ICANN shuts down gTLD applications after security glitch, extends deadline

The application deadline for new generic Top Level Domain names has been extended for eight days because of a security problem that has forced the Internet Corporation for Assigned Names and Numbers to take its online application system offline for several days.

ICANN, the nonprofit corporation that oversees the Internet’s Domain Name System, began accepting applications Jan. 12 and the window was scheduled to close at midnight April 12 UTC (that would be 8 p.m. Eastern, April 12). The deadline has been extended to midnight Friday, April 20.

“We have learned of a possible glitch in the TLD application system software that has allowed a limited number of users to view some other users' file names and user names in certain scenarios,” ICANN announced April 12. “Out of an abundance of caution, we took the system offline to protect applicant data.”


Related coverage:

Internet set for 'most significant' domain expansion in history

Non-Latin Top Level Domain names grew in 2011


The system is expected to be offline until midnight Tuesday, April 17 UTC (8 p.m. ET). It was taken offline because proprietary corporate information is likely to be included in the application. ICANN had secured the system using encryption and by limiting access to the files on a need-to-know basis.

The deadline for registering to use the application system closed March 29. Only those who already have registered can file an application.

A complete list of applicants and the domains they are requesting is expected to be published April 30. ICANN has not announced any delay for publication.

Top Level Domains are the suffixes on URLs and e-mail addresses that appear to the right of the final dot in the address. Generic TLDs are broad categories that service large communities, such as .com for businesses, .org for public service groups, .edu for educational organizations and .gov for government. There currently are 22 gTLDs, and ICANN approved the expansion program in June.

Critics in the business community complained that the new gTLDs would open up a new landscape for cyber squatters and criminals, forcing legitimate owners of brands and trademarks to spend millions of dollars in defensive registration of names within the new domains. Several hearings on the program were held in the House in December.

The expansion will include the creation of new gTLDs in non-Latin scripts and alphabets, which ICANN hopes will help to unify the Internet, maintaining a single set of protocols and infrastructure that will keep it available to all people.

The application process is not for the faint of heart. Registering to use the application system costs $5,000, and there is an additional $180,000 filing fee for each application.

“This is big stuff,” said Alexa Raad, CEO of the TLD consulting company Architelos. Applying for a new Top Level Domain requires a contractual commitment to operate the infrastructure for registering and resolving names under that domain for 10 years, as well as the front office functions of running a business.

“This is like launching a new line of business” for a company that wants to register its brand as a Top Level Domain. It requires starting up a new business for those registering a new TLD.

There appears to be plenty of interest in creating new TLDs, however. Raad said that at the close of registration, 830 identities had been registered to use the application system. Each registered user can file up to 50 applications, but at a cost of $180,000 each it is unlikely that many organizations will file use up their limit. 

Reader Comments

Mon, Apr 23, 2012 Jeffrey Williams Frisco Texas

ICANN's DSSA working group failed to mention anything about this. I wonder why. There is allot of chatter however regarding how to improve wiki presentation of discussion regarding the 'work' DSSA is doing. Further still there is allot of security exposure in ICANN's DSSA working groups use of wiki as well. Very concerning!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above