Office of International Affairs,

National Telecommunications and Information Administration,

Room 4701, U.S. Department of Commerce,

14th and Constitution Avenue, N.W.,

Washington, D.C. 20230 USA

318 Acton Street

Carlisle, MA 01741 USA

[Docket No. 980212036-8036-01]

Improvement of Technical Management

of Internet Names and Addresses

Dear Mr. Magaziner and the US Department of Commerce,

Thank you for the opportunity to respond to the "Green Paper" Proposal to Improve the Technical Management of Internet Names and Addresses Discussion Draft. Below is my response.

Thank you also for finally acknowledging the role that the Internet Engineering Task Force (IETF) has played in the development of the Internet. I believe the Green Paper is the first formal statement involving anyone from the office of the President of the United States that has acknowledged the role of the IETF. All the previous speeches and papers about high sounding Global/National Information Infrastructures have, if they mentioned any standards body, mentioned only the International Standards Organization (ISO). ISO is an immense organization that has produced tens of thousands of standards, most very successful, including successful circuit switched and physical level communications standards. But the basic Internet level protocols have been standardized by the IETF. The ISO protocols, known as OSI or Open System Interconnection, proposed in this area have been total failures. And they failed despite strenuous efforts by the US and other governments to force their use.

I hope that you find my remarks to be useful input.

Sincerely Yours,

It is necessary to have some context about the Domain Name System (DNS), and about the clear consensus that exists, before delving into more detailed comments.

Without an understanding of what the DNS is good for, how can one judge whether a change will improve things? Just listen to who is screaming the loudest? While it is true that not all questions are answered by knowing the essential purpose of the DNS, some are, and it is good to keep this purpose in mind.

It is necessary to always keep in mind, when considering any change, that the essential purpose of the DNS is to

A wide variety of information can then be stored in the DNS and retrieved for such names. The most commonly stored information today is the numeric Internet Protocol (IP) address of any corresponding computer and the names of the mail servers that handle electronic mail addressed to the name.

Going into a little more detail on each important attribute of these names:

(2) Globally unique: DNS names must be globally unique to be of any use on the global Internet. To permit global interoperation, when a name is referenced in an email address or a web link or any of the many other contexts where domain names are used, it must mean the same thing to everyone. (There may be limited exceptions to this for local private names.)

(3) All existing portions of the DNS name tree can be classified as either mnemonic or systematic or divided into subparts with these characteristics

(3a) Mnemonic: In the areas of the DNS name tree where all the conflict and concern is now, DNS names should be mnemonic. People should be able to say them over the telephone, write them on a napkin, and have some chance of remembering them, at least for a brief period, without confusion. The mnemonic portions of the DNS tree are frequently seen by people and mnemonicity is a human property.

It is possible that in the future directory systems will take over much of the burden of the DNS. However, at the present time reputation is built up in DNS names and the suppression of a service’s stable, globally unique, mnemonic domain name is enormously damaging..

.

There is quite a clear consensus in the Internet Service Provider community, in the Internet engineering community, and even in the world at large.

In conclusion, there is, and has been for over two years, a clear and absolutely overwhelming consensus against the DNS failed fringe fanatic "alternate" registries. They have had opportunity after opportunity after opportunity to post to open mailing lists, appear at open meetings, and try to persuade people that there is a reason to deviate from the recommendations of the IETF/IANA. They have completely failed. Among the ISP business community, the have failed by a staggering "vote" of about 200 to 1.

Now, in their last gasp, these failed fringe elements are hoping that the US Government will trample the clear consensus and hand over private monopolies to them just to grease the squeaky wheel.

So what exactly are the problems that have lead to all the commotion? The immediate problems are entirely with the DNS. There is no immediate problem with any of the other areas discussed except for a desire to establish a stronger organizational home for the IANA function.

What are these immediate DNS problems? There are really only two problems as follows, but they reinforce each other:

When bids were requested for a gTLD contractor as part of the Internic, a bid to provide what is more or less now referred to as a registry was rejected in favor of NSI’s much more expensive bid to be a combined registry, registrar, and hand-holder. Then, as registrations went into their explosive growth phase, a $50 a year fee was authorized with little consultation with the Internet community. And the US government permitted NSI to unilaterally adopt oppressive policies favoring holders of registered trademarks over those who had legally and productively used a similar name as a domain name. There is much fall out from these missteps by the US government:

1a) Monopoly: As .com became the "standard" top level domain and was built into more software as a default, NSI was the sole gatekeeper. Its price, set with and including a "tax" to the US government was the only price. Its oppressive policies and secret courts, favoring big players over small and going way beyond what any real court would do for registered trade mark owners, were the only policy and it was one which destabilized names, violating the most fundamental utility of DNS.

1b) Greed: The cash flow through NSI due primarily to it being a registrar is probably the biggest factor promoting greed among some of the DNS fringe fanatics. Anyone with any claim (including just self assertion) to any gTLD now has little reason to compromise no matter how much the consensus is against them because are blinded by NSI’s exponentially growing cash flow and they can always hope for a government granted private monopoly.

Are there solutions?

An important point to keep in mind is that the Internet is not a finished work.

The Domain Name System (DNS) is undergoing substantial engineering change right now. Security is being added which will increase the data volume for secured zones and increase the computational effort for name resolvers that authenticate data. Incremental zone transfer and change notification operations have been standardized. Dynamic update and secure dynamic update have been added. And more changes are coming.

The DNS is a name system, not a directory system. It accepts only very limited forms of names and will test only for exact match. A directory system would do near miss matching, accept international character sets, search on multiple fields, etc. Sooner or later a good directory system will evolve and the importance of the DNS will then be greatly reduced.

[Federal Register: February 20, 1998 (Volume 63, Number 34)]

[Proposed Rules]

[DOCID:fr20fe98-24]

_______________________________________________________________________

Part IV

Department of Commerce

_______________________________________________________________________

National Telecommunications and Information Administration

_______________________________________________________________________

15 CFR Chapter XXIII

Improvement of Technical Management of Internet Names and Addresses;

Proposed Rule

DEPARTMENT OF COMMERCE

National Telecommunications and Information Administration

15 CFR Chapter XXIII

[Docket No. 980212036-8036-01]

RIN 0660-AA11

Improvement of Technical Management of Internet Names and

Addresses

AGENCY: National Telecommunications and Information Administration

(NTIA), Commerce.

ACTION: Proposed rule; request for public comment.

-----------------------------------------------------------------------

SUMMARY: This document sets forth ways to improve technical management

of the Internet Domain Name System (DNS). Specifically, it describes

the process by which the Federal government will transfer management of

the Internet DNS to a private not-for-profit corporation. The document

also proposes to open up to competition the administration of top level

domains and the registration of domain names.

DATES: Comments must be received by March 23, 1998.

ADDRESSES: Comments may be mailed to Karen Rose, Office of

International Affairs, National Telecommunications and Information

Administration (NTIA), Room 4701, U.S. Department of Commerce, 14th and

Constitution Avenue, N.W., Washington, D.C. 20230 or sent via

electronic mail to dns@ntia.doc.gov. Messages to that address will

receive a reply in acknowledgment. Comments submitted in electronic

form should be in ASCII, WordPerfect (please specify version), or

Microsoft Word (please specify version) format. Comments received will

be posted on the NTIA website at http://www.ntia.doc.gov. Detailed

information about electronic filing is available on the NTIA website,

http://www.ntia.doc.gov/domainname/domainname130.htm. Paper submissions

should include three paper copies and a version on diskette in the

formats specified above.

FOR FURTHER INFORMATION CONTACT: Karen Rose, NTIA, (202) 482-0365.

SUPPLEMENTARY INFORMATION:

Authority: 15 U.S.C. 1512; 47 U.S.C. 902(b)(2)(H); 47 U.S.C. 902

(b)(2)(I); 47 U.S.C. 902(b)(2)(M); 47 U.S.C. 904(c)(1).

On July 1, 1997, The President directed the Secretary of Commerce

to privatize, increase competition in, and promote international

participation in the domain name system. Domain names are the familiar

and easy-to-remember names for Internet computers (e.g.

``www.ecommerce.gov''). They map to unique Internet Protocol (IP)

numbers (e.g., 98.37.241.30) that serve as routing addresses on the

Internet. The domain name system (DNS) translates Internet names into

the IP numbers needed for transmission of information across the

network. On July 2, 1997, the Department of Commerce issued a Request

for Comments (RFC) on DNS administration (62 FR 35896). This proposed

rule, shaped by over 430 comments received in response to the RFC,

provides notice and seeks public comment on a proposal to transfer

control of Internet domain names from government to a private,

nonprofit corporation.

Today's Internet is an outgrowth of U.S. government investments in

packet-switching technology and communications networks carried out

under agreements with the Defense Advanced Research Projects Agency

(DARPA), the National Science Foundation (NSF) and other U.S. research

agencies. The government encouraged bottom-up development of networking

technologies through work at NSF, which established the NSFNET as a

network for research and education. The NSFNET fostered a wide range of

applications, and in 1992 the U.S. Congress gave the National Science

Foundation statutory authority to commercialize the NSFNET, which

formed the basis for today's Internet.

As a legacy, major components of the domain name system are still

performed by or subject to agreements with agencies of the U.S.

government.

A. Assignment of Numerical Addresses to Internet Users

Every Internet computer has a unique IP number. The Internet

Assigned Numbers Authority (IANA), headed by Dr. Jon Postel of the

Information Sciences Institute (ISI) at the University of Southern

California, coordinates this system by allocating blocks of numerical

addresses to regional IP registries (ARIN in North America, RIPE in

Europe, and APNIC in the Asia/Pacific region), under contract with

DARPA. In turn, larger Internet service providers apply to the regional

IP registries for blocks of IP addresses. The recipients of those

address blocks then reassign addresses to smaller Internet service

providers and to end-users.

B. Management of the System of Registering Names for Internet Users

The domain name space is constructed as a hierarchy. It is divided

into top-level domains (TLDs), with each TLD then divided into second-

level domains (SLDs), and so on. More than 200 national, or country-

code, TLDs (ccTLDs) are administered by their corresponding governments

or by private entities with the appropriate national government's

acquiescence. A small set of generic top-level domains (gTLDs) do not

carry any national identifier, but denote the intended function of that

portion of the domain space. For example, .com was established for

commercial users, .org for not-for-profit organizations, and .net for

network service providers. The registration and propagation of these

key gTLDs are performed by Network Solutions, Inc. (NSI), a Virginia-

based company, under a five-year cooperative agreement with NSF. This

agreement includes an optional ramp-down period that expires on

September 30, 1998.

C. Operation of the Root Server System

The root server system contains authoritative databases listing the

TLDs so that an Internet message can be routed to its destination.

Currently, NSI operates the ``A'' root server, which maintains the

authoritative root database and replicates changes to the other root

servers on a daily basis. Different organizations, including NSI,

operate the other 12 root servers. In total, the U.S. government plays

a direct role in the operation of half of the world's root servers.

Universal connectivity on the Internet cannot be guaranteed without a

set of authoritative and consistent roots.

D. Protocol Assignment

The Internet protocol suite, as defined by the Internet Engineering

Task Force (IETF), contains many technical parameters, including

protocol numbers, port numbers, autonomous system numbers, management

information base object identifiers and others. The common use of these

protocols by the Internet community requires that the particular values

used in these fields be assigned uniquely. Currently, IANA, under

contract with DARPA, makes these assignments and maintains a registry

of the assigned values.

From its origins as a U.S.-based research vehicle, the Internet is

rapidly becoming an international medium for commerce, education and

communication. The traditional means

of organizing its technical functions need to evolve as well. The

pressures for change are coming from many different quarters:

• There is widespread dissatisfaction about the absence of

competition in domain name registration.

• Mechanisms for resolving conflict between trademark

holders and domain name holders are expensive and cumbersome.

• Without changes, a proliferation of lawsuits could lead to

chaos as tribunals around the world apply the antitrust law and

intellectual property law of their jurisdictions to the Internet.

• Many commercial interests, staking their future on the

successful growth of the Internet, are calling for a more formal and

robust management structure.

• An increasing percentage of Internet users reside outside

of the U.S., and those stakeholders want a larger voice in Internet

coordination.

• As Internet names increasingly have commercial value, the

decision to add new top-level domains cannot continue to be made on an

ad hoc basis by entities or individuals that are not formally

accountable to the Internet community.

• As the Internet becomes commercial, it becomes

inappropriate for U.S. research agencies (NSF and DARPA) to participate

in and fund these functions.

On July 1, 1997, as part of the Clinton Administration's Framework

for Global Electronic Commerce, the President directed the Secretary of

Commerce to privatize, increase competition in, and promote

international participation in the domain name system.

Accordingly, on July 2, 1997, the Department of Commerce issued a

Request for Comments (RFC) on DNS administration, on behalf of an

inter-agency working group previously formed to explore the appropriate

future role of the U.S. government in the DNS. The RFC solicited public

input on issues relating to the overall framework of the DNS system,

the creation of new top-level domains, policies for registrars, and

trademark issues. During the comment period, over 430 comments were

received, amounting to some 1500 pages.\1\

------------------------------------------------------------------------

\1\ The RFC and comments received are available on the Internet

at the following address: <http://www.ntia.doc.gov>.

------------------------------------------------------------------------

This discussion draft, shaped by the public input described above,

provides notice and seeks public comment on a proposal to improve the

technical management of Internet names and addresses. It does not

propose a monolithic structure for Internet governance. We doubt that

the Internet should be governed by one plan or one body or even by a

series of plans and bodies. Rather, we seek to create mechanisms to

solve a few, primarily technical (albeit critical) questions about

administration of Internet names and numbers.

We expect that this proposal will likely spark a lively debate,

requiring thoughtful analysis, and appropriate revisions. Nonetheless,

we are hopeful that reasonable consensus can be found and that, after

appropriate modifications, implementation can begin in April, 1998.

Recognizing that no solution will win universal support, the U.S.

government seeks as much consensus as possible before acting.

Our consultations have revealed substantial differences among

Internet stakeholders on how the domain name system should evolve.

Since the Internet is changing so rapidly, no one entity or individual

can claim to know what is best for the Internet. We certainly do not

believe that our views are uniquely prescient. Nevertheless, shared

principles have emerged from our discussions with Internet

stakeholders.

A. Stability

The U.S. government should end its role in the Internet number and

name address systems in a responsible manner. This means, above all

else, ensuring the stability of the Internet. The Internet functions

well today, but its current technical management is probably not viable

over the long term. We should not wait for it to break down before

acting. Yet, we should not move so quickly, or depart so radically from

the existing structures, that we disrupt the functioning of the

Internet. The introduction of a new system should not disrupt current

operations, or create competing root systems.

B. Competition

The Internet succeeds in great measure because it is a

decentralized system that encourages innovation and maximizes

individual freedom. Where possible, market mechanisms that support

competition and consumer choice should drive the technical management

of the Internet because they will promote innovation, preserve

diversity, and enhance user choice and satisfaction.

C. Private, Bottom-Up Coordination

Certain technical management functions require coordination. In

these cases, responsible, private-sector action is preferable to

government control. A private coordinating process is likely to be more

flexible than government and to move rapidly enough to meet the

changing needs of the Internet and of Internet users. The private

process should, as far as possible, reflect the bottom-up governance

that has characterized development of the Internet to date.

D. Representation

Technical management of the Internet should reflect the diversity

of its users and their needs. Mechanisms should be established to

ensure international input in decision making.

In keeping with these principles, we divide the name and number

functions into two groups, those that can be moved to a competitive

system and those that should be coordinated. We then suggest the

creation of a representative, not-for-profit corporation to manage the

coordinated functions according to widely accepted objective criteria.

We then suggest the steps necessary to move to competitive markets in

those areas that can be market driven. Finally, we suggest a transition

plan to ensure that these changes occur in an orderly fashion that

preserves the stability of the Internet.

A. The Coordinated Functions

Management of number addresses is best done on a coordinated basis.

As technology evolves, changes may be needed in the number allocation

system. These changes should also be undertaken in a coordinated

fashion.

Similarly, coordination of the root server network is necessary if

the whole system is to work smoothly. While day-to-day operational

tasks, such as the actual operation and maintenance of the Internet

root servers, can be contracted out, overall policy guidance and

control of the TLDs and the Internet root server system should be

vested in a single organization that is representative of Internet

users.

Finally, coordinated maintenance and dissemination of the protocol

parameters for Internet addressing will best preserve the stability and

interconnectivity of the Internet.

We propose the creation of a private, not-for-profit corporation

(the new corporation) to manage the coordinated functions in a stable

and open institutional framework. The new corporation should operate as

a private

entity for the benefit of the Internet as a whole. The new corporation

would have the following authority:

1. To set policy for and direct the allocation of number blocks to

regional number registries for the assignment of Internet addresses;

2. To oversee the operation of an authoritative root server system;

3. To oversee policy for determining, based on objective criteria

clearly established in the new organization's charter, the

circumstances under which new top-level domains are added to the root

system; and

4. To coordinate the development of other technical protocol

parameters as needed to maintain universal connectivity on the

Internet.

The U.S. government would gradually transfer existing IANA

functions, the root system and the appropriate databases to this new

not-for-profit corporation. This transition would commence as soon as

possible, with operational responsibility moved to the new entity by

September 30, 1998. The U.S. government would participate in policy

oversight to assure stability until the new corporation is established

and stable, phasing out as soon as possible and in no event later than

September 30, 2000. The U.S. Department of Commerce will coordinate the

U.S. government policy role. In proposing these dates, we are trying to

balance concerns about a premature U.S. government exit that turns the

domain name system over to a new and untested entity against the

concern that the U.S. government will never relinquish its current

management role.

The new corporation will be funded by domain name registries and

regional IP registries. Initially, current IANA staff will move to this

new organization to provide continuity and expertise throughout the

period of time it takes to establish the new corporation. The new

corporation should hire a chief executive officer with a background in

the corporate sector to bring a more rigorous management to the

organization than was possible or necessary when the Internet was

primarily a research medium. As these functions are now performed in

the United States, the new corporation will be headquartered in the

United States, and incorporated under U.S. law as a not-for-profit

corporation. It will, however, have and report to a board of directors

from around the world.

It is probably impossible to establish and maintain a perfectly

representative board for this new organization. The Internet community

is already extraordinarily diverse and likely to become more so over

time. Nonetheless, the organization and its board must derive

legitimacy from the participation of key stakeholders. Since the

organization will be concerned mainly with numbers, names and

protocols, its board should represent membership organizations in each

of these areas, as well as the direct interests of Internet users.

The board of directors for the new corporation should be balanced

to equitably represent the interests of IP number registries, domain

name registries, domain name registrars, the technical community, and

Internet users (commercial, not-for-profit, and individuals). Officials

of governments or intergovernmental organizations should not serve on

the board of the new corporation. Seats on the initial board might be

allocated as follows:

• Three directors from a membership association of regional

number registries, representing three different regions of the world.

Today this would mean one each from ARIN, APNIC and RIPE. As additional

regional number registries are added, board members could be designated

on a rotating basis or elected by a membership organization made up of

regional registries. ARIN, RIPE and APNIC are open membership

organizations that represent entities with large blocks of numbers.

They have the greatest stake in and knowledge of the number address

system. They are also representative internationally.

• Two members designated by the Internet Architecture Board

(IAB), an international membership board that represents the technical

community of the Internet.

• Two members designated by a membership association (to be

created) representing domain name registries and registrars.

Seven members designated by a membership association (to be

created) representing Internet users. At least one of those board seats

could be designated for an individual or entity engaged in non-

commercial, not-for-profit use of the Internet, and one for individual

end-users. The remaining seats could be filled by commercial users,

including trademark holders.

• The CEO of the new corporation would serve on the board of

directors.

The new corporation's processes should be fair, open and pro-

competitive, protecting against capture by a narrow group of

stakeholders. Its decision-making processes should be sound and

transparent; the bases for its decisions should be recorded and made

publicly available. Super-majority or even consensus requirements may

be useful to protect against capture by a self-interested faction. The

new corporation's charter should provide a mechanism whereby its

governing body will evolve to reflect changes in the constituency of

Internet stakeholders. The new corporation should establish an open

process for the presentation of petitions to expand board

representation.

In performing the functions listed above, the new corporation will

act much like a standard-setting body. To the extent that the new

corporation operates in an open and pro-competitive manner, its actions

will withstand antitrust scrutiny. Its standards should be reasonably

based on, and no broader than necessary to promote its legitimate

coordinating objectives. Under U.S. law, a standard-setting body can

face antitrust liability if it is dominated by an economically

interested entity, or if standards are set in secret by a few leading

competitors. But appropriate processes and structure will minimize the

possibility that the body's actions will be, or will appear to a court

to be, anti-competitive.

B. The Competitive Functions

The system for registering second-level domain names and the

management of the TLD registries should become competitive and market-

driven.

In this connection, we distinguish between registries and

registrars. A ``registry,'' as we use the term, is responsible for

maintaining a TLD's zone files, which contain the name of each SLD in

that TLD and each SLD's corresponding IP number. Under the current

structure of the Internet, a given TLD can have no more than one

registry. A ``registrar'' acts as an interface between domain-name

holders and the registry, providing registration and value-added

services. It submits to the registry zone file information and other

data (including contact information) for each of its customers in a

single TLD. Currently, NSI acts as both the exclusive registry and as

the exclusive registrar for .com, .net, .org, and .edu.

Both registry and registrar functions could be operated on a

competitive basis. Just as NSI acts as the registry for .com, .net, and

.org, other companies could manage registries with different TLDs such

as .vend or .store. Registrars could provide the service of obtaining

domain names for customers in any gTLD. Companies that design Web sites

for customers might, for example, provide registration as an adjunct to

other services. Other companies may perform this function as a stand-

alone business.

There appears to be strong consensus that, at least at this time,

domain name

registration--the registrar function--should be competitive. There is

disagreement, however, over the wisdom of promoting competition at the

registry level.

Some have made a strong case for establishing a market-driven

registry system. Competition among registries would allow registrants

to choose among TLDs rather than face a single option. Competing TLDs

would seek to heighten their efficiency, lower their prices, and

provide additional value-added services. Investments in registries

could be recouped through branding and marketing. The efficiency,

convenience, and service levels associated with the assignment of names

could ultimately differ from one TLD registry to another. Without these

types of market pressures, they argue, registries will have very little

incentive to innovate.

Others feel strongly, however, that if multiple registries are to

exist, they should be undertaken on a not-for-profit basis. They argue

that lack of portability among registries (that is, the fact that users

cannot change registries without adjusting at least part of their

domain name string) could create lock-in problems and harm consumers.

For example, a registry could induce users to register in a top-level

domain by charging very low prices initially and then raise prices

dramatically, knowing that name holders will be reluctant to risk

established business by moving to a different top-level domain.

We concede that switching costs and lock-in could produce the

scenario described above. On the other hand, we believe that market

mechanisms may well discourage this type of behavior. On balance, we

believe that consumers will benefit from competition among market

oriented registries, and we thus support limited experimentation with

competing registries during the transition to private sector

administration of the domain name system.

C. The Creation of New gTLDs

Internet stakeholders disagree about who should decide when a new

top-level domain can be added and how that decision should be made.

Some believe that anyone should be allowed to create a top-level domain

registry. They argue that the market will decide which will succeed and

which will not. Others believe that such a system would be too chaotic

and would dramatically increase customer confusion. They argue that it

would be far more complex technically, because the root server system

would have to point to a large number of top-level domains that were

changing with great frequency. They also point out that it would be

much more difficult for trademark holders to protect their trademarks

if they had to police a large number of top-level domains.

All these arguments have merit, but they all depend on facts that

only further experience will reveal. At least in the short run, a

prudent concern for the stability of the system requires that expansion

of gTLDs proceed at a deliberate and controlled pace to allow for

evaluation of the impact of the new gTLDs and well-reasoned evolution

of the domain space. The number of new top-level domains should be

large enough to create competition among registries and to enable the

new corporation to evaluate the functioning, in the new environment, of

the root server system and the software systems that enable shared

registration. At the same time, it should not be so large as to

destabilize the Internet.

We believe that during the transition to private management of the

DNS, the addition of up to five new registries would be consistent with

these goals. At the outset, we propose that each new registry be

limited to a single top-level domain. During this period, the new

corporation should evaluate the effects that the addition of new gTLDs

have on the operation of the Internet, on users, and on trademark

holders. After this transition, the new corporation will be in a better

position to decide whether or when the introduction of additional gTLDs

is desirable.

Individual companies and consortia alike may seek to operate

specific generic top-level domains. Competition will take place on two

levels. First, there will be competition among different generic top-

level domains. Second, registrars will compete to register clients into

these generic top-level domains. By contrast, existing national

registries will continue to administer country-code top-level domains

if these national government seek to assert those rights. Changes in

the registration process for these domains are up to the registries

administering them and their respective national governments.

Some have called for the creation of a more descriptive system of

top-level domains based on industrial classifications or some other

easy to understand schema. They suggest that having multiple top-level

domains is already confusing and that the addition of new generic TLDs

will make it more difficult for users to find the companies they are

seeking.

Market driven systems result in innovation and greater consumer

choice and satisfaction in the long run. We expect that in the future,

directory services of various sorts will make it easy for users to find

the sites they seek regardless of the number of top-level domains.

Attempts to impose too much central order risk stifling a medium like

the Internet that is decentralized by nature and thrives on freedom and

innovation.

D. The Trademark Dilemma

It is important to keep in mind that trademark/domain name disputes

arise very rarely on the Internet today. NSI, for example, has

registered millions of domain names, only a tiny fraction of which have

been challenged by a trademark owner. But where a trademark is

unlawfully used as a domain name, consumers may be misled about the

source of the product or service offered on the Internet, and trademark

owners may not be able to protect their rights without very expensive

litigation.

For cyberspace to function as an effective commercial market,

businesses must have confidence that their trademarks can be protected.

On the other hand, management of the Internet must respond to the needs

of the Internet community as a whole, and not trademark owners

exclusively. The balance we strike is to provide trademark holders with

the same rights they have in the physical world, to ensure

transparency, to guarantee a dispute resolution mechanism with resort

to a court system, and to add new top-level domains carefully during

the transition to private sector coordination of the domain name

system.

There are certain steps that could be taken in the application

process that would not be difficult for an applicant, but that would

make the trademark owner's job easier. For instance, gTLD registrants

could supply basic information--including the applicant's name and

sufficient contact information to be able to locate the applicant or

its representative. To deter the pirating of domain names, the registry

could also require applicants to certify that it knows of no entity

with superior rights in the domain name it seeks to register.

The job of policing trademarks could be considerably easier if

domain name databases were readily searchable through a common

interface to determine what names are registered, who holds those

domain names, and how to contact a domain name holder. Many trademark

holders find the current registration search tool, who is, too limited

in its functioning to be effective for this purpose. A more robust and

flexible search tool, which features multiple field or string searching

and retrieves similar names, could be

employed or developed to meet the needs of trademark holders. The

databases also could be kept up to date by a requirement that domain

name registrants maintain up-to-date contact information.

Mechanisms that allow for on-line dispute resolution could provide

an inexpensive and efficient alternative to litigation for resolving

disputes between trademark owners and domain name registrants. A swift

dispute resolution process could provide for the temporary suspension

of a domain name registration if an adversely affected trademark holder

objects within a short time, e.g. 30 days, of the initial registration.

We seek comment on whether registries should be required to resolve

disputes within a specified period of time after an opposition is

filed, and if so, how long that period should be.

Trademark holders have expressed concern that domain name

registrants in faraway places may be able to infringe their rights with

no convenient jurisdiction available in which the trademark owner could

file suit to protect those rights. At the time of registration,

registrants could agree that, in the event of a trademark dispute

involving the name registered, jurisdiction would lie where the

registry is domiciled, where the registry database in maintained, or

where the ``A'' root server is maintained. We seek comment on this

proposal, as well as suggestions for how such jurisdictional provisions

could be implemented.

Trademark holders have also called for the creation of some

mechanism for ``clearing'' trademarks, especially famous marks, across

a range of gTLDs. Such mechanisms could reduce trademark conflict

associated with the addition of new gTLDs. Again, we seek comment on

this proposal, and suggested mechanisms for trademark clearance

processes.

We stop short of proposals that could significantly limit the

flexibility of the Internet, such as waiting periods or not allowing

any new top-level domains.

We also do not propose to establish a monolithic trademark dispute

resolution process at this time, because it is unclear what system

would work best. Even trademark holders we have consulted are divided

on this question. Therefore, we propose that each name registry must

establish minimum dispute resolution and other procedures related to

trademark considerations. Those minimum procedures are spelled out in

Appendix 2. Beyond those minimums, registries would be permitted to

establish additional trademark protection and trademark dispute

resolution mechanisms.

We also propose that shortly after their introduction into the

root, a study be undertaken on the effects of adding new gTLDs and

related dispute resolution procedures on trademark and intellectual

property right holders. This study should be conducted under the

auspices of a body that is internationally recognized in the area of

dispute resolution procedures, with input from trademark and domain

name holders and registries. The findings of this study should be

submitted to the board of the new corporation and considered when it

makes decisions on the creation and introduction of new gTLDs.

Information on the strengths and weaknesses of different dispute

resolution procedures should also give the new corporation guidance for

deciding whether the established minimum criteria for dispute

resolution should be amended or maintained. Such a study could also

provide valuable input with respect to trademark harmonization

generally.

U.S. trademark law imposes no general duty on a registrar to

investigate the propriety of any given registration.\2\ Under

existing law, a trademark holder can properly file a lawsuit against a

domain name holder that is infringing or diluting the trademark

holder's mark. But the law provides no basis for holding that a

registrar's mere registration of a domain name, at the behest of an

applicant with which it has an arm's-length relationship, should expose

it to liability.\3\ Infringers, rather than registrars,

registries, and technical management bodies, should be liable for

trademark infringement. Until case law is fully settled, however,

registries can expect to incur legal expenses in connection with

trademark disputes as a cost of doing business. These costs should not

be borne by the new not-for-profit corporation, and therefore

registries should be required to indemnify the new corporation for

costs incurred in connection with trademark disputes. The evolution of

litigation will be one of the factors to be studied by the group tasked

to review Internet trademark issues as the new structure evolves.

------------------------------------------------------------------------

\2\ See generally MDT Corp. v. New York Stock Exchange, 858 F.

Supp. 1028 (C.D. Calif. 1994).

\3\ See Lockheed Martin Corp. v. Network Solutions, Inc., 1997

WL 721899 (C.D. Calif. 11/17/97); Panavision International v.

Toeppen, 1996 U.S. Dist. LEXIS 20744, 41 U.S.P.Q.2d 1310 (C.D.

Calif. 1996).

------------------------------------------------------------------------

E. The Intellectual Infrastructure Fund

In 1995, NSF authorized NSI to assess new domain name registrants a

$50 fee per year for the first two years, 30 percent of which was to be

deposited in a fund for the preservation and enhancement of the

intellectual infrastructure of the Internet (the ``Intellectual

Infrastructure Fund'').

In excess of $46 Million has been collected to date. In 1997,

Congress authorized the crediting of $23 Million of the funds collected

to the Research and Related Activities Appropriation of the National

Science Foundation to support the development of the Next Generation

Internet. The establishment of the Intellectual Infrastructure Fund

currently is the subject of litigation in the U.S. District Court for

the District of Columbia.

As the U.S. government is seeking to end its role in the domain

name system, we believe the provision in the cooperative agreement

regarding allocation of a portion of the registration fee to the

Internet Intellectual Infrastructure Fund should terminate on April 1,

1998, the beginning of the ramp-down period of the cooperative

agreement.

A number of steps must be taken to create the system envisioned in

this paper.

1. The new not-for-profit organization must be established and its

board chosen.

2. The membership associations representing (1) registries and

registrars, and (2) Internet users, must be formed.

The Internet Society

3. An agreement must be reached between the U.S. government and the

current IANA on the transfer of IANA functions to the new organization.

4. NSI and the U.S. government must reach agreement on the terms

and conditions of NSI's evolution into one competitor among many in the

registrar and registry marketplaces. A level playing field for

competition must be established.

5. The new corporation must establish processes for determining

whether an organization meets the transition period criteria for

prospective registries and registrars.

6. A process must be laid out for making the management of the root

server system more robust and secure, and, for transitioning that

management from U.S. government auspices to those of the new

corporation.

A. The NSI Agreement

The U.S. government will ramp down the NSI cooperative agreement

and phase it out by the end of September 1998. The ramp down agreement

with NSI should reflect the following terms and conditions designed to

promote competition in the domain name space.

1. NSI will effectively separate and maintain a clear division

between its current registry business and its current registrar

business. NSI will continue to operate .com, .net and .org but on a

fully shared-registry basis; it will shift operation of .edu to a not-

for-profit entity. The registry will treat all registrars on a

nondiscriminatory basis and will price registry services according to

an agreed upon formula for a period of time.

2. As part of the transition to a fully shared-registry system, NSI

will develop (or license) and implement the technical capability to

share the registration of its top-level domains with any registrar so

that any registrar can register domain names there in as soon as

possible, by a date certain to be agreed upon.

3. NSI will give the U.S. government a copy and documentation of

all the data, software, and appropriate licenses to other intellectual

property generated under the cooperative agreement, for use by the new

corporation for the benefit of the Internet.

4. NSI will turn over control of the ``A'' root server and the

management of the root server system when instructed to do so by the

U.S. government.

5. NSI will agree to meet the requirements for registries and

registrars set out in Appendix 1.

B. Competitive Registries, Registrars, and the Addition of New gTLDs

Over the past few years, several groups have expressed a desire to

enter the registry or registrar business. Ideally, the U.S. government

would stay its hand, deferring the creation of a specific plan to

introduce competition into the domain name system until such time as

the new corporation has been organized and given an opportunity to

study the questions that such proposals raise. Should the transition

plan outlined below, or some other proposal, fail to achieve

substantial consensus, that course may well need to be taken.

Realistically, however, the new corporation cannot be established

overnight. Before operating procedures can be established, a board of

directors and a CEO must be selected. Under a best case scenario, it is

unlikely that the new corporation can be fully operational before

September 30, 1998. It is our view, based on widespread public input,

that competition should be introduced into the DNS system more quickly.

We therefore set out below a proposal to introduce competition into

the domain name system during the transition from the existing U.S.

government authority to a fully functioning coordinating body. This

proposal is designed only for the transition period. Once the new

corporation is formed, it will assume authority over the terms and

conditions for the admission of new top-level domains.

Registries and New gTLDs

This proposal calls for the creation of up to five new registries,

each of which would be initially permitted to operate one new gTLD. As

discussed above, that number is large enough to provide valuable

information about the effects of adding new gTLDs and introducing

competition at the registry level, but not so large as to threaten the

stability of the Internet during this transition period. In order to

designate the new registries and gTLDs, IANA must establish equitable,

objective criteria and processes for selecting among a large number of

individuals and entities that want to provide registry services.

Unsuccessful applicants will be disappointed.

We have examined a number of options for recognizing the

development work already underway in the private sector. For example,

some argue for the provision of a ``pioneer preference'' or other grand

fathering mechanism to limit the pool of would-be registrants to those

who, in response to previous IANA requests, have already invested in

developing registry businesses. While this has significant appeal and

we do not rule it out, it is not an easy matter to determine who should

be in that pool. IANA would be exposed to considerable liability for

such determinations, and required to defend against charges that it

acted in an arbitrary or inequitable manner. We welcome suggestions as

to whether the pool of applicants should be limited, and if so, on what

basis.

We propose, that during the transition, the first five entities

(whether from a limited or unlimited pool) to meet the technical,

managerial, and site requirements described in Appendix 1 will be

allowed to establish a domain name registry. The IANA will engage

neutral accounting and technical consultancy firms to evaluate a

proposed registry under these criteria and certify an applicant as

qualified. These registries may either select, in order of their

qualification, from a list of available gTLDs or propose another gTLD

to IANA. (We welcome suggestions on the gTLDs that should be

immediately available and would propose a list based on that input, as

well as any market data currently available that indicates consumer

interest in particular gTLDs.)

added services, over and above the basic services provided to

registrars. At least at this time, the registry must, however, operate

on a shared registry basis, treating all registrars on a

nondiscriminatory basis, with respect to pricing, access and rules.

Each TLD's registry should be equally accessible to any qualified

registrar, so that registrants may choose their registrars

competitively on the basis of price and service. The registry will also

have to agree to modify its technical capabilities based on protocol

changes that occur in Internet technology so that interoperability can

be preserved. At some point in the future, the new organization may

consider the desirability of allowing the introduction of non-shared

registries.

Registrars

Any entity will be permitted to provide registrar services as long

as it meets the basic technical, managerial, and site requirements as

described in Appendix 1 of this paper. Registrars will be allowed to

register clients into any top-level domain for which the client

satisfies the eligibility rules, if any.

C. The Root Server System

IANA and the U.S. government, in cooperation with NSI, the IAB, and

other relevant organizations will undertake a review of the root server

system to recommend means to increase the security and professional

management of the system. The recommendations of the study should be

implemented as part of the transition process to the new corporation.

D. The .us Domain

At present, the IANA administers .us as a locality based hierarchy

in which second-level domain space is allocated to states and US

territories.\4\ This name space is further subdivided into

localities. General registration under localities is performed on an

exclusive basis by private firms that have requested delegation from

IANA. The .us name space has typically been used by branches of state

and local governments, although some commercial names have been

assigned. Where registration for a locality has not been delegated, the

IANA itself serves as the registrar.

------------------------------------------------------------------------

\4\ Management principles for the .us domain space are set forth

in Internet RFC 1480, (http://www.isi.edu/in-notes/rfc1480.txt)

------------------------------------------------------------------------

Some in the Internet community have suggested that the pressure for

unique identifiers in the .com gTLD could be relieved if commercial use

of the .us space was encouraged. Commercial

users and trademark holders, however, find the current locality-based

system too cumbersome and complicated for commercial use. Expanded use

of the .us TLD could alleviate some of the pressure for new generic

TLDs and reduce conflicts between American companies and others vying

for the same domain name.

Clearly, there is much opportunity for enhancing the .us domain

space, and the .us domain could be expanded in many ways without

displacing the current geopolitical structure. Over the next few

months, the U.S. government will work with the private sector and state

and local governments to determine how best to make the .us domain more

attractive to commercial users. It may also be appropriate to move the

gTLDs traditionally reserved for U.S. government use (i.e. .gov and

.mil), into a reformulated .us ccTLD.

The U.S. government will further explore and seek public input on

these issues through a separate Request for Comment on the evolution of

the .us name space. However, we welcome any preliminary comments at

this time.

E. The Process

The U.S. government recognizes that its unique role in the Internet

domain name system should end as soon as is practical. We also

recognize an obligation to end this involvement in a responsible manner

that preserves the stability of the Internet. We cannot cede authority

to any particular commercial interest or any specific coalition of

interest groups. We also have a responsibility to oppose any efforts to

fragment the Internet, as this would destroy one of the key factors--

interoperability--that has made the Internet so successful.

Our goal is to seek as strong a consensus as possible so that a

new, open, and accountable system can emerge that is legitimate in the

eyes of all Internet stakeholders. It is in this spirit that we present

this paper for discussion.

Executive Order 12866

This proposal has been determined not to be significant under

section 3(f) of Executive Order 12866.

Executive Order 12612

This rule does not contain policies with Federalism implications

sufficient to warrant preparation of a Federalism assessment under

Executive Order 12612.

Regulatory Flexibility Act

The Assistant General Counsel for Legislation and Regulation of the

Department of Commerce certified to the Chief Counsel for Advocacy, the

Small Business Administration that this proposed rule, if adopted,

would not have a significant economic impact on a substantial number of

small entities as follows:

We believe that the overall effect of the proposal will be highly

beneficial. No negative effects are envisioned at this time. In fact,

businesses will enjoy a reduction in the cost of registering domain

names as a result of this proposal. In 1995, the National Science

Foundation authorized a registration fee of $50 per year for the first

two years, 30 percent of which was to be deposited in a fund for the

preservation and enhancement of the intellectual infrastructure of the

Internet (the ``Intellectual Infrastructure Fund''). The proposal seeks

to terminate the agreement to earmark a portion of the registration fee

to the Intellectual Infrastructure Fund. We also believe that a

competitive registration system will lead to reduced fees in

registering domain names.

The proposal is pro-competitive because it transfers the current

system of domain name registration to a market-driven registry system.

Moreover, as the Internet becomes more important to commerce,

particularly small businesses, it is crucial that a more formal and

robust management structure be implemented. As the commercial value of

Internet names increases, decisions regarding the addition of new top-

level domains should be formal, certain, and accountable to the

Internet community. For example, presently, mechanisms for resolving

disputes between trademark holders and domain name holders are

expensive and cumbersome. The proposal requires each name registry to

establish an inexpensive and efficient dispute resolution system as

well as other procedures related to trademark consideration.

The U.S. government would gradually transfer existing Internet

Assigned Numbers Authority (IANA) functions, the root system and the

appropriate databases to a new not-for-profit corporation by September

30, 1998. The U.S. government would, however, participate in policy

oversight to assure stability until the new corporation is established

and stable, phasing out completely no later than September 30, 2000.

Accordingly, the transition period would afford the U.S. government an

opportunity to determine if the structure of the new corporation

negatively impacts small entities. Moreover, the corporation would be

headquartered in the U.S. and incorporated under U.S. law. Accordingly,

the corporation would be subject to antitrust scrutiny if dominated by

economically interested entities, or if its standards are established

by a few leading competitors.

As a result, no initial regulatory flexibility analysis has been

prepared.

Paperwork Reduction Act

This rule does not contain information collection requirements

subject to the provisions of the Paperwork Reduction Act.

Kathy Smith,

Acting Deputy Assistant Secretary for Communications and Information.

In order to ensure the stability of the Internet's domain name

system, protect consumers, and preserve the intellectual property

rights of trademark owners, all registries of generic top-level

domain names must meet the set of technical, managerial, and site

requirements outlined below. Only prospective registries that meet

these criteria will be allowed by IANA to register their gTLD in the

``A'' server. If, after it begins operations, a registry no longer

meets these requirements, IANA may transfer management of the domain

names under that registry's gTLD to another organization.

Independent testing, reviewing, and inspection called for in the

requirements for registries should be done by appropriate certifying

organizations or testing laboratories rather than IANA itself,

although IANA will define the requirements and the procedures for

tests and audits.

These requirements apply only to generic TLDs. They will apply

to both existing gTLDs (e.g., .com, .edu., .net, .org) and new

gTLDs. Although they are not required to, we expect many ccTLD

registries and registrars may wish to assure their customers that

they meet these requirements or similar ones.

Registries will be separate from registrars and have only

registrars as their customers. If a registry wishes to act both as

registry and registrar for the same TLD, it must do so through

separate subsidiaries. Appropriate accounting and confidentiality

safeguards shall be used to ensure that the registry subsidiary's

business is not utilized in any manner to benefit the registrar

subsidiary to the detriment of any other registrar.

Each top-level domain (TLD) database will be maintained by only

one registry and, at least initially, each new registry can host

only one TLD.

Registry Requirements

1. An independently-tested, functioning Database and

Communications System that:

a. Allows multiple competing registrars to have secure access

(with encryption and authentication) to the database on an equal

(first-come, first-served) basis.

b. Is both robust (24 hours per day, 365 days per year) and

scalable (i.e., capable of handling high volumes of entries and

inquiries).

c. Has multiple high-throughput (i.e., at least T1) connections

to the Internet via at least two separate Internet Service

Providers.

d. Includes a daily data backup and archiving system.

e. Incorporates a record management system that maintains copies

of all transactions, correspondence, and communications with

registrars for at least the length of a registration contract.

f. Features a searchable, on-line database meeting the

requirements of Appendix 2.

g. Provides free access to the software and customer interface

that a registrar would need to register new second-level domain

names.

h. An adequate number (perhaps two or three) of globally-

positioned zone-file servers connected to the Internet for each TLD.

2. Independently-reviewed Management Policies, Procedures, and

Personnel including:

a. Alternate (i.e., non-litigation) dispute resolution providing

a timely and inexpensive forum for trademark-related complaints.

(These procedures should be consistent with applicable national laws

and compatible with any available judicial or administrative

remedies.)

b. A plan to ensure that the registry's obligations to its

customers will be fulfilled in the event that the registry goes out

of business. This plan must indicate how the registry would ensure

that domain name holders will continue to have use of their domain

name and that operation of the Internet will not be adversely

affected.

c. Procedures for assuring and maintaining the expertise and

experience of technical staff.

d. Commonly-accepted procedures for information systems security

to prevent malicious hackers and others from disrupting operations

of the registry.

3. Independently inspected Physical Sites that feature:

a. A backup power system including a multi-day power source.

b. A high level of security due to twenty-four-hour guards and

appropriate physical safeguards against intruders.

c. A remotely-located, fully redundant and staffed twin facility

with ``hot switchover'' capability in the event of a main facility

failure caused by either a natural disaster (e.g., earthquake or

tornado) or an accidental (fire, burst pipe) or deliberate (arson,

bomb) man-made event. (This might be provided at, or jointly

supported with, another registry, which would encourage

compatibility of hardware and commonality of interfaces.)

Registrar Requirements

Registries will set standards for registrars with which they

wish to do business. The following are the minimal qualifications

that IANA should mandate that each registry impose and test or

inspect before allowing a registrar to access its database(s). Any

additional requirements imposed by registries on registrars must be

approved by IANA and should not affect the stability of the Internet

or substantially reduce competition in the registrar business.

Registries may refuse to accept registrations from registrars that

fail to meet these requirements and may remove domain names from the

registries if at a later time the registrar which registered them no

longer meets the requirements for registrars.

1. A functioning Database and Communications System that

supports:

a. Secure access (with encryption and authentication) to the

registry.

b. Robust and scalable operations capable of handling moderate

volumes.

c. Multiple connections to the Internet via at least two

Internet Service Providers.

d. A daily data backup and archival system.

e. A record management system that maintains copies of all

transactions, correspondence, and communications with all registries

for at least the length of a registration contract.

2. Management Policies, Procedures, and Personnel including:

a. A plan to ensure that the registrar's obligations to its

customers and to the registries will be fulfilled in the event that

the registrar goes out of business. This plan must indicate how the

registrar would ensure that domain name holders will continue to

have use of their domain name and that operation of the Internet

will not be adversely affected.

b. Commonly-accepted procedures for information systems security

to prevent malicious hackers and others from disrupting operations.

3. Independently inspected Physical Sites that features:

a. A backup power system.

b. A high level of security due to twenty-four-hour guards and

appropriate physical safeguards against intruders.

c. Remotely-stored backup files to permit recreation of customer

records.

1. Minimum Application Requirements.

a. Sufficient owner and contact information (e.g., names, mail

address for service of process, e-mail address, telephone and fax

numbers, etc.) to enable an interested party to contact either the

owner/applicant or its designated representative; and a

b. Certification statement by the applicant that:

--It is entitled to register the domain name for which it is

applying and knows of no entity with superior rights in the domain

name; and

--It intends to use the domain name.

2. Searchable Database Requirements.

a. Utilizing a simple, easy-to-use, standardized search

interface that features multiple field or string searching and the

retrieval of similar names, the following information must be

included in all registry databases, and available to anyone with

access to the Internet:

--Up-to-date ownership and contact information;

--Up-to-date and historical chain of title information for the

domain name;

--A mail address for service of process;

--The date of the domain name registration; and

--The date an objection to registration of the domain name was

filed.

3. Updated Ownership, Contact and Use Information.

a. At any time there is a change in ownership, the domain name

owner must submit the following information:

--Up-to-date contact and ownership information; and

--A description of how the owner is using the domain name, or, if

the domain name is not in use, a statement to that effect.

4. Alternative Dispute Resolution of Domain Name Conflicts.

a. There must be a readily available and convenient dispute

resolution process that requires no involvement by registrars.

b. Registries/Registrars will abide by the decisions resulting

from an agreed upon dispute resolution process or by the decision of

a court of competent jurisdiction.

If an objection to registration is raised within 30 days after

registration of the domain name, a brief period of suspension during

the pendency of the dispute will be provided by the registries.

The Green Paper quite rightly designates this as an independent topic to be handled via a separate US government Request For Comments. But, since they are requested, here are some brief preliminary comments:

Implementing the recommendations above would require substantial staffing and funding. It should aim to become self-funding by imposing fees on registries. To the extent possible, fees should be imposed only on registries that charge and should be avoided for registries that provide general free registration to those in their locality.