy requires preparation, realistic expectations, honesty and transparency. An infrastructure service provider is responsible for the lifeblood of businesses. It is a relationship that runs on technology but is grounded in trust. Preserving that trust is the key to maintaining good relations with customers when things go wrong. Customers understand that the Internet is perfect and always will be. All they want is a technology partner that appreciates this and acts accordingly.
Thanks to Andy Piper for the pic, and for releasing it under Creative Commons.
The Canadian Internet Registration Authority (CIRA) Nomination Committee is seeking interested individuals from across Canada to apply to fill three open positions for the Nomination Committee Slate of CIRA’s Board of Directors Election. Canadians with governance experience and relevant background in industry, technology or the Internet are encouraged to apply.
Applications will be accepted from May 10 to June 8, 2012 at the CIRA website.
.CA Members and Registrants can play a key role in guiding the future of the Internet through their participation in the Nomination Committee Slate. CIRA will be inviting .CA Members and Registrants to participate in this stage of the 2012 CIRA Election.