... and if the VC gets the VP who's here on the QT we'll all get put on KP. :-) Follows a fairly long message containing my comments and opinion subject to a Notice of Inquiry issued by the US Government's NTIA (which means something, but I forget what.) The rough idea as I understand the NOI is "you Internet people got important, and you seem to be having trouble sorting out your domain name registration management stuff. Do we need to step in and help you?" (read: tell you how to do it) I'd appreciate any comments y'all care to make on this, either technically, stylistically... or simply pointing out stuff that my spell checker missed. ;-) My intent is to hit somewhere about halfway between formal corporate comments and much of the self-interested, poorly thought out garbage the website show that they've been getting. http://www.ntia.doc.gov/ntiahome/domainname/domainname.htm (which URL worries me all by itself, but...) Cheers, -- jra -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Follow my comments on the Notice of Inquiry concerning Domain Name Service management. I speak as a commercial consultant on internetworking and computer systems design with 15 years experience. I've used the "call and response" format customary to Internet email; hopefully, my responses will be comprehensible, rather than compost.

Various private sector groups have proposed systems for allocating and managing generic top level domains (gTLDs). The Government is studying

Actually, the initialism "GTLD" is customarily understood to mean "Global Top Level Domain".

A. Appropriate Principles

The Government seeks comment on the principles by which it should evaluate proposals for the registration and administration of Internet domain names. Are the following principles appropriate? Are they complete? If not, how should they be revised? How might such principles best be fostered?

a. Competition in and expansion of the domain name registration system should be encouraged. Conflicting domains, systems, and registries should not be permitted to jeopardize the interoperation of the Internet, however. The addressing scheme should not prevent any user from connecting to any other site.

b. The private sector, with input from governments, should develop stable, consensus-based self-governing mechanisms for domain name registration and management that adequately defines responsibilities and maintains accountability.

c. These self-governance mechanisms should recognize the inherently global nature of the Internet and be able to evolve as necessary over time.

d. The overall framework for accommodating competition should be open, robust, efficient, and fair.

These first four points are platitudes... but they're well thought out platitudes. :-)

e. The overall policy framework as well as name allocation and management mechanisms should promote prompt, fair, and efficient resolution of conflicts, including conflicts over proprietary rights.

This is well phrased, but will be quite difficult to manage in practice. The precise reasons why, I'll take up shortly.

f. A framework should be adopted as quickly as prudent consideration of these issues permits.

In light of the current travails with NSF contractor Network Solutions, yeah, this is a good idea, too.

B. General/Organizational Framework Issues

1. What are the advantages and disadvantages of current domain name registration systems?

From an operational standpoint, the major disadvantage to the current registration system is that Network Solutions appears, based on reports from a statistically significant number of it's customers, incapable of providing reasonable customer service, from a standpoint of response time if no other.

If a request is at all out of the ordinary, the systems in place at NetSol are guaranteed to both mishandle it and delay it. Even normal requests are often troublesome. For example, NSI apparently has an undocumented policy of allowing the "Host Registration" necessary to use a host as a DNS server to be done only once for any given IP address. I'm involved in a situation right now where administrative control of a network is about to change hands, and I attempted to register two hosts in that domain to use as servers. The two registration templates templates were sent out within 60 seconds of one another, the "automated acknowledgement" messages came in 2 and 9 hours later respectively, and 3 _days_ later, _one_ of the registrations was acknowledged. The other registration vanished into limbo, and 60 minutes of toll phone calls a week later were necessary to discover that the registration was bounced "because another host is already registered with that address". Inasmuch as the very DNS system these registrations were intended to support allows multiple names for one address, this is puzzling, but the lack of response, the lack of documentation, and my total inability to successfully contact anyone in authority to discuss the matter are unconscionable. It _has_ to be possible to provide better customer service than this... with a $50M annual revenue stream.

From a _structural_ standpoint, the current Domain Registration system is deficient primarily in it's centralization. Many other components of the Internet have evolved over the course of the last 20 years, but DNS and registration administration is just now reaching it's adolescence.

The other major, and probably insoluble, problem is that the DNS system uses names as addresses. The problem is that names can change, and addresses usually shouldn't. The quintessential example of this is professional service companies like law firms. When Trenam, Simmons, Kemker, Scharf, Barkin, Frye and O'Neill loses a partner and becomes Trenam, Kemker, Scharf, Barkin, Frye, O'Neill and Mullis, what do you do with all that stationary... and more to the point, all those bookmarks and web index engine entries, that say "trensim.com" (or "tsks.com", or whatever)? But it's _way_ too late to do anything about this now, and I'm not sure there ever was a time when it wasn't.

2. How might current domain name systems be improved?

Caution is needed here; what's at odds is primarily the registration systems that underlie DNS, not the technology itself. It's difficult to answer this question without getting "personal" about NetSol; the primary improvement I can see at the moment would be for NSI to start earning the incredible amount of money they unilaterally decided to charge for domain registration service. The other answer to this question is global, and the primary target of this NOI; I'll return to it after building some more ground work.

3. By what entity, entities, or types of entities should current domain name systems be administered? What should the makeup of such an entity be?

There have been half a dozen proposals made for a restructuring of the DNS registration services infrastructure. Of all the approaches I've investigated, I believe that the Denninger/Postel Internet Draft on the topic is the best thought-out, and most comprehensive. Extreme care is necessary here: one of the reasons that the Internet has successfully scaled to the degree that it has in the short amount of time it took is that the underlying foundations of the protocol designs and their implementations were subject almost entirely to engineering discipline; commercial and (say it softly) political concerns were ignored. Make no mistake, the expansion of the DNS registration infrastructure which everyone agrees is necessary must take commercial concerns into account... but it _MUST_ be designed by engineers; it's an engineering issue. We don't allow politicians to design interstate highways.

4. Are there decision-making processes that can serve as models for deciding on domain name registration systems (e.g., network numbering plan, standard-setting processes, spectrum allocation)? Are there private/public sector administered models or regimes that can be used for domain name registration (e.g., network numbering plan, standard setting processes, or spectrum allocation processes)?

These issues are covered in the Denninger/Postel draft, but I'll note that while the primary concerns are infrastructural, and thus engineering, the main secondary, operational, concern is that of validation of registration entities, providing for a common set of clearly enumerated policies (for things like trademark disputes) which all registration entities must agree upon(/have imposed on them).

What is the proper role of national or international governmental/non-governmental organizations, if any, in national and international domain name registration systems?

From an operational standpoint, there _must_ be some centralized agency with responsibility for the "ownership" of the root of the DNS namespace (commonly, but incorrectly, referred to as ".").

However, this agency's sole duty should be to delegate it's authority to TLD registries and arbitrate disputes. The design of the system and the charter of this board should be such as to make it structurally immune to litigation about issues like, for example, trademarks. It must have both the authority and the resources to reassign or temporarily support any domain whose registrar become unable to continue it's services. Two points are important here: 1) Registry services and DNS service provision are related but need not be combined: it's possible to envision an environment in which registries contract out the actual provision of DNS root services to a technically competent third party, thus isolating customers from business problems at the registry entity, and 2) Regardless of the legalities, domain names are being viewed as property by their holders, and substantial investments are being made in them, primarily in publicity, but also in customer mindshare. The nature of the net is such that it depends on this behavior, and therefore it must be taken into account when prioritizing such items as continuance of service.

5. Should generic top level domains (gTLDs), (e.g., .com), be retired from circulation?

I think not, for the reasons enumerated above. Many companies are actually _named after_ their domain names; and while "no law guarantees that anyone will be able to continue making his living in a certain manner" (Judge Learned Hand), neither are flag days looked upon kindly; justification for such things must be reached by consensus.

Should geographic or country codes (e.g., .US) be required?

See above; ie: no.

If so, what should happen to the .com registry? Are gTLD management issues separable from questions about International Standards Organization (ISO) country code domains?

I don't see any good reason to need to separate the topics; the parallel structures don't seem to be what is causing the problem.

6. Are there any technological solutions to current domain name registration issues? Are there any issues concerning the relationship of registrars and gTLDs with root servers?

The current issues appear to be architectural and commercial, rather than technical, and therefore require architectural solutions.

7. How can we ensure the scalability of the domain name system name and address spaces as well as ensure that root servers continue to interoperate and coordinate?

These are mostly technical questions, and I don't claim to be an expert on the topic, but if I don't see the names Vixie, Halley, Margolin, and Liu on any paper asserting to answer this question authoritatively, I'll assume it doesn't know what it's talking about. That is: there are experts on these topics, and anyone in authority who flouts them, or worse, ignores them, does so at the peril of the entire Internet. (Note to readers: there are other DNS experts, obviously; I simply picked the top 4 I see on the mailing list as examples.)

8. How should the transition to any new systems be accomplished?

This is already taking place. There are root nameservers which are _not_ authoritative for .com and the other domains currently run by NSI; this experiment seems to be working. There are also currently operational root servers for view of the namespace which include alternate TLDs, these include alternic.nic. In short, as long as the current operators of the DNS roots (which primarily means NSI) help rather than hinder, a transition will be a Small Matter of Administration.

C. Creation of New gTLDs

10. Are there technical, practical, and/or policy considerations that constrain the total number of different gTLDs that can be created?

Mostly, the size of the TLD tag. Traditionally, these have been 2 or 3 characters; the D/P draft suggests a maximum of 4 or 5, which seems sand, but does impose an absolute limit. Also, this limit is smaller than it might seem it ought to be: all components of domain names _must_ be pronounceable. This is more a social limitation than a technical one (indeed, the software doesn't care), but it's a requirement nonetheless.

11. Should additional gTLDs be created?

Let's be careful here: the same namespace issues apply to TLD's that apply to Usenet newsgroups: creating new ones without extensive discussion and justification ought to be _expensive_ and _time consuming_. Much too little concern is given to namespace control... which isn't surprising; it's an architectural issue, and most people aren't architects. But it's nonetheless crucial to the ongoing simplification and "consumerizing" of the net of the net. Case in point example: ".firm". Is there really anyone who's _thinking_ about this, who doesn't know which company will register "ibm.firm" the second it hits the table? They've probably got an employee whose job is nothing else, by now. That is to say, "horizontal" segmentation of the namespace will not work; the problems are identical to those in the botched release of the 888 toll free NPA. Who owns 1 888 FLOWERS? And ".nom" is simply stupid. However, in the grand scheme of things, yes.

12. Are there technical, business, and/or policy issues about guaranteeing the scalability of the name space associated with increasing the number of gTLDs?

Well, it's likely that as long as the scaling doesn't go too fast, the technology and policy issues involved can keep up with it. Ensuring this is probably the job of whatever group gets appointed to own the root of the namespace. And I'll say this again. This is an architectural function. Would _you_ want to live in a house designed by a politician?

13. Are gTLD management issues separable from questions about ISO country code domains?

No; ISO3166 registries already exist, and by their nature, probably should have their policy making continue unimpeded by any except technical considerations. The only control that appears necessary is the "we're the new government, delegate to us now" sort of incident... and this is large enough that it doesn't really matter _who_ has the responsibility... professional diplomats will be the implementors.

D. Policies for Registries

15. Should a gTLD registrar have exclusive control over a particular gTLD? Are there any technical limitations on using shared registries for some or all gTLDs? Can exclusive and non-exclusive gTLDs coexist?

I should think that it would be difficult to have more than one registrar for a TLD. The difficulty can be better illustrated by observing that there are three functions performed by registrars: 1) Policy and administration, 2) registration operations, and 3) nameserver operation. The first is the largest problem, and for technical reasons, the current implementation of DNS makes division of number 3 difficult as well.

16. Should there be threshold requirements for domain name registrars, and what responsibilities should such registrars have? Who will determine these and how?

Yes, there should. There is some merit to the idea, possibly original to me, that these threshold requirements should be a contractual issue between the registry and its clients (with the exception of grandfathered TLD's, of course). Since these requirements are to protect the clients, the only reason I can see for externally-imposed requirements are in the event that more than one entity applies to host the same TLD name simultaneously. Arbitrating these types of disputes would be another job of the root operators.

17. Are there technical limitations on the possible number of domain name registrars?

Only the available number of registerable TLDs.

18. Are there technical, business and/or policy issues about the name space raised by increasing the number of domain name registrars?

Hmmm... technically, yes. It becomes necessary to uncouple the root nameservers from the TLD nameservers. Business? Making sure that customers see a _reasonably_ coherent view of the TLD namespace, from a registration policies standpoint.

19. Should there be a limit on the number of different gTLDs a given registrar can administer? Does this depend on whether the registrar has exclusive or non-exclusive rights to the gTLD?

I believe that this is a question of workload and the ability to handle it. I _do_ think that a raw numerical limit wouldn't work the way it was intended, as there are groups of TLD's that comprise a "concept", which probably ought to be administered together... like, for example, .am, .fm, .tv, .news and .mag. These also comprise a good example of TLDs which ought to have special policies; I, for example, would allow in the first three categories only customers who could document an FCC broadcasting license for the appropriate domain.

20. Are there any other issues that should be addressed in this area?

Probably, but I'm pretty certain that the D/P draft addresses them.

E. Trademark Issues

Oh, God.

21. What trademark rights (e.g., registered trademarks, common law trademarks, geographic indications, etc.), if any, should be protected on the Internet vis-a-vis domain names?

This is probably the single biggest problem with the current .com domain. As long as the policy is stable, and well documented, and _doesn't change on a whim_, I'm not sure it matters. The market will fix any inequities here. The reason this is really a problem, though--as is a surprise to no one--is one of jurisdiction. There are hundreds of geographical jurisdictions for trademark control, and usually, the geographical separation involved is enough. "Smith's Plumbing" in Alaska probably cares very little about competition from "Smith's Plumbing" in Arkansas. And then along came the net. There's no perfectly satisfactory solution... But disabling a domain name's service that a customer has both paid for and advertised extensively, without warning, or right of contest -- NetSol's policy -- is simply _not_ acceptable.

22. Should some process of preliminary review of an application for registration of a domain name be required, before allocation, to determine if it conflicts with a trademark, a trade name, a geographic indication, etc.?

Nothing would ever get registered. _Everything_ conflicts with something, somewhere on the globe. In the course of ordinary business, these factors are the responsibility of the business, I see no reason why they shouldn't stay there.

If so, what standards should be used? Who should conduct the preliminary review? If a conflict is found, what should be done, e.g., domain name applicant and/or trademark owner notified of the conflict? Automatic referral to dispute settlement?

Anything except the sudden "On Hold" will be fine, thanks.

23. Aside from a preliminary review process, how should trademark rights be protected on the Internet vis-a-vis domain names? What entity(ies), if any, should resolve disputes? Are national courts the only appropriate forum for such disputes? Specifically, is there a role for national/international governmental/nongovernmental organizations?

Alas, (I say alas because countries have a disturbingly long history of not being able to agree on these topics), I don't think anything except an international body of some kind will have jurisdiction.

24. How can conflicts over trademarks best be prevented? What information resources (e.g. databases of registered domain names, registered trademarks, trade names) could help reduce potential conflicts? If there should be a database(s), who should create the database(s)? How should such a database(s) be used?

This is actually a question of intellectual property rights management, not one of technology per se, nor the Internet, per se. Check with Carl Oppedahl; he makes a living on this stuff. :-)

25. Should domain name applicants be required to demonstrate that they have a basis for requesting a particular domain name? If so, what information should be supplied? Who should evaluate the information? On the basis of what criteria?

This is a difficult question to answer. It might help, but I feel that the net is a hotbed of opportunity for entrepreneurialism, and entrepreneurs often do the legal paperwork last. Besides, this would impose one more load on potential registrars. No, it's probably a good idea, but I'm not sure it's feasible.

26. How would the number of different gTLDs and the number of registrars affect the number and cost of resolving trademark disputes?

I think the root-ops would have to make the appropriate arbitration policies and require TLD registries to adopt them as part of their contracts.

27. Where there are valid, but conflicting trademark rights for a single domain name, are there any technological solutions?

Nope. Modify the name in some fashion. A client is an Allied Van Lines moving agent. When Allied went to request a domain name, {allied,avl}.{com,net} were all taken. On bad advice, they registered alliedvan.net, which they've since modified to the more expected alliedvan.com. It isn't great, but the other registrants had good trademark claims to the other names, as well, so Allied Did The Right Thing, and solved it's problems by clever _use_ of the technology, rather than in court. Note that that's not a "technological fix"... it's simply an intelligent _use_ of technology that already exists. Another example: that client is on the net as well. When they went to apply, they discovered that "blocker.com", the appropriate domain name for this 99 year old company, was already taken... by some "name registry company" in Canada for an unknown, and possibly non-existent client. So, taking advantage--again--of a little common sense, they registered "blocker100.com", "in recognition of their upcoming century anniversary".

28. Are there any other issues that should be addressed in this area?

Dozens, but they haven't all come up yet. Copies of the Denninger draft are available from www.alternic.net, the Postel inet-draft is in the usual places. And in closing, allow me to compliment NTIA for soliciting, and indeed _allowing_ the submission of comments electronically; this much improves the chances you'll get what you're looking for. Hopefully, my comments will prove useful, informative... and not too derogatory to NSI. :-) Cheers, -- jra -- Jay R. Ashworth High Technology Systems Consulting Ashworth Designer Linux: Where Do You Want To Fly Today? & Associates ka1fjx/4 "...short of hiring the Unabomber, how can I +1 813 790 7592 jra@baylink.com get back at them?" --Andy Cramer NIC: jra3 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "People propose, science studies, technology Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592 -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "People propose, science studies, technology Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592