Program for new Top Level Domains still in limbo after security glitch

Applicants for new generic Top Level Domains whose information might have been exposed through a glitch in the online application system should be notified within seven business days, the Internet Corporation for Assigned Names and Numbers announced April 27.

In the meantime, the system remains offline and the New gTLD program remains in limbo while ICANN works to ensure the security of the system.

The system was shut down April 12, which was supposed to be the deadline for filing applications. ICANN has said that the application period will be extended when the system is back online and a new deadline set.


Related coverage:

ICANN shuts down gTLD applications after security glitch, extends deadline

Internet set for 'most significant' domain expansion in history


“Shortly after the notification process has been completed, we will announce the schedule for reopening the application system and completing the application period,” ICANN said in its announcement. “We are mindful of the need to allow sufficient time during the reopening period for applicants to confirm the completeness of their submissions.”

The publication of applicants and new proposed domains, originally scheduled for April 30, also has been delayed.

ICANN, the nonprofit corporation that oversees the Internet’s Domain Name System, began accepting applications for new domains Jan. 12 and the window was scheduled to close April 12.

Top Level Domains are the suffixes on URLs and e-mail addresses that appear to the right of the final dot in the address. Generic TLDs are broad categories that service large communities, such as businesses for .com, public service groups for .org, educational organizations for .edu, and government for .gov. There currently are 22 gTLDs, and ICANN in June approved a controversial program to expand the number of domains.

Critics in the business community complained that the new gTLDs would open up a new landscape for cyber squatters and criminals, forcing legitimate owners of brands and trademarks to spend millions of dollars in defensive registration of names to thwart the squatters. ICANN has attempted to minimize this kind of activity by requiring background checks of applicants and imposing stringent requirements for applicants, including stiff application fees. Registering to use the application system cost $5,000, and there is an additional $180,000 filing fee for each application.

The glitch in the application system was first reported March 19, ICANN said. It was thought to have been fixed but was still there April 12, when the system was taken offline hours before the filing deadline. ICANN described the problem as a “technical issue,” and not the result of a hack or compromise to the system.

“Under certain circumstances, an interrupted deletion process resulted in applicants being able to see file names and user names that belonged to other applicants,” the organization said.

It said that only a small number of applicants are believed to have been affected and that the only information exposed was file names and user names. Traffic logs for the entire application period are being reviewed to determine what files might have been compromised. The fix to the system also is undergoing testing, and system performance is being upgraded in expectation of high demand once it goes back online as applicants check to ensure that information has not been tampered with and new applicants rush to complete their filing.

“We are confident that we will be able to obtain a complete list of applicants' file names and user names that were potentially viewable and applicants that had the ability to see them,” ICANN said. “We will not reopen the system until we can confirm that the problem has been resolved and testing has been completed.”

Information about the status of the application system is available here.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above