The paper set forth below, concerning ways to improve technical
management of the Internet Domain Name System, is a proposed rule
of the Department of Commerce. This same document will be
published in the Federal Register in the near future. While the
Department will accept comments on the paper starting today, the
Federal Register publication will establish the official deadline
for the acceptance of public comment on this proposed rule.
Comments may be mailed to U.S. Department of Commerce, NTIA/OIA,
14th and Constitution Avenue, N.W., Washington, D.C. 20230 or
sent via electronic mail to dns@ntia.doc.gov. Though it is not
intended or expected, should any discrepancy occur between the
document set forth below and that published in the Federal
Register, the Federal Register publication controls. All
comments received will be considered exclusively in the context
of issuing a final rule. The paper is being made available
through the Internet solely as a means to facilitate the public's
access to this document and to provide an additional means of
notifying the public of the solicitation of public comment on the
proposed rule.
A PROPOSAL TO IMPROVE TECHNICAL MANAGEMENT OF
INTERNET NAMES AND ADDRESSES
DISCUSSION DRAFT 1/30/98
Domain names are the familiar and easy-to-remember names for
Internet computers (e.g. "www.ecommerce.gov"). They map to
unique Internet Protocol (IP) numbers (e.g. 98.37.241.30) that
serve as routing addresses on the Internet. The domain name
system (DNS) translates Internet names into the IP numbers needed
for transmission of information across the network.
History
Today's Internet is an outgrowth of U.S. government
investments in packet-switching technology and communications
networks carried out under agreements with the Defense Advanced
Research Projects Agency (DARPA), the National Science Foundation
(NSF) and other U.S. research agencies. The government encouraged
bottom-up development of networking technologies through work at
NSF, which established the NSFNET as a network for research and
education. The NSFNET fostered a wide range of applications, and
in 1992 the U.S. Congress gave the National Science Foundation
statutory authority to commercialize the NSFNET, which formed the
basis for today's Internet.
As a legacy, major components of the domain name system are
still performed by or subject to agreements with agencies of the
U.S. government.
1) Assignment of numerical addresses to Internet users.
Every Internet computer has a unique IP number. The Internet
Assigned Numbers Authority (IANA), headed by Dr. Jon Postel
of the Information Sciences Institute (ISI) at the
University of Southern California, coordinates this system
by allocating blocks of numerical addresses to regional IP
registries (ARIN in North America, RIPE in Europe, and APNIC
in the Asia/Pacific region), under contract with DARPA. In
turn, larger Internet service providers apply to the
regional IP registries for blocks of IP addresses. The
recipients of those address blocks then reassign addresses
to smaller Internet service providers and to end users.
2) Management of the system of registering names for
Internet users.
The domain name space is constructed as a hierarchy. It is
divided into top-level domains (TLDs), with each TLD then
divided into second-level domains (SLDs), and so on. More
than 200 national, or country-code, TLDs (ccTLDs) are
administered by their corresponding governments or by
private entities with the appropriate national government's
acquiescence. A small set of generic top-level domains
(gTLDs) do not carry any national identifier, but denote the
intended function of that portion of the domain space. For
example, .com was established for commercial users, .org for
not-for-profit organizations, and .net for network service
providers. The registration and propagation of these key
gTLDs are performed by Network Solutions, Inc. (NSI), a
Virginia-based company, under a five-year cooperative
agreement with NSF. This agreement includes an optional
ramp-down period that expires on September 30, 1998.
3) Operation of the root server system.
The root server system contains authoritative databases
listing the TLDs so that an Internet message can be routed
to its destination. Currently, NSI operates the "A" root
server, which maintains the authoritative root database and
replicates changes to the other root servers on a daily
basis. Different organizations, including NSI, operate the
other 12 root servers. In total, the U.S. government plays
a direct role in the operation of half of the world's root
servers. Universal connectivity on the Internet cannot be
guaranteed without a set of authoritative and consistent
roots.
4) Protocol Assignment.
The Internet protocol suite, as defined by the Internet
Engineering Task Force (IETF), contains many technical
parameters, including protocol numbers, port numbers,
autonomous system numbers, management information base
object identifiers and others. The common use of these
protocols by the Internet community requires that the
particular values used in these fields be assigned uniquely.
Currently, IANA, under contract with DARPA, makes these
assignments and maintains a registry of the assigned values.
The Need for Change
From its origins as a U.S.-based research vehicle, the
Internet is rapidly becoming an international medium for
commerce, education and communication. The traditional means of
organizing its technical functions need to evolve as well. The
pressures for change are coming from many different quarters:
There is widespread dissatisfaction about the absence
of competition in domain name registration.
Mechanisms for resolving conflict between trademark
holders and domain name holders are expensive and
cumbersome.
Without changes, a proliferation of lawsuits could lead
to chaos as tribunals around the world apply the
antitrust law and intellectual property law of their
jurisdictions to the Internet.
Many commercial interests, staking their future on the
successful growth of the Internet, are calling for a
more formal and robust management structure.
An increasing percentage of Internet users reside
outside of the U.S., and those stakeholders want a
larger voice in Internet coordination.
As Internet names increasingly have commercial value,
the decision to add new top-level domains cannot
continue to be made on an ad hoc basis by entities or
individuals that are not formally accountable to the
Internet community.
As the Internet becomes commercial, it becomes
inappropriate for U.S. research agencies (NSF and
DARPA) to participate in and fund these functions.
The Future Role of the U.S. Government in the DNS
On July 1, 1997, as part of the Clinton Administration's
Framework for Global Electronic Commerce, the President directed
the Secretary of Commerce to privatize, increase competition in,
and promote international participation in the domain name
system.
Accordingly, on July 2, 1997, the Department of Commerce
issued a Request for Comments (RFC) on DNS administration, on
behalf of an inter-agency working group previously formed to
explore the appropriate future role of the U.S. government in the
DNS. The RFC solicited public input on issues relating to the
overall framework of the DNS system, the creation of new top-
level domains, policies for registrars, and trademark issues.
During the comment period, over 430 comments were received,
amounting to some 1500 pages. /1
This discussion draft, shaped by the public input described
above, provides notice and seeks public comment on a proposal to
improve the technical management of Internet names and addresses.
It does not propose a monolithic structure for Internet
governance. We doubt that the Internet should be governed by one
plan or one body or even by a series of plans and bodies. Rather,
we seek to create mechanisms to solve a few, primarily technical
(albeit critical) questions about administration of Internet
names and numbers.
We expect that this proposal will likely spark a lively
debate, requiring thoughtful analysis, and appropriate revisions.
Nonetheless, we are hopeful that reasonable consensus can be
found and that, after appropriate modifications, implementation
can begin in April, 1998. Recognizing that no solution will win
universal support, the U.S. government seeks as much consensus as
possible before acting.
PRINCIPLES FOR A NEW SYSTEM
Our consultations have revealed substantial differences
among Internet stakeholders on how the domain name system should
evolve. Since the Internet is changing so rapidly, no one entity
or individual can claim to know what is best for the Internet. We
certainly do not believe that our views are uniquely prescient.
Nevertheless, shared principles have emerged from our discussions
with Internet stakeholders.
1. Stability.
The U.S. government should end its role in the Internet
number and name address systems in a responsible manner.
This means, above all else, ensuring the stability of the
Internet. The Internet functions well today, but its current
technical management is probably not viable over the long
term. We should not wait for it to break down before acting.
Yet, we should not move so quickly, or depart so radically
from the existing structures, that we disrupt the
functioning of the Internet. The introduction of a new
system should not disrupt current operations, or create
competing root systems.
2. Competition.
The Internet succeeds in great measure because it is a
decentralized system that encourages innovation and
maximizes individual freedom. Where possible, market
mechanisms that support competition and consumer choice
should drive the technical management of the Internet
because they will promote innovation, preserve diversity,
and enhance user choice and satisfaction.
3. Private, Bottom-Up Coordination.
Certain technical management functions require coordination.
In these cases, responsible, private-sector action is
preferable to government control. A private coordinating
process is likely to be more flexible than government and to
move rapidly enough to meet the changing needs of the
Internet and of Internet users. The private process should,
as far as possible, reflect the bottom-up governance that
has characterized development of the Internet to date.
4. Representation.
Technical management of the Internet should reflect the
diversity of its users and their needs. Mechanisms should be
established to ensure international input in decision
making.
In keeping with these principles, we divide the name and
number functions into two groups, those that can be moved to a
competitive system and those that should be coordinated. We then
suggest the creation of a representative, not-for-profit
corporation to manage the coordinated functions according to
widely accepted objective criteria. We then suggest the steps
necessary to move to competitive markets in those areas that can
be market driven. Finally, we suggest a transition plan to ensure
that these changes occur in an orderly fashion that preserves the
stability of the Internet.
THE PROPOSAL
The Coordinated Functions
Management of number addresses is best done on a coordinated
basis. As technology evolves, changes may be needed in the number
allocation system. These changes should also be undertaken in a
coordinated fashion.
Similarly, coordination of the root server network is
necessary if the whole system is to work smoothly. While day-to-
day operational tasks, such as the actual operation and
maintenance of the Internet root servers, can be contracted out,
overall policy guidance and control of the TLDs and the Internet
root server system should be vested in a single organization that
is representative of Internet users.
Finally, coordinated maintenance and dissemination of the
protocol parameters for Internet addressing will best preserve
the stability and interconnectivity of the Internet.
We propose the creation of a private, not-for-profit
corporation (the new corporation) to manage the coordinated
functions in a stable and open institutional framework. The new
corporation should operate as a private entity for the benefit of
the Internet as a whole. The new corporation would have the
following authority:
1. to set policy for and direct the allocation of number
blocks to regional number registries for the assignment
of Internet addresses;
2. to oversee the operation of an authoritative root
server system;
3. to oversee policy for determining, based on objective
criteria clearly established in the new organization's
charter, the circumstances under which new top-level
domains are added to the root system; and
4. to coordinate the development of other technical
protocol parameters as needed to maintain universal
connectivity on the Internet.
The U.S. government would gradually transfer existing IANA
functions, the root system and the appropriate databases to this
new not-for-profit corporation. This transition would commence as
soon as possible, with operational responsibility moved to the
new entity by September 30, 1998. The U.S. government would
participate in policy oversight to assure stability until the new
corporation is established and stable, phasing out as soon as
possible and in no event later than September 30, 2000. The U.S.
Department of Commerce will coordinate the U.S. government policy
role. In proposing these dates, we are trying to balance concerns
about a premature U.S. government exit that turns the domain name
system over to a new and untested entity against the concern that
the U.S. government will never relinquish its current management
role.
The new corporation will be funded by domain name registries
and regional IP registries. Initially, current IANA staff will
move to this new organization to provide continuity and expertise
throughout the period of time it takes to establish the new
corporation. The new corporation should hire a chief executive
officer with a background in the corporate sector to bring a more
rigorous management to the organization than was possible or
necessary when the Internet was primarily a research medium. As
these functions are now performed in the United States, the new
corporation will be headquartered in the United States, and
incorporated under U.S. law as a not-for-profit corporation. It
will, however, have and report to a board of directors from
around the world.
It is probably impossible to establish and maintain a
perfectly representative board for this new organization. The
Internet community is already extraordinarily diverse and likely
to become more so over time. Nonetheless, the organization and
its board must derive legitimacy from the participation of key
stakeholders. Since the organization will be concerned mainly
with numbers, names and protocols, its board should represent
membership organizations in each of these areas, as well as the
direct interests of Internet users.
The board of directors for the new corporation should be
balanced to equitably represent the interests of IP number
registries, domain name registries, domain name registrars, the
technical community, and Internet users (commercial, not-for-
profit, and individuals). Officials of governments or
intergovernmental organizations should not serve on the board of
the new corporation. Seats on the initial board might be
allocated as follows:
three directors from a membership association of
regional number registries, representing three
different regions of the world. Today this would mean
one each from ARIN, APNIC and RIPE. As additional
regional number registries are added, board members
could be designated on a rotating basis or elected by a
membership organization made up of regional registries.
ARIN, RIPE and APNIC are open membership organizations
that represent entities with large blocks of numbers.
They have the greatest stake in and knowledge of the
number address system. They are also representative
internationally.
two members designated by the Internet Architecture
Board (IAB), an international membership board that
represents the technical community of the Internet.
two members designated by a membership association (to
be created) representing domain name registries and
registrars.
seven members designated by a membership association
(to be created) representing Internet users. At least
one of those board seats could be designated for an
individual or entity engaged in non-commercial, not-
for-profit use of the Internet, and one for individual
end users. The remaining seats could be filled by
commercial users, including trademark holders.
the CEO of the new corporation would serve on the board
of directors.
The new corporation's processes should be fair, open and
pro-competitive, protecting against capture by a narrow group of
stakeholders. Its decision-making processes should be sound and
transparent; the bases for its decisions should be recorded and
made publicly available. Super-majority or even consensus
requirements may be useful to protect against capture by a self-
interested faction. The new corporation's charter should provide
a mechanism whereby its governing body will evolve to reflect
changes in the constituency of Internet stakeholders. The new
corporation should establish an open process for the presentation
of petitions to expand board representation.
In performing the functions listed above, the new
corporation will act much like a standard-setting body. To the
extent that the new corporation operates in an open and pro-
competitive manner, its actions will withstand antitrust
scrutiny. Its standards should be reasonably based on, and no
broader than necessary to promote its legitimate coordinating
objectives. Under U.S. law, a standard-setting body can face
antitrust liability if it is dominated by an economically
interested entity, or if standards are set in secret by a few
leading competitors. But appropriate processes and structure
will minimize the possibility that the body's actions will be, or
will appear to a court to be, anticompetitive.
The Competitive Functions
The system for registering second-level domain names and the
management of the TLD registries should become competitive and
market-driven.
In this connection, we distinguish between registries and
registrars. A "registry," as we use the term, is responsible for
maintaining a TLD's zone files, which contain the name of each
SLD in that TLD and each SLD's corresponding IP number. Under
the current structure of the Internet, a given TLD can have no
more than one registry. A "registrar" acts as an interface
between domain-name holders and the registry, providing
registration and value-added services. It submits to the
registry zone file information and other data (including contact
information) for each of its customers in a single TLD.
Currently, NSI acts as both the exclusive registry and as the
exclusive registrar for .com, .net, .org, and .edu.
Both registry and registrar functions could be operated on a
competitive basis. Just as NSI acts as the registry for .com,
.net, and .org, other companies could manage registries with
different TLDs such as .vend or .store. Registrars could provide
the service of obtaining domain names for customers in any gTLD.
Companies that design Web sites for customers might, for example,
provide registration as an adjunct to other services. Other
companies may perform this function as a stand-alone business.
There appears to be strong consensus that, at least at this
time, domain name registration - the registrar function - should
be competitive. There is disagreement, however, over the wisdom
of promoting competition at the registry level.
Some have made a strong case for establishing a market-
driven registry system. Competition among registries would allow
registrants to choose among TLDs rather than face a single
option. Competing TLDs would seek to heighten their efficiency,
lower their prices, and provide additional value-added services.
Investments in registries could be recouped through branding and
marketing. The efficiency, convenience, and service levels
associated with the assignment of names could ultimately differ
from one TLD registry to another. Without these types of market
pressures, they argue, registries will have very little incentive
to innovate.
Others feel strongly, however, that if multiple registries
are to exist, they should be undertaken on a not-for-profit
basis. They argue that lack of portability among registries (that
is, the fact that users cannot change registries without
adjusting at least part of their domain name string) could create
lock-in problems and harm consumers. For example, a registry
could induce users to register in a top-level domain by charging
very low prices initially and then raise prices dramatically,
knowing that name holders will be reluctant to risk established
business by moving to a different top-level domain.
We concede that switching costs and lock-in could produce
the scenario described above. On the other hand, we believe that
market mechanisms may well discourage this type of behavior. On
balance, we believe that consumers will benefit from competition
among market oriented registries, and we thus support limited
experimentation with competing registries during the transition
to private sector administration of the domain name system.
The Creation of New gTLDs
Internet stakeholders disagree about who should decide when
a new top-level domain can be added and how that decision should
be made. Some believe that anyone should be allowed to create a
top-level domain registry. They argue that the market will decide
which will succeed and which will not. Others believe that such a
system would be too chaotic and would dramatically increase
customer confusion. They argue that it would be far more complex
technically, because the root server system would have to point
to a large number of top-level domains that were changing with
great frequency. They also point out that it would be much more
difficult for trademark holders to protect their trademarks if
they had to police a large number of top-level domains.
All these arguments have merit, but they all depend on facts
that only further experience will reveal. At least in the short
run, a prudent concern for the stability of the system requires
that expansion of gTLDs proceed at a deliberate and controlled
pace to allow for evaluation of the impact of the new gTLDs and
well-reasoned evolution of the domain space. The number of new
top-level domains should be large enough to create competition
among registries and to enable the new corporation to evaluate
the functioning, in the new environment, of the root server
system and the software systems that enable shared registration.
At the same time, it should not be so large as to destabilize the
Internet.
We believe that during the transition to private management
of the DNS, the addition of up to five new registries would be
consistent with these goals. At the outset, we propose that each
new registry be limited to a single top-level domain. During this
period, the new corporation should evaluate the effects that the
addition of new gTLDs have on the operation of the Internet, on
users, and on trademark holders. After this transition, the new
corporation will be in a better position to decide whether or
when the introduction of additional gTLDs is desirable.
Individual companies and consortia alike may seek to operate
specific generic top-level domains. Competition will take place
on two levels. First, there will be competition among different
generic top-level domains. Second, registrars will compete to
register clients into these generic top-level domains. By
contrast, existing national registries will continue to
administer country-code top-level domains if these national
government seek to assert those rights. Changes in the
registration process for these domains are up to the registries
administering them and their respective national governments.
Some have called for the creation of a more descriptive
system of top-level domains based on industrial classifications
or some other easy to understand schema. They suggest that having
multiple top-level domains is already confusing and that the
addition of new generic TLDs will make it more difficult for
users to find the companies they are seeking.
Market driven systems result in innovation and greater
consumer choice and satisfaction in the long run. We expect that
in the future, directory services of various sorts will make it
easy for users to find the sites they seek regardless of the
number of top-level domains. Attempts to impose too much central
order risk stifling a medium like the Internet that is
decentralized by nature and thrives on freedom and innovation.
The Trademark Dilemma
It is important to keep in mind that trademark/domain name
disputes arise very rarely on the Internet today. NSI, for
example, has registered millions of domain names, only a tiny
fraction of which have been challenged by a trademark owner. But
where a trademark is unlawfully used as a domain name, consumers
may be misled about the source of the product or service offered
on the Internet, and trademark owners may not be able to protect
their rights without very expensive litigation.
For cyberspace to function as an effective commercial
market, businesses must have confidence that their trademarks can
be protected. On the other hand, management of the Internet must
respond to the needs of the Internet community as a whole, and
not trademark owners exclusively. The balance we strike is to
provide trademark holders with the same rights they have in the
physical world, to ensure transparency, to guarantee a dispute
resolution mechanism with resort to a court system, and to add
new top-level domains carefully during the transition to private
sector coordination of the domain name system.
There are certain steps that could be taken in the
application process that would not be difficult for an applicant,
but that would make the trademark owner's job easier. For
instance, gTLD registrants could supply basic information
including the applicant's name and sufficient contact information
to be able to locate the applicant or its representative. To
deter the pirating of domain names, the registry could also
require applicants to certify that it knows of no entity with
superior rights in the domain name it seeks to register.
The job of policing trademarks could be considerably easier
if domain name databases were readily searchable through a common
interface to determine what names are registered, who holds those
domain names, and how to contact a domain name holder. Many
trademark holders find the current registration search tool,
Whois, too limited in its functioning to be effective for this
purpose. A more robust and flexible search tool, which features
multiple field or string searching and retrieves similar names,
could be employed or developed to meet the needs of trademark
holders. The databases also could be kept up to date by a
requirement that domain name registrants maintain up-to-date
contact information.
Mechanisms that allow for on-line dispute resolution could
provide an inexpensive and efficient alternative to litigation
for resolving disputes between trademark owners and domain name
registrants. A swift dispute resolution process could provide for
the temporary suspension of a domain name registration if an
adversely affected trademark holder objects within a short time,
e.g. 30 days, of the initial registration. We seek comment on
whether registries should be required to resolve disputes within
a specified period of time after an opposition is filed, and if
so, how long that period should be.
Trademark holders have expressed concern that domain name
registrants in faraway places may be able to infringe their
rights with no convenient jurisdiction available in which the
trademark owner could file suit to protect those rights. At the
time of registration, registrants could agree that, in the event
of a trademark dispute involving the name registered,
jurisdiction would lie where the registry is domiciled, where the
registry database in maintained, or where the "A" root server is
maintained. We seek comment on this proposal, as well as
suggestions for how such jurisdictional provisions could be
implemented.
Trademark holders have also called for the creation of some
mechanism for "clearing" trademarks, especially famous marks,
across a range of gTLDs. Such mechanisms could reduce trademark
conflict associated with the addition of new gTLDs. Again, we
seek comment on this proposal, and suggested mechanisms for
trademark clearance processes.
We stop short of proposals that could significantly limit
the flexibility of the Internet, such as waiting periods or not
allowing any new top-level domains.
We also do not propose to establish a monolithic trademark
dispute resolution process at this time, because it is unclear
what system would work best. Even trademark holders we have
consulted are divided on this question. Therefore, we propose
that each name registry must establish minimum dispute resolution
and other procedures related to trademark considerations. Those
minimum procedures are spelled out in Appendix 2. Beyond those
minimums, registries would be permitted to establish additional
trademark protection and trademark dispute resolution mechanisms.
We also propose that shortly after their introduction into
the root, a study be undertaken on the effects of adding new
gTLDs and related dispute resolution procedures on trademark and
intellectual property right holders. This study should be
conducted under the auspices of a body that is internationally
recognized in the area of dispute resolution procedures, with
input from trademark and domain name holders and registries. The
findings of this study should be submitted to the board of the
new corporation and considered when it makes decisions on the
creation and introduction of new gTLDs. Information on the
strengths and weaknesses of different dispute resolution
procedures should also give the new corporation guidance for
deciding whether the established minimum criteria for dispute
resolution should be amended or maintained. Such a study could
also provide valuable input with respect to trademark
harmonization generally.
U.S. trademark law imposes no general duty on a registrar
to investigate the propriety of any given registration. /2 Under
existing law, a trademark holder can properly file a lawsuit
against a domain name holder that is infringing or diluting the
trademark holder's mark. But the law provides no basis for
holding that a registrar's mere registration of a domain name, at
the behest of an applicant with which it has an arm's-length
relationship, should expose it to liability. /3 Infringers, rather
than registrars, registries, and technical management bodies,
should be liable for trademark infringement. Until case law is
fully settled, however, registries can expect to incur legal
expenses in connection with trademark disputes as a cost of doing
business. These costs should not be borne by the new not-for-
profit corporation, and therefore registries should be required
to indemnify the new corporation for costs incurred in connection
with trademark disputes. The evolution of litigation will be one
of the factors to be studied by the group tasked to review
Internet trademark issues as the new structure evolves.
The Intellectual Infrastructure Fund
In 1995, NSF authorized NSI to assess new domain name
registrants a $50 fee per year for the first two years, 30
percent of which was to be deposited in a fund for the
preservation and enhancement of the intellectual infrastructure
of the Internet (the "Intellectual Infrastructure Fund")
In excess of $46 Million has been collected to date. In
1997, Congress authorized the crediting of $23 Million of the
funds collected to the Research and Related Activities
Appropriation of the National Science Foundation to support the
development of the Next Generation Internet. The establishment of
the Intellectual Infrastructure Fund currently is the subject of
litigation in the U.S. District Court for the District of
Columbia.
As the U.S. government is seeking to end its role in the
domain name system, we believe the provision in the cooperative
agreement regarding allocation of a portion of the registration
fee to the Internet Intellectual Infrastructure Fund should
terminate on April 1, 1998, the beginning of the ramp-down period
of the cooperative agreement.
THE TRANSITION
A number of steps must be taken to create the system
envisioned in this paper.
1. The new not-for-profit organization must be established
and its board chosen.
2. The membership associations representing 1) registries
and registrars, and 2) Internet users, must be formed.
3. An agreement must be reached between the U.S.
government and the current IANA on the transfer of IANA
functions to the new organization.
4. NSI and the U.S. government must reach agreement on the
terms and conditions of NSI's evolution into one
competitor among many in the registrar and registry
marketplaces. A level playing field for competition
must be established.
5. The new corporation must establish processes for
determining whether an organization meets the
transition period criteria for prospective registries
and registrars.
6. A process must be laid out for making the management of
the root server system more robust and secure, and, for
transitioning that management from U.S. government
auspices to those of the new corporation.
The NSI Agreement
The U.S. government will ramp down the NSI cooperative
agreement and phase it out by the end of September 1998. The ramp
down agreement with NSI should reflect the following terms and
conditions designed to promote competition in the domain name
space.
1. NSI will effectively separate and maintain a clear
division between its current registry business and its
current registrar business. NSI will continue to
operate .com, .net and .org but on a fully shared-
registry basis; it will shift operation of .edu to a
not-for-profit entity. The registry will treat all
registrars on a nondiscriminatory basis and will price
registry services according to an agreed upon formula
for a period of time.
2. As part of the transition to a fully shared-registry
system, NSI will develop (or license) and implement the
technical capability to share the registration of its
top-level domains with any registrar so that any
registrar can register domain names there in as soon as
possible, by a date certain to be agreed upon.
3. NSI will give the U.S. government a copy and
documentation of all the data, software, and
appropriate licenses to other intellectual property
generated under the cooperative agreement, for use by
the new corporation for the benefit of the Internet.
4. NSI will turn over control of the "A" root server and
the management of the root server system when
instructed to do so by the U.S. government.
5. NSI will agree to meet the requirements for registries
and registrars set out in Appendix 1.
Competitive Registries, Registrars, and the Addition of New gTLDs
Over the past few years, several groups have expressed a
desire to enter the registry or registrar business. Ideally, the
U.S. government would stay its hand, deferring the creation of a
specific plan to introduce competition into the domain name
system until such time as the new corporation has been organized
and given an opportunity to study the questions that such
proposals raise. Should the transition plan outlined below, or
some other proposal, fail to achieve substantial consensus, that
course may well need to be taken.
Realistically, however, the new corporation cannot be
established overnight. Before operating procedures can be
established, a board of directors and a CEO must be selected.
Under a best case scenario, it is unlikely that the new
corporation can be fully operational before September 30, 1998.
It is our view, based on widespread public input, that
competition should be introduced into the DNS system more
quickly.
We therefore set out below a proposal to introduce
competition into the domain name system during the transition
from the existing U.S. government authority to a fully
functioning coordinating body. This proposal is designed only for
the transition period. Once the new corporation is formed, it
will assume authority over the terms and conditions for the
admission of new top-level domains.
Registries and new gTLDs
This proposal calls for the creation of up to five new
registries, each of which would be initially permitted to operate
one new gTLD. As discussed above, that number is large enough to
provide valuable information about the effects of adding new
gTLDs and introducing competition at the registry level, but not
so large as to threaten the stability of the Internet during this
transition period. In order to designate the new registries and
gTLDs, IANA must establish equitable, objective criteria and
processes for selecting among a large number of individuals and
entities that want to provide registry services. Unsuccessful
applicants will be disappointed.
We have examined a number of options for recognizing the
development work already underway in the private sector. For
example, some argue for the provision of a "pioneer preference"
or other grandfathering mechanism to limit the pool of would-be
registrants to those who, in response to previous IANA requests,
have already invested in developing registry businesses. While
this has significant appeal and we do not rule it out, it is not
an easy matter to determine who should be in that pool. IANA
would be exposed to considerable liability for such
determinations, and required to defend against charges that it
acted in an arbitrary or inequitable manner. We welcome
suggestions as to whether the pool of applicants should be
limited, and if so, on what basis.
We propose, that during the transition, the first five
entities (whether from a limited or unlimited pool) to meet the
technical, managerial, and site requirements described in
Appendix 1 will be allowed to establish a domain name registry.
The IANA will engage neutral accounting and technical consultancy
firms to evaluate a proposed registry under these criteria and
certify an applicant as qualified. These registries may either
select, in order of their qualification, from a list of available
gTLDs or propose another gTLD to IANA. (We welcome suggestions on
the gTLDs that should be immediately available and would propose
a list based on that input, as well as any market data currently
available that indicates consumer interest in particular gTLDs.)
The registry will be permitted to provide and charge for
value-added services, over and above the basic services provided
to registrars. At least at this time, the registry must, however,
operate on a shared registry basis, treating all registrars on a
nondiscriminatory basis, with respect to pricing, access and
rules. Each TLD's registry should be equally accessible to any
qualified registrar, so that registrants may choose their
registrars competitively on the basis of price and service. The
registry will also have to agree to modify its technical
capabilities based on protocol changes that occur in Internet
technology so that interoperability can be preserved. At some
point in the future, the new organization may consider the
desirability of allowing the introduction of non-shared
registries.
Registrars
Any entity will be permitted to provide registrar services
as long as it meets the basic technical, managerial, and site
requirements as described in Appendix 1 of this paper. Registrars
will be allowed to register clients into any top-level domain for
which the client satisfies the eligibility rules, if any.
The Root Server System
IANA and the U.S. government, in cooperation with NSI, the
IAB, and other relevant organizations will undertake a review of
the root server system to recommend means to increase the
security and professional management of the system. The
recommendations of the study should be implemented as part of the
transition process to the new corporation.
The .us Domain
At present, the IANA administers .us as a locality based
hierarchy in which second-level domain space is allocated to
states and US territories. /4 This name space is further subdivided
into localities. General registration under localities is
performed on an exclusive basis by private firms that have
requested delegation from IANA. The .us name space has typically
been used by branches of state and local governments, although
some commercial names have been assigned. Where registration for
a locality has not been delegated, the IANA itself serves as the
registrar.
Some in the Internet community have suggested that the
pressure for unique identifiers in the .com gTLD could be
relieved if commercial use of the .us space was encouraged.
Commercial users and trademark holders, however, find the current
locality-based system too cumbersome and complicated for
commercial use. Expanded use of the .us TLD could alleviate
some of the pressure for new generic TLDs and reduce conflicts
between American companies and others vying for the same domain
name.
Clearly, there is much opportunity for enhancing the .us
domain space, and the .us domain could be expanded in many ways
without displacing the current geopolitical structure. Over the
next few months, the U.S. government will work with the private
sector and state and local governments to determine how best to
make the .us domain more attractive to commercial users. It may
also be appropriate to move the gTLDs traditionally reserved for
U.S. government use (i.e. .gov and .mil), into a reformulated .us
ccTLD.
The U.S. government will further explore and seek public
input on these issues through a separate Request for Comment on
the evolution of the .us name space. However, we welcome any
preliminary comments at this time.
The Process
The U.S. government recognizes that its unique role in the
Internet domain name system should end as soon as is practical.
We also recognize an obligation to end this involvement in a
responsible manner that preserves the stability of the Internet.
We cannot cede authority to any particular commercial interest or
any specific coalition of interest groups. We also have a
responsibility to oppose any efforts to fragment the Internet, as
this would destroy one of the key factors - interoperability -
that has made the Internet so successful.
Our goal is to seek as strong a consensus as possible so
that a new, open, and accountable system can emerge that is
legitimate in the eyes of all Internet stakeholders. It is in
this spirit that we present this paper for discussion.
�
Appendix 1
Recommended Registry and Registrar Requirements
In order to ensure the stability of the Internet's domain
name system, protect consumers, and preserve the intellectual
property rights of trademark owners, all registries of generic
top-level domain names must meet the set of technical,
managerial, and site requirements outlined below. Only
prospective registries that meet these criteria will be allowed
by IANA to register their gTLD in the "A" server. If, after it
begins operations, a registry no longer meets these requirements,
IANA may transfer management of the domain names under that
registry's gTLD to another organization.
Independent testing, reviewing, and inspection called for in
the requirements for registries should be done by appropriate
certifying organizations or testing laboratories rather than IANA
itself, although IANA will define the requirements and the
procedures for tests and audits.
These requirements apply only to generic TLDs. They will
apply to both existing gTLDs (e.g., .com, .edu., .net, .org) and
new gTLDs. Although they are not required to, we expect many
ccTLD registries and registrars may wish to assure their
customers that they meet these requirements or similar ones.
Registries will be separate from registrars and have only
registrars as their customers. If a registry wishes to act both
as registry and registrar for the same TLD, it must do so through
separate subsidiaries. Appropriate accounting and
confidentiality safeguards shall be used to ensure that the
registry subsidiary's business is not utilized in any manner to
benefit the registrar subsidiary to the detriment of any other
registrar.
Each top-level domain (TLD) database will be maintained by
only one registry and, at least initially, each new registry can
host only one TLD.
Registry requirements:
1. An independently-tested, functioning DATABASE AND
COMMUNICATIONS SYSTEM that:
a. Allows multiple competing registrars to have secure
access (with encryption and authentication) to the
database on an equal (first-come, first-served) basis.
b. Is both robust (24 hours per day, 365 days per year)
and scalable (i.e., capable of handling high volumes of
entries and inquiries).
c. Has multiple high-throughput (i.e., at least T1)
connections to the Internet via at least two separate
Internet Service Providers.
d. Includes a daily data backup and archiving system.
e. Incorporates a record management system that maintains
copies of all transactions, correspondence, and
communications with registrars for at least the length
of a registration contract.
f. Features a searchable, on-line database meeting the
requirements of Appendix 2.
g. Provides free access to the software and customer
interface that a registrar would need to register new
second-level domain names.
h. An adequate number (perhaps two or three) of
globally-positioned zone-file servers connected to the
Internet for each TLD.
2. Independently-reviewed MANAGEMENT POLICIES, PROCEDURES, AND
PERSONNEL including:
a. Alternate (i.e., non-litigation) dispute resolution
providing a timely and inexpensive forum for
trademark-related complaints. (These procedures should
be consistent with applicable national laws and
compatible with any available judicial or
administrative remedies.)
b. A plan to ensure that the registry's obligations to its
customers will be fulfilled in the event that the
registry goes out of business. This plan must indicate
how the registry would ensure that domain name holders
will continue to have use of their domain name and that
operation of the Internet will not be adversely
affected.
c. Procedures for assuring and maintaining the expertise
and experience of technical staff.
d. Commonly-accepted procedures for information systems
security to prevent malicious hackers and others from
disrupting operations of the registry.
3. Independently inspected PHYSICAL SITES that feature:
a. A backup power system including a multi-day power
source.
b. A high level of security due to twenty-four-hour guards
and appropriate physical safeguards against intruders.
c. A remotely-located, fully redundant and staffed twin
facility with "hot switchover" capability in the event
of a main facility failure caused by either a natural
disaster (e.g., earthquake or tornado) or an accidental
(fire, burst pipe) or deliberate (arson, bomb) man-made
event. (This might be provided at, or jointly
supported with, another registry, which would encourage
compatibility of hardware and commonality of
interfaces.)
Registrar requirements
Registries will set standards for registrars with which they wish
to do business. The following are the minimal qualifications
that IANA should mandate that each registry impose and test or
inspect before allowing a registrar to access its database(s).
Any additional requirements imposed by registries on registrars
must be approved by IANA and should not affect the stability of
the Internet or substantially reduce competition in the registrar
business. Registries may refuse to accept registrations from
registrars that fail to meet these requirements and may remove
domain names from the registries if at a later time the registrar
which registered them no longer meets the requirements for
registrars.
1. A functioning DATABASE AND COMMUNICATIONS SYSTEM that
supports:
a. Secure access (with encryption and authentication) to
the registry.
b. Robust and scalable operations capable of handling
moderate volumes.
c. Multiple connections to the Internet via at least two
Internet Service Providers.
d. A daily data backup and archival system.
e. A record management system that maintains copies of all
transactions, correspondence, and communications with
all registries for at least the length of a
registration contract.
2. MANAGEMENT POLICIES, PROCEDURES, AND PERSONNEL including:
a. A plan to ensure that the registrar's obligations to
its customers and to the registries will be fulfilled
in the event that the registrar goes out of business.
This plan must indicate how the registrar would ensure
that domain name holders will continue to have use of
their domain name and that operation of the Internet
will not be adversely affected.
b. Commonly-accepted procedures for information systems
security to prevent malicious hackers and others from
disrupting operations.
3. Independently inspected PHYSICAL SITES that features:
a. A backup power system.
b. A high level of security due to twenty-four-hour guards
and appropriate physical safeguards against intruders.
c. Remotely-stored backup files to permit recreation of
customer records.
� Appendix 2
Minimum Dispute Resolution and Other Procedures related to
Trademarks
1. Minimum Application Requirements:
a. Sufficient owner and contact information (e.g., names,
mail address for service of process, e-mail address,
telephone and fax numbers, etc.) to enable an
interested party to contact either the owner/applicant
or its designated representative; and a
b. Certification statement by the applicant that:
- it is entitled to register the domain name for
which it is applying and knows of no
entity with superior rights in the domain
name; and
- it intends to use the domain name.
2. Searchable Database Requirements:
a. Utilizing a simple, easy-to-use, standardized search
interface that features multiple field or string
searching and the retrieval of similar names, the
following information must be included in all registry
databases, and available to anyone with access to the
Internet:
- up-to-date ownership and contact information;
- up-to-date and historical chain of title
information for the domain name;
- a mail address for service of process;
- the date of the domain name registration; and
- the date an objection to registration of the
domain name was filed.
3. Updated Ownership, Contact and Use Information
a. At any time there is a change in ownership, the domain
name owner must submit the following information:
- up-to-date contact and ownership information and
- a description of how the owner is using the
domain name, or, if the domain name is not in
use, a statement to that effect.
4. Alternative Dispute Resolution of Domain Name Conflicts:
a. There must be a readily available and convenient
dispute resolution process that requires no
involvement by registrars.
b. Registries/Registrars will abide by the decisions
resulting from an agreed upon dispute resolution
process or by the decision of a court of competent
jurisdiction.
c. If an objection to registration is raised within 30
days after registration of the domain name, a brief
period of suspension during the pendency of the dispute
will be provided by the registries.
___________________________________________
ENDNOTES
1. The RFC and comments received are available
on the Internet at the following address: http://www.ntia.doc.gov
2. See generally MDT Corp.
v. New York Stock Exchange, 858 F. Supp. 1028 (C.D. Calif. 1994).
3. See Lockheed Martin Corp. v.
Network Solutions, Inc., 1997 WL 721899 (C.D. Calif. 11/17/97); Panavision
International v. Toeppen, 1996 U.S. Dist. LEXIS 20744, 41 U.S.P.Q.2d
1310 (C.D. Calif. 1996).
4. Management principles for the .us domain space
are set forth in Internet RFC 1480, (http://www.isi.edu/in-notes/rfc1480.txt)