Ainsi donc, l’ICANN tiendra une réunion à Bruxelles en juin 2010. Toutes mes félicitations à Marc Van Wesemael et l’équipe d’Eurid.

Lors de la conception du projet de la réunion ICANN à Luxembourg qui se déroula en 2005, j’avais un temps envisagé de l’organiser à Bruxelles, tant il me semblait logique que la capitale de l’Europe accueille une telle manifestation. Le contexte était cependant différent.

A l’époque, le coût de la manifestation était entièrement supporté par l’organisateur local et ses partenaires. Le fractionnement institutionnel de la Belgique, avec ses multiples niveaux de pouvoirs aux compétences redondantes et en concurrence directe rendait tout simplement la participation des pouvoirs publics impossible. De nos jours, l’ICANN a compris qu’elle ne pouvait plus compter sur des tiers pour ouvrir leur portefeuille et finance elle-même la majeure partie des coûts.

Il n’en reste pas moins qu’il sera intéressant de voir qui seront les orateurs lors de la séance inaugurale. Aura-t-on un ministre fédéral ? Les télécoms sont une compétence largement régionalisée. On pourrait donc avoir un ministre bruxellois. Oui mais, Bruxelles est aussi la capitale de la Flandre. Aura-t-on peut être un ministre flamand ? Le responsable  du protocle va s’arracher les cheveux.

Many software applications rely on validation routines to check the validity of domain names. By validation, I mean here to test the string submitted by the user and see if it matches a pre-defined pattern. A typical example are web forms that need to validate e-mail addresses.

This is by no means a new issue. It first appeared with the introduction of the .info TLD. Before that TLDs were only two or three letters long, and many validation routines could not cope with the 4 letters of .info. At the time, ICANN had developed a testing tool which allowed developers to test if their code took into account the requirement for 4 letters. Still, you find today on the Internet tons of library routines that do not support 4 or more letter TLDs.

Some of these routines also rely on a hard-coded list of TLDs. Even today, I sometimes find that some web sites cannot deal with my .eu domain, which was introduced 4 years ago.There are hundreds of thousands of these routines written in Javascript, PHP, Perl, ColdFusion, ASP and just about any programming or scripting language you can think of.

Read more…

The ICANN IRT working group has published its final report, which I decided to analyze a bit further. I already made a few comments last month, both in the At-Large Advisory Council framework and on my own.   There are several issues raised by the recommendations of this report. The URS is one.

Reliance on e-mail

Among the issues is the fact that most of the URS process relies on e-mail for notifications to the registrant, to the registry operator, etc.  Let’s face it: e-mail has become unreliable for critical applications. With more than 90% of e-mail being catalogued as spam, identifying the one important e-mail that you are not expecting is like searching a needle in a haystack.  Some techniques like DKIM, S/MIME signing, etc might help getting through the spam filters, if only the latter are well-configured. Most users do not have fine-grained control on the configuration of their spam filter, and none at all on the one used by their ISP.

Where this matters is that “A Registrant has fourteen (14) calendar days from the date of the initial email notification to submit an Answer“.  If the e-mail was caught by your spam filter, or if you are on vacation, travelling or more simply not reading your e-mail on a regular basis, you are out of  luck. You might lose your domain name without you even noticing it before it is too late.

The language issue is also an important one. It may be that English is the lingua franca of the business community. However, it may not be a language understood by the domain name registrant and he may, in good faith,  discard the notification message. Read more…

The IRT has released a draft report.  The composition of the  team is strongly biased towards North American intellectual property interests. Unfortunately, individuals were not represented.  Neither were potential new gTLD operators.  There was only one US-based registrar present and only one incumbent US-based registry.  In summary, this report is partial, both because it does not cover the whole picture and because it is strongly biased towards the interests of a specific group.

Quite confusingly, it was published on 24th April, with a 30 day comment period. However, one needs to comment before 6 May if it wants the IRT to consider the comments. Strange tactics.

As others have pointed out, the effective 7 day comment period over this draft report is way too short. It may be wise that the ICANN board does not consider this report before the community has had a real opportunity to comment.

I totally support Michele Neylon’s comments on the whois model  contemplated by this report. It would be in breach with many privacy regulations throughout the world. Further, if the ability to comply with the whois recommendations, as set forth in this report, would become one of the evaluation criteria for the new gTLD applications, this would favour registry operators located in countries with little or no privacy laws. This would put at a competitive disadvantage those businesses which need to comply with local laws. Questions to the IRT:

• Did the IRT consider if their recommendations regarding the whois were actually compliant with relevant legislation throughout the world ?
• Will the ability to comply with the whois recommendations, as set forth in this report, be a part of the evaluation process of new gTLD applications ?

Regarding the IP clearinghouse, it is stated that “The recommendation should not result in unnecessary or undue costs, either to trademark owners or to legitimate users and consumers”. Does this mean that the registry operators will have to bear all the increase of their operating costs for protecting third parties interests? The net effect of this is that operators will need to shift the increasing cost among all their customers, including those who have no IP rights to protect. This will mean raising the unit price of domain names for every customer, making the TLD less attractive and potentially be a cause of registry failure. In the case of community-based TLDs that focus on a limited market through a not-for-profit model, this may simply mean that the potential costs  and legal risks may be disporportionate for them to bear.

There is a major concern that different levels of protection for marks may put the registry operator in a position to have to arbitrate between second level domain name  applications and become legally involved in disputes between third parties. Unlike trade marks, which can be multiple according to industrial sectors and geography, domain names are by nature globally unique. As technical operators, registries should have no business in deciding who is the legitimate intellectual right owner.

If such IP clearinghouse system is put in place, it should, at a minimum:

1. Be automated and implementable at a marginal cost by registries and registrars
2. Exempt the registry operators from further legal consequences if it has demonstrated that it queried the database at registration time.

In addition to the above, I think it would be only fair that whatever policies are decided as a consequence of this process are also made mandatory for the existing gTLDs. The new entrants should not be the only ones having to bear the weight and costs of these policies.

These are the comments I sent today to ICANN

Unfortunately, this second draft version of the applicant’s guide does not yet address major concerns in the process.

As stated in the previous comments round, it is fundamentally wrong to assume that all new gTLD applicants will use the .com model of mass market approach for domain names. Both the amount of the application fee and the yearly registry fee imply that the registry will need to sell as many domain names as possible, favouring numbers over quality. This is the wrong approach with regard to community-based TLDs.

The amount of the application fee should be reduced, as it may discriminate against less financially resourceful applicants, such as communities. While I understand ICANN may want to prevent frivolous applications with a high application fee, it nevertheless excludes from the process a lot of potential serious applications targeting a limited community.

It is unfair that only the applicants of the first round would have to cover the past costs of the new gTLD development program. On the other hand, it is difficult to guess how many applications will be submitted on each round. Because these costs have already been expended and that ICANN clearly states that whatever is recovered will be transferred to a reserve fund, it is therefore suggested to simply drop the $26,000 that represents the incidence of gTLD development program cost on each application.

Note that this request for a large up-front investment in the application process is orthogonal to the expectation of ICANN for the applicants to demonstrate the availability of continuation funding. Whatever capital will be invested in submitting the application will not be available in the future. Hence, ICANN’s financial expectations at the application stage may plant the seed of future registry failure.

Further, payment of the application fees in several installments should be offered to TLD applicants. For those applicants that need to submit a strong business plan to their investors, having a pay-as-you-go fee through the application process will make it easier to convince investors.

ICANN should also consider postponing for two or three years the collection of the annual registry fee, to allow new gTLD operators to start operating in a financially sound context, with no loans and other debts that may compromise the start-up of their activities. On the short and medium term, this help new registries to become more solid and will be beneficial for the the long term stability of the DNS space.

The fact that ICANN only allows for payments to be made in USD places a high risk on the business plans of those applicants that work in other currencies. As suggested elsewhere, ICANN should accept payments in other
currencies, at a rate fixed at the time the applicant’s guidebook is published.

There is still a fundamental contradiction in using an auction model as a last resort for community-based applications. By definition, community-based applications will target smaller communities and use a cost-recovery model, rather than a purely commercial one. For the winner of the auction, this will mean recovering its costs through increasing the gross price of registrations. As a consequence, the number of domain names sold may be reduced and the newly launched registry may not meet its business plan. Ultimately, auctions may also be a cause of registry failure.

As reported last July, there is a proposal from some Flemish politicians to create a .vla top level domain under the new gTLD process launched by ICANN. The proposal further elaborated that the Flemish government would have to cover the costs.

Not so fast, says the Flemish government. According to this press article, it wants to be sure the market is large enough to justify pouring all that money into the ICANN process.  They will hire a consultant to study the market and come up with a business case. Or not.

In this period of economic downturn, even wealthy communities like Flanders want to avoid expensive and risky investments.  ICANN does not yet understand the message that it has to adapt its RFP to the actual economic context.

Some possible ideas:

• stop dreaming about recovering past expenses on the gTLD program;
• fractioning the payment of the application fee in several installments, which would make it easier to negotiate with investors;
• postpone for two or three years the collection of the annual registry fee, to allow new gTLD operators to start operating in a financially sound context, with no loans and other debts that may compromise their existence.

I am well aware the above-mentioned article is quite misinformed in that it mixes up registry operators with registrars. Still, the core element of the cost vs risk of the new gTLD process is symptomatic of the concerns I heard from  several wannabee registry operators.

I was appointed to the ICANN’s Security and Stability Advisory Committee recently and I am very proud of that. This group of esteemed security experts are a crucial element of the ICANN community, because their task is to identify threats to the good working fo the Internet and suggest possible remedies. This is not a glamourous position, but rather behind the scenes work in the interest of the Internet user community at large.

On a similar note, I had the pleasure to co-chair the At-Large working group on DNS security issues, with came up with a statement we were reasonably happy with.  The best part was actually today, where we received kudos from other parts of the community, which tend to view the At-Large more as a political obligation of ICANN that a really useful component.

I hope this will both help the recognition of the At-Large as serious players in the ICANN context, but also motivate the At-Large members, who are often depicted as jerks and end up believing they are.

It’s not every I make it to You Tube, so I wanted to share with you this shameless self promotion.

One of my relatives moved into a new house the other day. No big news, except he is a registrant of a generic domain name.

He spent a lot of his time to inform utility companies, banks, insurance companies, administrations, etc of his address change, BUT he did  not tell his registrar.

You see, his registrar sends him every two or three years an e-mail asking to pay for the renewal. He then gets the invoice through e-mail. No postal mail is sent at all. That is all he knows about the domain name he uses. Other than that, it just works. E-mail to his domain gets delivered,  his web site is reachable. What else should he care about ?

As it stands, he should really care about updating his records with his registrar. A whois query on his domain name now returns a false postal address. This honest citizen now has the crowds of those hideous people who leave false information in the whois. Surely, law enforcement authorities may think of him as a terrorist covering his tracks. Intellectual property lawyers may think he is stealing somebody’s trade mark. According to term 3.7.7.2 of the ICANN Registrar Accreditation Agreement, he risks seeing his domain cancelled.

The sad truth is that this nice guy actually does not even know his $10/year domain is at risk. In the unlikely event his domain name gets cancelled, pleading the good faith will not help a lot. He may not notice it until he gets a phoen call telling himl the e-mails to him are undelivered.  It will be too late to react, because human errors by uninformed customers are not taken into account in ICANN policies. So, before he says  “I should have known” maybe I should tell him.

Commentaires envoyés à l’ICANN concernant les nouveaux noms de domaines

Comme de nombreux autres intervenants, je m’interroge au sujet du coût lié tant à la soumission qu’à l’exploitation d’un TLD attribué dans le cadre de cet exercice.

De fait, les coûts figurant actuellement dans le cahier des charges induisent le choix politique de gTLD vendant les noms de domaine en nombre. Il n’y a pas de place dans le processus actuel pour des gTLD visant une communauté limitée. Il semble difficilement imaginable qu’un registre vendant moins de 200.000 noms de domaine par an puisse survivre, compte tenu de la concurrence sur les prix entre TLD.

Par ailleurs, il peut s’écouler plus d’un an entre la soumission du dossier et le lancement de l’exploitation commerciale du TLD. Cela implique une lourde charge financière, qui suppose que les soumissionnaires disposent d’une solide trésorerie. Ce n’est pas le cas des start-ups. Cela pose donc une barrière à l’entrée qui favorise les acteurs historiques, qui ne devront pas supporter de tels coûts, puisqu’ils disposent déjà de tout le nécessaire: personnel, infrastructure et revenus réguliers

Ailleurs dans le document, il est demandé de présenter dans le dossier de candidature les comptes annuels d’exercices précédents. Cela implique à nouveau que des start-ups, ou des sociétés non-encore légalement formées ne pourront pas soumissionner.

Notons également que la nécessité de présenter dans le dossier de candidature l’infrastructure technique qui sera utilisée.  La conséquence est que le soumissionnaire devra choisir, dès le départ  un gestionnaire technique (backend registry services provider).  Du point de vue commercial, il serait pourtant avantageux que la mise en concurrence des prestataires techniques puissent se faire après la première ou la deuxième phase du processus d’acceptation du dossier par l’ICANN. Cela offrirait une position de négociation plus avantageuse au soumissionnaire.

Dans le contexte économique et financier actuel, il est plus que probable que de nouveaux entrepreneurs ne seront pas en mesure de concurrencer les opérateurs établis et donc d’offrir de véritables alternatives si l’ICANN ne révise pas fondamentalement à la baisse tant le droit de soumission que la contribution annuelle.

A ce titre, je soutiens la proposition citée dans les commentaires de dotCities ( http://forum.icann.org/lists/gtld-guide/msg00086.htm ) et ajoutant que cela peut s’appliquer à de nombreux cas de TLD visant des communautés limitées en nombre.

Il convient également d’éclaircir et de chiffrer le montant du remboursement possible si le soumissionnaire décide de retirer son dossier.  Il est important pour tous les candidats qu’ils soient en mesure de présenter un plan financier clair à leurs bailleurs de fonds. Dans ce domaine, le cahier des charges doit être limpide, y compris, et surtout pour les différentes phases d’évaluation que l’ICANN fera sous-traiter auprès de consultants externes, que les candidats devront rémunérer directement.

Concernant la problématique de la “moralité et de l’ordre public”, il est nécessaire  d’insister sur le fait qu’en cette matière l’ICANN doit strictement se limiter à la chaine de caractères constituant le TLD. Toute présomption concernant les domaines de second niveau qui pourraient être enregistrés sous ce TLD, ou sur le contenu de sites web utilisant ce TLD, seraient clairement en dehors du mandat de l’ICANN.