What if the generic Top Level Domains (gTLDs) on the internet—like the ones we know and love like .com, .org, .net and so forth—collided with ones used by internal network names?
What if there were so many generic TLDs—so far there are 1,200 on the list with nearly 2,000 applicants—that your customers literally didn’t know what the hell to type in after the “.” when going to your website?
Mike O’Connor
The push to add hundreds of gTLDs to the internet domain name space was an issue I had thought I understood. But it wasn’t until attending a talk by entrepreneur and smart guy Mike O’Connor last evening at U of MN’s Humphrey School of Public Affairs, that I began to understand the depth and breadth of the problem. The scope of the monetary incentives for the organization that runs the domain name system: ICANN, the Internet Corporation For Assigned Names and Numbers, is breathtaking too.
After Mike’s experiences co-founding the St. Paul internet service provider GoFast.net (PDF of an 1999 article on GoFast is here) and later running the Y2K program for the City of St. Paul staving off digital armageddon at the turn of the century. Then he became even more involved in various community adventures like when he was appointed by the governor to be on the Minnesota Ultra High Speed Broadband Task Force.
THE OPPORTUNITY
Turns out the push to add all of these gTLDs is pretty darn lucrative for ICANN. To sponsor a new gTLD isn’t cheap: the initial cost is $185,000 and the ongoing cost is $30,000 per year. Mike also surmised aloud that the fully burdened cost of sponsoring a new gTLD was closer to $500,000 and that was before promotion or marketing of it to drive awareness!
ICANN, a non-profit corporation, is poised to generate several hundred million dollars from adding all of these new gTLDs. Registrees and registrars (along with speculators) also stand to profit from the huge influx of new TLDs in the domain name system.
Of course, one could argue that new gTLDs also open up domain naming possibilities for the rest of us so we can stop dropping vowels in our names (e.g., Flickr; Tumblr, Socializr, etc.) and get exactly what we want.
But there is a looming problem that stands to change our level of trust when it comes to the internet.
THE PROBLEM
Mike laid out the problem in his talk and there is a lot more detail in this blog post. In essence the problem is:
The new TLDs may unexpectedly cause traffic that you’re expecting to go to your trusted internal networks (or your customer’s networks) to suddenly start being routed to an untrusted external network, one that you didn’t anticipate. Donald Rumsfeld might call those external networks “unknown unknowns” — something untrusted that you don’t know about in advance. The singular goal of this post is to let you know about this possibility in advance. Here’s the key message:
If you have private networks that use TLDs on this list, best start planning for a future when those names (and any internal certificates using those names) are going to stop working right.
You might think, “Ahh…that doesn’t really affect my company or me” but imagine you work for a corporation and are in a coffee shop . You open your laptop and launch your mail program. It tries to connect to your internal network to retrieve your email BUT YOU FORGOT to launch your VPN first. Oops.
Since the way seeking works when you have an internet connection, your laptop now attempts to find your company’s internal mail server on the wider internet. Since a new gTLD proposed is the same as internal as an internal name, it would be trivial for bad guys to spoof your program and you’d end up on an untrusted source on the wider internet. Here is part of a diagram Mike showed last evening that will give you a sense of some of the conflicts that are certain to arise:
Mike is not alone in his concern. This article at the Domain Industry Journal said in part:
“…the Association of National Advertisers (ANA), who represents dozens of well-known global brands including AT&T, eBay, IBM, Intel and Microsoft, to name just a few (see the full membership list here), blasted ICANN over “woefully inadequate” preparations for the impending roll out of new gTLDs.“
Add to that the simple confusion by consumers on what TLD to use. Many of our readers have “.net”, “.mn”, “.name” and other TLDs and often are frustrated because everyone puts in “.com” as a reflex. Imagine trying to remember one of literally hundreds of gTLDs like “.inc” or “.bank” or “.cloud” and so on. It’s a marketing budget nightmare and a scammers dream.
Add another issue: the inadvertent searching on a string in your web browser bar where you forgot to leave a space (e.g., “best company on the market in routers.Cisco is the best?” brings up a “routers.cisco” webpage instead of a page of Google or Bing results.
The comment period is over at ICANN so we’re along for the ride as users, developers, service providers or just interested observers. But if you are someone who manages or runs a private network with any potentially conflicting namespaces, take Mike’s advice: start planning now.
To learn more about the controversy and concerns, here are a few links:
- Mike’s Posts:
- Verisign blasts ICANN for rushed generic top-level domain name rollout
- Clashes, Collisions, Delays and Decisions: ICANN, NTIA, Verisign and ANA Weigh In on ‘Name Collisions’ and the Readiness of the New gTLD Program
- The Technical Impact of New gTLDs: Are We Pushing on Regardless?
- Verisign report: New gTLD Security, Stability, Resiliency Update: Exploratory Consumer Impact Analysis (PDF)
- New gTLD Security Implications