Re: [gnso-vi-feb10] SRSU
- To: vgreimann@xxxxxxxxxxxxxxx
- Subject: Re: [gnso-vi-feb10] SRSU
- From: Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 02 Jul 2010 11:05:04 -0400
On 7/2/10 10:11 AM, Volker Greimann - Key-Systems GmbH wrote:
[I mention leaking from rfc1918 address space to the globally routed
This may be true for some, but not all dotBrands in the pipeline. The
switch from intranet to internet will require a large investment into
the infrastructure and safety for the companies involved, but is not
something we should worry about with our focus on CO/VI registries.
OK. But you do realize that we're being asked (attempting to get the
SR couples to get a room of their own has failed) to change complex
rules to simply DUPLICATE stuff that already exists. It isn't about
control or users or ... its all about signage.
2) TLD is non-transferrable (if the business dies, TLD is taken down
in a controlled fashion)
The merger, acquisition and divestiture cases, while not "business
dies", are real problems to address. In the addressing world these
cause renumbering, a major pain for the corporate networking staff.
In the public DNS these events would require at least as much public
management as changes of iso3166 allocations, such as the changes of
the Soviet Union, Yugoslavia and Czechoslavia allocations or the
change of name of Burma to Myanmar.
This will have to be addressed, but I do not see it as unsurmountable.
In any case, it is a problem with new gTLDs in general, not one
For real TLDs we have failover and redelegation, and even changes of
RSP. These don't look useful when thinking about the finite future of
some working name for a random capitalization.
3) There could be a limit to number of names if that makes it more
acceptable to some, but my sense is that it doesn’t really matter as
the names are private anyway
It does matter to registry operators that the reserved names list,
their only tool other than their registration criteria to affect the
content of the zone they publish, is finite.
I agree, as far as you are referring to a reserved names list.
I hope that didn't hurt too much.
Limiting the availability of names to a predefined list will pretty
much make the application non-appealing for many dotBrands. No special
campaigns could be initiated without adapting this list with ICANN
first, which will of course result in danger of leakage of
information. However, a limit to the number of names may be workable.
Somewhere, on the Mountains of the Moon, peering through the mists at
distant Nairobi, and wondering where ICANN came from, and where it
went, there is a product planner and a marketing planner who are going
to risk blowing their product launch surprise on the public reserved
list rather than just slipping a dollar and change, maybe a bit more,
to an obliging registrar to execute a coordinated just-in-time buy of
every name the marketing plan for the product calls for.
In bad fiction.
The corporation has already blown a quarter mil just to get here, and
they are going to risk strategic information disclosure on a registrar
Even NetSol at $35 a pop is a bargain by comparison.
As long as the total number of currently registered domain names in
the TLD does not exceed X, a dotBrand could provide itself with names.
4) I could even live with normal fees attached to every name SRSU TLD
Of course, this is a nuisance cost. See below.
I see no reason why non-SRSUs should indirectly pay the registration
and ICANN fees of SRSUs. Every new gTLD domain should have the same
basic ICANN fees attached.
If this were the only form of cross subsidization.
* 1) An amendment to registry agreement would have to be negotiated
*If an SRSU TLD fails to comply with any of the above:
Willful breech of contract results in renegotiation so that the
breech falls within the contract? There has to be a better tool to
ensure efficient breech lacks incentive.
I agree with Eric here. Willful breach should lead to at least
temporary suspension of services, and substancial financial penalties.
If they want an exception, they will need to negotiate with ICANN in
advance, not after the fact.
I hope that didn't hurt too much either.
2) Normal VI rules would start to apply
Umm. I see a problem.
Having gotten into the root, having launched competitively with all
registries, bought a Super Bowl ad or lots of glossy pages in
magazines to ensure mindshare, the corporate planner may convert
this brand marketing property into a direct sales channel, and when
ICANN compliance catches up (which may be a very long time, see
.travel), the corporate property has to adopt the costs it has
avoided up to this point and, with all this initial advantage, now
compete with public facing registry propositions.
For a mass market corporation with millions of CRM relations, the
conversion from an empty "brand" registry to a very large
"subscription" registry appears to be likely, given the lack of
compliance and disincentive for intentional breech.
Lets beef up compliance then and increase the disincentive to a level
where it hurts. If a SRSU TLD is being distributed against contractual
obligations, ICANN should be empowered to shut it down and terminate
or reassign the registry contract.
Please note however, that this may just as well (you named .Travel)
happen in a registry with no CO or VI.
innovation in internet I have a couple of positive implications.
* 1) Full Vertical integration doesn’t risk consumer protection
because no names are sold
*For those of you that think that closed TLDs won’t promote open
The parties which have opposed all new gTLDs (I was just looking at
http://www.cadna.org/ yesterday afternoon) have been pretty good at
ensuring the benefit that there is no risk of consumer protection
because no names are sold.
Restated, doing nothing also achieves this benefit.
Well, of course we could go back to ICANN and tell them that we agree
the only way to prevent any abuse is not to open the root to new TLDs.
And we would have failed our purpose.
ICANN's doing a pretty good job of that already, helped by no small
number of brand holders who don't want any new gTLDs ... except
theirs. See the IPC's contribution on this subject.
2) Consumers could have tangible benefits with .brand TLDs.
Things consumers could have tangible benefits from is rather vague.
Banks could: Increase consumer safety, reduce phishing, educate the
public on safety, build consumer trust.
Transportation companies could: Provide easy access to relevant
information, build consumer trust, increase safety.
We could probably name dozens of tangible benefits, criticizing that
we generalize does not help.
Unless I'm mistaken, you've just made SRSU into one for every bank and
every trucking company. Are there any other sectors you'd like to
place every corporate entity -- as a "single user" -- in the root?
with .brand. This would work extremely well with an entity like Red
Cross, which is struggling with all the scam donation sites every time
there’s a major catastrophy. Internet users would know that it is
genuine Red Cross site, if the name ends with .redcross.
*Example:* a brand could educate that all their legimite web pages end
Part of the ICRC uses "redcross.org", so I'll use .org here. The
.org zone is now signed. The root will be signed before anything the
VI PDP WG does is reflected in changes to the root.
Does everyone know the Red Cross uses .org? Does its use of .org
prevent registrations of reddcross.org or red-cross.org? If the
consumer knows that he can go to charity.redcross and risk no
potential misdirection, is that not a benefit?
Why is an unsigned ".charity" a better public policy choice than a
Who knows .charity will be unsigned? Maybe it will. Consumers will
judge TLDs on their safety features and surf accordingly.
Would the same security claim mean an unsigned ".bank" is a better
public policy choice than a signed "bank.tld", where "tld" is a
Likewise, why should .bank not be signed. If makes perfect sense to
have zones like this signed.
I think you've missed the point. Jaarko said ".redcross" reduces the
American Red Cross' losses from misrepresentation. He didn't say it
was signed, just that it exists. In the time it takes to get anything
new into the root (other than ccTLD IDN FT adds), as .org is signed,
redcross.org could be signed.
Jaarko's claim, and it is his choice to use a humanitarian relief
agency to motivate a corporate loophole, is that .redcross is
necessary. Therefore signed redcross.org, easier to obtain, is being
offered as less effective to obtain the loss reduction goal of the ARC.
This reduces to the assertion that DNSSEC's value proposition is less
than ease of use of the DNS as a search, rather than lookup
technology, as users don't have to "search" for ".redcross" -- it is
auto-found by being in the root, and this offsets the value of DNSSEC.
I disagree. I don't like the example, knowing the purpose, and parties
making financial transactions, whether contributory or depository,
deserve better than unsigned transactions.
What would be nice here is if someone wrote "Oops! Signed
redcross.org. Didn't think of that. Yup. Faster and more secure. Will
think of another motivating SRSU use case soonest. Best. s/Someone"
Since this organization is offered as an example of a "single user",
here is a portion of para 2 of section 7.1 of the ByLaws of the ARC:
"Membership is open to all people of the United States and its
territories and its possessions. Any individual shall be a member of
the Corporation if he or she (a) makes a monetary contribution to
the Corporation, including a monetary contribution made directly to
a Chartered Unit, (b) performs volunteer services for the
Corporation, including volunteer services performed directly for a
Chartered Unit, or (c) donates blood to the Corporation."
You are raising a concern of mine here, namely abuse of SRSU policies
for circumvention of equal registrar access. The poilcy we propose for
SRSU will have to exclude registrations for such membership structures.
Just so long as you don't wave a magic wand and change the ByLaws of
the Red Cross and turn all those nice people into brainless corporate