ICANN ICANN Email List Archives


<<< Chronological Index >>>        Thread Index >>>

Statement of Michael Palage

  • To: <zfa-concept-15feb10@xxxxxxxxx>
  • Subject: Statement of Michael Palage
  • From: "Michael D. Palage" <michael@xxxxxxxxxx>
  • Date: Tue, 23 Feb 2010 22:56:20 -0500

My name is Michael Palage, I am President and CEO of Pharos Global, Inc. a
consulting company that provides management solutions to domain name
registration authorities. These comments are submitted in an individual
capacity and do not necessarily reflect the opinions/viewpoints of any
current/future/past clients.


The Zone File Access Advisory Group (ZFAAG) should be commended for the work
that it has undertaken and the various models it has put forth for
consideration.  However, their analysis and proposal fails to take into
account national sovereignty and security issues in connection with public
sector gTLD applicants and potential valid security and business concerns
with some private sector gTLD applicants. Specifically, in addressing the
issues in the current zone file access system (Section 5) and the proposed
implications of ICANN's proposed expansion of the gTLD name space (Section
6), the group has failed to account for the "one-size fits all" zone file
access mandate that ICANN staff has incorporated into the existing and
proposed registry agreements.


The simplest way to highlight these concerns is to look at the inability of
the ICANN registry agreements (current/future) to scale in connection with
legacy gTLDs such as .MIL and .GOV as well as new gTLDs that may be emerging
in the new TLD marketplace.


There are valid national security reasons why the United States Government
does not want to be providing zone file access to any third party in
connection with the .GOV and .MIL gTLDs. These zone files provide "all
domain names currently active within a given TLD and the hostnames of
authoritative name servers for each domain name. The gTLD zone file also
contains glue records that map name server hostnames to specific IP
addresses. Many other DNS resource records may be present (e.g. DNSSEC,
NAPTR, TXT and others)." (Page 5  Zone File Advisory Group Report).


Hypothetically, if a national government sought a .GOVERNMENT or .MILITARY
internationalized gTLD extension in a script corresponding to their national
language, they would be required under the current ICANN registry agreement
to provide this data to any qualified third party. Simply put I do not
believe that a California not for profit public benefit corporation should
be able to impose contractual terms that compromise a sovereign government's
valid security concerns. This should not even be a question under well
enshrined international law. Unfortunately, ICANN's legal counsel has argued
in connection with the recent ICM Registry Independent Review Process, that
the ICANN Board's actions should be measured in connection with the lower
"Business Judgment Rule" recognized under California law.


These valid security concerns also apply equally as well to certain
potential private sector applicants. If Global Bank, was to apply for
.GLOBALBANK TLD why should it have to provide zone file access to any third
party and thus potential compromise the security of its infrastructure
and/or operations? This approach also limits potential new uses and features
within the DNS. For example, how could a bank potentially allocate second
level domains to customers corresponding to their banking ID number, when
under the current registry agreement they would be required to make this
information publicly available to any third party. 


There are also valid business reasons why a registry operator might wish to
restrict access to this information. If a social networking site or
telecommunication provider was to apply for a gTLD string, and provide users
with second level domain names corresponding to their user ID, telephone
number and/or postal address, this data could be used by a competitor to
acquire important customer data and gain a competitive advantage in the


Unfortunately, the ZFAAG failed to conduct a more in-depth analysis of why
the majority of ccTLD operators to not freely provide zone file access to
third parties. If this is a program that truly promotes security and
stability, then clearly ICANN should be seeking to employ this across all


While this and related issues have previously been raised with ICANN's
general counsel, unfortunately ICANN's legal department remains steadfast in
its one size fits all approach toward registry contracts which is
detrimental to both public and  private sector applicants.  While private
sector applicants have been extremely vocal in connection with ICANN's new
gTLD initiative, potential public sector applicants have been substantially
less vocal. However, the Affirmation of Commitments specifically recognizes
"that there is a group of participants that engage in ICANN's processes to a
greater extent than Internet users generally" and that ICANN must "ensure
that its decisions are in the public interest, and not just the interests of
a particular set of stakeholders." Therefore, it is critical that ICANN
acknowledge  these different interests of public sector applicants in the
proposed draft registry agreement.


Therefore, the bi-lateral approach proposed by the ZFAAG is the most prudent
way forward as it allows registries, both public and private, to protect
appropriate valid security and sovereignty concerns.  However, the ZFAAG
should continue to evaluate the viability of a centralized repository for
those registry operators that may wish to voluntary participate in such a
program as opposed to the direct bi-lateral approach. 


Respectfully submitted,


Michael D. Palage

<<< Chronological Index >>>        Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy