New gTLDs Security Study Released – Delays Up Ahead

Josh Bourne ⬥ August 7

The results of a new study on the security risks of proposed new generic top-level domain (new gTLDs) names likely will lead to delays of many new gTLD applications by at least four months. The majority of new gTLDs are “low risk” and got the green light to proceed, although these “low risk” applicants must still wait 120 days after signing their contracts before they can activate any domain names in their gTLDs. Higher risk applications could be delayed longer.

It is common practice among enterprises to use extensions that look like gTLDs when creating and naming networks, and so the Internet Corporation for Assigned Names and Numbers (ICANN) commissioned this security study to look into instances where conflicts occur. In some cases, such a conflict could cause users to be redirected to different locations if networks are not properly secured, but in more extreme cases, these conflicts could result in increased opportunities for hackers to penetrate corporate networks.

Based on the number of conflicts found, categorized each as “low risk” or “high risk” for confusion. The study was unable to find enough information on certain gTLDs, which were labeled as “uncalculated risk”. ICANN’s recommendations for each category is as follows:

  • gTLDs categorized as “low risk” can proceed to delegation, though applicants must wait 120 days after signing the Registry Agreement before they can activate any domain names in their gTLD.
    • This applies to 80 percent of the total applied-for strings.
    • Because all applicants must also complete pre-delegation testing and request delegation from IANA after signing the Registry Agreement before they can delegate and begin actively using their gTLD, the 120-day delay is unlikely to substantially delay the delegation of these gTLDs.
    • After the gTLD is delegated, applicants must wait an additional 30 days before activating domain names. During this time, if any conflicts mentioned above occur, the applicant (now the gTLD Registry Operator) is responsible for notifying the points of contact of the IP addresses that make conflicting requests.
  • gTLDs categorized as “uncalculated risk” will not proceed to delegation until they have been further studied; ICANN expects these additional studies to take an 3-6 months to complete.
    • This applies to 20 percent of the total applied-for strings.
    • These gTLDs are likely to experience delays longer than the aforementioned 3-6 months, since it’s likely that they’ll have to implement additional mitigation measures as well.
  • The two “high risk” gTLDs will be delayed indefinitely until something can be done to place them in the “low risk” category.
    • This applies to .HOME and .CORP

This is a good topic to bring up with your IT department. ICANN’s recommendations are currently up for public comment on ICANN’s site.

Latest Posts

Scroll to Top