PAB GP comments

Kent Crispin (
Mon, 2 Mar 1998 10:59:05 -0800

Well, my life in the real world has been intruding lately, so I
haven't produced comments as fast as I would like. But there's enough
there to perhaps get some debate. So here's what I have so far. Note
that this is still pretty rough, and it's not up to the standards of
the comments that Kevin did on the original RFC. But we should put out

Comments on Proposed Rule:

National Telecommunications and Information Administration
15 CFR Chapter XXIII
[Docket No. 980212036-8036-01]
RIN 0660-AA11

Improvement of Technical Management of Internet Names and

Also known as the "Green Paper" (GP).

Comments by gTLD MoU Policy Advisory Body (PAB)

I. The role of the USG in dealing with the DNS problem.

The self-defined rationale for the GP is "to privatize, increase
competition in, and promote international participation in the domain
name system." These are laudable goals. However, with one notable
exception, the Internet community is doing these things itself -- the
goal of privatization is being achieved without any government
intervention necessary.

1) The GP correctly identifies a problem with the IANA function --
as the controlling authority for the root zone it is susceptible to
pressure from economic and <b>government</b> interests, and it needs
to develop a mechanism that allows it to maintain its enviable
reputation for independent, fair, impartial, and responsible control.

However, IANA has run without government involvement for many years
now. This is community knowledge: From RFC1601 "Charter of the
Internet Architecture Board (IAB)", dated March 1994:

"(d) RFC Series and IANA

The IAB is responsible for editorial management and publication of
the Request for Comments (RFC) document series, and for
administration of the various Internet assigned numbers."

The date on this RFC is 1994. IANA and IAB have been operating under
it since that time, with the full support and understanding of the US
Government. Of course, during that time it has also been recognized
that the IANA function includes delegation of TLDs -- many
country-code TLDs have been delegated in the intervening 4 years.

It is also US Government knowledge -- from the NSI cooperative
agreement, signed by NSF, in 1992:

[quote which states that Jon Postel has been doing this for a long time]

In keeping with it's independent, fair, impartial, and responsible
reputation, IANA is now developing a new structure that will insulate
it from undue pressure, but at the same time make it responsive to the
community. The GP, by inadvertently raising the spectre of US
Government control, can take some credit for motivating this activity.
But the international outcry raised by the GP should make it clear
that IANA should continue this activity on its own, without any
further prodding from the USG.

This serious error in the GP apparently stems from a fundamental
confusion concerning what the Internet is. The Internet is not a US
Government network that grew and overflowed its banks. Instead it is
a large set of many, many independent cooperating networks, some of
them operated by governments (many governments, not just the US
Government), but most of them operated by private industry. These
independent networks are independently overflowing their banks. IANA
serves them all, and has for years.

2) The GP also correctly identifies another significant problem -- the
ramp-down of the NSF contract with Network Solutions, Inc. Unlike the
case with IANA, here the USG can offer some real help, and in fact it
has a moral duty to help: The NSI contract situation is a pure mess.
There are serious pending lawsuits that call into question the
legality of the money collected by NSI. There are other serious legal
questions about the way that NSF has handled the privacy protections
of the whois database, and whether NSF has improperly passed ownership
of an extremely valuable database to a private contractor. Here the
Green Paper could show some real leadership, and undo years of serious
US Government mismanagement.

In summary, therefore, the USG has very little to offer the Internet
in terms of privatization - the Internet is handling this problem
quite well on its own. The one service that the USG could provide is
to rectify its own serious mistakes concerning the NSI contract. This
one potentially useful service is, unfortunately, badly bungled in the
Green Paper -- instead of a graceful rampdown, the GP mandates a
permanent monopoly for NSI, with a commanding lead in a fake
competitive environment of parallel monopolies. This issue is very
important, and will be addressed in the following section:

II. The Anti-Competitive Stance of the GP

[issue of intellectual property rights in TLDs]

III. The Green Paper ignores the gTLD MoU

The Green Paper claims to be a consensus building process, yet the
IAHC plan is not mentioned at all. It is inconceivable that any
attempt to deal with the issue of top-level domains would ignore an
effort such as is embodied in the MoU. Support for the MoU is not
imaginary; it is real. In ignoring the MoU, the GP also ignores:

- ISOC, IAB, IETF, and the recommendations of IANA;

- an intense and ongoing public review process;

- the committment of over 200 signatories of all sizes and

- 88 registrars who committed significant financial resources;

- substantial technical work in the design and implementation of a
shared registry system;

- the support of WIPO, INTA, the ITU and other international

- a carefully designed and heavily reviewed dispute resolution
process for intellectual property disputes;

- a private-sector governance process that is completely open
to the stakeholders in the DNS;

- widespread international and domestic support.

It is true that the MoU has been contentious. However, the GP authors
should now be abundantly aware that *any* proposal that approaches
reality will be subject to the same pressures -- the unfortunate fact
is that there are true competing interests in this arena, and any plan
will leave some parties unhappy.

Some of the unhappy voices have been very loud. But volume is not
an appropriate measure of legitimacy.

By any reasonable measure the IAHC process *is* legitimate:

It was chartered ISOC and IANA -- legitimate, widely respected, in
the global Internet. It has long been a function of IANA to
delegate TLDs; the IANA called for the creation of the IAHC. The
ISOC is an umbrella organization that covers the IAB and the IETF,
and thus, indirectly, the IANA; the ISOC co-sponsored the IAHC

It went through an arduous and contentious public process, and
actively sought input from a very wide variety of Internet
stakeholders. (In fact, the IAHC *included* a representative of the

It gained over 200 signatures on the MoU (the list is still growing
at this time, up 5% in the past 2 weeks), 88 companies and
organizations of all sizes signed up to be registrars (and more are
coming -- about one inquiry a week).

IV. The Green Paper is US-centric, and consequently lacks
international support.

This is amply demonstrated by the strongly negative European Union
response. However, this negative response was predictable from the
following features of the GP:

Though the proposed replacement for IANA has board members from an
international set, the corporation is a US non-profit, under the
policy oversight of the US Government. The crux of this is how the
"policy oversight" is implemented. The implication is that there
will be enabling legislation, the content of which is completely

The world's largest registry, the .com/.net/.org registry, will be
granted to NSI, a for-profit US subsidiary of SAIC, a privately held
Defense Contractor with very strong ties to the US government, as a
permanent unregulated monopoly.

The Green Paper proceedings were conducted as an internal affair of
the US Government, with no formal recognition of the strong interest
of foreign governments in the internet.

The Green Paper ignored the IAHC program, which had made a conscious
and serious effort to be international in scope.

Aside from CORE, *all* the contenders for the for-profit registries
the Green Paper proposes are from the US or Canada.

But there is a more fundamental problem -- *any* unilateral action of
the USG, like the GP, has an intrinsic risk of being seen as an
attempt by US interests to take control of the Internet. The GP
authors blithely ignored that risk, with predictable results. As a
result, the international credibility of the entire USG effort has
been seriously undermined.

The consequences of this recklessness are far more important than the
mere embarassment of the USG: by moving the issue to the arena of
international diplomacy the USG has undermined it's own basic premise
-- the privatization of the Internet.

In fact, the only coherent, widely supported plan that has come from
the private sector is the IAHC plan; the only way that the GP can
regain credibility is to make an about face and endorse the IAHC plan
(perhaps with a set of concerns that the USG feels need to be
addressed.) Any other approach will merely aggravate the suspicions
already rampant.

V. GP creates entrenched incoherent standards for dispute resolution and
trademark policy.

Currently all the extant gTLDs are under the control of NSI's dispute
resolution policy. While this policy is almost uniformly criticized
by trademark attorneys and the public alike, it still presents a
uniform policy.

The GP proposes multiple monopoly registries, each with its own
dispute resolution policy. From the point of view of those trying to
defend their trademarks, this is pure madness -- instead of one
offensive policy they have multiple policies, in multiple
jurisdictions. And because of the widespread dissatisfaction with
wht NSI dispute resolution process, different standards are certain
to be developed.

As the NSI experience shows, companies are loath to disturb their
dispute policies once they are in place. The probably result,
therefore, is the permanent entrenchment of conflicting policies over
the gTLDs.

VI. Requirements for Registrars and Registrars

It is certainly true that registries and registrars should be held to
standards. But two troubling questions arise: 1) whence comes the
authority of the GP to define, and more importantly, enforce, such
standards; and 2) what process did the GP authors go through to
arrive at the rather specific technical standards in the GP.

POC/CORE enlisted a set of volunteer experts to produce the CORE RFP,
which was further reviewed by technical experts from AT&T and
elsewhere. In contrast, the GP includes description of technical
standards for registries and registrars that has gone through no such

It appears that some of the GP requirements were pulled from the CORE
RFP, some from the IAHC report, and some from elsewhere. While the
choice of sources for this pastiche might be flattering to some, the
requirements in the CORE RFP and the IAHC report were done by
experienced technical people with a particular problem domain in mind,
and there is a deep internal consistency to the results.

The GP requirements, not having gone through this level of review,
does not have this internal consistency. It betrays this lack of
depth, for example, when it speaks of requiring "encryption and
authentication". The CORE RFP carefully considered the issue of
encryption in a worldwide context, and concluded that digital
signatures for authentication only would be used, since the use of
encryption is encumbered in many countries, whereas the use of digital
authentication is not. The GP ignores this crucial distinction. [Or
it may be that the GP assumes that all registries and registrars will
actually operate under the US legal system.]

However, the point is not a particular flaw in the requirements --
rather, the point is that technical requirements should be developed
through a technical process, with technical people involved.

Kent Crispin, PAB Chair			"No reason to get excited",			the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55