Thedelegation of new gTLDs (generic top-level domains ) by ICANN (Internet Corporation for Assigned Names and Numbers)is premature and could cause risks to the security and stability of the DNS (Domain Name System) and affect the working of the whole Internet, Verisign has warned.
As ICANN pushes for an April 23 launch of the first new gTLDs, Verisign has raised concerns in a report outlining new gTLD security and stability issues, sent to ICANN and filed with the U.S. SEC last week.
[ Get your websites up to speed with HTML5 today using the techniques in InfoWorld's HTML5 Deep Dive PDF how-to report. | Learn how to secure your Web browsers in InfoWorld's "Web Browser Security Deep Dive" PDF guide. ]
The risks named in the report should be addressed in a timely manner by ICANN, otherwise the broader implications of new gTLDs to parties that rely on the Internet DNS will be "far-reaching," Verisign said.
Security concerns from Verisign and other organizations indicate ICANN may be headed for a "train wreck," said the ANA (Association of National Advertisers), a trade group.
ICANN is in the process of evaluating applications for new gTLDs like .sport and .news. The first 27 gTLDs have already passed the initial evaluation phase, with the Japanese words for Amazon, store and fashion among the first to pass.
But the process is going too fast, according to Verisign, which applied for the transliteration of dot.com in Chinese. Verisign's application has also passed the initial evaluation.
"In order to ensure a successful implementation of each new gTLD, it is essential that proper planning be conducted in advance," Verisign said in the report. This preparation should entail the development of a project plan for each new gTLD to be implemented, it added.
"These plans should align with ICANN's timelines, thus minimizing impacts to current registry operations, as well as the overall DNS and broader Internet ecosystem," Verisign said. It called on the ICANN board to address the issues appropriately before delegating any new gTLDs, "as the risk of a misstep in this direction could have far-reaching and long-lasting residual implications."
The Verisign report, coupled with a March 15 letter from PayPal also raising security concerns, demonstrate a need for ICANN to slow down, said Dan Jaffe, executive vice president of government relations for the ANA.
While the trade group has objected to the new gTLDs because of trademark concerns, the Verisign and PayPal security concerns may indicate even more serious issues, Jaffe said Tuesday. "It would be reckless to move forward until these problems are resolved," he said.
ICANN said it takes the security issues raised by Verisign "very seriously," but the issues are addressed.
"Security of the DNS has always been paramount for ICANN," ICANN CEO Fadi Chehadé said in a statement. "Every issue raised by Verisign in this report has been discussed within the ICANN community during the development of the new gTLD program over the past eight years. The program is operationally on track and I anticipate no delays."
But Verisign said that rolling out multitudes of new gTLDs could cause problems for the DNS Root Zone, the highest level of the DNS structure, which contains the numeric IP addresses for all top-level domain names such as gTLDs like .com and .org as well as country code top-level domains like .us and .uk.
"Without a well constructed and well reasoned process model, and at the scale of changes foreseen with the addition of the unprecedented rate of the new gTLDs being added, the entire DNS hierarchy faces the potential for issues at or near the root of the DNS tree, and the fallout from such a change could affect all delegations," Verisign said.
ICANN seems to have taken a very "ICANN-centric role" with the rollout of new gTLDs and has given little consideration for registry operators that will need to prepare for the changes, including dealing with security implications, Verisign said.
"It actually appears as though there is little to no time allotted for operators to adequately prepare," Verisign said.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org