New gTLD Applicant Guidebook Public Comment
Dr. Neal Krawetz
Hacker Factor Solutions
P.O. Box 270033
Fort Collins, CO 80527
ICANN
4676 Admiralty Way
Suite 330
Marina del Rey, CA 92092
December 14, 2008
Dear ICANN,
I applaud the intention to introduce additional top-level domain names
(TLDs). The current set of TLDs, including .com, .net, and .org, have lost
their meaning; they have become nothing more than a free-for-all land grab
for the best names. New TLDs, particularly ones with reasonable purposes,
have the potential to reintroduce usefulness into the domain naming system
(DNS).
In addition, I am relieved to see a formal and open proposal system
associated with the rules and guidelines behind this decision. The
documents posted at http://www.icann.org/en/topics/new-gtlds/comments-
en.htm provide a welcoming amount of insight into both the proposed process
as well as the rational behind these decisions. However, I believe there
are some unaddressed issues. These areas are limited to the proposal
requirements, review of domain allocations, and associated fees.
Proposal Requirements
The current proposal documents focus on the submission process, hosting
requirements, and naming conventions such as character sets and similar
name resolutions. However, the proposed document does not address the basic
purpose of the proposed TLDs.
ICANN has historically steered away from issues concerning the regulation
of domain names. This was most evident during the October 2007 rejection of
the proposed ".xxx" TLD.[1] As I understand it, the rational was that ICANN
has neither the authority nor the power to regulate who can or must
register with a particular TLD. It is this same reason that the ".net" and
".org" TLDs are currently associated with all kinds of registrants, and not
just network providers[2] and non-commercial organizations[3].
However, the required proposal system for TLDs forces ICANN to be a
regulatory body for the TLD allocations. ICANN is responsible for receiving
proposals, evaluating proposals, and resolving multiple requests for
identical proposed TLD names. This is a regulatory position. The current
process description offers no means to distinguish between requests. For
example, I - as an individual - can submit a proposal for ".cpa" that could
conflict with a proposal from an association of certified public
accountants. Assuming that I get my proposal submitted first and meet all
of the requirements (naming convention, hosting environment, etc.) then
there is no reason not to award the domain to me since I requested it
first.
I would like to suggest an addition to the proposal review process in order
to better resolve this issue. Each proposal should be accompanied by the
following information, which will be used to evaluate the proposal:
1. TLD name. This is part of the current proposed evaluation process.
However, the current proposed process only uses this to resolve naming
issues. I am suggesting that the TLD name be meaningful with regards
to the purpose (item #2). This requirement would continue the current
level of organization, where each TLD name has meaning beyond a basic
string. For example, .pro is not just three random letters, .pro is
for professionals. Similarly, .com is for commercial, and the various
ccTLDs represent specific countries.
2. Purpose. This justifies why the submitted TLD name is necessary in the
first place. This will remove proposed TLDs with a far too limited
scope and prevent TLD name cyber-squatting.
The defined purpose should include why the TLD is desired as well as
expectations concerning who will use it - both domain registrants and
domain users.
For example, is ".cocacola" really necessary? The company is in a
single market, offering a suite of similar products, and the TLD would
only be usable by them. This is a sparse namespace that has no purpose
beyond brand recognition.
In contrast, ".microsoft" could serve a viable purpose: the company
offers a variety of widely used products and services, and has working
associations with a significant number of official vendors and
partners. The ".microsoft" TLD could be used to distinguish legitimate
partners and products from clones, copies, and unofficial products and
services.
As with item #1, this requirement follows the current TLD definitions.
Each current TLD is associated with a general purpose - even if the
purpose is not enforced.
3. Appropriateness. A proposed TLD may have an understandable name and an
acceptable purpose, but may not be submitted by an appropriate domain
holder. For example, with an appropriate purpose and associated fee, I
can register ".japan". But since I have no ties to either the country
of Japan or any products related to Japan, I am not the best choice to
manage this TLD.
As another example, Toyota is an automobile manufacturer. As a
manufacturer, they could propose the ".car" TLD. Considering that
Toyota is a specific manufacturer, they would not necessarily be the
best choice for managing a generic TLD for cars. A better manager
would be an organization that represents many automobile
manufacturers, or an organization that has the support of multiple
manufacturers.
ICANN must be willing to reject applications that contain a viable
purpose but are submitted by an unauthoritative or limited entity.
Without this requirement, the cyber-squatting problem currently seen
with .com, .net, and .org will exist with TLD names.
4. Organization. The original purpose of DNS was to provide a human level
of organization; otherwise we would still be memorizing network
addresses. Currently, few TLDs contain any organization. The .mil,
.gov, and .name TLDs are excellent examples of well-organized domains.
For example, divisions under the Department of the Navy are all within
the "navy.mil" TLD, and the government of California uses ".ca.gov" -
department dot California dot gov.
In contrast, moderated TLDs, such as .aero and .museum, limit who can
register but still remain unorganized. For example, the airport code
for Denver is DEN and den.aero is the domain for the airport. However,
while ATL is the airport code for Atlanta, atl.aero is a company
called "Aviation Traders Limited". There is no organization within
these domains; they are effectively a free-for-all that is limited to
related services.
At the far end of organization are the unmoderated TLDs. These include
".com", ".org", and ".net". These are essentially free-for-all TLDs.
Non-technical users have no means to tell anything about a site from a
given domain name.
I am not suggesting that ICANN regulate the domain structures within a
given TLD. However, I do suggest that ICANN require that proposed TLDs
include a well-defined organizational definition. A TLD such as ".ffa"
could define a "free for all", while TLDs that represent an organized
subject should include an organizational structure.
5. Dispute resolution. In 1999, ICANN adopted the Uniform Domain-Name
Dispute-Resolution Policy (UDRP)[4]. While this applies to many TLDs,
it has not been uniformly adopted by all gTLDs and ccTLDs. As a
result, individual TLD managers may choose to use the UDRP, a
variation of the UDRP, or their own dispute resolution policy. For
example, ".com", ".net", and ".org" all use the UDRP. However, the
".name", ".pro", and ".aero" TLDs each include alternate dispute
resolution procedures.[5],[6],[7]
Unfortunately, the UDRP does not explicitly mention the legal
jurisdiction. Instead, ICANN provides a list of approved UDRP
resolution providers.[8] It is very conceivable for a single domain to
be contested under multiple court systems located all over the world.
In addition, even though the United States court system is not listed
as an approved UDRP resolution provider, it has claimed jurisdiction
over dozens of domain name disputes.[9]
For clarity, ICANN should require that all TLD proposals include a
well-defined dispute resolution policy. Frankly, legal remediation
should be considered a last-option rather than the only option. As
with item #4, I am not suggesting that ICANN mitigate disputes within
a TLD. Instead, I am suggesting that ICANN require TLD proposals to
include a defined method for resolving disputes. For example, a
proposed ".japan" TLD could include a method for the TLD manager to
evaluate claims, or require mitigation be handled by courts in Tokyo.
Review of Domain Allocations
I was unable to find any mention of a review process after a TLD has been
awarded. Simply speaking, TLDs should not be "forever" nor limited to one
manager for life. Otherwise, poor management decisions may result in very
poor long-range decisions.
This issue is analogous to the IPv4 allocations. For example, DEC was
allocated the Net16 Class-A range (16.x.x.x). Hewlett-Packard was allocated
Net15. DEC was eventually bought by Compaq, which was consumed by Hewlett-
Packard. As a result, one company now controls two Class-A subnets. This
perpetual allocation is a key cause behind the IPv4 address shortage.
I suggest ICANN adopt a policy for reviewing TLD allocations. For example:
. Periodic. After a specified amount of time, such as five or ten years,
the allocation proposal should be reviewed. If the TLD is found to
serve no effective purpose, then it should be deallocated. For
example, if less than 1% of airports and aerospace related services
join .aero after 10 years, then perhaps .aero is unnecessary. The same
argument could be made for .name, .museum, .tel, .travel, etc. In
effect, this is removing TLDs that become ineffective and frees the
namespace for future services that are potentially different from the
original proposal.
The periodic review is not intended to meet arbitrary metrics.
Instead, it should be used to identify whether the TLD is still
operating under their original proposal guidelines, provide an option
to update guidelines or requirements, and address any unexpected
concerns.
The concept of re-evaluations is not new with regards to TLDs. RFC 920
defined the original purpose. This was updated by RFC 1591, RFC 2606,
RFC 3071, etc.
. Violations. Along with the proposal for the TLD is a commitment to
abide by the proposal. If a TLD manager fails to abide by the
proposal, then the TLD should be re-evaluated. This could include
addressing the violations, altering the proposal, changing the
management, or deallocating the TLD.
For example, let's say that the proposed TLD ".zoo" is intended for
zoological organizations. If the TLD management begins to permit non-
zoo companies, then the purpose of the TLD should be re-evaluated.
Similarly, if ".news" is intended for news reporting agencies, but
becomes closely tied to unsolicited or undesirable communications
(e.g., spam or scams), then the TLD's purpose should be re-evaluated.
Requiring re-evaluations in the event of blatant violations of the
TLD's specified purpose simplifies the deregistration process. Had
ICANN had a similar policy for existing registrars before October
2008[10], organizations such as McColo, EstDomains, and Atrivo could
have been removed without years of complaints and legal processing.
The re-evaluations also address so-called "bulletproof hosting"[11],
where some domain registrars remain overly lenient toward complaints.
Associated Fees
The fees associated with the proposed TLD submission process seem to be the
least coherent portion, yet this proposal section has the most
justification. The initial submission fee of $185,000 is one example of the
incoherency. The fee is intended to go toward ICANN's operational costs.
However, the proposal does not identify which operational costs are
currently covered. Are salaries, services, and base overhead currently not
being funded?
More irrational is the fee of $1,000 for dispute resolution filings. As I
understand it, I could have an extremely good reason why ".google" should
not be awarded. However, if I cannot afford the $1,000 dispute resolution
fee, then I will be unable to voice my challenge. Along this same argument,
if I can afford the $185,000 fee then I can be virtually assured to get
".krawetz" since I doubt anyone would pay $1,000 to contest my proposal.
There is also no mention of any kind of refund. If a TLD proposal is
rejected, is the $185,000 refunded? Similarly, if a $1,000 argument is
rejected, is the $1,000 returned to the submitter? Without any refund, I
can fully see ICANN facing lawsuits from submitters (both TLD and dispute
submitters) who feel that their concerns were not appropriately considered.
The current fees appear designed more to prohibit submissions than account
for appropriate costs. Perhaps a better breakdown would be something
similar to the following:
. A large amount, such as $100,000, for the initial proposal. The high
cost is to deter arbitrary submissions and cover processing overhead.
. Each person or organization that desires to be a management candidate
adds in a secondary amount, such as $30,000. Together, these two fees
ensure that a single TLD proposal submitted by multiple managers is
not double-billed by the large amount.
. A change fee, such as $10,000, should be added for each significant
change to the proposal after the initial submission. This is similar
to a change-request process in normal business contracts.
. There should be a fixed window for organizations to request to compete
for the proposed TLD and to make changes based on their submissions.
When the window is closed, no more candidates may vie for the TLD and
no more changes may be made to proposals while they are evaluated.
The total sum of the fees should cover all forms of conflict resolution.
Individuals wishing to voice opposition to a TLD should not be required to
submit any fees. Together, a highly desirable but contested TLD, such as
".sex" or ".car", would generate the following fees along a timetable
similar to this. Please be aware that the entire process flows similar to
an open-faced poker game:
1. An organization submits the initial proposal and pays $30,000 to be
listed as a manager. This opens a window for other organizations to
enter their names for the same TLD. Each subsequent submitter antes a
non-refundable $30,000.
2. For the $30,000 ante, each organization may specify why they are the
best choice for managing the domain. These additional organizations
may also submit addendums or changes to the initial proposal in order
to strengthen their claims. For example, the second submitter may
include a non-refundable $10,000 fee to alter the domain's proposed
organization, potentially making their variation of the initial
proposal better than the original proposal.
Similarly, the original submitter may alter or update their variation
of the original proposal in order to incorporate enhancements -
including those from their competition - for bettering their version
of the proposal. A non-refundable $10,000 fee accompanies each change.
Using a poker analogy, this is essentially an open bidding war, with
each group paying a fee to sweeten their proposal.
During this time, all proposal variations are public. There may, and
likely will, be parallel competing proposals for the same TLD.
However, the initial proposal is treated as the baseline for all of
the parallel variations.
Throughout the open bidding and change window, some potential managers
may drop out upon realizing that their proposal is not the best.
Meanwhile, proposals are updated - providing ICANN with a set of
optimal proposals to consider.
3. At the close of the period for organizations to request management
rights, the $100,000 fee is divided equally among contenders.
4. The remaining proposals are then evaluated, along with any external
feedback - positive or negative and directed toward the TLD or any
particular management candidate.
5. A consensus is made by ICANN. This may include required changes to the
winning proposal. These changes are negotiated with the winning
submission, but do require change request fees.
. If the TLD is rejected, then the $100,000 fee is refunded but the
other fees are retained by ICANN. Candidates must be aware that
ICANN reserves the right to not award the TLD to anyone in cases
where none of the proposals are strong.
. If the TLD is awarded, then no moneys are refunded to any of the
parties.
6. After a specific period of time, such as ten years, the proposal is re-
evaluated. The re-evaluation includes opening up the management
proposal. However, a successful history of managing the TLD should be
included in the review processes.
The total revenue generated by this approach is greater than the current
proposed system. However, the distribution appears fairer to all of the
participants.
I would like to thank ICANN for allowing me to voice these ideas and I
certainly hope that these suggestions, or alternate requirements that
address the same issues, are adopted. I would certainly hate to see the new
TLD system result in an unorganized free-for-all with unusable TLDs and
significant resources tied up in the courts.
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/
Author of "Introduction to Network Security" (Charles River Media, 2006)
and "Hacking Ubuntu" (Wiley, 2007)
-----------------------
[1] http://www.icann.org/en/minutes/resolutions-30mar07.htm#_Toc36876524
[2] RFC 1591
[3] RFC 920
[4] http://www.icann.org/en/udrp/udrp-rules-24oct99.htm
[5] http://www.nic.name/policies.html
[6] http://registrypro.pro/nextphase/tou.htm
[7] http://www.nic.aero/registration/policies/dmp
[8] http://www.icann.org/en/dndr/udrp/approved-providers.htm
[9] http://www.internetlibrary.com/topics/domain_name.cfm
[10]
http://www.icann.org/en/processes/registrars/de-accredited-registrar-transition-procedure-01oct08.pdf
[11]
http://www.washingtonpost.com/wp-dyn/content/article/2008/11/12/AR2008111200658_2.html?sid=ST2008111801165&s_pos=
Attachment:
icann-tld.pdf |