EuroDNS, the Luxembourg registrar, used its well attended New Year party last Wednesday to invite the Minister of Telecoms, Jean-Louis Schiltz to talk about a law voted at the end of December 2007. According to the Finance and Budget Commission Report on Draft Law 5801, «Revenues generated from use of, or license to use, a Domain Name are exempted from Luxembourg corporate taxes up to 80% ».

This is of course excellent news for EuroDNS, but also for domain name investors, both in Luxembourg and worldwide. ICANN will probably launch a RFP for new TLDs next June in Paris. As such, someone took the opportunity to mention that Luxembourg would be an ideal place to launch a new gTLD. The proposed gTLD floating around seems so obvious it is surprising no-one though about it before. At this stage, I cannot expand any further until this proposal is formalized, but stay tuned for more news.

Netchoice, a lobbying group for the e-commerce industry had a strange reaction on the failure of the GNSO working group on whois to reach a consensus.

After all, they say, “Privacy concerns with Whois that were identified years ago have already been addressed by in the marketplace“. In other words, if you want privacy for your domain name registration, you need to pay extra for proxy services.

I understand that the industry wants to always sell more services. That means money for them. However, those proxy services were developed as a workaround to the current whois system, which does not protect privacy, and in wait for a more global solution.

But of course, the main question is that privacy is a fundamental human right under article 12 of the Universal Declaration of Human rights. As far as I know, human rights are for everyone, not just for those who can pay for it. What is next ? Will we need to buy the right for freedom of expression or to organize in trade unions ?

As I am not able to attend the Los Angeles meeting of ICANN, I sent the following comment to the GtLD workshop:

There have been numerous comments periods over this report in the past and what I want to state is not new, but it seems it has not been addressed in the report.

Basically, the report is based on the assumption that the current model for gTLDs is the only possible one. It assumes that domain names will be sold on a mass market, mostly through intermediaries, and that this will generate a profit.

Was it ever envisaged that there could be other business models that do not fit into that mould ? There are several but, unfortunately, it will be next to impossible to try them out. There may be TLDs for very small communities, or an advertisement driven model in which domains are given out for free. A dynamic DNS service, like DynDNS.org, but performed a the TLD level could not accommodate the registrar model.

Regarding the Application Fee for proposed new gTLDs: while the report states that “Implementation Guideline B suggests that application fees be designed to ensure that adequate resources exist to cover the total cost of administering the new gTLD process, and that application fees may vary for different applicants”, the criteria that will be applied to various applicants are not yet clear, and this is a sensitive area. Will that be a one-time upfront cost ? How do we set it to avoid eliminating good ideas from the start of the process and privilege those incumbent players with deep pockets ? Could that be a per domain name fee to be paid over several years once the TLD is up and running ?

In short, the way the application fee is implemented will be a key factor for the success of new business models.

There is currently a discussion going on between Milton Mueller and Patrik Fältström over the deployment of DNSSEC on the root servers. I think the discussion exemplifies the difficult relation between those who develop standards and those who use them.

On the one hand, Milton points out that the way the signing of the root zone will be done will have a great influence on the subjective trust people and nation states will have towards the system. On the other hand, Patrik states that “DNSSEC is just digital signatures on records in this database”. Both are right, of course, but they do not speak the same language. It is just like saying that a spam e-mail which is RFC (2)822 compliant is a legitimate one. From a technical point of view, it certainly is. From a social point of view, it is still an annoyance.

There is this often expressed feeling in the engineering community that technological choices are politically neutral by design. Nothing is further away from truth, as has been demonstrated by people like Lawrence Lessig. The development of standards is done exclusively by companies. Notice, for example, that those attending IETF meetings do it on company time and budget. The actual users are absent. The logic that says that IETF meetings are open to all is flawed by the fact that an average IETF meeting will cost you around $1500 to attend. Hence, there is an economic barrier to the participation of individuals. Additionally, the influence you might have on a process is proportional to the consideration you get from your peers. Newcomers need quite some time to get accepted by the community, especially if they are not engineers.
Companies are driven by the market. If there is no potential market, there is no need to develop a new standard. A good example of this is the fact that you cannot yet send an e-mail to, say, brønshøj@københavn.dk or addresses in native Cyrillic, Arabic or Asian scripts. Pretty soon, the right hand side will be dealt with, thanks to IDNs. But the use of non-ASCII character sets on the left hand side is still a not standardized. The EAI working group in the IETF has only been launched a few months ago. Why did it take so long ? I guess that the need for this has only appeared in recent years. As long as the Internet was mainly used by the American / Western European world, being restricted to 7 bit ASCII was not much of an annoyance, if at all. Now that the user base has enlarged to include countries that do not use the latin alphabet, it becomes a hot topic. However, it will take years before this can be implemented in the software we use every day. Notice, for example, that most operating systems today still require the user name to be in 7 bit ASCII.

Similar issues exist with RIRs, where again the actual IP address users are absent for the same set of reasons detailed above. However, which IPv6 prefix is going to be allocated by your ISP to your home network in a few years from now is an important one. Yet, those who are active in policy development at the RIR level are those very ISPs. The policy will be related to their commercial interest, which may – or may not – match the user’s interests.

End users are represented in ICANN. I am the first to admit that ALAC may be far from perfect, but it has the merit to exist and we can improve it. Isn’t time for a similar concept for the IETF, the RIRs and all those bodies that have a crucial effect on our user experience while using the Internet ? Being closer to user needs, without the filtering of the marketing department, may help prioritize the future developments.

There is a some parallel that can be drawn between the current dispute on the .EH TLD for Western Sahara and the .VL application. In both cases, the process is being used for political purposes to serve a goal for autonomy or independence. I am not taking sides on the .EH issue, as I do not feel I have enough information to have a meaningful opinion. On .VL however, I think that the 20+ years I spent in Flanders can give me enough background.

In the case of the .VL, there is a public image, posted in English on the ICANN web site, and a quite different one posted in Dutch on the proponents web sites. Some translated extracts, for the benefit of those who do not understand Dutch:

Why a .VL, according their web site:

It is all about being recognized, mostly by the international community. Flanders does have foreign affairs responsibilities, but try to explain simply to Israël that Belgium is made of regions and communities and that you are the Minister of foreign affairs for Flanders and not for Belgium. A specific TLD would enhance the visibility of Flanders in the world, and this can only be positive.

It is clear here that this is about political visibility and not about spreading a culture, like .CAT does. Indeed, this is well in line with the political agenda of the proponents, the Jonge Vlamingen group, which states on their web site (potentially racist humor deleted from the text):

Jonge Vlamingen wishes to promote the separation of Flanders (ed: from Belgium)… We want to build a network where young Flemings who choose for Flemish independence can meet.

As has been explained in a previous post on the subject, other organizations supporting the project have a similar agenda.

My advice to the ICANN community, should this proposal be formalized, is to be aware of the fact they would actually be used to serve a political agenda, rather than a cultural one. The issue of regional autonomy (and now independence) has been on the Belgian political agenda for nearly a century. This is a very sensitive and complicated matter. ICANN would be well inspired not to join the mess.

Now that Catalonia got its .cat domain, other regions are coming up with similar requests. One of those is lead by a group of associations from the Belgian Flanders region, claiming a .VL top level domain. The Jonge Vlamingen association is a nationalist group wishing to make Flanders independent from Belgium.

However, among these associations are also several hate groups. Voorpost is well known for its pro-nazi sympathies and propaganda. The Nationalistische Studenten Vereniging is an extreme right student group. One of its former members was Filip Dewinter, the current president of the extrem right party Vlaams Belang (formerly Vlaams Blok). Those groups are known for their racist positions in Flanders (against the Turkish and Maghrebian minorities) and in Belgium in general for their intolerance against anyone not Flemish.

As for the Taal Aktie Komitee, I can testify I have been physically molested by some of its members because I dared speaking French to some of my friends in a street in Flanders. It was 25 years ago, but my back is still hurting on wet days because of that.

DomainNews.com reports that the Flemish group will team up with the applicants for .cym, .bzh and .gal GeoTLDs. A word of caution to the Welsh, Breton and Galician groups: watch out who you are teaming up with. Do you want racists and revisionists in your group ? If not, you should better think twice before teaming up with the current .VL team, unless they distance themselves from those embarrassing supporters. Actually, they do. Sort of. However, the disclaimer is quite vague:

“Het vermelden van en linken naar deze organisaties en hun website betekent niet dat Jonge Vlamingen en PUNT VL de standpunten van deze organisaties onderschrijven of akkoord zijn met de inhoud van hun website”.

The references and links to these organizations and their web site does not mean that Jonge Vlamingen en PUNT VL supports the positions of those organizations or agree to the contents of their web site.

So, it is not clear however which views they support and which they do not.

Update 20 August: The proponents of .VL point out on their web site (in Dutch) that French Réunion (.re), Guadeloupe (.gp), Martinique (.mq) and French Guyana (.gf) have their own ccTLD. However, none of these French departments or territories use this for the political purposes of separating themselves from their country, and their ccTLD is administered by AFNIC. They also point out to .EU.

They seem to ignore that all these entities have their own ISO-3166 codes. Flanders does not. And unless they convince the UN Statistics Division they are a sufficiently autonomous territory from an economical point of view or an independent state, the VL ISO code is not going to assigned to Flanders any time soon. With regard to ICANN’s policy on new TLDs, I think it would be dangerous for ICANN to assign two letter TLDs which could conflict with later updates to the ISO-3166 list.

ICANN has embarked on the IDN boat at the same time it wants to introduce DNSSEC and new gTLDs. This promises lots of fun. Or grey hair, depending how you look at it.

First is the issue of country code IDNs. The ISO-3166 table, based on two letter codes, is a western convention. Some cultures do not use abbreviations or acronyms. Some do not use a character-based alphabet, but a syllabic one. Hence, the next logical step would be to represent the full country name in local script, rather than a transliteration of the ISO string. As an example, Morocco may want to use المَغْرِب (or xn--mgbc0a9azcg7dsq in punycode) , in parallel with .ma. This is a simple case: Morocco has only one official language.

Imagine the case of India, where there are 1.652 languages, of which 24 are spoken by more than one million people. All have a distinct alphabet. Further, the Constitution of India does not impose an official language. Are we going to have at least 24 new IDN TLDs for India ? This would make political sense, but would be a real burden to manage at the root level, especially if we end up with 1.652 of them, just for India. Obviously, other countries which use several languages may want to do the same.

When it comes to gTLDs, the situation becomes even more interesting. Take, for example, .ORG. ORG stands for “not-for-profit organization”. How does that translate in IDN TLDs under different languages ? If we simply transliterate the “org” string in local script, we might end up with a meaningless name or – more unfortunate – an offensive word in the local language.
On the other hand, there may be several ways to translate the NFP organization concept in a specific language. As an example, if I had to translate the NFP organization concept in French, it would be association à but non lucratif in France, but association sans but lucratif in Belgium or association sans but économique in Switzerland.

Yet, it does not look logical that the incumbents gTLD registries could automatically claim to run any IDN TLD which translates more or less the concept of the original string. We should expect those countries which were not offered a piece of the multimillion dollar gTLD cake in previous years to want some money out of the IDN TLDs in their own script. Just imagine how much money could potentially represent a .com TLD in mandarin or arabic.

ICANN will have a hard time desiging a policy for IDNs. The technical challenges are actually small, compared to the economical, political and cultural issues surrounding those internationalized domain names.

We keep hearing in the ICANN and IETF crowds that DNSSEC is unavoidable and that it is the way to go. These are the same crowds saying that we should move to – or at least support – IPv6. In both cases, the prophets are not always those who actually do it. While www.isoc.org and www.ietf.org are running on a dual IPv4/IPv6 stack, much of the companies working within the IETF do not run dual stack web sites: Cisco, Microsoft, IBM, Sun, etc.

So, rather than telling others that they should run DNSSEC, I figured I should do my homework and run DNSSEC myself, without waiting for my TLDs to get signed.

The job is done, but it was no easy task. If you are looking for a simple button on a GUI to sign your DNS zones, move on. Currently, this is not for the faint of heart, which might explain the slow adoption path. Bind does include all the tools, but you first have to figure out how the damn thing works and use the right parameters.

I found a tool which made my life much easier. It is called ZKT. Once you have configured the header files to your environment and adapted your file directory structure to the requisites of ZKT, you can actually sign all your zones in one pass. It will call the necessary Bind tools with the right parameters. I have created a cron job that will periodically check which signatures need updating and change the zone files accordingly. Highly recommended.

According to this article in IHT , those who want deployment of IDNs now are “political gambits”. Cerf said that the technical side is not yet ready and thus the deployment of IDNs should be done very carefully.

I agree to the technical aspects. However, the next question is of course: “when will it be ready for deployment ?”. Can the ICANN community commit to a deadline it will meet ? If not, ICANN should not blame those “political gambits” who wish to go forward because they just cannot afford to wait anymore.

There is a bad habit in the ICANN community that it should set the agenda and the rest of the world should just follow. Trouble is of course that the “rest of the world” represents several billion people, most of them ignoring the very existence of ICANN and even more its legitimity to set the world agenda. ICANN sounds more and more like Major Tom in David Bowie’s Space Oddity: “Ground Control to Major Tom, your circuit’s dead, there’s something wrong. Can you hear me Major Tom ?”

This post has also been featured on CircleID , where most of the discussion will take place, I guess

Brett Fausett reported that Verisign is launching TLDs in IDN format, meaning that you would type 中国, rather than .cn. As a strange coincidence, I blogged about this yesterday. I predicted that countries are becoming impatient with ICANN taking too much time to allow IDN TLDs to be included in the root.

Little did I foresee that the very company which is most interested in the current status quo of artificial scarcity of gTLDs would be the one forcing the hand of ICANN.

Although Verisign runs the hidden root server, I cannot imagine them actually adding these IDN TLDs to the ICANN/DoC root without the agreement of their friends at DoC. I guess Verisign is offering this service through a plug-in of some sort to install in your web browser, just like alternative root servers did in the past. Or they could run an alternative root server system. If this was the case, it would be quite disrespectful towards those would provide them with a comfortable revenue stream, ie ICANN, IANA and DoC.