The paper set forth below, concerning ways to improve technical management of the Internet Domain Name System, is a proposed rule of the Department of Commerce. This same document will be published in the Federal Register in the near future. While the Department will accept comments on the paper starting today, the Federal Register publication will establish the official deadline for the acceptance of public comment on this proposed rule. Comments may be mailed to U.S. Department of Commerce, NTIA/OIA, 14th and Constitution Avenue, N.W., Washington, D.C. 20230 or sent via electronic mail to dns@ntia.doc.gov. Though it is not intended or expected, should any discrepancy occur between the document set forth below and that published in the Federal Register, the Federal Register publication controls. All comments received will be considered exclusively in the context of issuing a final rule. The paper is being made available through the Internet solely as a means to facilitate the public's access to this document and to provide an additional means of notifying the public of the solicitation of public comment on the proposed rule.

 

A PROPOSAL TO IMPROVE TECHNICAL MANAGEMENT OF

INTERNET NAMES AND ADDRESSES

DISCUSSION DRAFT 1/30/98

Domain names are the familiar and easy-to-remember names for Internet computers (e.g. "www.ecommerce.gov"). They map to unique Internet Protocol (IP) numbers (e.g. 98.37.241.30) that serve as routing addresses on the Internet. The domain name system (DNS) translates Internet names into the IP numbers needed for transmission of information across the network.

 

That is rather a simplistic description. It needs to describe the hierarchy and the power of the root servers.

History

Today's Internet is an outgrowth of U.S. government investments in packet-switching technology and communications networks carried out under agreements with the Defense Advanced Research Projects Agency (DARPA), the National Science Foundation (NSF) and other U.S. research agencies. The government encouraged bottom-up development of networking technologies through work at NSF, which established the NSFNET as a network for research and education. The NSFNET fostered a wide range of applications, and in 1992 the U.S. Congress gave the National Science Foundation statutory authority to commercialize the NSFNET, which formed the basis for today's Internet.

This is an extremely US-centric position. Yes, much was done in the USA. And, indeed, much of the work was funded by the US government. However, that ignores the major works funded by private organizations (such as Digital Equipment Corporation, Xerox, Sun Microsystems) and individuals in universities working on their own. It also ignores non-US contributions. For instance, many of the basic elements of the world wide web were developed in Europe.

As a legacy, major components of the domain name system are still performed by or subject to agreements with agencies of the U.S. government.

1) Assignment of numerical addresses to Internet users.

Every Internet computer has a unique IP number. The Internet Assigned Numbers Authority (IANA), headed by Dr. Jon Postel of the Information Sciences Institute (ISI) at the University of Southern California, coordinates this system by allocating blocks of numerical addresses to regional IP registries (ARIN in North America, RIPE in Europe, and APNIC in the Asia/Pacific region), under contract with DARPA. In turn, larger Internet service providers apply to the regional IP registries for blocks of IP addresses. The recipients of those address blocks then reassign addresses to smaller Internet service providers and to end users.

 

This certainly raises ARIN to a much higher position than it deserves. It is also somewhat factually incorrect; many users, such as myself, have our own blocks not assigned by the above mechanisms. Of course this is all irrelevant to the Domain Name System.

2) Management of the system of registering names for Internet users.

The domain name space is constructed as a hierarchy. It is divided into top-level domains (TLDs), with each TLD then divided into second-level domains (SLDs), and so on. More than 200 national, or country-code, TLDs (ccTLDs) are administered by their corresponding governments or by private entities with the appropriate national government's acquiescence. A small set of generic top-level domains (gTLDs) do not carry any national identifier, but denote the intended function of that portion of the domain space. For example, .com was established for commercial users, .org for not-for-profit organizations, and .net for network service providers. The registration and propagation of these key gTLDs are performed by Network Solutions, Inc. (NSI), a Virginia-based company, under a five-year cooperative agreement with NSF. This agreement includes an optional ramp-down period that expires on September 30, 1998.

 

This should mention that TLDS like .com have become highly desirable, while ones like .us are not favored.

The text also fails to indicate that a domain name, once obtained, becomes a person or company's "name" on the Internet. Major marketing investments are made in promoting and branding these names. A change of an internet name can bring major disruption to a company's operation, indeed to its continued existance.

3) Operation of the root server system.

The root server system contains authoritative databases listing the TLDs so that an Internet message can be routed to its destination. Currently, NSI operates the "A" root server, which maintains the authoritative root database and replicates changes to the other root servers on a daily basis. Different organizations, including NSI, operate the other 12 root servers. In total, the U.S. government plays a direct role in the operation of half of the world's root servers. Universal connectivity on the Internet cannot be guaranteed without a set of authoritative and consistent roots.

4) Protocol Assignment.

The Internet protocol suite, as defined by the Internet Engineering Task Force (IETF), contains many technical parameters, including protocol numbers, port numbers, autonomous system numbers, management information base object identifiers and others. The common use of these protocols by the Internet community requires that the particular values used in these fields be assigned uniquely. Currently, IANA, under contract with DARPA, makes these assignments and maintains a registry of the assigned values.

 

The Need for Change

From its origins as a U.S.-based research vehicle, the Internet is rapidly becoming an international medium for commerce, education and communication. The traditional means of organizing its technical functions need to evolve as well. The pressures for change are coming from many different quarters:

I think that this is a bit of a misstatement -- Yes, we are dissatisfied by the absence of competition. But that is really a secondary issue -- we are dissatisfied with the exorbitant prices that are being charged.

However there is even a greater issue: once we obtain a name in a TLD we are locked into the registrar and registry for that TLD. Unless we are willing to abandon our investment in our domain name, we must jump through whatever hoops, pay whatever fees, and submit to any policies that the registrar wants to impose.

In addition, consider the poor registrars -- they are at the mercy of their registry.

And there is an over-tendency for trademark holders to assume that the mere existence of a domain name constitutes infringement. That, of course, is contrary to normal trademark law, which requires that infringement be measured in a specific context of use.

I have yet to see how this proposal changes this.

 

Yes, there needs to be control of top-level domains. But the greater issue is to prevent abuse of power by a top-level domain holder/registrar once a client obtains a name within that top-level domain.

The Future Role of the U.S. Government in the DNS

On July 1, 1997, as part of the Clinton Administration's Framework for Global Electronic Commerce, the President directed the Secretary of Commerce to privatize, increase competition in, and promote international participation in the domain name system.

Accordingly, on July 2, 1997, the Department of Commerce issued a Request for Comments (RFC) on DNS administration, on behalf of an inter-agency working group previously formed to explore the appropriate future role of the U.S. government in the DNS. The RFC solicited public input on issues relating to the overall framework of the DNS system, the creation of new top-level domains, policies for registrars, and trademark issues. During the comment period, over 430 comments were received, amounting to some 1500 pages.

This discussion draft, shaped by the public input described above, provides notice and seeks public comment on a proposal to improve the technical management of Internet names and addresses. It does not propose a monolithic structure for Internet governance. We doubt that the Internet should be governed by one plan or one body or even by a series of plans and bodies. Rather, we seek to create mechanisms to solve a few, primarily technical (albeit critical) questions about administration of Internet names and numbers.

We expect that this proposal will likely spark a lively debate, requiring thoughtful analysis, and appropriate revisions. Nonetheless, we are hopeful that reasonable consensus can be found and that, after appropriate modifications, implementation can begin in April, 1998. Recognizing that no solution will win universal support, the U.S. government seeks as much consensus as possible before acting.

PRINCIPLES FOR A NEW SYSTEM

Our consultations have revealed substantial differences among Internet stakeholders on how the domain name system should evolve. Since the Internet is changing so rapidly, no one entity or individual can claim to know what is best for the Internet. We certainly do not believe that our views are uniquely prescient. Nevertheless, shared principles have emerged from our discussions with Internet stakeholders.

1. Stability.

The U.S. government should end its role in the Internet number and name address systems in a responsible manner. This means, above all else, ensuring the stability of the Internet. The Internet functions well today, but its current technical management is probably not viable over the long term. We should not wait for it to break down before acting. Yet, we should not move so quickly, or depart so radically from the existing structures, that we disrupt the functioning of the Internet. The introduction of a new system should not disrupt current operations, or create competing root systems.

2. Competition.

The Internet succeeds in great measure because it is a decentralized system that encourages innovation and maximizes individual freedom. Where possible, market mechanisms that support competition and consumer choice should drive the technical management of the Internet because they will promote innovation, preserve diversity, and enhance user choice and satisfaction.

3. Private, Bottom-Up Coordination.

Certain technical management functions require coordination. In these cases, responsible, private-sector action is preferable to government control. A private coordinating process is likely to be more flexible than government and to move rapidly enough to meet the changing needs of the Internet and of Internet users. The private process should, as far as possible, reflect the bottom-up governance that has characterized development of the Internet to date.

4. Representation.

Technical management of the Internet should reflect the diversity of its users and their needs. Mechanisms should be established to ensure international input in decision making.

In keeping with these principles, we divide the name and number functions into two groups, those that can be moved to a competitive system and those that should be coordinated. We then suggest the creation of a representative, not-for-profit corporation to manage the coordinated functions according to widely accepted objective criteria. We then suggest the steps necessary to move to competitive markets in those areas that can be market driven. Finally, we suggest a transition plan to ensure that these changes occur in an orderly fashion that preserves the stability of the Internet.

THE PROPOSAL

The Coordinated Functions

Management of number addresses is best done on a coordinated basis. As technology evolves, changes may be needed in the number allocation system. These changes should also be undertaken in a coordinated fashion.

Similarly, coordination of the root server network is necessary if the whole system is to work smoothly. While day-to-day operational tasks, such as the actual operation and maintenance of the Internet root servers, can be contracted out, overall policy guidance and control of the TLDs and the Internet root server system should be vested in a single organization that is representative of Internet users.

Finally, coordinated maintenance and dissemination of the protocol parameters for Internet addressing will best preserve the stability and interconnectivity of the Internet.

We propose the creation of a private, not-for-profit corporation (the new corporation) to manage the coordinated functions in a stable and open institutional framework. The new corporation should operate as a private entity for the benefit of the Internet as a whole. The new corporation would have the following authority:

OK, about this corporation, where is it going to be incorporated, what articles of incorporation, what bylaws, who are the stockholders, what about the board of directors, etc etc?

    1. to set policy for and direct the allocation of number blocks to regional number registries for the assignment of Internet addresses;

Ummm, when did this domain name issue turn into IP address allocation?

2. to oversee the operation of an authoritative root server system;

3. to oversee policy for determining, based on objective criteria clearly established in the new organization's charter, the circumstances under which new top-level domains are added to the root system; and

    1. to coordinate the development of other technical protocol parameters as needed to maintain universal connectivity on the Internet.

Why are items #1 and #2 under the same organization umbrella?

Who is going to deal with reverse name mapping, i.e. in-addr.arpa?

The U.S. government would gradually transfer existing IANA functions, the root system and the appropriate databases to this new not-for-profit corporation. This transition would commence as soon as possible, with operational responsibility moved to the new entity by September 30, 1998. The U.S. government would participate in policy oversight to assure stability until the new corporation is established and stable, phasing out as soon as possible and in no event later than September 30, 2000. The U.S. Department of Commerce will coordinate the U.S. government policy role. In proposing these dates, we are trying to balance concerns about a premature U.S. government exit that turns the domain name system over to a new and untested entity against the concern that the U.S. government will never relinquish its current management role.

The new corporation will be funded by domain name registries and regional IP registries. Initially, current IANA staff will move to this new organization to provide continuity and expertise throughout the period of time it takes to establish the new corporation. The new corporation should hire a chief executive officer with a background in the corporate sector to bring a more rigorous management to the organization than was possible or necessary when the Internet was primarily a research medium. As these functions are now performed in the United States, the new corporation will be headquartered in the United States, and incorporated under U.S. law as a not-for-profit corporation. It will, however, have and report to a board of directors from around the world.

It is probably impossible to establish and maintain a perfectly representative board for this new organization. The Internet community is already extraordinarily diverse and likely to become more so over time. Nonetheless, the organization and its board must derive legitimacy from the participation of key stakeholders. Since the organization will be concerned mainly with numbers, names and protocols, its board should represent membership organizations in each of these areas, as well as the direct interests of Internet users.

The board of directors for the new corporation should be balanced to equitably represent the interests of IP number registries, domain name registries, domain name registrars, the technical community, and Internet users (commercial, not-for-profit, and individuals). Officials of governments or intergovernmental organizations should not serve on the board of the new corporation. Seats on the initial board might be allocated as follows:

We are talking about the Domain Name System, not about IP address allocation. So why are ARIN, APNIC, and RIPE here?

 

Why should the CEO be on the board. (Yes, I know that CEO's usually are. But why?)

The new corporation's processes should be fair, open and pro-competitive, protecting against capture by a narrow group of stakeholders. Its decision-making processes should be sound and transparent; the bases for its decisions should be recorded and made publicly available. Super-majority or even consensus requirements may be useful to protect against capture by a self-interested faction. The new corporation's charter should provide a mechanism whereby its governing body will evolve to reflect changes in the constituency of Internet stakeholders. The new corporation should establish an open process for the presentation of petitions to expand board representation.

In performing the functions listed above, the new corporation will act much like a standard-setting body. To the extent that the new corporation operates in an open and pro-competitive manner, its actions will withstand antitrust scrutiny. Its standards should be reasonably based on, and no broader than necessary to promote its legitimate coordinating objectives. Under U.S. law, a standard-setting body can face antitrust liability if it is dominated by an economically interested entity, or if standards are set in secret by a few leading competitors. But appropriate processes and structure will minimize the possibility that the body's actions will be, or will appear to a court to be, anticompetitive.

The Competitive Functions

The system for registering second-level domain names and the management of the TLD registries should become competitive and market-driven.

In this connection, we distinguish between registries and registrars. A "registry," as we use the term, is responsible for maintaining a TLD's zone files, which contain the name of each SLD in that TLD and each SLD's corresponding IP number. Under the current structure of the Internet, a given TLD can have no more than one registry. A "registrar" acts as an interface between domain-name holders and the registry, providing registration and value-added services. It submits to the registry zone file information and other data (including contact information) for each of its customers in a single TLD. Currently, NSI acts as both the exclusive registry and as the exclusive registrar for .com, .net, .org, and .edu.

 

Don't forget about .gov, which also under NSI's thumb.

Both registry and registrar functions could be operated on a competitive basis. Just as NSI acts as the registry for .com, .net, and .org, other companies could manage registries with different TLDs such as .vend or .store. Registrars could provide the service of obtaining domain names for customers in any gTLD. Companies that design Web sites for customers might, for example, provide registration as an adjunct to other services. Other companies may perform this function as a stand-alone business.

There appears to be strong consensus that, at least at this time, domain name registration - the registrar function - should be competitive. There is disagreement, however, over the wisdom of promoting competition at the registry level.

Some have made a strong case for establishing a market-driven registry system. Competition among registries would allow registrants to choose among TLDs rather than face a single option. Competing TLDs would seek to heighten their efficiency, lower their prices, and provide additional value-added services. Investments in registries could be recouped through branding and marketing. The efficiency, convenience, and service levels associated with the assignment of names could ultimately differ from one TLD registry to another. Without these types of market pressures, they argue, registries will have very little incentive to innovate.

Others feel strongly, however, that if multiple registries are to exist, they should be undertaken on a not-for-profit basis. They argue that lack of portability among registries (that is, the fact that users cannot change registries without adjusting at least part of their domain name string) could create lock-in problems and harm consumers. For example, a registry could induce users to register in a top-level domain by charging very low prices initially and then raise prices dramatically, knowing that name holders will be reluctant to risk established business by moving to a different top-level domain.

We concede that switching costs and lock-in could produce the scenario described above. On the other hand, we believe that market mechanisms may well discourage this type of behavior. On balance, we believe that consumers will benefit from competition among market oriented registries, and we thus support limited experimentation with competing registries during the transition to private sector administration of the domain name system.

In other words, this document believes that domain name holders, after investing large efforts in publicizing their domain names would be willing to throw all that away and move to another TLD? That is naïve.

Similarly, this document naively believes that registries, whose business is largely that of being a captive satellite to a registry, will be immune to manipulation and abuse by the registrar.

Indeed I certainly do not understand how one can say: " we believe that market mechanisms may well discourage this type of behavior". What market conditions?

The lock-in factor on a registrar or holder of a domain name is more than substantial; indeed to change one's domain name may amount to destruction of the domain name holder's business.

This is an invitation to abuse by registries.

A policy choice of this magnitude should not be made in a single paragraph without an expression of the logic by which that decision is reached.

It would not be surprising if this policy choice is a rock on which this plan flounders.

I will not support this plan unless registries are compelled to be regulated either as non-profit organizations with strict limits on salaries, payouts, and benefits to employees and executives or as for-profit organizations operated under the agis of a public-utilities regulatory body.

The Creation of New gTLDs

Internet stakeholders disagree about who should decide when a new top-level domain can be added and how that decision should be made. Some believe that anyone should be allowed to create a top-level domain registry. They argue that the market will decide which will succeed and which will not. Others believe that such a system would be too chaotic and would dramatically increase customer confusion. They argue that it would be far more complex technically, because the root server system would have to point to a large number of top-level domains that were changing with great frequency. They also point out that it would be much more difficult for trademark holders to protect their trademarks if they had to police a large number of top-level domains.

This plan should well recognize that it can not impose a single solution -- the technology underlying the domain name system permits any individual domain name server operator to operate "rootless". And any domain name operator can establish a TLD. It is simply a matter of convention that we have a single root.

If a significant number of domain name server operators elect to recognize a TLD and point their servers in that direction, there is no mechanism, technical or legal, to prevent them from doing so.

The sole value of having a root is to permit domain name servers to resolve TLDs for which they have no other information. If a domain name server operator believes he or she has enough information about the servers for the TLDs with which they wish to resolve names, then that operator can quite successfully operate with no recourse to a root server.

And indeed, such information about TLD servers is readily available and is widely published.

As the Internet grows, operators of domain name servers may find that they can offer their customers faster name resolution services if they cut straight to the chase and go directly to the TLD servers rather than going through a congested root server.

Thus, there is a non-trivial chance that the consensus of Internet domain name operators evolves over time to bypass any mechanisms of root server governance, and TLD limitation established by this plan.

All these arguments have merit, but they all depend on facts that only further experience will reveal. At least in the short run, a prudent concern for the stability of the system requires that expansion of gTLDs proceed at a deliberate and controlled pace to allow for evaluation of the impact of the new gTLDs and well-reasoned evolution of the domain space. The number of new top-level domains should be large enough to create competition among registries and to enable the new corporation to evaluate the functioning, in the new environment, of the root server system and the software systems that enable shared registration. At the same time, it should not be so large as to destabilize the Internet.

We believe that during the transition to private management of the DNS, the addition of up to five new registries would be consistent with these goals. At the outset, we propose that each new registry be limited to a single top-level domain. During this period, the new corporation should evaluate the effects that the addition of new gTLDs have on the operation of the Internet, on users, and on trademark holders. After this transition, the new corporation will be in a better position to decide whether or when the introduction of additional gTLDs is desirable.

Individual companies and consortia alike may seek to operate specific generic top-level domains. Competition will take place on two levels. First, there will be competition among different generic top-level domains. Second, registrars will compete to register clients into these generic top-level domains. By contrast, existing national registries will continue to administer country-code top-level domains if these national government seek to assert those rights. Changes in the registration process for these domains are up to the registries administering them and their respective national governments.

Some have called for the creation of a more descriptive system of top-level domains based on industrial classifications or some other easy to understand schema. They suggest that having multiple top-level domains is already confusing and that the addition of new generic TLDs will make it more difficult for users to find the companies they are seeking.

Market driven systems result in innovation and greater consumer choice and satisfaction in the long run. We expect that in the future, directory services of various sorts will make it easy for users to find the sites they seek regardless of the number of top-level domains. Attempts to impose too much central order risk stifling a medium like the Internet that is decentralized by nature and thrives on freedom and innovation.

The Trademark Dilemma

 

One must remember that trade and service marks to not represent a superior form of right towards a name.

Rather, trade and service marks represent merely one way that one may have a right towards a name.

One may have an ability to use a name because one was born with it. Or a name used in trade may be such as to be non-registrable as a trade and service mark because in the context of use it is too descriptive, generic, or geographic.

Just as a domain name, when used in a particular context, may infringe on a trade or service mark, the converse must also be true: The use of a trademark may infringe on the rights of a domain name holder.

As an example, "wilson.com" may be used by the Wilson family for whatever non-sporting goods business venture they my chose to engage in. The Wilsons have a perfect right to do this and it is quite within the charter of ".com". And suppose that the Wilson's sell fruit juices. If Wilson sporting goods should suddenly start selling fruit juices, then their trademark may well infringe on the Wilson family's domain name.

The above example is quite analogous to the notions underlying the establishment of common law marks. The domain name issue may require the incorporation of some of those notions into Federal Laws regarding marks.

It is important to keep in mind that trademark/domain name disputes arise very rarely on the Internet today. NSI, for example, has registered millions of domain names, only a tiny fraction of which have been challenged by a trademark owner. But where a trademark is unlawfully used as a domain name, consumers may be misled about the source of the product or service offered on the Internet, and trademark owners may not be able to protect their rights without very expensive litigation.

The claim that disputes arise rarely needs factual support. And it may well be the case that the reason that the author perceives few disputes is that he/she is counting only those which have risen to court cases. How many times have names been silently coerced? How many times has a person who could have registered a name chosen not to do so for fear of having to deal with an overreaching mark holder?

What is the author trying to express with the phrase " But where a trademark is unlawfully used as a domain name"?

A domain name, in and of itself, does not infringe on any trade or service mark.

It is only in the context of a specific usage that there can be infringement. A domain name is like a name on a white, blank, empty box. A white box bearing the word "Sun" is not automatically infringing on trademarks of either Sun Microsystems (a computer manufacturer), Sun Oil, or Sun Baskets, . It is only when that box is filed with a computer, with oil, or with a basket and used in trade is there a potential for infringement.

Of course there are highly famous names, such as Disney or Coca Cola, which can perhaps obtain protection, under a theory of dilution, from domain name registrations. But that is a limited case and does not apply to normal, non-famous trade and service marks.

For cyberspace to function as an effective commercial market, businesses must have confidence that their trademarks can be protected. On the other hand, management of the Internet must respond to the needs of the Internet community as a whole, and not trademark owners exclusively. The balance we strike is to provide trademark holders with the same rights they have in the physical world, to ensure transparency, to guarantee a dispute resolution mechanism with resort to a court system, and to add new top-level domains carefully during the transition to private sector coordination of the domain name system.

There are certain steps that could be taken in the application process that would not be difficult for an applicant, but that would make the trademark owner's job easier. For instance, gTLD registrants could supply basic information - including the applicant's name and sufficient contact information to be able to locate the applicant or its representative. To deter the pirating of domain names, the registry could also require applicants to certify that it knows of no entity with superior rights in the domain name it seeks to register.

These disclosures raise issues of Privacy.

There are also issues of premature disclosure of a registrant's business intentions. The USPTO has rules regarding the degrees of disclosure that need be made, and when. The rules for domain names should not be more stringent.

It may, however, be useful, as is done with the registration of marks, to require either actual use of a domain name or allow a filing of an "intention to use" to reserve a name for a short period absent actual use. The term "use" should not simply be that a name can be resolved by a server, but rather some measure that it is more than a mere placeholder awaiting a purchaser.

The job of policing trademarks could be considerably easier if domain name databases were readily searchable through a common interface to determine what names are registered, who holds those domain names, and how to contact a domain name holder. Many trademark holders find the current registration search tool, Whois, too limited in its functioning to be effective for this purpose. A more robust and flexible search tool, which features multiple field or string searching and retrieves similar names, could be employed or developed to meet the needs of trademark holders. The databases also could be kept up to date by a requirement that domain name registrants maintain up-to-date contact information.

Mechanisms that allow for on-line dispute resolution could provide an inexpensive and efficient alternative to litigation for resolving disputes between trademark owners and domain name registrants. A swift dispute resolution process could provide for the temporary suspension of a domain name registration if an adversely affected trademark holder objects within a short time, e.g. 30 days, of the initial registration. We seek comment on whether registries should be required to resolve disputes within a specified period of time after an opposition is filed, and if so, how long that period should be.

Trademark holders have expressed concern that domain name registrants in faraway places may be able to infringe their rights with no convenient jurisdiction available in which the trademark owner could file suit to protect those rights. At the time of registration, registrants could agree that, in the event of a trademark dispute involving the name registered, jurisdiction would lie where the registry is domiciled, where the registry database in maintained, or where the "A" root server is maintained. We seek comment on this proposal, as well as suggestions for how such jurisdictional provisions could be implemented.

 

This is a major can of worms.

Simply by registering a domain name, does a US resident agree to submit to a challenge from a mark holder anywhere in the world?

And is the converse true: By holding a valid domain name registration can a holder of a domain name obtain jurisdiction over a mark holder which is infringing on the rights of the domain name holder?

Trademark holders have also called for the creation of some mechanism for "clearing" trademarks, especially famous marks, across a range of gTLDs. Such mechanisms could reduce trademark conflict associated with the addition of new gTLDs. Again, we seek comment on this proposal, and suggested mechanisms for trademark clearance processes.

We stop short of proposals that could significantly limit the flexibility of the Internet, such as waiting periods or not allowing any new top-level domains.

We also do not propose to establish a monolithic trademark dispute resolution process at this time, because it is unclear what system would work best. Even trademark holders we have consulted are divided on this question. Therefore, we propose that each name registry must establish minimum dispute resolution and other procedures related to trademark considerations. Those minimum procedures are spelled out in Appendix 2. Beyond those minimums, registries would be permitted to establish additional trademark protection and trademark dispute resolution mechanisms.

We also propose that shortly after their introduction into the root, a study be undertaken on the effects of adding new gTLDs and related dispute resolution procedures on trademark and intellectual property right holders. This study should be conducted under the auspices of a body that is internationally recognized in the area of dispute resolution procedures, with input from trademark and domain name holders and registries. The findings of this study should be submitted to the board of the new corporation and considered when it makes decisions on the creation and introduction of new gTLDs. Information on the strengths and weaknesses of different dispute resolution procedures should also give the new corporation guidance for deciding whether the established minimum criteria for dispute resolution should be amended or maintained. Such a study could also provide valuable input with respect to trademark harmonization generally.

U.S. trademark law imposes no general duty on a registrar to investigate the propriety of any given registration. Under existing law, a trademark holder can properly file a lawsuit against a domain name holder that is infringing or diluting the trademark holder's mark. But the law provides no basis for holding that a registrar's mere registration of a domain name, at the behest of an applicant with which it has an arm's-length relationship, should expose it to liability. Infringers, rather than registrars, registries, and technical management bodies, should be liable for trademark infringement. Until case law is fully settled, however, registries can expect to incur legal expenses in connection with trademark disputes as a cost of doing business. These costs should not be borne by the new not-for-profit corporation, and therefore registries should be required to indemnify the new corporation for costs incurred in connection with trademark disputes. The evolution of litigation will be one of the factors to be studied by the group tasked to review Internet trademark issues as the new structure evolves.

The Intellectual Infrastructure Fund

In 1995, NSF authorized NSI to assess new domain name registrants a $50 fee per year for the first two years, 30 percent of which was to be deposited in a fund for the preservation and enhancement of the intellectual infrastructure of the Internet (the "Intellectual Infrastructure Fund")

In excess of $46 Million has been collected to date. In 1997, Congress authorized the crediting of $23 Million of the funds collected to the Research and Related Activities Appropriation of the National Science Foundation to support the development of the Next Generation Internet. The establishment of the Intellectual Infrastructure Fund currently is the subject of litigation in the U.S. District Court for the District of Columbia.

As the U.S. government is seeking to end its role in the domain name system, we believe the provision in the cooperative agreement regarding allocation of a portion of the registration fee to the Internet Intellectual Infrastructure Fund should terminate on April 1, 1998, the beginning of the ramp-down period of the cooperative agreement.

THE TRANSITION

A number of steps must be taken to create the system envisioned in this paper.

1. The new not-for-profit organization must be established and its board chosen.

    1. The membership associations representing 1) registries and registrars, and 2) Internet users, must be formed.

3. An agreement must be reached between the U.S. government and the current IANA on the transfer of IANA functions to the new organization.

4. NSI and the U.S. government must reach agreement on the terms and conditions of NSI's evolution into one competitor among many in the registrar and registry marketplaces. A level playing field for competition must be established.

5. The new corporation must establish processes for determining whether an organization meets the transition period criteria for prospective registries and registrars.

6. A process must be laid out for making the management of the root server system more robust and secure, and, for transitioning that management from U.S. government auspices to those of the new corporation.

The NSI Agreement

The U.S. government will ramp down the NSI cooperative agreement and phase it out by the end of September 1998. The ramp down agreement with NSI should reflect the following terms and conditions designed to promote competition in the domain name space.

 

I fail to understand why NSI needs any special treatment. NSI's contract ends. Everything they have should be recovered from them. And those materials should be made available on a fair basis to all bidders.

It is patently unfair to allow NSI to obtain a beneficial position as a result of its existing contract, especially given the extraordinarily financial preferences that have been granted, without compensation to the US government, during the life of the NSF-NSI cooperative agreement.

    1. NSI will effectively separate and maintain a clear division between its current registry business and its current registrar business. NSI will continue to operate .com, .net and .org but on a fully shared-registry basis; it will shift operation of .edu to a not-for-profit entity. The registry will treat all registrars on a nondiscriminatory basis and will price registry services according to an agreed upon formula for a period of time.
    2. As part of the transition to a fully shared-registry system, NSI will develop (or license) and implement the technical capability to share the registration of its top-level domains with any registrar so that any registrar can register domain names there in as soon as possible, by a date certain to be agreed upon.

3. NSI will give the U.S. government a copy and documentation of all the data, software, and appropriate licenses to other intellectual property generated under the cooperative agreement, for use by the new corporation for the benefit of the Internet.

    1. NSI will turn over control of the "A" root server and the management of the root server system when instructed to do so by the U.S. government.
    2. NSI will agree to meet the requirements for registries and registrars set out in Appendix 1.

Competitive Registries, Registrars, and the Addition of New gTLDs

Over the past few years, several groups have expressed a desire to enter the registry or registrar business. Ideally, the U.S. government would stay its hand, deferring the creation of a specific plan to introduce competition into the domain name system until such time as the new corporation has been organized and given an opportunity to study the questions that such proposals raise. Should the transition plan outlined below, or some other proposal, fail to achieve substantial consensus, that course may well need to be taken.

Realistically, however, the new corporation cannot be established overnight. Before operating procedures can be established, a board of directors and a CEO must be selected. Under a best case scenario, it is unlikely that the new corporation can be fully operational before September 30, 1998. It is our view, based on widespread public input, that competition should be introduced into the DNS system more quickly.

We therefore set out below a proposal to introduce competition into the domain name system during the transition from the existing U.S. government authority to a fully functioning coordinating body. This proposal is designed only for the transition period. Once the new corporation is formed, it will assume authority over the terms and conditions for the admission of new top-level domains.

Registries and new gTLDs

This proposal calls for the creation of up to five new registries, each of which would be initially permitted to operate one new gTLD. As discussed above, that number is large enough to provide valuable information about the effects of adding new gTLDs and introducing competition at the registry level, but not so large as to threaten the stability of the Internet during this transition period. In order to designate the new registries and gTLDs, IANA must establish equitable, objective criteria and processes for selecting among a large number of individuals and entities that want to provide registry services. Unsuccessful applicants will be disappointed.

I would like to understand what threat to Internet stability is presented by adding many net TLDs. As far as I can tell, there is no technical problem. Given that there are already nearly 250 top level domains, a few dozen more won't be a big change and wouldn't add to any confusion among users.

Besides, how is the United States going to stop it from happening? Is the US going to enact legislation blocking new TLDs. I doubt that would pass Constitutional muster, but it would also be unenforceable.

I doubt that people who are "disappointed" are simply going to give up and go home. They can continue to form root coalitions on their own.

We have examined a number of options for recognizing the development work already underway in the private sector. For example, some argue for the provision of a "pioneer preference" or other grandfathering mechanism to limit the pool of would-be registrants to those who, in response to previous IANA requests, have already invested in developing registry businesses. While this has significant appeal and we do not rule it out, it is not an easy matter to determine who should be in that pool. IANA would be exposed to considerable liability for such determinations, and required to defend against charges that it acted in an arbitrary or inequitable manner. We welcome suggestions as to whether the pool of applicants should be limited, and if so, on what basis.

On what basis is liability expected. Isn't IANA doing this under government contract? What about Sovereign Immunity?

We propose, that during the transition, the first five entities (whether from a limited or unlimited pool) to meet the technical, managerial, and site requirements described in Appendix 1 will be allowed to establish a domain name registry. The IANA will engage neutral accounting and technical consultancy firms to evaluate a proposed registry under these criteria and certify an applicant as qualified. These registries may either select, in order of their qualification, from a list of available gTLDs or propose another gTLD to IANA. (We welcome suggestions on the gTLDs that should be immediately available and would propose a list based on that input, as well as any market data currently available that indicates consumer interest in particular gTLDs.)

The registry will be permitted to provide and charge for value-added services, over and above the basic services provided to registrars. At least at this time, the registry must, however, operate on a shared registry basis, treating all registrars on a nondiscriminatory basis, with respect to pricing, access and rules. Each TLD's registry should be equally accessible to any qualified registrar, so that registrants may choose their registrars competitively on the basis of price and service. The registry will also have to agree to modify its technical capabilities based on protocol changes that occur in Internet technology so that interoperability can be preserved. At some point in the future, the new organization may consider the desirability of allowing the introduction of non-shared registries.

Registrars

Any entity will be permitted to provide registrar services as long as it meets the basic technical, managerial, and site requirements as described in Appendix 1 of this paper. Registrars will be allowed to register clients into any top-level domain for which the client satisfies the eligibility rules, if any.

Will these new registrars have access to the full domain name contact list now in the hands of NSI? It seems that such access would be necessary (but hardly sufficient) for those new registrars to have a reasonable chance of competing with NSI. Given all the preferences that NSI has been granted in the past, as well as in this document, this seems to be at least a minimal step towards establishment of true competition.

The Root Server System

IANA and the U.S. government, in cooperation with NSI, the IAB, and other relevant organizations will undertake a review of the root server system to recommend means to increase the security and professional management of the system. The recommendations of the study should be implemented as part of the transition process to the new corporation.

 

"The root server system" is not technically accurate. There may be many roots of the domain name system; they may lead to different TLDs and not be consistent with one another. Yet the Domain Name System itself will allow individual operators to select which root, if any, they will use.

To impose a single root is highly anti-competitive and is indeed the establishment of a world-wide monopoly. This is something that the US Government can not undertake without legislation and it would be unwise to do so without an international accord.

The .us Domain

At present, the IANA administers .us as a locality based hierarchy in which second-level domain space is allocated to states and US territories. This name space is further subdivided into localities. General registration under localities is performed on an exclusive basis by private firms that have requested delegation from IANA. The .us name space has typically been used by branches of state and local governments, although some commercial names have been assigned. Where registration for a locality has not been delegated, the IANA itself serves as the registrar.

Some in the Internet community have suggested that the pressure for unique identifiers in the .com gTLD could be relieved if commercial use of the .us space was encouraged. Commercial users and trademark holders, however, find the current locality-based system too cumbersome and complicated for commercial use. Expanded use of the .us TLD could alleviate some of the pressure for new generic TLDs and reduce conflicts between American companies and others vying for the same domain name.

The .us domain servers at many levels are hobbyist operations. This may well explain why many people have avoided the .us domain.

Moreover, the .us domain requires a registrant to pound a stake into a bit of geography and say "here I am". That does not work well for large or distributed organizations.

The sillyness of the .us domain in a large country like the USA is illustrated by "asylum.sf.ca.us". It is not in San Francisco; nor is it even in California. It used to be in Belmont, California, but is now in Cambridge, Massachusetts.

Clearly, there is much opportunity for enhancing the .us domain space, and the .us domain could be expanded in many ways without displacing the current geopolitical structure. Over the next few months, the U.S. government will work with the private sector and state and local governments to determine how best to make the .us domain more attractive to commercial users. It may also be appropriate to move the gTLDs traditionally reserved for U.S. government use (i.e. .gov and .mil), into a reformulated .us ccTLD.

The U.S. government will further explore and seek public input on these issues through a separate Request for Comment on the evolution of the .us name space. However, we welcome any preliminary comments at this time.

The Process

The U.S. government recognizes that its unique role in the Internet domain name system should end as soon as is practical. We also recognize an obligation to end this involvement in a responsible manner that preserves the stability of the Internet. We cannot cede authority to any particular commercial interest or any specific coalition of interest groups. We also have a responsibility to oppose any efforts to fragment the Internet, as this would destroy one of the key factors - interoperability - that has made the Internet so successful.

"cannon cede authority"? That presupposes that authority exists. That is a questionable proposition.

Our goal is to seek as strong a consensus as possible so that a new, open, and accountable system can emerge that is legitimate in the eyes of all Internet stakeholders. It is in this spirit that we present this paper for discussion.

Appendix 1

Recommended Registry and Registrar Requirements

In order to ensure the stability of the Internet's domain name system, protect consumers, and preserve the intellectual property rights of trademark owners, all registries of generic top-level domain names must meet the set of technical, managerial, and site requirements outlined below. Only prospective registries that meet these criteria will be allowed by IANA to register their gTLD in the "A" server. If, after it begins operations, a registry no longer meets these requirements, IANA may transfer management of the domain names under that registry's gTLD to another organization.

Independent testing, reviewing, and inspection called for in the requirements for registries should be done by appropriate certifying organizations or testing laboratories rather than IANA itself, although IANA will define the requirements and the procedures for tests and audits.

These requirements apply only to generic TLDs. They will apply to both existing gTLDs (e.g., .com, .edu., .net, .org) and new gTLDs. Although they are not required to, we expect many ccTLD registries and registrars may wish to assure their customers that they meet these requirements or similar ones.

What about .gov and .arpa?

Registries will be separate from registrars and have only registrars as their customers. If a registry wishes to act both as registry and registrar for the same TLD, it must do so through separate subsidiaries. Appropriate accounting and confidentiality safeguards shall be used to ensure that the registry subsidiary's business is not utilized in any manner to benefit the registrar subsidiary to the detriment of any other registrar.

And what will be the enforcement mechanism and the remedies available to those who are damaged should a registry do this?

Each top-level domain (TLD) database will be maintained by only one registry and, at least initially, each new registry can host only one TLD.

"each new registry"? In other words, NSI is being grandfathered in. Why?

Registry requirements:

1. An independently-tested, functioning DATABASE AND COMMUNICATIONS SYSTEM that:

    1. Allows multiple competing registrars to have secure access (with encryption and authentication) to the database on an equal (first-come, first-served) basis.
    2. "Encryption and authentication"?

      Can one assume that registrars may be in foreign countries? And here the US is requiring encryption yet is preventing the export of those technologies? Seems an interesting dialectic.

    3. Is both robust (24 hours per day, 365 days per year) and scalable (i.e., capable of handling high volumes of entries and inquiries).
    4. Must the registry allow zone transfers to all who ask? I would assert that the answer is "yes" as that permits the operation of redundant/backup servers and allows users on the net to protect themselves against registry outages.

      Can a registry discriminate between requests, i.e. serve some at higher priority than others, or is it essentially equivalent to a "common carrier" that must serve all queries equally?

      Can a registry charge for queries?

  1. Has multiple high-throughput (i.e., at least T1) connections to the Internet via at least two separate Internet Service Providers.

Quoth Microsoft -- "We certainly don't want Government in the business of regulating technology, do we?"

d. Includes a daily data backup and archiving system.

    1. Incorporates a record management system that maintains copies of all transactions, correspondence, and communications with registrars for at least the length of a registration contract.
    2. "length of a registration contract"? Huh? Does this mean the period in which a registration is valid? This raises the whole issue of how often registrars must refresh registrations.

      It also raises the issue of registrars who inventory a large number of "the good names". What does one do about that?

    3. Features a searchable, on-line database meeting the requirements of Appendix 2.

What privacy considerations apply?

How are bulk transfers avoided?

Should the person requesting the search be required to identify and authenticate?

g. Provides free access to the software and customer interface that a registrar would need to register new second-level domain names.

    1. An adequate number (perhaps two or three) of globally-positioned zone-file servers connected to the Internet for each TLD.

2. Independently-reviewed MANAGEMENT POLICIES, PROCEDURES, AND PERSONNEL including:

    1. Alternate (i.e., non-litigation) dispute resolution providing a timely and inexpensive forum for trademark-related complaints. (These procedures should be consistent with applicable national laws and compatible with any available judicial or administrative remedies.)

This is of extremely questionable Constitutionality: Amendment VII.

This also presupposes that domain names, absent any specific use, are a form of trademark.

A much better provision would be for the registry to simply hold the registration valid until it learns otherwise from a court of competent jurisdiction over the registrar.

What about registrars in this process?

b. A plan to ensure that the registry's obligations to its customers will be fulfilled in the event that the registry goes out of business. This plan must indicate how the registry would ensure that domain name holders will continue to have use of their domain name and that operation of the Internet will not be adversely affected.

c. Procedures for assuring and maintaining the expertise and experience of technical staff.

    1. Commonly-accepted procedures for information systems security to prevent malicious hackers and others from disrupting operations of the registry.

What about government infringement, such as this document?

I like the statement "malicious hackers".

 

3. Independently inspected PHYSICAL SITES that feature:

a. A backup power system including a multi-day power source.

b. A high level of security due to twenty-four-hour guards and appropriate physical safeguards against intruders.

c. A remotely-located, fully redundant and staffed twin facility with "hot switchover" capability in the event of a main facility failure caused by either a natural disaster (e.g., earthquake or tornado) or an accidental (fire, burst pipe) or deliberate (arson, bomb) man-made event. (This might be provided at, or jointly supported with, another registry, which would encourage compatibility of hardware and commonality of interfaces.)

Registrar requirements

Registries will set standards for registrars with which they wish to do business. The following are the minimal qualifications that IANA should mandate that each registry impose and test or inspect before allowing a registrar to access its database(s). Any additional requirements imposed by registries on registrars must be approved by IANA and should not affect the stability of the Internet or substantially reduce competition in the registrar business. Registries may refuse to accept registrations from registrars that fail to meet these requirements and may remove domain names from the registries if at a later time the registrar which registered them no longer meets the requirements for registrars.

Registraries set the standards for registrars? That sounds like an uneven standard.

Yanking the names registrered by a particular registrar should that registrar become sub-standard is condemning and harming the customer for the failures of others.

1. A functioning DATABASE AND COMMUNICATIONS SYSTEM that supports:

a. Secure access (with encryption and authentication) to the registry.

b. Robust and scalable operations capable of handling moderate volumes.

    1. Multiple connections to the Internet via at least two Internet Service Providers.\

d. A daily data backup and archival system.

    1. A record management system that maintains copies of all transactions, correspondence, and communications with all registries for at least the length of a registration contract.

This whole section is presupposing that a registrar offers a public service. Why should a registrar offer to anyone and everyone. Does a large NSP that wants to offer registrar services have to offer those to customers of its competitors?

And what about "I registrar myself" registrars. Or are we requiring the creation of a body of temple priest registrars who are the only means to the holy shrine of a registrar?

All of these provisions are unnecessary featherbedding. There is no need for a registrar to have high availability or even for it to use a computer at all or to use a network connection to receive and process requests from its customers.

2. MANAGEMENT POLICIES, PROCEDURES, AND PERSONNEL including:

a. A plan to ensure that the registrar's obligations to its customers and to the registries will be fulfilled in the event that the registrar goes out of business. This plan must indicate how the registrar would ensure that domain name holders will continue to have use of their domain name and that operation of the Internet will not be adversely affected.

b. Commonly-accepted procedures for information systems security to prevent malicious hackers and others from disrupting operations.

3. Independently inspected PHYSICAL SITES that features:

a. A backup power system.

b. A high level of security due to twenty-four-hour guards and appropriate physical safeguards against intruders.

c. Remotely-stored backup files to permit recreation of customer records.

Appendix 2

Minimum Dispute Resolution and Other Procedures related to Trademarks

  1. Minimum Application Requirements:
    1. Sufficient owner and contact information (e.g., names, mail address for service of process, e-mail address, telephone and fax numbers, etc.) to enable an interested party to contact either the owner/applicant or its designated representative; and a

It would seem adequate that such information be made available only in the case of a bona fide dispute. Simply slathering that data into a public database with no controlled access nor any journal of access is a violation of privacy and an invitation to expropriation by spammers and marketeers.

b. Certification statement by the applicant that:

- it is entitled to register the domain name for which it is applying and knows of no entity with superior rights in the domain name; and

"knows of no entity with superior rights in the domain name". That's a very poor standard.

First of all it rewards stupid and know-nothing applicants.

Secondly, it requires the applicant to apply a vague legal standard.

"superior rights" in what context? Trademark, ethics, morals? And in what jurisdiction and what choice of law? Does the applicant have to search the world?

"intends to use"? What does "use" mean? If I build an inventory of names that I hold for sale, is that "use"? What if I am attorney and as part of my service of creating corporations for clients I obtain a domain name. I clearly don't intend to set up a server for that name myself; I'm merely a conduit.

2. Searchable Database Requirements:

    1. Utilizing a simple, easy-to-use, standardized search interface that features multiple field or string searching and the retrieval of similar names, the following information must be included in all registry databases, and available to anyone with access to the Internet:

- up-to-date ownership and contact information;

- up-to-date and historical chain of title information for the domain name;

- a mail address for service of process;

- the date of the domain name registration; and

- the date an objection to registration of the domain name was filed.

This entire section raises substantial privacy concerns.

"the date an objection to registration" - This allows the tarnishment of a clean title to a domain name without requiring that the objection be bona fide, material, or of substance.

By-the-way, what form of title or property right does a registrant have in the domain name?

3. Updated Ownership, Contact and Use Information

a. At any time there is a change in ownership, the domain name owner must submit the following information:

- up-to-date contact and ownership information and

- a description of how the owner is using the domain name, or, if the domain name is not in use, a statement to that effect.

What is the value of the second bullet? When I sell a car do I have to say how I used it? If the intention is to somehow impeded those who inventory "the good names", it will fail to do so.

Any smart "name inventory" builder will simply set up a server that honors all the names in the inventory and perhaps set up a web site at each one.

4. Alternative Dispute Resolution of Domain Name Conflicts:

    1. There must be a readily available and convenient dispute resolution process that requires no involvement by registrars.

Like pistols at 20 paces? ;-)

This whole document is very confused with regard to dispute resolution. With the notion of a heliocentric system with a registry at the center and a swarm of interchangeable (from the point of view of the registry) registrars orbiting the registry, it is exceedingly unclear whether who should be involved in any dispute.

Indeed, this whole system invites legal actions which will include as defendants each and every registrar, along with the registry, for a given TLD.

By-the-way, what provisions enable a registrant to move from one registrar to another? We've already lost a great deal in this document by the lost

    1. Registries/Registrars will abide by the decisions resulting from an agreed upon dispute resolution process or by the decision of a court of competent jurisdiction.
    1. If an objection to registration is raised within 30 days after registration of the domain name, a brief period of suspension during the pendency of the dispute will be provided by the registries.

 

A 30 day objection period? Is there going to be a formal gazette of registrations?