ICANN: New gTLD Auction Proceeds
Auctions are the mechanism of last resort to resolve string contention within the New gTLD Program. ICANN expects that most string contention will be resolved through other means before reaching an Auction conducted by ICANN’s authorized Auction service provider, Power Auctions LLC.
However, there is a possibility that significant funding will accrue as a result of several Auctions. Auction proceeds will be reserved and earmarked until the Board determines a plan for the appropriate use of the funds through consultation with the community. Auction proceeds are net of any Auction costs. Auction costs may include initial set-up costs, auction management fees, and escrow fees.
Information about the Auction process or Auction Results can be found on the Auctions page or Auction Results page, respectively.
Below is a breakdown of Auction proceeds as of 22 October 2014.
This ICANN announcement was sourced from:
http://newgtlds.icann.org/en/applicants/auctions/proceeds
DENIC implements secure and confidential e-mail communication based on DANE and DNSSEC
[news release] The .DE registry and managing organization, DENIC, is among the early adopters who have implemented the technology labelled DANE with the objective to secure e-mail communication. Having been developed by the Internet Engineering Task Force (IETF) as an open standard, DANE is a powerful tool to encrypt data traffic between mail servers and to verify the identity of the involved servers, in a reliable manner.
For the German version, see: www.denic.de/denic-im-dialog/pressemitteilungen/pressemitteilungen/3947.html
DANE interlinks conventional certificates (a sort of electronic “identity cards”) with the Internet’s “directory service”, the Domain Name System (DNS). The e-mail transport encryption enabled by DANE and based on the security extensions DNSSEC effectively eliminates the risk of e-mails or messages being redirected or intercepted, as a result of man-in-the-middle interference. DANE for e-mail is an essential step towards securing Internet communications end-to-end for everyone.
The .DE top level domain has been signed with DNSSEC since 2011 already, when DENIC established one of the fundamental bases paving the way for the practical use of DANE, in Germany. For more details on how DNSSEC can be implemented technically, domain holders are referred to their Internet service providers.
Background Information
About DANE
DANE (DNS-Based Authentication of Named Entities) is described in RFC 6698, a specification issued by the Internet Engineering Task Force (IETF). Using DANE enables so-called X.509 certificates to be stored in the Domain Name System (DNS). The purpose of X.509 certificates is to confirm the identity of a webserver (or other systems). Linking certificates to the DNS creates a number of new options:
- By publishing a root certificate, the server operator can state which Certificate Authority (CA) he relies on, thus which organization is authorized to issue digital certificates for his servers. In case another CA issues such certificate either maliciously or as a result of a manipulation of its systems, but without the operator’s express consent, the Internet user will be alerted accordingly.
- Where self-signed certificates are used, with no CA services involved, a second channel is established by the certificate being publication via the DNS. This enables the application to validate and accept such certificate.
- Additionally, DANE allows using different certificates (and thereby different cryptographic parameters) for services which can be accessed via the same host name (such as mail, web or instant messaging).
Currently DANE is used, particularly in Germany, to control encrypted communication between mail servers. Further applications are presently undergoing standardization procedures within the IETF. Among the applications currently being extended using DANE are end-to-end encryption and digital signing based on the S/MIME process.
About DNSSEC
The Domain Name System (DNS) as it was originally designed does not provide for any authentication of the distributed information. Communication between name servers and Internet applications (such as web browsers or VoIP phones) is not completely safe against third-party tampering. Over the past years, various attack scenarios have been described, which keep being refined by attackers. By adding digital signatures to the DNS, DNSSEC (short for DNS Security) helps protecting DNS data. These signatures make sure that responses to application requests are identical to the data published by the responsible DNS administrator, in their name servers. The root of the DNS hierarchy has been DNSSEC secured since 2010, with the .DE domain managed by DENIC following up in 2011.
This DENIC news release was sourced from:
http://www.denic.de/denic-im-dialog/pressemitteilungen/pressemitteilungen/3947.html
DENIC Implements Secure and Confidential e-Mail Communication Based on DNSSEC and Dane
Denic, the company behind .DE extension, announced that it has implemented the technology labelled DANE with the objective to secure e-mail communication.
You can read the press release after the jump :
“The .DE registry and managing organization, DENIC, is among the early adopters who have implemented the technology labelled DANE with the objective to secure e-mail communication. Having been developed by the Internet Engineering Task Force (IETF) as an open standard, DANE is a powerful tool to encrypt data traffic between mail servers and to verify the identity of the involved servers, in a reliable manner.
DANE interlinks conventional certificates (a sort of electronic “identity cards”) with the Internet’s “directory service”, the Domain Name System (DNS). The e-mail transport encryption enabled by DANE and based on the security extensions DNSSEC effectively eliminates the risk of e-mails or messages being redirected or intercepted, as a result of man-in-the-middle interference. DANE for e-mail is an essential step towards securing Internet communications end-to-end for everyone.
The .DE top level domain has been signed with DNSSEC since 2011 already, when DENIC established one of the fundamental bases paving the way for the practical use of DANE, in Germany. For more details on how DNSSEC can be implemented technically, domain holders are referred to their Internet service providers.
Background Information
About DANE
DANE (DNS-Based Authentication of Named Entities) is described in RFC 6698, a specification issued by the Internet Engineering Task Force (IETF). Using DANE enables so-called X.509 certificates to be stored in the Domain Name System (DNS). The purpose of X.509 certificates is to confirm the identity of a webserver (or other systems). Linking certificates to the DNS creates a number of new options:
By publishing a root certificate, the server operator can state which Certificate Authority (CA) he relies on, thus which organization is authorized to issue digital certificates for his servers. In case another CA issues such certificate either maliciously or as a result of a manipulation of its systems, but without the operator’s express consent, the Internet user will be alerted accordingly.
Where self-signed certificates are used, with no CA services involved, a second channel is established by the certificate being publication via the DNS. This enables the application to validate and accept such certificate.
Additionally, DANE allows using different certificates (and thereby different cryptographic parameters) for services which can be accessed via the same host name (such as mail, web or instant messaging).
Currently DANE is used, particularly in Germany, to control encrypted communication between mail servers. Further applications are presently undergoing standardization procedures within the IETF. Among the applications currently being extended using DANE are end-to-end encryption and digital signing based on the S/MIME process.
About DNSSEC
The Domain Name System (DNS) as it was originally designed does not provide for any authentication of the distributed information. Communication between name servers and Internet applications (such as web browsers or VoIP phones) is not completely safe against third-party tampering. Over the past years, various attack scenarios have been described, which keep being refined by attackers. By adding digital signatures to the DNS, DNSSEC (short for DNS Security) helps protecting DNS data. These signatures make sure that responses to application requests are identical to the data published by the responsible DNS administrator, in their name servers. The root of the DNS hierarchy has been DNSSEC secured since 2010, with the .DE domain managed by DENIC following up in 2011.”
ICANN To Allow Two-Character Domains In New gTLDs
It was resisted by the Governmental Advisory Committee and some security experts, but following a request from a Registry Operators group, ICANN will now develop procedures to allow the registration of two-character domains in new gTLDs.
Normal
0
false
false
false
EN-AU
X-NONE
X-NONE
MicrosoftInternetExplorer4
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:””;
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Times New Roman”,serif;}
“The appropriate decision taken was “received as extremely welcome by all registries” said Dan Schindler, Co-Founder and Executive Vice President, Business Development, for Donuts, the largest applicant with 307 new gTLDs. “The ability to offer two-character names is great for us and registrants.”
Following security concerns, ICANN had forbidden their release, but Registry Operators representing 207 new gTLDs requested their release. Security advice requested by ICANN had shown security issues not be a concern, but the Governmental Advisory Committee still had reservations of two character letter/letter domains.
As a result, the Board resolved two-character domains do “not create a reasonable risk of a meaningful adverse effect on security and stability.” So ICANN will now “develop and implement an efficient procedure for the release of two-character domains currently required to be reserved in the New gTLD Registry Agreement, taking into account the GAC’s advice in the Los Angeles Communiqué.”
For more information on the approval and board resolution, see:
https://www.icann.org/resources/board-material/resolutions-2014-10-16-en#2.b
October 2014 GreatDomains Auction Results
Sedo’s GreatDomains auction held this month ended a yesterday.The highest domain name sale was MGP.com ,sold for $$25,000.
Only 11 out of the 53 domain names included in the auction met the reserve price and sold.The auction netted just a little under $115,000.
Here are the results :
MGP.com $25,000
App.nl $23,456
TRO.com $20,500
OAL.com $19,999
MXE.com $9,999
OF.org $8,000
Blumenshop.de $3,105
UST.de $1,900
Bagad.de $1,711
YXX.de $294
PublicSubsidy.com $99
