From: owner-wg-c-digest@dnso.org (WG-C-DIGEST) To: wg-c-digest@dnso.org Subject: WG-C-DIGEST V1 #20 Reply-To: Sender: owner-wg-c-digest@dnso.org Errors-To: owner-wg-c-digest@dnso.org Precedence: bulk WG-C-DIGEST Friday, February 25 2000 Volume 01 : Number 020 ---------------------------------------------------------------------- Date: Thu, 24 Feb 2000 10:48:47 -0800 From: "Roeland M.J. Meyer" Subject: RE: [wg-c] Re: nine principles for domain names > Expand (one time only please) on the provability of your assertion that > sufficiently effective competition cannot be mounted against .COM. Because the barriers to entry, in the dot-com market, are too high? ------------------------------ Date: Thu, 24 Feb 2000 14:18:05 -0500 From: Milton Mueller Subject: [wg-c] Some reactions to the principles v5 A bit of Occam's razor, and a bit more sensitivity to competition policy, and I think we'll be in good shape. Philip Sheppard wrote: > 1. Certainty: a gTLD should give the net user confidence that it stands for > what it purports to stand for. > 2. Honesty – a gTLD should not unnecessarily increase opportunities for > malicious or criminal elements who wish to defraud net users. Isn't principle 2 all we really need here? I.e., principle 1 is relevant only insofar as it contributes to the goal of principle 2. But left in there it might be interpreted to exclude TLDs that are simply brands or new ideas that don't "stand for" anything -- YET -- to net users. > 3. Differentiation – a gTLD should differentiate from all other gTLDs so as > not to confuse net users. Here I am concerned with competition policy issues. I would not like to see P3 used to block new proposals on the grounds that they would compete with existing TLDs. Nor would I want to see existing TLDs harden into permanent monopolies on a specific category. E.g., to take a specific example, suppose ".enum" is authorized for domain name to telephone number mapping. Another group proposes ".voip," which offers basically the same functionality, intentionally designed to compete with .enum, but uses a clearly different name. I do not want the .enum people to be able to block the creation of .voip on the grounds that it is not "differentiated" because it offers the same functionality. So let's reword P3 and P4 as follows: 3. Differentiation -- the selection of a gTLD string should not confuse Internet users. gTLDs should be clearly differentiated by the string and/or by the marketing and functionality associated with the string. > 4. Competition – new gTLDs should foster competition in the domain name > space. 4. Competition - new gTLDs should foster competition in the supply of domain names and in the provision of Internet applications and services. The authorization process for new gTLDs should not be used as a means of protecting existing service providers from competition. > 5. Diversity - new gTLDs should foster the expression of views, both > commercial and non-commercial. This is fine. > 6. Semantics – a gTLD should be meaningful in a language with a significant > number of net users or have an imputed meaning connected with such a > language. I still find this redundant. I do not understand what organization is going to propose, invest in and operate a gTLD that is not meaningful or of interest to a significant number of net users. It seems to address a non-issue. Moreover, if I were a Thai or a Korean or a resident of any other small country with its own language, I might feel a bit excluded by such a principle. If you must keep this principle, try this modification: 6. Semantics -- registry applications for gTLDs should explain what meaning will be imputed to the proposed gTLD string. > 7. Findability – a gTLD should assist a net user to find a particular domain > name. Can this not be incorporated into the differentiation principle? We have, I think, pretty much demolished the idea that TLDs are used as a searching tool, although everyone recognizes that in the current environment people try to guess names in the ".com" space. All we really need to say, then, is that TLDs should be differentiated and not confusing. That is the only way in which TLDs play a role in "findability." > 8. Multiplicity - new gTLDs should become available as needed to meet the > needs of an expanding Internet community. Yes. > 9. Simplicity - adherence of the above principles should not impose an > overly bureaucratic procedure on a registry. Yes. - --MM ------------------------------ Date: Thu, 24 Feb 2000 13:57:15 -0800 From: "Roeland M.J. Meyer" Subject: [wg-c] FW: Infosecurity @ White House FWIW: MHSC has been maintainig for years that there are security aspects to domain names and TLDs. But, most of you have heard my views by now. This is something I thought might be pertinent. > -----Original Message----- > From: Windows NTBugtraq Mailing List > [mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM]On Behalf Of Shattered > Promotions > Sent: Wednesday, February 23, 2000 10:05 AM > To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM > Subject: Infosecurity @ White House > > > [Note: you may post this account or forward it to mailing lists, provided > you pass the account and this notice in its entirety.] > > Infosecurity at the White House > Gene Spafford > > Prolog > > Last week (ca. 2/8/00), a massive distributed denial of service attack was > committed against a number of Internet businesses, including e-Bay, Yahoo, > Amazon.com, and others. This was accomplished by breaking into hundreds > (thousands?) of poorly-secured machines around the net and > installing packet > generation "slave" programs. These programs respond by remote control to > send packets of various types to target hosts on the network. The > resulting > flood effectively shut those target systems out of normal operation for > periods ranging up to several hours. > > The press jumped all over this as if it was something terribly > new (it isn't > -- experienced security researchers have known about this kind of problem > for many years) and awful (it can be, but wasn't as bad as they > make it out > to be). One estimate in one news source speculated that over a billion > dollars had been lost in lost revenue, downtime, and preventative > measures. > I'm skeptical of that, but it certainly is the case that a > significant loss > occurred. > > Friday, Feb 11, I got a call from someone I know at OSTP (Office > of Science > and Technology Policy) inquiring if I would be available to meet with the > President as part of a special meeting on Internet security. I > said "yes." I > was not provided with a list of attendees or an agenda. Initially, I was > told it would be a meeting of security experts, major company > CEOs, and some > members of the Security Council, but that was subject to change. > > The Meeting > > I arrived at the Old Executive Office Building prior to the > meeting to talk > with some staff from OSTP. These are the people who have been > working on the > Critical Infrastructure issues for some time, along with some in the > National Security Council. They really "get it" about the > complexity of the > problem, and about academia's role and needs, and this may be one > reason why > this was the first Presidential-level meeting on information security that > included academic faculty. > > After a few minutes, I was ushered into Dr. Neal Lane's office where we > spent about 15 minutes talking. (As a scientist and polymath, I think Lane > has one of the more fascinating jobs in the Executive Branch: that of > Assistant to the President for Science and Technology and > Director of OSTP . > For instance, on his table he had some great photos of the Eros asteroid > that had been taken the day before.) We then decided to walk over to the > White House (next door) where we joined the other attendees who > were waiting > in a lobby area. > > Eventually, we were all escorted upstairs to the Cabinet Room. It was a > tight fit, as there were over 30 of us, staff and guests (invitee list at > the end). We then spent a half hour mingling and chatting. There > were a lot > of people I didn't know, but that's because normally I don't get > to talk to > CEOs. Most notably, there were people present from several CERIAS sponsor > organizations (AT&T, Veridian/Trident, Microsoft, Sun, HP, Intel, > Cisco). I > also (finally!) got to meet Prof. David Farber in person. We've > "known" each > other electronically for a long time, but this was our first in-person > meeting. > > After a while, some more of the government folk joined the group: Attorney > General Reno; Commerce Secretary Daley; Richard Clarke, the National > Coordinator for Security, Infrastructure Protection and Counter-terrorism; > and others. After some more mingling, I deduced the President was about to > arrive -- several Secret Service agents walked through the room giving > everyone a once-over. Then, without any announcement or fanfare, the > President came into the room along with John Podesta, his chief of staff. > > President Clinton worked his way around the room, shaking everyone's hand > and saying "hello." He has a firm handshake. In person, he looks thinner > than I expected, and is not quite as tall as I expected, either. > > We all then sat down at assigned places. I had the chair directly opposite > the President. Normally, it is the chair of the Secretary of State. To my > left was Whit Diffie of Sun, and to my right was John Podesta. I was > actually surprised that I had a seat at the table instead of in the > "overflow" seats around the room. > > The press was then let into the room. It was quite a mass. The President > made a statement, as did Peter Solvik of Cisco. The press then > asked several > questions (including one about oil prices that had nothing to do with the > meeting). Then, they were ushered out and the meeting began. > > The President asked a few individuals (Podesta, Daley, Reno, > Pethia, Noonan) > to make statements on behalf of a particular segment of industry of > government, and then opened it up for discussion. The next hour went by > pretty quickly. Throughout, the President listened carefully, and seemed > really involved in the discussion. He asked several follow-up questions to > things, and steered the discussion back on course a few times. He followed > the issues quite well, and asked some good follow-up questions. > > During the discussion, I made two short comments. The first was > about how it > was important that business and government get past using cost as the > primary deciding factor in acquiring computer systems, because quality and > safety were important. I went on to say that it was important to start > holding managers and owners accountable when their systems failed > because of > well-known problems. I observed that if the government could set a good > example in these regards, others might well follow. > > My second comment was on the fact that everyone was talking about > "business > and government" at the meeting but that there were other players, and that > academia in particular could play an important part in this whole > situation > in cooperation with everyone else. After all, academia is where > much of the > research gets done, and where the next generation of leaders, researchers, > and businesspeople are coming from! > > Overall, the bulk of the comments and interchange were reasoned > and polite. > I only remember two people making extreme comments (to which the > rest of us > gave polite silence or objections); I won't identify the people here, but > neither were CERIAS sponsors :-). One person claimed that we were in a > crisis and more restrictions should be placed on publishing vulnerability > information, and the other was about how the government should fund > "hackers" to do more offensive experimentation to help protect systems. My > summary of the major comments and conclusions is included below. > > After considerable discussion, the meeting concluded with Dick Clarke > reminding everyone that the President had submitted a budget to Congress > with a number of new and continuing initiatives in information > security and > cybercrime investigation, and it would be up to Congress to provide the > follow-through on these items. > > We then broke up the meeting, and the President spent a little more time > shaking hands and talking with people present. Buddy (his dog) somehow got > into the room and "met" several of us, too -- I got head-butt in > the side of > my leg as he went by. :-) The official photographer got a picture of the > President shaking my hand again. > > The President commented to Vint Cerf how amazed he was that the group had > been so well-behaved --- we listened to each other, no one made long > rambling speeches, and there was very little posturing going on. > Apparently, > similar groups from other areas are quite noisy and contentious. > > We (the invitees) then went outside where there was a large crowd of the > press. Several of us made short statements, and then broke up into groups > for separate interviews. After that was done, I left and returned home to > teach class on Wednesday. > > My interview with the local news station didn't make it on the > 6pm news, and > all the print accounts seemed make a big deal of the fact that "Mudge" was > at the meeting. Oh well, I thought "Spaf" was a way-cool "handle", better > than "Mudge" but it doesn't go over as well with the press for > some reason. > I'll have to find some other way to develop a following of groupies. :-) > > On Friday, I was back in DC at the White House conference center to > participate in a working session with the PCAST (President's Committee of > Advisors on Science & Technology) to discuss the structure and > organization > of the President's proposed Institute for Information Infrastructure > Protection. This will have a projected budget of $50 million per year. > CERIAS is already doing a significant part of what the IIIP is supposed to > address (but at a smaller scale). Thus, we may have a role to play in that > organization, as will (I hope) many of the other established infosec > centers. The outcome of that meeting was that the participants > are going to > draft some "strawman" documents on the proposed IIIP organization for > consideration. I am unsure whether this is significant progress or not. > > Outcomes > > I didn't enter the meeting with any particular expectations. > However, I was > pleasantly surprised at the sense of cooperation that permeated > the meeting. > I don't think we solved any problems, or even set an agenda of > exactly what > to do. There was a clear sense of resistance from the industry > participants > to any major changes in regulations or Internet structure. In > fact, most of > the companies represented did not send CEOs so that (allegedly) > there would > be no one there who could make a solid commitment for their firms > should the > President press for some action. > > Nonetheless, there were issues discussed, some subsets of those > present did > agree to meet and pursue particular courses of action, and we > were reminded > about the President's info protection plan. To be fair, this is > an area that > has been getting attention from the Executive Branch for several years, so > this whole event shouldn't be seen as a sudden reaction to > specific events. > Rather, from the PCCIP on, there has been concern and awareness of the > importance of these issues. This was simply good timing for the > President to > again demonstrate his concern, and remind people of the national plan that > was recently released. > > I came away from the meeting with the feeling that a small, positive step > had been made. Most importantly, the President had made it clear that > information security is an area of national importance and that > it is taken > seriously by him and his administration. By having Dave Farber and myself > there, he had also made a statement to the industry people > present that his > administration takes the academic community seriously in this > area. (Whether > many of the industry people got that message -- or care -- remains to be > seen.) > > I recall that there were about 7 major points made that no one disputed: > 1) The Internet is international in scope, and most of the > companies present > have international operations. Thus, we must continue to think > globally. US > laws and policies won't be enough to address all our problems. > 2) Privacy is a big concern for individuals and companies alike. Security > concerns should not result in new rules or mechanisms that result in > significant losses of privacy. > 3) Good administration and security hygiene are critical. The problems of > the previous week were caused by many sites (including, allegedly, some > government sites) being compromised because they were not maintained and > monitored. This, more than any perceived weakness in the Internet, led to > the denial of service. > 4) There is a great deal of research that yet needs to be done. > 5) There are not enough trained personnel to deal with all our security > needs. > 6) Government needs to set a good example for everyone else, by using good > security, employing standard security tools, installing patches, and > otherwise practicing good infosec. > 7) Rather than new structure or regulation, broadly-based cooperation and > information sharing is the near-term approach best suited to solving these > kinds of problems. > > Let's see what happens next. I hope there is good follow-though by some of > the parties in attendance, both within and outside government. > > Miscellany > > Rich Pethia of CERT, Alan Paller of SANS, and I have drafted a > short list of > near-term actions that sites can implement to help prevent a recurrence of > the DDOS problems. Alan is going to coordinate input from a number of > industry people, and then we will publicize this widely. It isn't > an agenda > for research or long-term change, but we believe it can provide a concrete > set of initial steps. This may serve as a good model for future such > collaborative activities. > > I was asked by several people if I was nervous. Actually, no. I've been on > national television many times, and I've spoken before crowds of nearly a > thousand people. Actually, *he* should have been nervous -- I have tenure, > and he clearly does not. :-) > > The model we have at CERIAS with the partnership of industry and > academia is > exactly what is needed right now. Our challenge is to find some ways to > solve our faculty needs and space shortage. In every other way, we're > ideally positioned to continue to make a big difference in the > coming years. > > Of the 29 invited guests, there was only one woman and one member of a > traditional minority. I wonder how many of the people in the room didn't > even notice? > > Attendees > > Douglas F. Busch > Vice President of Information Technology, Intel > > Clarence Chandran > President, Service Provider & Carrier Group, Nortel Networks > > Vinton Cerf > Senior Vice President, Internet & Architecture & Engineering, MCI Worldcom > > Christos Costakos > Chief Executive Officer, E-Trade Group, Inc. > > Jim Dempsey > Senior Staff Counsel, Center for Democracy and Technology > > Whitfield Diffie > Corporate Information Officer, Sun Microsystems > > Nick Donofrio > Senior Vice President and Group Executive, Technology & Manufacturing, IBM > > Dave Farber > University of Pennsylvania > > Elliot Gerson > Chief Executive Officer, Lifescape.com > > Adam Grosser > President, Subscriber Networks, Excite@home > > Stephen Kent > BBN Technologies (GTE) > > David Langstaff > Chairman and Chief Executive Officer, Veridan > > Michael McConnell > Booz-Allen > > Mary Jane McKeever > Senior Vice President, World Markets, AT&T > > Roberto Medrano > Senior Vice President, Hewlett Packard > > Harris N. Miller > President, Information Technology Association of America (ITAA) > > Terry Milholland > Chief Information Officer, EDS > > Tom Noonan > Internet Security Systems (ISS) > > Ray Oglethorpe > President, AOL Technologies, America Online > > Allan Paller > Chairman, SANS Institute > > Rich Pethia > CERT/CC, SEI at Carnegie-Mellon University > > Geoff Ralston > Vice President for Engineering, Yahoo! > > Howard Schmidt > Chief Information Security Officer, Microsoft > > Peter Solvik > Chief Information Officer, Cisco Systems > > Gene Spafford > CERIAS at Purdue University > > David Starr > Chief Information Officer, 3Com > > Charles Wang > Chief Executive Officer, Computer Associates International > > Maynard Webb > President, Ebay > > Peiter Zatko a.k.a. "Mudge" > @stake > > -- > COMPASS [for the CDC-6000 series] is the > sort of assembler one expects from a corporation > whose president codes in octal. -- J.N. Gray > > ------------------------------------------------------------------ > ---------- > Delivery co-sponsored by SUNBELT SOFTWARE - http://www.sunbelt-software.com/ STAT: NT VULNERABILITY SCANNER - http://www.sunbelt-software.com/stat.htm Ever had that feeling of ACUTE PANIC that a hacker has invaded your network? Plug NT's holes before they plug you. There are now over 750 known NT vulnerabilities. You just have to protect your LAN _before_ it gets attacked. STAT comes with a responsive web-update service and a dedicated Pro SWAT team that helps you to hunt down and kill Security holes. Built by anti-hackers for DOD sites. Download a demo copy before you become a statistic. - ---------------------------------------------------------------------------- ------------------------------ Date: Thu, 24 Feb 2000 20:52:58 -0800 From: "Paul Stahura" Subject: RE: [wg-c] Re: nine principles for domain names I agree that the applicant registry proposes a gTLD and explains what they envisage for that gTLD Paul Stahura eNom, Inc. > -----Original Message----- > From: Philip Sheppard [mailto:philip.sheppard@aim.be] > Sent: Wednesday, February 23, 2000 12:25 AM > To: wg-c@dnso.org > Subject: Re: [wg-c] Re: nine principles for domain names > > > The tired set of domain names .firm .shop .web .arts > .rec .info > .nom might indeed make an interesting test-bed for the > principles. However, > we envisage a system whereby the applicant registry proposes > a gTLD and > explains what they envisage for that gTLD. The registry > describes the market > they seek to attract. They describe the value added they are > proposing for > the DNS. Such description should be concise and unburdensome for the > registry. > > It would also be practical for the applicant registry to > demonstrate how its > putative gTLD complies with the principles. The principles > are not designed > to test a name per se. > > Philip > > ------------------------------ Date: Thu, 24 Feb 2000 21:22:23 -0800 From: "Paul Stahura" Subject: RE: [wg-c] STRAW POLL Q1: 4 But the prospective registry should specify the TLD string when applying to ICANN to be a registry Q2: 2 Q3: 6 like 1 but the registry informs ICANN of the TLD string (besides the other information) and ICANN uses that information (the TLD string) when selecting new registries from the group of registry-wannabees. > -----Original Message----- > From: owner-wg-c@dnso.org [mailto:owner-wg-c@dnso.org]On Behalf Of > Jonathan Weinberg > Sent: Friday, February 11, 2000 12:30 PM > To: wg-c@dnso.org > Subject: [wg-c] STRAW POLL > > > Thanks, Kent, for getting me off my duff. (For those > not following the > discussion in ga, Kent Crispin has proposed on that list that the DNSO > establish a *new* working group, separate from wg-c, to > discuss chartered > gTLDs. He makes two arguments why a new working group would be > appropriate. First, he suggests, chartered TLDs are outside > the scope of > wg-c, b/c our own charter "is explicitly tied to generic TLDs, not any > other kind of TLDs." Second, he gently urges that wg-c is > not working, and > that we are more likely to see actual progress toward > implementation of new > gTLDs by opening up another forum.) > > I think Kent's first argument is simply wrong -- it is > based on the notion > that a chartered TLD is not a "gTLD". It's true that Kent > circulated a > note last summer proposing that we define gTLD as "a TLD that has no > enforced criteria for the entities that may register in it," but his > proposal got no support. Kent himself noted that his > proposal "departs > from the rfc1591 definition." RFC 1591 explicitly included > all of EDU, > COM, NET, ORG, GOV, MIL, and INT in its list of "generic TLDs," > notwithstanding that some of those are indisputably chartered. That's > continued to be the generally accepted terminology. So > whatever reasons > there may be for establishing a new working group to look at > sponsored or > chartered TLDs, the notion that proposals for establishing > those domains > are outside of wg-c's charter isn't one of them. > > I've got a lot of sympathy for Kent's second argument, > and I understand > his frustration. Here's an attempt to start doing something > about it. I > proposed a couple of weeks ago (and got no objection) that I > would post to > wg-c "a straw poll on the issue of special-purpose or > ‘chartered' gTLDs: > That's an issue that got a great deal of attention on the > list last month, > and I expect a straw poll would be helpful in helping us > figure out where > members of the list stand." So here goes. > > Jon > > > Jonathan Weinberg > co-chair, wg-c > weinberg@msen.com > > > WG-C STRAW POLL > > Please respond before midnight UTC following February 21, 2000. > > > QUESTION ONE > Please select from the following possibilities, *as > applied to the > deployment of new gTLDs in the name space over the medium to > long term*: > > 1. All new gTLDs must have charters that meaningfully limit > the universe of > people who can register in those gTLDs. > > 2. The name space should not include any new chartered gTLDs. > (Alternatively, if new gTLDs have charters, those charters > may not place > meaningful limits on the universe of people who can register > in the gTLD.) > > 3. ICANN, in selecting new gTLDs, should approve some > chartered gTLDs and > some unchartered ones. (Alternatively, ICANN should require > that all gTLDs > have charters, but it should approve some gTLDs with charters that > meaningfully limit the universe of people who can register in > the gTLD, and > some gTLDs with charters that do not impose any such limits.) > > 4. ICANN should simply select new registries and leave issues > of names and > charters (including whether to limit the universe of people who can > register in the domain, and if so how) to the new registries. > > > QUESTION TWO > The working group has reached and reaffirmed a > recommendation that the > initial expansion of the name space should consist of six to > ten new gTLDs, > followed by an evaluation period. Please select from the following > possibilities, *as applied to that initial rollout*. > > 1. All of the gTLDs in the initial rollout must have charters that > meaningfully limit the universe of people who can register in > those gTLDs. > > 2. The initial rollout should not include any new chartered gTLDs. > (Alternatively, any charters for new gTLDs may not place > meaningful limits > on the universe of people who can register in the gTLD.) > > 3. ICANN, in selecting new gTLDs in the initial rollout, > should approve > some chartered gTLDs and some unchartered ones. (Alternatively, ICANN > should require that all gTLDs have charters, but it should > approve some > gTLDs with charters that meaningfully limit the universe of > people who can > register in the gTLD, and some gTLDs with charters that do > not impose any > such limits.) > > 4. ICANN should simply select new registries and leave issues > of names and > charters (including whether to limit the universe of people who can > register in the domain, and if so how) to the new registries. > > > QUESTION THREE > The issue of chartered gTLDs is tied up with the larger > issue of how ICANN > should select new gTLDs -- in particular, whether (a) ICANN > itself should > be the final arbiter of new gTLDs' names and charters, or (b) > ICANN should > simply select new registries and leave the choice of names > and charters to > them. I think that at this point we can't avoid confronting > the larger > question of how ICANN should pick new TLDs in the initial rollout. > (Actually, we're returning to the question; part of last > summer's straw > poll spoke to the same issue. The results then were > inconclusive.) Please > select from among these possibilities: > > 1. ICANN picks a set of registries according to objective criteria. > (Alternatively, ICANN narrows the set of applicants using objective > criteria, and chooses among the remaining applicants, if > necessary, via > lotteries or auctions). Once chosen, registries pick their > own gTLD names > and associated charters (if any), subject to a process under > which ICANN > can resolve conflicts and can deem certain gTLD strings out of bounds. > > 2. ICANN, through a working group or otherwise, identifies a > set of gTLDs > to be introduced in the initial rollout, and establishes > names and charters > for those new TLDs. It solicits applications from would-be > registries to > run those TLDs, and picks the ones it deems best-suited or > best- qualified. > > 3. ICANN, through a working group or otherwise, identifies a > set of gTLDs > to be introduced in the initial rollout, and establishes > names and charters > for those new TLDs. It solicits applications from would-be > registries to > run those TLDs, and picks those registries through a lottery > or auction > process. > > 4. Each would-be registry proposing a new gTLD applies to the > Names Council > (or to ICANN directly) for approval; if the gTLD is to be bounded by a > charter, the applicant must supply one. If the application > is approved, > the applicant becomes the new registry, subject to its > proposed charter. > > 5. Each person proposing a new gTLD applies to the Names > Council for the > formation of a working group devoted to that gTLD (or to > several gTLDs). > The working group identifies a registry/sponsor, and > generates a charter, > for its proposed new TLD. If the gTLD is approved, then the entity > identified by the working group becomes the registry/sponsor. > The identity > of the registry operator may be set for competitive bid (and > periodic rebid). > > 6. Other (please explain). ------------------------------ Date: Thu, 24 Feb 2000 21:37:21 -0800 From: "Paul Stahura" Subject: RE: [wg-c] WGC Position Paper Since we are talking about the registry choosing/not choosing the TLD string, I thought I'd repost this exchange between myself and Kent from last October. Regards Paul - -----Original Message----- From: Paul Stahura [mailto:stahura@enom.com] Sent: Wednesday, October 20, 1999 10:47 AM To: Kent Crispin; wg-c@dnso.org Subject: Re: [wg-c] WGC Position Paper > On Wed, Oct 20, 1999 at 09:09:08AM -0700, Paul Stahura wrote: > > A comment below on this WP... > > > > > > > > Someone said: QUESTION TWO: HOW TO SELECT TLD STRINGS AND REGISTRIES? > > > > > > We believe that ICANN should decide on a set of new gTLD strings, and > > > then solicit applications from would-be registries (or existing > > > registries) to run those TLDs. In picking the new gTLD strings, it > > > should have the assistance of a standing Working Group who would make > > > periodic proposals for new gTLDs. > > > > Paul said: I believe that the prospective registry should suggest the TLD string > > for which they wish to be a registry. Having ICANN pick the TLD strings > > beforehand and then asking for proposals is backwards. What happens if > > ICANN > > does not pick ".mus" even though there is a group of museums > > out there that wish to be a registry for that string? Does that museum > > group just use one of the TLDs that ICANN *did* pick? > > Kent said: No -- the museum group suggests it to ICANN, and ICANN, if ICANN > thinks the string has merit, they put it in the list. Paul said: I believe that determining if the string has merit would depend on other factors, not just the dictionary definition of the string. These other factors would be in the registry proposal, wouldn't they? How else would ICANN know them? What happens if this museum group suggests a name but has no operational ability, for instance? Does ICANN say "hey, what a fantastic TLD string, we'll give all other interested museum groups the ability to try to be the registry for it"? Or do they maybe consider some other TLD string, that may be more benificial to the Internet? IMO, the string and the registry concept/idea/goal/model/ability (whatever) kinda go together. Shouldn't ICANN have all the info when making a decision? > > > Paul said: What if someone has > > a great idea for ".shoe", one that ICANN or this working group you mention > > has not thought of? Or, what if ICANN picks ".shoe" and > > nobody has an excellent idea for it, or wishes to be a registry for it? > > If we let the prospective registries include the TLD with their > > applications, > > then ICANN will get a larger variety from which to choose the best > > TLD sting and registry idea combination. > > Kent said: If we let *anyone* suggest a name then ICANN will get even a larger > set to choose from. No point in limiting the input to requests > from registries. Who knows, someone who has no interest in being a > registry might come up with a brilliant name that any > self-respecting registry would want. Paul said: The string-set from which ICANN can choose is infinate, isn't it? Heck, anyone on this list could probably suggest a couple of hundred TLD strings. What makes one better than the other is not only the definition of the string but all the other factors. What I'd like is for ICANN to get a large set of good string *and* registry idea combinations. > > > Paul said: Therefore, I believe the TLD sting should be part of the application > > submitted by the > > prospective registry. Let the registries make the best case for the > > TLD of their choosing, then ICANN can decide up or down > > taking the entire application, including the reason why the > > registry is asking for the particular TLD string, into account. > > Kent said: The problem isn't who suggests the name, it's in the idea that the > registry "owns" the string. Paul said: I agree with you here. I'm not suggesting the registry owns the string. It would only have a license (or whatever you call it) to register 2nd level names under the TLD, wouldn't it? > > > Paul said: Maybe the WG you mention could advise ICANN regarding the > > appropriateness, intellectual property, and other issues about the > > TLD strings suggested in the applications from prospective registries. > > Kent said: But why on earth limit suggestions to just those by prospective > registries? That cuts the input down to an insignificant tiny number. Paul said: 1) Each registry could suggest a number of TLD strings that they'd like in order of preference. ICANN picks the one they are assigned. 2) I doubt the number of prospective registries will turn out to be a tiny number. By your logic, ICANN should also come up with the registry model (or pick any other attribute of the registry) for each of the suggested names, because to let the prospective registries do it would mean ICANN would get an insignificant tiny number of suggestions there too. Paul > > -- > Kent Crispin "Do good, and you'll be > kent@songbird.com lonesome." -- Mark Twain> Mark Twain ------------------------------ Date: Fri, 25 Feb 2000 00:07:28 -0800 From: katie@imt.net Subject: [wg-c] straw poll vote 2/24/00 th 11:46 pm mst question 1: #4 > 4. ICANN should simply select new registries and leave issues of names and > charters (including whether to limit the universe of people who can > register in the domain, and if so how) to the new registries. question 2: #4 > 4. ICANN should simply select new registries and leave issues of names and > charters (including whether to limit the universe of people who can > register in the domain, and if so how) to the new registries. question 3: > 1. ICANN picks a set of registries according to objective criteria. > (Alternatively, ICANN narrows the set of applicants using objective > criteria, and chooses among the remaining applicants, if necessary, via > lotteries or auctions). Once chosen, registries pick their own gTLD names > and associated charters (if any), subject to a process under which ICANN > can resolve conflicts and can deem certain gTLD strings out of bounds. and in general, i support Milton Mueller's further elaborations and optimizations on the issues within the straw poll. Kathryn Vestal, Esq. ------------------------------ Date: Fri, 25 Feb 2000 10:01:31 +0100 From: "Philip Sheppard" Subject: Re: [wg-c] Re: nine principles for domain names Eric, you ask me to expand on the competition issue with .com First, a continued expansion of gTLDs in the way we propose (registries proposal tested against the principles) WILL provide effective competition against .com. Second, INEFFECTIVE competition is a gTLD of the nature .com2 or .biz which will be second-class .com's . Dot com has first mover advantage - it has prestige. A company with its (companyname.com) that it makes known and uses in its communications builds consumer knowledge in the name and over time develops "brand" or "domain name" "equity". The name becomes a valued asset in its own right - every bit as desirable as a trade mark (and increasingly more desirable). A competitor offering a me-too in .com2 is a follower, not a leader. Effective competition is achieved in any marketplace when the new entrant offers "value added" (i.e. something different and more) over the existing players. "Value added" is not achieved by duplication. A successful competitor must offer an incentive to leave or avoid .com for something better not something worse. Differentiation is what .com lacks and differentiation will be the source of effective competition in the DNS. Differentiation does NOT immediately mean narrow charters. The source of differentiation may be found within a domain name that has broad capture. Under our model, the intent for that broad capture and the differentiation will be explained by the putative registry in terms of the principles. Philip ------------------------------ End of WG-C-DIGEST V1 #20 *************************