The biggest expansion of Internet addresses is being delayed as VeriSign Inc. (VRSN), which gets most of its revenue from managing .com websites, argues with competitors over whether corporate networks could be disrupted.
The Internet Corporation for Assigned Names and Numbers, the non-profit that manages the Web, has proposed holding on to new names to the right of the dot, known as domains, for up to 10 months after listening to security warnings from VeriSign and its own advisory panel.
Some companies that bid for domains such as .blog, .mail and .corp say the security issues are a ruse by VeriSign to protect its management of 121 million .com and .net addresses.
“This is an odd thing, at the eleventh hour and 59th minute of a 10-year program, to suddenly say, ‘Stuff’s going to break,’” said Richard Tindal, chief operating officer of Web-registry Donuts Inc., which applied for 307 domain names.
“They’ve made a corporate decision to try to limit competition by trying either to slow down or stop this program,” said Tindal, whose closely held company is based in Bellevue, Washington.
Icann’s proposed Web expansion, which has been in progress for 13 years, could add more than 1,300 new so-called domains to an Internet with about two dozen today. A domain name can spawn millions of website addresses, which are sold and managed by companies including VeriSign.
VeriSign’s stance is important because of its role as midwife at the birth of new names. Under an agreement with the U.S. government, VeriSign performs the technical task of entering new address names into a central Internet directory.
The new domains could clash with longstanding naming conventions used by corporate systems administrators that place terms such as .corp, .home and .mail in file names in internal networks, said Nao Matsukata, chief executive officer of Fairwinds Partners LLC, a Washington-based Internet consultant.
If the addresses become part of the public Web lexicon, people searching for addresses may mistakenly be directed into private networks, potentially leaving them vulnerable, Matsukata said.
“We’re not really sure what the magnitude of the problem could be, or how deep the problem may be,” Matsukata said in an interview.
VeriSign has told Icann and the U.S. government the vulnerabilities are serious enough to warrant delaying the program. The flowering of names is intended to spur competition among services like VeriSign that register new Web entries and ensure a wider variety of names are available to Internet users.
“It is awkward at this point to have to step back and address these, but we can’t not address these,” Danny McPherson, chief security officer for VeriSign, said in an interview. “If we break peoples’ networks or we don’t forewarn them and give them time to fix their networks, then we’re acting irresponsibly.”
About 83 percent of VeriSign’s $874 million in revenue last year came from administering .com addresses, Todd Weller, an analyst with Stifel Nicolaus & Co. in Baltimore, said in an interview. The .com addresses will continue throwing off cash even if new Web names are introduced, he said.
“For a long time that’s going to continue to be the premium domain space -- it’s just what we’re used to,” Weller said.
New names aren’t a threat to VeriSign’s existing business, chief executive officer and founder D. James Bidzos said at a conference in May. The company based in Reston, Virginia, has applied for 14 new domain names itself, and more than 200 customers want VeriSign to administer their new name, he said.
“I think it will create a larger market,” Bidzos said, according to an event transcript.
Icann on Aug. 5 proposed indefinitely withholding .corp and .home. It also called for holding one-fifth of new names for study to see if they might wreak havoc in corporate networks. Delays could reach seven to 10 months. Names judged less risky face a delay of 120 days.
“We’re taking this slow because we’re being cautious,” Jim Trengrove, a spokesman for the Los Angeles-based group, said in an interview.
Companies applying to own and administer the new domains, such as Neustar Inc. (NSR), object.
“This is not a new issue and Icann’s proposed approach seems to ignore the fact that mitigation” of the problem is under way, Becky Burr, deputy general counsel for Sterling, Virginia-based Neustar, said in an e-mail.
The 20 percent of names facing the longest waits don’t pose any danger “and should therefore proceed unhindered,” a names-applicant group with members including Amazon.com Inc. (AMZN) and Google Inc. (GOOG), said in a comment submitted Aug. 5.
“If there are real reasons to slow it down, we’d all agree with that,” Tim Switzer, chairman of the group, said in an interview.
An official of the National Telecommunications and Information Administration, the U.S. Commerce Department arm responsible for Internet management contracts, said this month she was “very surprised” by VeriSign’s warnings about security vulnerabilities.
The agency “fully expects” VeriSign to process requests to add names, Vernita Harris, deputy associate administrator, said in an Aug. 2 letter.
VeriSign’s go-slow approach and Icann’s endorsement of it is backed by the Association of National Advertisers, a New York-based trade group representing more than 500 companies with 10,000 brands.
The advertisers’ group has objected to the Web expansion, saying brand owners will be forced to defensively register huge numbers of possible website address combinations that include their trademarks to prevent cybersquatters from claiming and misusing them.
“We want the Internet to be considered a safe marketing venue,” Dan Jaffe, group executive vice president, said in an interview.
EBay Inc. (EBAY) unit PayPal is “very pleased” by Icann’s stance, Bill Smith, senior security policy adviser with the online payment service, said in an interview.
“The action they’re taking will mitigate risk,” Smith said. “We’re confident that the right thing is being done here.” PayPal’s interest lies in ensuring a reliable Web, Smith said.
To contact the reporter on this story: Todd Shields in Washington at email@example.com;
To contact the editor responsible for this story: Bernard Kohn at firstname.lastname@example.org