VeriSign, critics gear up for ICANN hearing

A VeriSign official defended its contract to operate the .com domain Monday, after Network Solutions accused the Internet Corporation for Assigned Names and Numbers (ICANN) of not requiring adequate security safeguards in its registry agreements.

Network Solutions, a domain-name registrar, released a report last week saying ICANN has "failed" to address security in its latest proposals for the .com, .biz, .info and .org top-level domains. Network Solutions officials also criticized a provision in the proposed contract renewal for the .com domain that would allow VeriSign to raise prices by 7 percent in four of the contract's six years. The current .com contract expires in late 2007.

VeriSign shouldn't get near-automatic renewals of the .com contract without more security requirements, said Jonathan Nevett, Network Solutions' vice president and chief policy counsel. "We're facing a contract that provides for ... permanent monopoly, for fee increases without justification and now without adequate security protections," he said. "It's mind-boggling that the contract has gotten this far."

But Ken Silva, VeriSign's chief security officer, said some price increases will be necessary to keep the .com domain secure. The contract to operate the .com domain allows ICANN to change the agreement through consensus of its two security committees, and ICANN can cancel the contract if it believes VeriSign hasn't performed adequately, Silva said.

VeriSign has warded off several massive attacks on the .com domain, including attacks using more than 30,000 bot-net computers in January, Silva said. Meanwhile, the .com domain has been available 100 percent of the time for the last seven years, he said.

Internet attacks continue to evolve and become larger, and it's difficult to set a security road map that stays relevant for any length of time, Silva said. He praised the proposed .com contract renewal for its pricing "flexibility."

"The technology we're talking about to keep up with this kind of load is not something you just buy off the shelf," Silva said. "Let's not lose site of the fact that security continues to be the biggest threat to the growth of the Internet. Supporting that security and stability is going to involve a lot of technology, a lot of talent and a lot of equipment."

The two companies held briefings about the proposed .com contract as a subcommittee of the U.S. Senate Commerce, Science and Transportation Committee has scheduled a hearing Wednesday on ICANN's future. Besides the top-level domain agreements, the subcommittee is likely to focus on the renewal of the memorandum of understanding between the U.S. Department of Commerce and ICANN, allowing the nonprofit organization to oversee the Internet's technical infrastructure.

A year ago, countries including China and Brazil proposed a new model for Internet governance, with an international body taking responsibility from the U.S. and ICANN. The U.S. government and many U.S. companies oppose such a move.

Network Solutions focused on the top-level domain agreements with its report, "DNS -- A System in Crisis." Among its criticisms: the domain agreements do not allow ICANN to audit security practices of domain operators. "This is the backbone of the Internet," said report author Jerry Archer. "Without this, there are no signposts."