The possible route to take is looking at entirely new ideas for TLDs, in the same way that .tel is attempting something completely new.   So in that spirit here is my idea for a completely different TLD that I’ve been shamelessly promoting for the last year.  Not do anything with, you understand, but to get people to think “outside the box” on domains names, because that it where the future may well lie.

My idea then is very similar indeed to TinyURL.  What you register is not a domain, but a URL, which gets translated into a short code and it is that short code that then becomes the domain name.  So you would register the URL “http://blog.nominet.org.uk/insight/2008/06/icann-paris-new-gtlds/” and get given the domain name 6hgntn.l in return.

The domain name would not be a delegation though, just a URL redirection on my huge specially written webserver (easy to do).  You might be able to choose from a variety of redirection techniques and you may be charged differently depending on how much data you allow the registry to keep.  If you let them keep everything then it might even be free.

If you wanted to choose the domain for the redirection, instead of having one assigned then that would certainly cost a lot more, but then the registry would have to do dispute resolution and all that so maybe it is not worth selling these.

So, why .l?  Well obviously, because it is so short and actually any one character TLD will do, l for link or u for URL or r for redirection, it doesn’t really matter.  Some might even say this is the downfall of .mobi, at four letters for the TLD it is three letter too long and should really be just .m.

On the other side you have law enforcement who regard WHOIS, quite genuinely, as a very important tool in fighting online crime. Obviously that means that either there are a lot of dumb criminals who use their real identities to register domains or, more charitably perhaps, the protections in place to stop fake registration data do actually work.

This side is joined by the formidable Intellectual Property Community for whom domains names and the Internet are a huge problem of detection and enforcement. They, like law enforcement, want free and unfettered access to all WHOIS data.

Stalemate

The current position at ICANN is stalemate. Views are becoming so entrenched that the most recent discussion was on whether or not to commission more research into the problem, with some groups saying quite vehemently that enough research had been done over the years so no more was needed!

Jurisdiction

If we just concentrate on the issue of access for law enforcement you should hopefully understand just how complex and potentially intractable this problem is.

In the UK our policy is pretty straightforward. If you are a UK law enforcement agency and you ask for the data then we give it, even if the registrant has opted for privacy in the WHOIS. If you are a law enforcement agency outside of the UK then you must contact one inside the UK and ask them to ask us. So we deal exclusively with law enforcement agencies in our local jurisdiction.

In the gTLDs however the problem is much more complex. Let’s say PIR were to adopt the same policy and only deal with US agencies, since that is where they are based. Can you really imagine other countries being happy at asking US law enforcement agencies for data from what is supposedly a global domain name? Can you even imagine Iranian or Cuban law enforcement agencies asking or receiving an answer?

So this is altogether a global problem, in a world where mechanisms for establishing credentials over long distances are, at best, informal.

This is why one camp just wants it freely accessible, without limits and with all the data in it checked regularly. That way their access problem is simplified. Of course those who care about privacy would never agree to that.

Signing .org

Public Internet Registry (PIR) announced their intention to sign .org, with the help of their registry partner, Afilias. This will be the first big Top Level Domain (TLD) to sign. The best bit is the reasons they give for doing are exactly the right reasons - they want to make the Internet a safer place by doing the right thing and signing .org.

Implementation is a while off but all the pre-work has been done and the ICANN board voted to give PIR the go-ahead. This is a brave step forward from the progressive CEO of PIR, Alexa Raad, and we wish them all the best.

IANA preparations and the new TAR

IANA announced their plans for a Trust Anchor Repository (TAR) as an interim measure until the root is signed. This will be a web site that us TLDs can populate through our normal processes with our keys. Anyone ISP or business who wants to use DNSSEC on the nameservers now has only the one place to visit to get keys rather than going to lots of different places.

This will certainly make life easier but it is still a poor second to signing the root. That unfortunately is out of IANA’s hands otherwise they would have done it by now, they have a well designed and well built (we’ve audited it) infrastructure in place to do it when they get the go ahead.

One thing IANA have been clear about is that they do not want any API access to the TAR. They are clear that this will develop into a competing technology to signing the root and almost everyone knows that is the best way forward.

US Government internal mandate

I haven’t checked this independently but I’ve been told that some departments of the US Government are going to mandate the use of DNSSEC internally. I’ve no idea how this will work but it shows a genuine recognition of the value of DNSSEC that I hope manufacturers take note of.

Resistance is fading

As knowledge and understanding of DNSSEC and the benefits it brings are spreading, the resistance amongst it from registries is fading. There are two public refuseniks but even then the picture is different depending on which part of the organisation you talk two.

The first is DENIC (.de) who are in the unenviable position of having a zone with more than just nameservers in it, they also have direct customer data of the type normally only seen on registrar nameservers. This means that DENIC have no choice but to sign their whole zone and cannot take advantage of the latest revision to DNSSEC that allows the rest of us to only sign those domains that are actually using DNSSEC. For us that means a gradual and low impact implementation of DNSSEC, but for DENIC it means the kind of big bang implementation us larger TLDs have all been frightened of.

The second, and most recent dissident, is apparently Verisign. Their CTO Ken Silva has been quoted in the media as saying that the urgency for DNSSEC is not there any more. I’ve no idea what is driving that, but I suspect it is the cost and complexity of adding DNSSEC support to their proprietary nameserver cluster. There is no doubt that bandwidth costs will increase for TLDs because the size of the response we are giving is increasing dramatically. But then with the likely gradual increase in DNSSEC takeup I expect this to be naturally absorbed in our rolling upgrade programme.

What this statement does do though is throw the spotlight on their contract with the US Department of Commerce (USDoC) to be the Root Zone Maintainer (RZM). It sits a bit uneasily when the rest of us are all pushing for the root to be signed, IANA are prepared and yet Verisign is going soft on the whole idea.

The exit plan

It might be more accurate to describe this as a lack of an exit plan. It is becoming clear that there is no way currently for a zone to signal that it intends to stop signing itself. If it just does so without such a mechanism then any validators operating in strict DNSSEC mode (nobody would do this just yet) would decide that all replies from that zone were bogus, effectively losing contact with it. Thankfully this is just a theoretical risk for now and our DNSSEC expert, Roy Arends, already has a solution so this should not take long to spread amongst implementors.

So, overall a lot is happening in the push for a secure DNS. All we need now is the root signed!

The background

ICANN is split into various constituencies and all of the work on this has been within the Generic Names Supporting Organisation (GNSO) the consitutuency that represent registries of Global TLDs (gTLDs) and Sponsored TLDs (sTLDs), registrars and the business community including the powerful intellectual property community. They were asked by ICANN to come up with a policy for how more TLDs might be allowed into the root, which they duly have done. Other than two policy guidelines that had dissenting views, this was largely a full consensus decision. First hurdle crossed.

There was also an investigation into whether or not there were any technical issues with adding many more domains to the root. This concluded that there weren’ t any such issues. Second hurdle crossed.

Finally ICANN itself evaluated the GNSO policy to determine whether or not it is implementable. Not to actually create the implementation plan but to check carefully for any hidden showstoppers in the details. This they did at the cost of $10 million, as reported by their CEO Paul Twomey, and concluded that the policy was indeed implementable.

The decision ICANN actually took

So with all those pre-conditions met the ICANN board voted to ask the executive to go away and come up with an implementation plan, accepting the principle that there is no reason why there cannot be many more names added to the root.

This is going to take some months and may well cost another $10 million to do.

However, during the vote some ICANN board members raised strong concerns with two of the policy guidelines (the same ones that had dissenting views) and there was general agreement that they needed to see how these would be handled in the implementation plan, before the concerns were allayed.

The details of the policy and the two contentious guidelines

The one thing ICANN wants to avoid is having to make judgements on whether or not a new TLD is a “good thing”. They wanted a policy that took much of the decision away from them into a community driven process. Of course, quite what the community is for any new TLD, is still to be decided, but the principle is there.

The policy the’ve got does that with these two exceptions:

• Strings must not be contrary to generally accepted legal norms relating to morality and public order that are recognized under international principles of law. This obviously is completely open to interpretation and interpretations vary wildly by country. I have no idea how ICANN is going to get a workable solution to this even with the long list of potentially applicable internationally laws.
• An application will be rejected if an expert panel determines that there is substantial opposition to it from a significant portion of the community to which the string may be explicitly or implicitly targeted. Again this is highly subjective in so many different ways. What is substantial? What is a significant portion? And what is the applicable community?

So we wait with anticipation the implementation plan. I’m glad I’m not writing it.

What kind of new gTLDs might we see?

This is the question that everyone is asking and anything said here is purely speculation. Albeit speculation based on the ideas that have been circulating at ICANN, but speculation nonetheless.

1. Generic wordsThese are popular in any TLD, plain generics like colours, animals, vegetables, emotions and so on, mainly because they have such a widespread usage.
2. Regional names that cannot be applied for through the ccTLD process So this might include .sco or .cym. There is already an established precedent for this in .cat for the Catalan language and culture.
3. Global brands I’m writing the application for .nominet as we speak … no hang on … erm …
4. Common word endings For example .tion should get you around 3,000 cool domain names like litiga.tion or rejec.tion. Domains names can be fun and creative.

Before you get carried away the application fee could well be $100,000 and non-refundable, based on previous processes. Furthermore ICANN may have a cunning plan for TLDs where there is more than one applicant - they have already selected an auction provider to build the necessary system to auction the domains. Interestingly though, this is by no means fully decided and is another element that has to go into the implementation plan for further approval.

How many will there be?

This is the most interesing bit and one where I think ICANN has not looked far enough into the future. Currently the application cost is expected to be $100,000, to recoup the $10 million spent so far on this, and the millions more to go. But then what happens?

The root is the ultimate registry, the ultimate domain to have, so the demand is going to be enormous. the policy is designed not to judge except in the very edge cases and so the only thing that will stop a proliferation of names in the root is the price. ICANN has no other lever to hold back the flood because it has specifically not given itself one in this whole policy and process.

So when the initial outlay is recouped and ICANN has made say another $50 million from new applications, will it really be able to sustain such a high price? Granted the assessment for many of the initial applications will be high, possibly covering most of the fee, but soon standard questions, standard answers and a much cheaper process cost will appear. This will then leave ICANN open to a huge pressure to reduce the price to a cost-recovery level, and if does that then the floodgates open and we could get millions of registrations in the root.

That leaves us moving from a distributed, resilient, multi-level hierarchy, towards a concentrated, flat and vulnerable root. It’s all a question of numbers.

But will they be a success?

The problem in answering this has been the apparent ’success’ of .com. Yes it’s huge and yes it is vastly profitable but both of those attributes may not be the best thing for the Internet. The whole Domain Name System is designed to be distributed and putting too many names under one TLD, both as an absolute and as a proportion of the whole, goes against that. Furthermore is sets an unrealistic standard for growth and absolute size that new TLDs are highly unlikely to achieve. China (.cn) and India (.in) will probably exceed .com adding to the imbalance.

So the new TLDs should really be judged by how well they are adopted by their target community (where they have one), how stable they are, and what quality they bring to the market. If this happens then the whole Internet will benefit.

Note: Edited the bit about the application fee as Phil pointed out this had not been confirmed one way or the other.

To save you having to look it up, this the key text being added:

Any LIR is allowed to re-allocate complete or partial blocks of IPv4 address space that were previously allocated to them by either the RIPE NCC or the IANA. Such address space must not contain any block that is assigned to an End User.

Address space may only be re-allocated to another LIR that is also a member of the RIPE NCC. The block that is to be re-allocated must not be smaller than the minimum allocation block size at the time of re-allocation. Demonstration of need for the address space by the receiving LIR to the RIPE NCC is not required during transfers.

Re-allocation must be reflected in the RIPE Database. This re-allocation may be on either a permanent or non-permanent basis.

LIRs that receive a re-allocation from another LIR cannot re-allocate complete or partial blocks of the same address space to another LIR within 24 months of receiving the re-allocation.

The re-allocation will be notified to the RIPE NCC, who will record the change of allocation. Please note that the LIR always remains responsible for the entire allocation it receives from the RIPE NCC until the re-allocation is transferred to another LIR or returned. The LIR must ensure that all policies are applied.

Re-allocated blocks will be signed to establish the current allocation owner.

Re-allocated blocks are no different from the allocations made directly by the RIPE NCC and so they must be used by the receiving LIR according to the policies described in this document.

A number of people have expressed support for the proposal but not ETNO, the influential voice of the European Telecoms industry.  We are another refusenik, for similar reasons.  Rather then go through them again, here is the text of the objection I wrote to the working group:

I do not support this proposal for the following reasons:

* It breaks the policy of providing addresses to those who need them in a
fair and non-discriminatory fashion because it allows LIRs to choose who
gets spare addresses for arbitrary and secret reasons rather than through
the open and transparent process of the RIR.

* It is discriminatory to those LIRs in developing countries (within this
RIR region) who have fewer IPv4 addresses than other countries for
historic reasons and will now have to pay considerably more for addresses
by buying them from other LIRs.  This will only exacerbate an already
difficult global position where some countries are pushing for a change in
the global management of the Internet driven by a perception of exclusion.

* It is only a partial solution to the problem.  Many LIRs believe that
much more can be achieved by a determined and well implemented policy on
reclaim/reuse.  However this policy only addresses the potential transfer
solution to the problem, not the potential reclaim/reuse solution.
Furthermore, it is likely that this policy, if implemented before a proper
reclaim/reuse policy will render such a policy unachievable and
unworkable.

* It will create a landrush of false or exaggerated allocation requests
from people who wish to profit by arbitrage, leading to far faster
exhaustion of IPv4 addresses.  In other words there will now be a
significant difference in the price that IP addresses can be ‘bought’ from
RIPE NCC compared to that at which they can be sold on the open market.
This difference in price, the arbitrage opportunity, will lead to an
influx of speculators who will work out how to play the system and so lead
to many more addresses being allocated than otherwise.

* It takes RIPE NCC into the business of a regulator of a secondary
market, which is something it has no expertise in and brings considerable
risk.  RIPE NCC has to develop into this role because the nature of the
proposal requires policing to check transfers have happened within the
rules.  However, with the potential for transfers to have commercial and
financial implications there is far greater possibility of costly and
complex challenges to RIPE NCCs decisions.  This in turns brings with it
the risks of scrutiny from competition authorities.

* It will lead to rapid degradation of the IPv4 LIR database and loss of
control for RIPE NCC in the registration of IPv4 addresses.  If LIR A
sells a block of IPv4 addresses to LIR B then the legal ownership is
adequately covered by the contract that exists between the two and so
there is no incentive to register the transfer with RIPE NCC other than
when peering with people that make strict use the LIR database.  Rival
databases, based around IPv4 trading exchanges, will spring up.

There is still until 9th July left to comment on this proposal and given just how important it is then if you have strong views one way or the other then now is that time to let the working group know.

This got me thinking that it would be good for us to have a Nominet group on LinkedIn for anyone to join, which we could use as another way of keeping in touch with our community.  It would also mitigate the chances of someone doing to us what they’ve done to ICANN.  So I’ve created a group called “Nominet Community” and anyone can join.  This is the URL:

http://www.linkedin.com/e/gis/101204/7BB57564185C

While I was at it I created one for Nominet staff, past and present, to join.  Obviously this one is not open to everyone:

http://www.linkedin.com/e/gis/101205/179AFC14DE04

A lot of the responses to the Notice of Inquiry were about the lack of adequate safeguards, in particular for those who are not well represented in ICANN. This must be addressed. As BITS/Financial Round Table said in its contribution, it is necessary to “ensure the views of organizations that rely on the Internet … are fully considered”. It will be important for ICANN to show how wider business, economic, social and political interests will be safeguarded.

I now believe that it is up to ICANN to respond by defining what the organisation should look like post transition and how effective accountability can be provided.

ICANN has a new Chairman and this provides an excellent opportunity for him to inject new thinking. In my humble opinion (IMHO), Peter Dengate-Thrush needs to respond to this challenge and lead the process. Time is short and we need to start working on clear proposals for what ICANN could look like post transition.

The UK Internet Governance Forum is a collaborative partnership between Nominet, the UK Department for Business and key parliamentarians. Its aim is to provide a local forum in the UK to engage industry, government, parliament, academia and civil society in debate on Internet Governance issues, stimulating partnerships and coalitions to deliver solutions and demonstrating best practice for others to learn from.

Other influential stakeholder groups that are taking part include the London Internet Exchange, the Coalition on Internet Safety and Amnesty International.

One of the key messages to emerge from the first UK IGF meeting is that the UK is taking a leading role in Internet governance, and that other countries are seeing what we are doing and beginning to start running their own processes at the national level. Brazil, France and Finland are among the first countries to follow the UK’s ‘best practice’ model. The UK is proving to the rest of the world that the Internet Governance Forum works, as a collaborative partnership between Government, business, civil society and academia, because it is not subject to Government legislation and is free from bureaucracy.

The UK IGF will concentrate on developing examples of UK best practice and serve as a potential prototype model for other national IGFs. Rt Hon Alun Michael MP commented that Tanya Byron’s recent review of the online child protection sphere has highlighted successful partnership initiatives in that area, particularly between the Internet Watch Foundation and the Child Exploitation and Online Protection Unit. They have successfully combined resources and expertise from law enforcement, Industry and the third sector, while working closely with the Home Office’s Online Child Protection Task Force.

This kind of precedent paves the way for a cooperative template to be applied in the field of Internet governance. The key projects for the UK IGF going forwards will be to explore UK concerns around the IGF themes of security, diversity, access and openness at a seminar in May, and then to identify the UK’s best practice agenda for the IGF in Hydrabad at the awards ceremony for Nominet’s Best Practice Challenge in July.

We would encourage UK companies and organisations to send us their entries – the closing date is 25 April 2008. Winning entries will be announced at an awards ceremony in July 2008 and invited to a leading role in the UK preparatory meeting for the Internet Governance Forum meeting in India.

I’m still recovering from the recent ICANN meeting in New Delhi. As well as a hand injury from a fall at the airport (which started off the week well), I managed to catch a nasty cough while I was there that I’m still suffering from and I therefore did’nt really get out of the hotel (for those still under the false impression that international meetings are a complete jolly). I do know we were in India though, as there were some great curries on offer!

There was a very full ICANN agenda, but here is a brief summary of some of the key discussions we were involved in:

Internationalised Domain Names (IDNs)

The introduction of IDNs (domain names in non-Latin scripts) will be one of the biggest changes to the Internet since its inception, so it is not surprising that policy making about IDNs could take a long time. The discussions in Delhi were another step forward on that journey and IDNs were on the agenda for a number of constituency meetings.

The Governmental Advisory Committee (GAC) and country code Names Supporting Organisation (ccNSO) representatives met to discuss the issues regarding IDN two letter country code Top Level Domains and this discussion will continue at the next meeting. As part of its communiqué to ICANN, the GAC advised that the public policy principles it previously developed for ccTLDs are relevant also to IDN ccTLDs.

The discussion about a ‘fast-track’ process for introducing IDN ccTLDs in the near-term was also discussed in several meetings. As some will know, I’m not convinced how fast a ‘fast track’ will be able to act, particularly as the key policy decisions will need to be made via the formal (lengthier) policy development process. However, next steps were agreed and the working group will submit its final report to the ICANN board in June 2008.

New generic top level domains (gTLDs)

The process for introducing new generic top level domains (gTLDs) was discussed and there is some pressure from potential applicants who naturally want to know when they can submit bids and how much they will need to pay. There is also some pressure from potential accredited registries who want to become accredited so that they can partner with applicants, but don’t yet know the criteria they will need to meet as these are being developed. Work has been progressing on an implementation plan based on the policy development work done by the Generic Names Supporting Organisation (GNSO) and ICANN apparently hopes to start accepting bids for new gTLDs by the end of 2008 at the earliest. I expect that date may need to slip, as there is much work to be done by ICANN and the various consultants before everything will be ready.

Joint Project Agreement
In the open session on the JPA review, the ICANN Chairman helpfully ‘clarified’ that the ICANN submission to the review was not seeking an immediate end to the JPA, but dialogue about what will happen when it ends in 18 months time. Many present seemed to agree that we should use the time to discuss what accountabilty and oversight will be needed for an independent ICANN. I suspect there will not be so much agreement about what form this should take. As I pointed out, this is actually quite a tight timescale for an international multi-stakeholder discussion and dialogue will need to develop rapidly if an acceptable solution is to be found.