The IRT has released a draft report.  The composition of the  team is strongly biased towards North American intellectual property interests. Unfortunately, individuals were not represented.  Neither were potential new gTLD operators.  There was only one US-based registrar present and only one incumbent US-based registry.  In summary, this report is partial, both because it does not cover the whole picture and because it is strongly biased towards the interests of a specific group.

Quite confusingly, it was published on 24th April, with a 30 day comment period. However, one needs to comment before 6 May if it wants the IRT to consider the comments. Strange tactics.

As others have pointed out, the effective 7 day comment period over this draft report is way too short. It may be wise that the ICANN board does not consider this report before the community has had a real opportunity to comment.

I totally support Michele Neylon’s comments on the whois model  contemplated by this report. It would be in breach with many privacy regulations throughout the world. Further, if the ability to comply with the whois recommendations, as set forth in this report, would become one of the evaluation criteria for the new gTLD applications, this would favour registry operators located in countries with little or no privacy laws. This would put at a competitive disadvantage those businesses which need to comply with local laws. Questions to the IRT:

• Did the IRT consider if their recommendations regarding the whois were actually compliant with relevant legislation throughout the world ?
• Will the ability to comply with the whois recommendations, as set forth in this report, be a part of the evaluation process of new gTLD applications ?

Regarding the IP clearinghouse, it is stated that “The recommendation should not result in unnecessary or undue costs, either to trademark owners or to legitimate users and consumers”. Does this mean that the registry operators will have to bear all the increase of their operating costs for protecting third parties interests? The net effect of this is that operators will need to shift the increasing cost among all their customers, including those who have no IP rights to protect. This will mean raising the unit price of domain names for every customer, making the TLD less attractive and potentially be a cause of registry failure. In the case of community-based TLDs that focus on a limited market through a not-for-profit model, this may simply mean that the potential costs  and legal risks may be disporportionate for them to bear.

There is a major concern that different levels of protection for marks may put the registry operator in a position to have to arbitrate between second level domain name  applications and become legally involved in disputes between third parties. Unlike trade marks, which can be multiple according to industrial sectors and geography, domain names are by nature globally unique. As technical operators, registries should have no business in deciding who is the legitimate intellectual right owner.

If such IP clearinghouse system is put in place, it should, at a minimum:

1. Be automated and implementable at a marginal cost by registries and registrars
2. Exempt the registry operators from further legal consequences if it has demonstrated that it queried the database at registration time.

In addition to the above, I think it would be only fair that whatever policies are decided as a consequence of this process are also made mandatory for the existing gTLDs. The new entrants should not be the only ones having to bear the weight and costs of these policies.

These are the comments I sent today to ICANN

Unfortunately, this second draft version of the applicant’s guide does not yet address major concerns in the process.

As stated in the previous comments round, it is fundamentally wrong to assume that all new gTLD applicants will use the .com model of mass market approach for domain names. Both the amount of the application fee and the yearly registry fee imply that the registry will need to sell as many domain names as possible, favouring numbers over quality. This is the wrong approach with regard to community-based TLDs.

The amount of the application fee should be reduced, as it may discriminate against less financially resourceful applicants, such as communities. While I understand ICANN may want to prevent frivolous applications with a high application fee, it nevertheless excludes from the process a lot of potential serious applications targeting a limited community.

It is unfair that only the applicants of the first round would have to cover the past costs of the new gTLD development program. On the other hand, it is difficult to guess how many applications will be submitted on each round. Because these costs have already been expended and that ICANN clearly states that whatever is recovered will be transferred to a reserve fund, it is therefore suggested to simply drop the $26,000 that represents the incidence of gTLD development program cost on each application.

Note that this request for a large up-front investment in the application process is orthogonal to the expectation of ICANN for the applicants to demonstrate the availability of continuation funding. Whatever capital will be invested in submitting the application will not be available in the future. Hence, ICANN’s financial expectations at the application stage may plant the seed of future registry failure.

Further, payment of the application fees in several installments should be offered to TLD applicants. For those applicants that need to submit a strong business plan to their investors, having a pay-as-you-go fee through the application process will make it easier to convince investors.

ICANN should also consider postponing for two or three years the collection of the annual registry fee, to allow new gTLD operators to start operating in a financially sound context, with no loans and other debts that may compromise the start-up of their activities. On the short and medium term, this help new registries to become more solid and will be beneficial for the the long term stability of the DNS space.

The fact that ICANN only allows for payments to be made in USD places a high risk on the business plans of those applicants that work in other currencies. As suggested elsewhere, ICANN should accept payments in other
currencies, at a rate fixed at the time the applicant’s guidebook is published.

There is still a fundamental contradiction in using an auction model as a last resort for community-based applications. By definition, community-based applications will target smaller communities and use a cost-recovery model, rather than a purely commercial one. For the winner of the auction, this will mean recovering its costs through increasing the gross price of registrations. As a consequence, the number of domain names sold may be reduced and the newly launched registry may not meet its business plan. Ultimately, auctions may also be a cause of registry failure.

As reported last July, there is a proposal from some Flemish politicians to create a .vla top level domain under the new gTLD process launched by ICANN. The proposal further elaborated that the Flemish government would have to cover the costs.

Not so fast, says the Flemish government. According to this press article, it wants to be sure the market is large enough to justify pouring all that money into the ICANN process.  They will hire a consultant to study the market and come up with a business case. Or not.

In this period of economic downturn, even wealthy communities like Flanders want to avoid expensive and risky investments.  ICANN does not yet understand the message that it has to adapt its RFP to the actual economic context.

Some possible ideas:

• stop dreaming about recovering past expenses on the gTLD program;
• fractioning the payment of the application fee in several installments, which would make it easier to negotiate with investors;
• postpone for two or three years the collection of the annual registry fee, to allow new gTLD operators to start operating in a financially sound context, with no loans and other debts that may compromise their existence.

I am well aware the above-mentioned article is quite misinformed in that it mixes up registry operators with registrars. Still, the core element of the cost vs risk of the new gTLD process is symptomatic of the concerns I heard from  several wannabee registry operators.

I was appointed to the ICANN’s Security and Stability Advisory Committee recently and I am very proud of that. This group of esteemed security experts are a crucial element of the ICANN community, because their task is to identify threats to the good working fo the Internet and suggest possible remedies. This is not a glamourous position, but rather behind the scenes work in the interest of the Internet user community at large.

On a similar note, I had the pleasure to co-chair the At-Large working group on DNS security issues, with came up with a statement we were reasonably happy with.  The best part was actually today, where we received kudos from other parts of the community, which tend to view the At-Large more as a political obligation of ICANN that a really useful component.

I hope this will both help the recognition of the At-Large as serious players in the ICANN context, but also motivate the At-Large members, who are often depicted as jerks and end up believing they are.

It’s not every I make it to You Tube, so I wanted to share with you this shameless self promotion.

One of my relatives moved into a new house the other day. No big news, except he is a registrant of a generic domain name.

He spent a lot of his time to inform utility companies, banks, insurance companies, administrations, etc of his address change, BUT he did  not tell his registrar.

You see, his registrar sends him every two or three years an e-mail asking to pay for the renewal. He then gets the invoice through e-mail. No postal mail is sent at all. That is all he knows about the domain name he uses. Other than that, it just works. E-mail to his domain gets delivered,  his web site is reachable. What else should he care about ?

As it stands, he should really care about updating his records with his registrar. A whois query on his domain name now returns a false postal address. This honest citizen now has the crowds of those hideous people who leave false information in the whois. Surely, law enforcement authorities may think of him as a terrorist covering his tracks. Intellectual property lawyers may think he is stealing somebody’s trade mark. According to term 3.7.7.2 of the ICANN Registrar Accreditation Agreement, he risks seeing his domain cancelled.

The sad truth is that this nice guy actually does not even know his $10/year domain is at risk. In the unlikely event his domain name gets cancelled, pleading the good faith will not help a lot. He may not notice it until he gets a phoen call telling himl the e-mails to him are undelivered.  It will be too late to react, because human errors by uninformed customers are not taken into account in ICANN policies. So, before he says  “I should have known” maybe I should tell him.

Commentaires envoyés à l’ICANN concernant les nouveaux noms de domaines

Comme de nombreux autres intervenants, je m’interroge au sujet du coût lié tant à la soumission qu’à l’exploitation d’un TLD attribué dans le cadre de cet exercice.

De fait, les coûts figurant actuellement dans le cahier des charges induisent le choix politique de gTLD vendant les noms de domaine en nombre. Il n’y a pas de place dans le processus actuel pour des gTLD visant une communauté limitée. Il semble difficilement imaginable qu’un registre vendant moins de 200.000 noms de domaine par an puisse survivre, compte tenu de la concurrence sur les prix entre TLD.

Par ailleurs, il peut s’écouler plus d’un an entre la soumission du dossier et le lancement de l’exploitation commerciale du TLD. Cela implique une lourde charge financière, qui suppose que les soumissionnaires disposent d’une solide trésorerie. Ce n’est pas le cas des start-ups. Cela pose donc une barrière à l’entrée qui favorise les acteurs historiques, qui ne devront pas supporter de tels coûts, puisqu’ils disposent déjà de tout le nécessaire: personnel, infrastructure et revenus réguliers

Ailleurs dans le document, il est demandé de présenter dans le dossier de candidature les comptes annuels d’exercices précédents. Cela implique à nouveau que des start-ups, ou des sociétés non-encore légalement formées ne pourront pas soumissionner.

Notons également que la nécessité de présenter dans le dossier de candidature l’infrastructure technique qui sera utilisée.  La conséquence est que le soumissionnaire devra choisir, dès le départ  un gestionnaire technique (backend registry services provider).  Du point de vue commercial, il serait pourtant avantageux que la mise en concurrence des prestataires techniques puissent se faire après la première ou la deuxième phase du processus d’acceptation du dossier par l’ICANN. Cela offrirait une position de négociation plus avantageuse au soumissionnaire.

Dans le contexte économique et financier actuel, il est plus que probable que de nouveaux entrepreneurs ne seront pas en mesure de concurrencer les opérateurs établis et donc d’offrir de véritables alternatives si l’ICANN ne révise pas fondamentalement à la baisse tant le droit de soumission que la contribution annuelle.

A ce titre, je soutiens la proposition citée dans les commentaires de dotCities ( http://forum.icann.org/lists/gtld-guide/msg00086.htm ) et ajoutant que cela peut s’appliquer à de nombreux cas de TLD visant des communautés limitées en nombre.

Il convient également d’éclaircir et de chiffrer le montant du remboursement possible si le soumissionnaire décide de retirer son dossier.  Il est important pour tous les candidats qu’ils soient en mesure de présenter un plan financier clair à leurs bailleurs de fonds. Dans ce domaine, le cahier des charges doit être limpide, y compris, et surtout pour les différentes phases d’évaluation que l’ICANN fera sous-traiter auprès de consultants externes, que les candidats devront rémunérer directement.

Concernant la problématique de la “moralité et de l’ordre public”, il est nécessaire  d’insister sur le fait qu’en cette matière l’ICANN doit strictement se limiter à la chaine de caractères constituant le TLD. Toute présomption concernant les domaines de second niveau qui pourraient être enregistrés sous ce TLD, ou sur le contenu de sites web utilisant ce TLD, seraient clairement en dehors du mandat de l’ICANN.

I have not submitted any comments on ICANN’s new gTLD process, mostly because many other people have said more diplomatically what I think, but I thought I could blog about it.

My main concern from the beginning was that the process should allow any serious candidate to run with a reasonable chance to be able to actually start running a gTLD. This includes small and medium sized communities and startup companies with little seed money.  This also includes registry models that may not favour mass registrations. For all these, the current model is flawed.

Communities based on values, whether cultural or ethnic are by definition limited in scope. So are communities based on geography, although they could larger.  These communities could get their TLD, if they have strong political support and  the attached financing. It this case, the short term profits are not the registration fees themselves, but the prestige linked to a community having its own TLD. I bet the application for the  .VLA TLD will succeed, because it has the strong political support of a wealthy community.

For the startup registries wishing to enter the gTLD arena and compete to a certain degree with the incumbents, the skies are cloudy, to say the least. First and foremost: you need money. A lot of it. Anthony Van Couvering  at Names@Work has a timeline, which details the associated costs. However, a lot of the costs are not appearing. My personal estimation is that the whole process, up to the contract signing ceremony with ICANN,  is USD 1 million at the very minimum. More realistically, you need  50% more to be on the safe side.

400K will go to ICANN and its subcontracted  evaluators. The associated costs with the evaluations can quickly add up.  At this stage, there is no way to know exactly how much they will cost, because there are many parameters.  ICANN tells you these costs will be payed directly to the evaluators, not through ICANN.  This will make it even more opaque.

The rest needs to cover consultants,  lawyers, salaries, ICANN meeting sponsorships, meetings with your community leaders to gain support for your application (and everything that goes with it: profits sharing, gadgets, gourmet dinners, escorts, you name it) and travel to ICANN meetings for you and your staff.

On top of that, ICANN wants you to be able to guarantee the operation of the TLD for 3 years, even if your TLD is not a success.

Note that this will not guarantee at all that your application will succeed.  But at least it will guarantee one an a half year of hard work and travel to exotic places for two or three people, and others on a as-needed basis.  Now go out and tell your banker, if he has not gone bankrupt already.

If you are lucky enough to reach the contract signing stage, the real work begins: hire staff, build an infrastructure, convince registrars to carry your TLD, set up a sunrise period . These are another four or five months without a single cent falling on your bank account.  In conclusion, this whole new gTLD process will be most profitable for established actors, who will not have to cover many of the above-mentioned costs, or have the reserves to cover them.

Even if ICANN revises parts of their RFP, I am not sure it will attract the 500 applications it expects. This RFP should have been published 8 years ago, at the height ofthe Internet bubble, when everything related to the Net received full funding. Now, in this recession period, investors and bankers are cautious. It will not be easy to find partners who are willing to potentially loose USD 1.5 million, if it cannot be demonstrated with certainty they can recoup their investment in less than two years.

Good luck. May the farce be with you.

It has been three months now I have been elected to ICANN’s At-Large Advisory Committee.  The 15 of us do not always share the same view and that is healthy. All these unpaid volunteers deserve, I think, a lot of respect for their commitment. Unlike other people in the ICANN circus, most of them are not into Internet governance issues as a part of their day job. However, the fact they are not full time Internet policy professionals is also the root cause of the ALAC’s theething problems.

There is a lot happening within the ICANN community. It ranges from technical issues to legal and political ones. Obviously, no-one can pretend to be an expert in all  matters. Still, the ALAC is presumed to be able to have an opinion on any matter. The amount of documents to read is daunting. It is by itself a half time job to process  them all, further complicated for those who do not have a fluent English reading.

One of the great features of the ICANN process is the possibility to submit comments. It of course takes time to read the documents, understand them, reach out to the At-large community, summarize point of views, reach consensus and finally draft a statement. All this within 30 days.  Often, the ALAC misses the deadline.

This is further complicated by the global nature of the community. There is no way one could identify a convenient time slot to hold teleconferences that would suit all participants.  The inconvenience is shared. For those in the Asia Pacific region, they need to call when they should actually go to bed. Europeans and Africans have to call during business hours. North Americans need to wake up early and arrive late at work.  However, at the end of the day, people look at who is signing  their paycheck. And it is not ICANN or a company that has a business interest in participating.  This may explain why some people cannot attend all meetings, however committed they are.

Some of the above issues are part of the report on the  review of the ALAC currently going on. If the board addresses the recommandations in the report, it will greatly help making the ALAC more efficient.

I once objected to seeing the ICANN board members compensated for their time.  I changed my mind on this. This is a real, full time, job.  I would think that Veni Markovski’s statistics on his time spent on ICANN board business are under-estimated, based on conversations I had with current board members.

On a similar subject Stéphane Van Gelder echoes his experience as a GNSO councillor and asks how long such a model built on volunteering can last. This is indeed a good question, because when volunteers will no more be able to participate effectively, only those who are ICANNing for a living will be able to call the tune.

Last year, I started signing the DNS records for this domain (and isoc.lu). At the time, it was what is called an ‘island of trust’ in DNSSEC-speak. Being a firm believer that one should eat his own dogfood, I took this now one step further. Both domains vande-walle.eu and isoc.lu are now added to ISC’s DLV registry. In addition, they are also in UCLA’s Secspider DLV repository. DLV stands for Domain Lookaside Validation, it “is a mechanism for publishing DNS Security (DNSSEC) trust anchors outside of the DNS delegation chain”, according to RFC 5074.

There are a few lessons to be learned from this experience. First and foremost, the tools are now not yet ready for a general audience. If the dnssec-signzone man page is your favourite late night reading and if you like Unix shell scripting, you will have plenty of fun. On the other hand, if you are an overworked system administrator being told by the boss to ‘By the way, please switch on DNSSEC before your leave this afternoon’ , you are out of luck.  The best tool I found to make it a bit easier is ZKT.  However, this is not the friendly Graphical User Interface you would expect.

Lesson 2 is ‘check you secondaries’. I had secondaries with Xname.org. Although these nice folks provide good and free DNS service, their machines do not answer DNSSEC queries. Hence, I had to switch to new secondaries.

Lesson 3 is that few DNS resolvers currently support DLV. Bind does. Unbound will in the next release (the current development code already does).

Lesson 4 is that the current system to register a domain in the DLV does not seem to scale and looks more like a proof of concept. It would need to be seriously industrialized to be helpful for a bigger deployment.

Lesson 5 stems from 4 above. The whole thing would be a bit easier to deploy if the root zone was signed. But this is another debate.

Many thanks to the folks at NLNet Labs and the RESTENA Foundation for providing DNS secondary service, and ISC for running the DLV registry.