.nyc - here we go...

Rubens Kuhl rubensk at gmail.com
Wed Jul 3 03:41:52 UTC 2013


On Wed, Jul 3, 2013 at 12:21 AM, Paul Ferguson <fergdawgster at gmail.com>
wrote:
>
> On Tue, Jul 2, 2013 at 8:12 PM, Rubens Kuhl <rubensk at gmail.com> wrote:
>
> > Summary: there are residual risks, but the checks and balances of the
> > process are likely to stop bad actors, at the cost of also stopping some
> > good actors. Error in the side of caution preferred.
> >
>
> You're missing the forest....
>
> If a new gTLD applicant decides to "capitalize" on their financial
> investment once they have received approval, there is nothing stopping
> them from opening the flood gates to anyone who wants to register
> sub-domains/second-level domains for financial gain.
>
> Of course, they should be allowed to do so. It's a free market.
>
> Just look at .cc and the complete Charlie Foxtrot they caused by
> allowing second-level domains to be used by anyone for any purpose
> (e.g. *.co.cc, *.cu.cc, etc.) and .tk for instance.


New gTLDs aren't allowed to register 2-letter country-codes like co.<TLD>
without clearance from government of that country. Considering gTLDs pay
ICANN fees by domain if they go higher than 50k domains, it's unlikely that
a registry business model will go in the same direction as the repurposed
ccTLDs

>
>
> We can expect a lot more of the same with the expansion of the TLD
> space, so it *will* require a lot more diligence.


Current working version of the Registry Agreement, following advice from
governments, established requirements for security monitoring for ICANN,
registries and registrars, so you should probably wait until ICANN board
publishes it to assess whether such diligence is already being provisioned
into the system or not.

From
http://www.icann.org/en/groups/board/documents/resolutions-new-gtld-annex-ii-agenda-2b-25jun13-en.pdf
"Registry Operator will periodically conduct a technical analysis to assess
whether domains in the TLD are being used to perpetrate security threats,
such as pharming, phishing, malware, and botnets. Registry Operator will
maintain statistical reports on the number of security threats identified
and the actions taken as a result of the periodic security checks. Registry
Operator will maintain these reports for the term of the Agreement unless a
shorter period is required by law or approved by ICANN, and will provide
them to ICANN upon request."


Rubens



More information about the NANOG mailing list