Share This Page

Web domain expansion plan riles industry experts

| Sunday, July 14, 2013, 7:30 p.m.

A plan to dramatically expand the numbers of possible Web addresses — by adding more than 1,000 domains such as “.buy,” “.casino” and “.gay” — could cause widespread disruption to Internet operations, some industry officials say.

Efforts to augment existing domains such as “.com” and “.gov” have been under way for several years and are entering a critical phase as industry officials meet at an international conference that began on Sunday in Durban, South Africa. By summer's end, the new domains could be going live at a pace of 20 or more each week.

But a vocal group of critics is calling the speed and scale of the expansion reckless, given its possible impact on the Internet's global infrastructure, which relies on interactions among computer networks owned by companies, universities and individual users.

Particularly troubling is the possibility of widespread “name collisions” that could happen when domains used by internal corporate computer systems — such as “.corp” or “.home” — get assigned to the Web more broadly. That could cause systems to fail, blocking access to email or other internal programs, and could open sensitive information to theft, some experts say.

Concerns arise for critical systems

“This could affect a million enterprises,” said Danny McPherson, chief security officer for Reston, Va.-based Verisign, which manages several of the most popular domains. “It could absolutely break things.”

McPherson and other security experts say the nonprofit group that oversees the designation of Web addresses, California-based Internet Corporation for Assigned Names and Numbers (usually known by its acronym, ICANN), has not done enough study on the effect of the new domain names and does not have procedures in place to respond quickly if systems malfunction. Among those posing risk could be domains such as “.med” or “.center” that might be critical to the functioning of medical systems or emergency response networks.

Similar concerns have been expressed by the Association of National Advertisers, which represents hundreds of major companies, and the Internet commerce site PayPal, which issued a letter in March saying, “The potential for malicious abuse is extraordinary, (and) the incidental damage will be large even in the absence of malicious intent.”

Defenders of the plan have called such fears overblown, arguing that the potential problems have long been understood and will be resolved before new domains are approved. Because they will be released over the course of months, there will be time to manage problems as they arise, said Jeffrey Moss, chief security officer for ICANN.

“It's not like it's a runaway train without recourse,” Moss said. “We're not going to do anything that harms the security or stability of the Internet.”

‘Can't control everybody's networks'

The stakes are high in an era when a large and growing share of the world's economic activity happens on the Internet. Even traditional brick-and-mortar businesses use online systems to communicate, manage inventories and interact with customers. Many count on the security of networked computer systems to protect lucrative intellectual property and other valuable strategic information.

Moss acknowledged that some internal corporate systems will malfunction as new domains are developed, and he said it would be the responsibility of company officials to fix the problems.

“We want everything to work, and we're going to try to make everything work, but we can't control everybody's networks on the planet,” he said.

He noted that said the number of domains likely to cause problems is a “really, really small number.”

But critics have said it is irresponsible for ICANN to approve new domains before it knows the extent of the problems they would cause and what it would take to fix them. The cost of repairing systems — or the loss of security — would be borne by private companies that in most cases have little to gain from the hundreds of new Internet domains.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.