Re: [gnso-vi-feb10] SRSU

[Volker Greimann - Key-Systems GmbH <vgreimann@xxxxxxxxxxxxxxx>]

Hi
> This situation already exists in many large corporate intranets, the 
> private corporate name space ".corportion-XYZ" exists, frequently 
> using private addressing provided through RFC 1918, though some use 
> publicly routed, usually provider independent address allocations.
> The no-third-parties-controls-the-name-completely model already 
> exists, in corporate intranets. What we're discussing then is 
> "leaking" private name spaces, and their mappings to private resources 
> on non-globally routed private addresses, into the public name space 
> to public resources on globally routed public addresses.
This may be true for some, but not all dotBrands in the pipeline. The 
switch from intranet to internet will require a large investment into 
the infrastructure and safety for the companies involved, but is not 
something we should worry about with our focus on CO/VI registries.
> > 2) TLD is non-transferrable (if the business dies, TLD is taken down
> > in a controlled fashion)
> The merger, acquisition and divestiture cases, while not "business 
> dies", are real problems to address. In the addressing world these 
> cause renumbering, a major pain for the corporate networking staff. In 
> the public DNS these events would require at least as much public 
> management as changes of iso3166 allocations, such as the changes of 
> the Soviet Union, Yugoslavia and Czechoslavia allocations or the 
> change of name of Burma to Myanmar.
This will have to be addressed, but I do not see it as unsurmountable. 
In any case, it is a problem with new gTLDs in general, not one 
regarding VI/CO
> > 3) There could be a limit to number of names if that makes it more
> > acceptable to some, but my sense is that it doesn’t really matter as
> > the names are private anyway
> It does matter to registry operators that the reserved names list, 
> their only tool other than their registration criteria to affect the 
> content of the zone they publish, is finite.
I agree, as far as you are referring to a reserved names list. Limiting 
the availability of names to a predefined list will pretty much make the 
application non-appealing for many dotBrands. No special campaigns could 
be initiated without adapting this list with ICANN first, which will of 
course result in danger of leakage of information. However, a limit to 
the number of names may be workable. As long as the total number of 
currently registered domain names in the TLD does not exceed X, a 
dotBrand could provide itself with names.
> > 4) I could even live with normal fees attached to every name SRSU TLD
> > registers
> Of course, this is a nuisance cost. See below.
I see no reason why non-SRSUs should indirectly pay the registration and 
ICANN fees of SRSUs. Every new gTLD domain should have the same basic 
ICANN fees attached.
> > * 1) An amendment to registry agreement would have to be negotiated
> > with ICANN
> *If an SRSU TLD fails to comply with any of the above:
>
> Willful breech of contract results in renegotiation so that the breech 
> falls within the contract? There has to be a better tool to ensure 
> efficient breech lacks incentive.
I agree with Eric here. Willful breach should lead to at least temporary 
suspension of services, and substancial financial penalties. If they 
want an exception, they will need to negotiate with ICANN in advance, 
not after the fact.
> 2) Normal VI rules would start to apply
>
> Umm. I see a problem.
>
> Having gotten into the root, having launched competitively with all 
> registries, bought a Super Bowl ad or lots of glossy pages in 
> magazines to ensure mindshare, the corporate planner may convert this 
> brand marketing property into a direct sales channel, and when ICANN 
> compliance catches up (which may be a very long time, see .travel), 
> the corporate property has to adopt the costs it has avoided up to 
> this point and, with all this initial advantage, now compete with 
> public facing registry propositions.
> For a mass market corporation with millions of CRM relations, the 
> conversion from an empty "brand" registry to a very large 
> "subscription" registry appears to be likely, given the lack of 
> compliance and disincentive for intentional breech.
Lets beef up compliance then and increase the disincentive to a level 
where it hurts. If a SRSU TLD is being distributed against contractual 
obligations, ICANN should be empowered to shut it down and terminate or 
reassign the registry contract.
Please note however, that this may just as well (you named .Travel) 
happen in a registry with no CO or VI.
> > innovation in internet I have a couple of positive implications.
> > * 1) Full Vertical integration doesn’t risk consumer protection
> > because no names are sold
> *For those of you that think that closed TLDs won’t promote open
>
> The parties which have opposed all new gTLDs (I was just looking at 
> http://www.cadna.org/ yesterday afternoon) have been pretty good at 
> ensuring the benefit that there is no risk of consumer protection 
> because no names are sold.
> Restated, doing nothing also achieves this benefit.
Well, of course we could go back to ICANN and tell them that we agree 
the only way to prevent any abuse is not to open the root to new TLDs. 
And we would have failed our purpose.
> 2) Consumers could have tangible benefits with .brand TLDs.
>
> Things consumers could have tangible benefits from is rather vague. 
Banks could: Increase consumer safety, reduce phishing, educate the 
public on safety, build consumer trust.
Transportation companies could: Provide easy access to relevant 
information, build consumer trust, increase safety.
We could probably name dozens of tangible benefits, criticizing that we 
generalize does not help.
> > with .brand. This would work extremely well with an entity like Red
> > Cross, which is struggling with all the scam donation sites every time
> > there’s a major catastrophy. Internet users would know that it is
> > genuine Red Cross site, if the name ends with .redcross.
> *Example:* a brand could educate that all their legimite web pages end
>
> Part of the ICRC uses "redcross.org", so I'll use .org here. The .org 
> zone is now signed. The root will be signed before anything the VI PDP 
> WG does is reflected in changes to the root.
Does everyone know the Red Cross uses .org? Does its use of .org prevent 
registrations of reddcross.org or red-cross.org? If the consumer knows 
that he can go to charity.redcross and risk no potential misdirection, 
is that not a benefit?
> Why is an unsigned ".charity" a better public policy choice than a 
> signed "charity.org"?
Who knows .charity will be unsigned? Maybe it will. Consumers will judge 
TLDs on their safety features and surf accordingly.
> Would the same security claim mean an unsigned ".bank" is a better 
> public policy choice than a signed "bank.tld", where "tld" is a signed 
> zone?
Likewise, why should .bank not be signed. If makes perfect sense to have 
zones like this signed.
> Since this organization is offered as an example of a "single user", 
> here is a portion of para 2 of section 7.1 of the ByLaws of the ARC:
> "Membership is open to all people of the United States and its
> territories and its possessions.  Any individual shall be a member of 
> the Corporation if he or she (a) makes a monetary contribution to the 
> Corporation, including a monetary contribution made directly to a 
> Chartered Unit, (b) performs volunteer services for the Corporation, 
> including volunteer services performed directly for a Chartered Unit, 
> or (c) donates blood to the Corporation."
You are raising a concern of mine here, namely abuse of SRSU policies 
for circumvention of equal registrar access. The poilcy we propose for 
SRSU will have to exclude registrations for such membership structures.

Volker