Tag: ccTLDs

Microsoft Launches ccTLD Registry Security Assessment Service

Microsoft have announced the launch of their new Country Code Top-Level Domain (ccTLD) Registry Security Assessment Service to help registry operators find and fix security vulnerabilities before they are exploited. The service is available now and is being made available at no charge to registry operators.

Microsoft have announced the launch of their new Country Code Top-Level Domain (ccTLD) Registry Security Assessment Service to help registry operators find and fix security vulnerabilities before they are exploited. The service is available now and is being made available at no charge to registry operators.The announcement of the new service by Microsoft Security Staff is republished below:Microsoft Offers Security Assessment Service for Country-Code Top-Level Domain Registries (ccTLD)
The exploitation of vulnerabilities specific to country-code top-level domain (ccTLD) registries has become an increasingly common problem, especially in relatively small markets around the world. A ccTLD is an internet domain registry generally used or reserved for a country, a sovereign state, or a dependent territory, such as .co.uk (for United Kingdom) or .fr (for France). This allows web sites to be associated with their specific country, territory or geographic location and it provides the foundation for internet experiences by ensuring people using the internet reach the services they expect. Today, over 300 country-code top-level domain name registries are responsible for servicing hundreds of millions of domain names worldwide.Attacks on ccTLDs have far-reaching effects on private individuals, large and small companies, non-profits, and government organizations. Individuals attempting to reach certain web services may be redirected to inappropriate content where their computers can become infected by malware, putting their personal information at risk. Additionally, it is difficult for people to determine whether the problem is with the ccTLD or the organization that runs the service they are trying to reach. This often results in an erosion of confidence in online service providers when, in fact, they had nothing to do with the incident.Today, at the information security RSA Conference in San Francisco, Scott Charney, Microsoft’s corporate vice president for Trustworthy Computing, announced during his keynote the availability of our new Microsoft Country-Code Top-Level Domain (ccTLD) Registry Security Assessment Service to help registry operators find and fix security vulnerabilities before they are exploited. The service is available now and is being made available at no charge to registry operators.The Online Services Security and Compliance team (OSSC) that I lead is responsible for securing Microsoft’s cloud infrastructure and data centers that host over 200 cloud services for more than one billion customers, over 20 million businesses and 76 markets worldwide. We are pleased to be able to provide this service to the greater online community and share many of the lessons we have experienced in our own environment.Microsoft’s History of Support for Country-Code Top-Level Domain RegistriesThe OSSC team works closely with industry groups such as the Internet Corporation for Assigned Names and Numbers (ICANN) that manages market domain name registries. Many of the companies that manage ccTLD registries are small organizations that may lack the resources to protect themselves from the constant onslaught of attacks. In the past three months, we observed several domain registry attacks that have occurred worldwide. Like the rest of the online community, Microsoft has also had to defend our web services against these types of attacks.Microsoft has been working with industry peers to support and urge ccTLD operators to adopt important security practices. We have also participated in efforts to work with the ICANN community to provide more oversight in ensuring members adopt these practices. While both of these steps are positive for the industry, our new service is an effort to provide more support.Microsoft’s Country-Code Top-Level Domain (ccTLD) Registry Security Assessment ServiceMicrosoft’s ccTLD Registry Security Assessment service is based on an existing internal program that we use to better protect our own web and online services. It provides scanning and reporting of security vulnerabilities of a ccTLD’s externally-facing web applications and servers. After requesting the security assessment service, ccTLDs will receive a vulnerability assessment report. If vulnerabilities are discovered, Microsoft will provide a consultation with guidance on how to remediate the problems. We will also provide periodic re-scanning to help ccTLDs continue to protect their domain registry services on an ongoing basis. Microsoft will also offer free secure development guidance and operations best practices that we employ in Microsoft’s own cloud environment.The service is available to any top-level domain registries, including country-code top-level domain (ccTLD), generic top-level domain (gTLD) and sponsored top-level domain (sTLD).How ccTLD Operators Can Receive the ServiceIf you own a domain registry and are seeking a solution to help identify vulnerabilities and receive guidance that may help to improve the security of your service, please visit: http://technet.microsoft.com/en-us/security/jj992598 to schedule an assessment.Through programs and initiatives like these, we hope to help create a safer, more trusted online experience for everyone and support a dynamic environment for increasing the dialogue and sharing of best practices within our industry.Pete Boden
General Manager
Online Services Security & ComplianceThis announcement by Microsoft Security Staff was sourced from:
blogs.technet.com/b/security/archive/2013/02/25/microsoft-offers-security-assessment-service-for-country-code-top-level-domain-registries-cctld.aspx

NCC Group and CoCCA Launch Program to Extend Assurance Services to ccTLD registries

[news release] NCC Group, the world’s largest IT assurance and software/data escrow company, and the Council of Country Code Administrators Incorporated (CoCCA), a not-for-profit society of ccTLD managers, today announce a program to provide both registry data escrow and software escrow protection to CoCCA members and users of the CoCCA registry system. Under the terms of this agreement, COCCA Data Escrow (NZ) Limited will escrow both the participating member TLD data, as well as the source code for the registry system required to operate a registry, with NCC Group

[news release] NCC Group, the world’s largest IT assurance and software/data escrow company, and the Council of Country Code Administrators Incorporated (CoCCA), a not-for-profit society of ccTLD managers, today announce a program to provide both registry data escrow and software escrow protection to CoCCA members and users of the CoCCA registry system. Under the terms of this agreement, COCCA Data Escrow (NZ) Limited will escrow both the participating member TLD data, as well as the source code for the registry system required to operate a registry, with NCC Group.

One critical requirement of ICANN’s new gTLD program, and the ccTLD Best Practice advice of ICANN’s Governmental Advisory Committee (GAC), is to establish transfers of “domain registration data” to a reputable escrow agent such as NCC Group. Data escrow is a critical function and is necessary to ensure continuity of registry operations in the event of a physical, technical, or business failure.

CoCCA Director Garth Miller notes, “CoCCA has always sought to deliver economies of scale in policy development, complaint resolution and technology to both members and other users of our registry software. Partnering with NCC Group is a sensible, cost-effective way to ensure that entities that rely on CoCCA to assist in them in the management of critical Internet infrastructure are able to restore a production registry system in a matter of hours. While others generally escrow data only, CoCCA will be escrowing data, the registry system, and source code. NCC Group presented the best combination of operational flexibility, technical expertise, reasonable terms, and an easy to understand fee schedule.

The initial launch will see the data of 16 TLDs escrowed with NCC, and the project will be extended to other users of our software in Q2 2012”

NCC Group has been active in the domain name community since 2007 when it assisted ICANN with the development of the gTLD Registry Failover Plan. Since then, NCC Group has been the preferred escrow provider for a number of registries and registrars worldwide, and is proud to be the only escrow provider with major operations in Europe and North America. NCC Group’s offering is compliant with both US and EU law, and is designed to meet the needs of all registry operators worldwide.

Tom Scopazzi, Registry Services Manager at NCC Group, added, “CoCCA authors the Internet’s most widely deployed registry software; it has been selected by nearly one in five sovereign states – many of which are developing, small or post-conflict nations. CoCCA members generally desire to run the TLD in-country and not outsource; however, in many cases the operational infrastructure may not be what is available in the highly developed nations. This NCC – CoCCA partnership puts best-of-class escrow within reach of even the smallest TLDs, protecting critical infrastructure and the interests of registrants.”

About NCC GROU

NCC Group provides 45,000 organizations worldwide with IT assurance through escrow, verification, security & software testing, audit and website performance solutions. NCC Group is the only data escrow provider able to draw on this market-leading technical expertise and ensure that your Registry Data Escrow is stored under the highest levels of security at all times.

Through these services NCC Group gives customers the confidence that their business critical information, systems, networks, websites, and software are protected, secure, compliant and effective.

This CoCCA and NCC Group news release was sourced from:
cocca.org.nz/index.php/cocca-news/data-source-ncc.html

Issues For New gTLDs And ccTLDs Broaden Their Appeal Focus of US News

Domain names have been the focus of articles in America’s two leading quality newspapers, The New York Times and The Washington Post, over the last few days.

Domain names have been the focus of articles in America’s two leading quality newspapers, The New York Times and The Washington Post, over the last few days.The New York Times looked at country code Top Level Domains that have attempted to broaden their base by exploiting their code. For example, the attempt by the .CO (Colombia) registry to market themselves as an alternative to .COM and .ME (Montenegro) to promote its use by social media sites and bloggers.With more than 600,000 registrations of .CO domains in over 200 countries, the registry notes they hope to reach five million registrations with five years.Meanwhile The Washington Post looks at the expansion of new generic Top Level Domains saying “the trusty .com domain … is about to face vast new competition that will dramatically transform the Web as we know it.”The article looks at potentially controversial gTLD strings such as .ABORTION, .ISLAM or .MUHAMMAD and asks who will get to operate these controversial gTLDs. “Can the Ku Klux Klan own .NAZI on free speech grounds, or will a Jewish organization run the domain and permit only educational Web sites – say, remember.nazi or antidefamation.nazi? And who’s going to get .AMAZON – the Internet retailer or Brazil?”While there are bound to be some controversial gTLDs applied for, it is hard to imagine the demand for many of their suggestions. Maybe .AMAZON could be in demand.One controversial gTLD could be .GAY with two groups likely to apply for the rights to operate it, while .ECO also has two groups interested in applying for this string, one of which is “a nonprofit chaired by former vice president Al Gore; the other from a group founded by former Soviet Union president Mikhail Gorbachev.”Not being based in the US, it is hard to fully comprehend whether the concerns expressed in .GAY are reasonable.Scott Seitz, the CEO of DotGay LLC, “who is gay, said the simple idea of operating the domain devoted to the gay movement exerts its own pressures. ‘I have a responsibility, and I am in awe of that,'” Seitz told The Washington Post, “adding that he and his business partners intend on donating two-thirds of their revenue to various social causes. ‘I buried 40 friends in 18 months [who died from complications related to HIV]. Having .GAY is scary, it could be crazy. I’ve already told people to get steel doors and window bars for security to protect against anti-gay organizations that wouldn’t want dot-gay to happen.'”To read the articles in full, see:
For Countries That Own Shorter Web Site Suffixes, Extra Cash From Abroad
www.nytimes.com/2011/02/07/technology/07dotco.htmlRush is on for custom domain name suffixes
www.washingtonpost.com/wp-dyn/content/article/2011/02/06/AR2011020603940.html

The National ccTLD Disputes: Between State Actors and Non-State Actors by Y.J. Park

Since 1985, non-state actors under Jon Postel’s leadership have experimented creating virtual national spaces on the Internet through so-called “ccTLDs. There are 251 ccTLDs on the Internet. In 1998, ICANN – the newly established coordination body for Internet addresses including ccTLDs – stressed out the principle of private sector leadership instead of public sector administration of Internet identifiers. ICANN’s coordination of ccTLDs required state actors to comply with the principle of private sector leadership in a top-down manner.

Since 1985, non-state actors under Jon Postel’s leadership have experimented creating virtual national spaces on the Internet through so-called “country code top level domain names” (ccTLDs). There are 251 ccTLDs on the Internet. In 1998, the Internet Corporation for Assigned Names and Numbers (ICANN) – the newly established coordination body for Internet addresses including ccTLDs – stressed out the principle of private sector leadership instead of public sector administration of Internet identifiers. ICANN’s coordination of ccTLDs required state actors to comply with the principle of private sector leadership in a top-down manner.As of 2009, the question of how to govern ccTLDs is still disputed at the national level between state actors and non-state actors, with state actors starting to reassert their power over ccTLDs, ignoring the principle of private sector leadership recommended by ICANN. This study presents five different national ccTLDs dispute cases, to investigate why national ccTLDs disputes have increased after the establishment of ICANN and how are state actors trying to regain control over ccTLDs.To download and read this article by Y. J. Park in the International Journal of Communications Law and Policy, see:
ijclp.net/files/ijclp_web-doc_10-13-2009.pdf

ICANN: Public Comments Requested on ccNSO Working Group Paper on Delegation, Redelegation and Retirement of ccTLDs

The Chair of the ccNSO’s working group on delegation, re-delegation and retirement of ccTLD’s is pleased to announce the publication of the working groups Issue Analysis report [PDF, 1.16 MB]. The objective of the report is to inform and solicit input and comment from the community on the classification methodology developed by the working group and the issues identified and classified using that methodology, in particular on the following topics:

The Chair of the ccNSO’s working group on delegation, re-delegation and retirement of ccTLD’s is pleased to announce the publication of the working groups Issue Analysis report [PDF, 1.16 MB]. The objective of the report is to inform and solicit input and comment from the community on the classification methodology developed by the working group and the issues identified and classified using that methodology, in particular on the following topics:

  • Is the methodology developed and employed adequate for the purposes of the DRDWG?
  • Do the policy statements identified provide an adequate baseline to evaluate the actual practices of IANA and the ICANN Board relative to delegation, redelegation and retirement of ccTLDs?
  • Are there other policy statements which are applicable to the work of the DRDWG? Should they be included in the baseline?
  • Does the documentation identified provide an adequate representation of the actual practices of IANA and the ICANN Board relative to delegation, redelegation and retirement of ccTLDs?
  • Should other cases be included for analyses?
  • Is there other documentation which is applicable to the work of the DRDWG which should be analyzed?
  • Was the methodology properly applied to the cases?

To be most helpful you are kindly requested to submit your comments by 15 September 2010 at: icann.org/en/public-comment/public-comment-201009-en.htm#drd. An archive of all comments received will be publicly available.

Background and next steps:

According to its charter the purpose of the delegation, redelegation and retirement Working Group (DRDWG) is to advise the ccNSO Council whether it should launch a policy development process to recommend changes to the current policies for delegation, re-delegation and retirement of ccTLDs. The working group has published its first progress report in February 2010 and second progress report in June 2010. Both the charter and the progress reports can be found at here.

The Working Group will continue its work during this consultation period. After closure of the comment period, the working group will finalise this paper taking into account the public comments and input.

This ICANN announcement was sourced from:
icann.org/en/announcements/announcement-2-16jun10-en.htm

ICANN: Public Comments Requested on Chairs Draft Interim Paper for Policy on Introduction of IDN ccTLDs

The Chair of the ccNSO’s Internationalised Domain Name Country Code Policy Development Process Working Group (IDN ccPDP WG) for the selection and delegation of IDN ccTLDs is pleased to announce the publication of the Chairs draft Interim Paper [PDF, 170 KB]. The purpose of this paper is to report to the community on structure and potential directions of the recommendations for the overall policy. To be most helpful at this stage of the process the WG seeks your input and comments on the following:

The Chair of the ccNSO’s Internationalised Domain Name Country Code Policy Development Process Working Group (IDN ccPDP WG) for the selection and delegation of IDN ccTLDs is pleased to announce the publication of the Chairs draft Interim Paper [PDF, 170 KB]. The purpose of this paper is to report to the community on structure and potential directions of the recommendations for the overall policy. To be most helpful at this stage of the process the WG seeks your input and comments on the following:

Is the proposed overall approach adequate? If not, what alternative do you propose?

Should process steps be added or excluded?

Should criteria be included, or excluded?

Should the criteria be changed?

This document has not been signed-off by the Working Group whose members will continue to provide their own comments and input during this consultation period.

The working group would welcome if comments and input on this report are submitted by 2 April 2010 via email to idn-ccpdp@icann.org. An archive of all comments received will be publicly posted at forum.icann.org/lists/idn-ccpdp/.

The IDN ccPDP WG was chartered by the ccNSO Council as part of the ccNSO policy development process to a ccNSO policy development process to recommend to the ICANN Board:

  • A policy on the selection and delegation of IDN ccTLDs and,
  • Changes to Article IX of the iCANN Bylaws to include IDN ccTLD’s in the ccNSO.

According to its charter, the purpose and scope of the IDN ccPDP WG is limited to identifying and reporting on a feasible policy for the selection and delegation of IDN ccTLDs associated with the territories listed in the ISO 3166-1 standard. In fulfilling its purpose, the WG shall focus on, without limitation, examination of the topics raised in the joint GAC-ccNSO Issues paper. It shall also take into account the proposals and recommendations of the IDNC (Fast Track) Working Group and the Implementation Plan based on the work of the IDNC WG.

This ICANN announcement was sourced from:
icann.org/en/announcements/announcement-02mar10-en.htm