Domain Name System
The evolution in the management of Top Level Domains: ".it" as a case study
V. Casarosa, M. Martinelli, R.Rossi, S.Trumpy, D. Vannozzi
Internet Governance, ICANN (Internet Corporation for Assigned Names and Numbers), DNS (Domain Name System), gTLD (general Top Level Domains), ccTLD (country code Top Level Domains), Italian NIC (Network Information Center), Italian NA (Naming Authority), Italian RA (Registration Authority)
In this paper we present an overview of the transition of the Internet coordination functions from the US Government to the international private sector, and review the main problems encountered in this process. The management of the Italian Top Level Domain .it is used as a case study to illustrate how some of those problems have been solved, and how the open ones are being addressed.
The management of the .it TLD has evolved into two different bodies: the Italian Naming Authority, charged with the definition of the rules and the procedures for the registration and usage of domain names under .it, and the Italian Registration Authority, charged with the actual registration of domain names in the domain data base and the provision of DNS services. The naming rules for domain names under .it are becoming more and more "liberal", and the registration service has undergone the common transition from a free service mostly provided to the Italian research community to a fee service mostly provided to commercial users.
The paper will conclude with an overview of the major challenges which remain to be solved, on one side to formalize the relationship with ICANN for the delegation of the management of the TLD .it, and on the other side to legitimize the activities of the Naming Authority and the Registration Authority in the frame of the increased awareness of Internet matters on the part of Italian governmental organizations.
1. The evolution of the Internet Governance
In the past few years Internet has evolved from a tool mainly used for computer and networking research to a worldwide infrastructure for communication and commerce. Given the growing international and commercial relevance of the Internet, in 1997 the US Government published a document, known as the Green Paper, expressing its intention to end direct support of Internet name and address coordination services, until then performed by IANA (Internet Assigned Numbers Authority) with Government funding. After a comment period, in 1998 a final document was published, the White Paper, which concludes that the US Government should no longer take such a central role in the coordination of essential Internet services, and advocating the establishment of a new body, coordinated by the international private sector.
In November 1998 ICANN (Internet Corporation for Assigned Names and Numbers) was established as a private non-profit corporation under California law, not without some concerns from non-US "netizens" (citizens of the Internet). The structure of ICANN calls for a General Assembly (GA) and three Supporting Organizations (SO), plus a number of Advisory Committees (AC). The GA and the SOs elect the Board of Directors of ICANN, (18 members plus the President and CEO of ICANN), which is the only body empowered to make decisions, based on input and recommendations from the GA, the SOs and the CAs. The three Supporting Organizations provide technical and policy recommendations on the three major responsibilities of ICANN: the coordination of the management of the Domain Name System (DNSO); the allocation of IP address space (ASO) and the assignment of Internet protocol parameters (PSO).
The management of the DNS is by far the area that has generated the most debate and controversy, both on the subject matter itself and on the formation of the DNSO. The DNSO is presently established as a two tier structure, with a General Assembly (GA) and constituencies, that together elects a Names Council (NC). The GA consists of all the interested individuals and entities, and it is the initial source of both policy and representation. Any constituency that self-forms out of the GA and is recognized by the ICANN Board can send three members to the Names Council. Six initial constituencies have been recognized by the ICANN Board: ccTLD Registries, gTLD Registries, Registrars, ISPs and connectivity providers, Commercial and Business Entities, Intellectual Property. These constituencies, representing commercial interests, have organized rapidly; an additional Non-Commercial constituency, called for by an ICANN resolution, is still under formation. The worldwide research community, being mostly non commercial in nature, could take the lead in the formation of this constituency, which could represent in the DNSO the views and the interests of non commercial Internet users.
2. gTLDs and ccTLDs
Under the pressure of the e-commerce, the relevance of domain names has increased dramatically, in connection with the growth of the global user base and with the increasing importance of web sites visibility. The demand for names has increased following a very steep curve, to the point that today there are well over 10 million registered names; at the same time the number of non occasional users of the Internet has kept increasing, and today it is estimated to be between 200 and 300 millions (these numbers vary widely depending on the source), with a domain name every 20 or 30 users. This ratio is expected to decrease in the future, as the growth of domain names seems to follow a steeper curve than the growth of Internet users, and a further increase of the registered names of at least one order of magnitude is not too far fetched. However the real problems of that growth are not the technical ones of scaling the DNS, but rather the ones related to the commercial relevance of domain names.
A domain name can have a relevant commercial value, especially if it can be associated with services of value over the Internet, or if it is (or resembles) a well-known mark. This is causing the problem of "wharehousing", i.e. registering hundreds or even thousands of names, in the hope to find later buyers for some of them, and the problem of "cybersquatting" (or "cyberpirating"), i.e. registering names equal (or similar) to well-known marks, with no previous rights to them, thereby blocking their use by rightful owners, or using them as a lure for improper or misleading use.
As we will see in a moment, cybersquatting, of utmost relevance in a commercial environment, is posing some problems also to the traditional subdivision of the name space into general TLDs and country code TLDs, which remains valid in many other aspects. gTLDs where conceived as global domains, i.e. to be used everywhere in the world, with one of them (.com) open to any commercial organization; ccTLDs where conceived to allow local communities to register names of local interest. The management of the gTLDs was delegated by IANA to InterNIC (later incorporated into NSI -Network Solutions Inc.), while the management of the ccTLDs (defined following the ISO 3166 two-letter codes for nations or territories) was delegated to the technical organizations which seemed to best represent the interests of the local Internet community, generally research or academic institutions.
The TLD .com is today "overcrowded" (more than half of the existing domain names are registered under .com) and for a user it is becoming more and more common to find that the desired name has already been registered. At the same time the user community seems to give less and less relevance to the top level domain under which a name is registered, so for example many commercial firms without any connection to networking are now registering their names under .net, if they find that the desired name is not available under .com. This situation is providing ccTLDs the opportunity to "go commercial", i.e. to open the domain to registration of names of commercial interest, regardless of their local relevance, as originally conceived. Some ccTLDs, usually managed by private organizations, are taking advantage of this opportunity, and in many aspects are becoming quite similar to a gTLD, except that they are much more autonomous from ICANN than a gTLD.
In fact, with the assistance of the US Government, ICANN has maintained a tight control over gTLDs, and last year forced NSI (the monopolist for registrations under .com, .org, .net) to break into two separate organizations: a non-profit organization managing the Registry (i.e. the data base and the primary name server) and a Registrar organization (which is for profit) registering names under those gTLDs, in fair competition with other Registrars, which must be accredited by ICANN. In this situation, and in coordination with WIPO (World Intellectual Property Organization) ICANN is attempting to solve the problem of cybersquatting by endorsing the principle that a uniform domain dispute resolution policy should be adopted across all gTLDs, and has requested that the accredited Registrars work together to formulate such policy. Opponents claim that this proposal would bind the few gTLDs to a new legal regime, without altering the rules applicable to the hundreds of ccTLDs, giving those ccTLDs (at least the ones gone commercial) an unfair market advantage.
In that context a number of the larger ccTLD Managers (i.e. the organizations delegated by IANA to manage a ccTLD) are proposing to create a self regulating international association which would maintain and update best practice guidelines for the management and operation of ccTLD registries. The guidelines should provide processes to establish new ccTLD registries and ccTLD Managers, to facilitate changes of the ccTLD Manager, and to facilitate the resolution of disputes between ccTLD Managers and the local Internet community and other Internet organizations. Ideally, the processes should apply equally well to the variety of ccTLD Managers existing today. Some ccTLDs are still managed (usually on a non profit base) by the original academic or research institutions, some are managed by ISP consortia, some are directly managed by the local government or public authority, some are managed by commercial private organizations (usually for profit), and it will be a difficult task to define those processes.
A related effort is being brought forward by the Government Advisory Committee (GAC) of ICANN. GAC was established to provide a means by which official government representatives could express their opinions about ICANN activities, since government officials are precluded from having a direct say in ICANN decision making process. GAC provides a forum for discussion, especially on those matters where there may be an interaction between ICANN policies and various laws and international agreements. Presently a draft proposal is being circulated, defining the principles for the delegation and management of ccTLDs. The draft proposes a three party model, based on the main principle of RFC 1591 (issued by Jon Postel in 1995), which states that a ccTLD performs a public service on behalf of the relevant local community, and as such the designated manager has a duty to serve this community. The model is based on the communication (established by some form of agreement) between ICANN and the ccTLD Manager, between ICANN and the relevant government or public authority of the nation or territory associated with the country code, and between the relevant government or public authority and the ccTLD Manager.
The research and education community should continue to play a significant role in all the above mentioned issues; it was instrumental in the starting of Internet, and through IETF continues to provide significant contributions in the areas of IP addressing, IP and DNS security and in general in the area of Internet protocols. However also in non technical areas the research community could and should provide valuable contributions, especially in those countries where research or educational institutions are not involved in the management of the ccTLD. By establishing a close relationship with the government bodies related to Internet matters, to research community could raise their awareness of the present problems and could provide technical and policy advise in the dealings with ICANN through the GAC.
On a more general level, as mentioned above, the research community could take the lead in the formation of a Non Commercial constituency in the DNSO, and in the definition of the principles underlying the participation of persons and organizations in the General Assembly of ICANN. The Membership Advisory Committee (MAC) of ICANN is presently working to define the membership criteria and the voting mechanism of the GA, in order to elect the new nine members of the ICANN Board of Directors before the end of 2000. We believe that an active participation of the research community in both initiatives could bring an additional perspective to the process, which is now largely dominated by commercial, financial and legal people, and possibly provide good candidates for election to the Board.
3. Some history of .it
Italy was one of the first country in Europe to experiment with the IP protocol. At the beginning of the eighties CNR (the Italian National Research Council) became a participant in the ARPA project and in 1986 an intercontinental link between Italy and the USA was established at the CNUCE Institute in Pisa, at that time the major institute of CNR carrying on researches in Information Processing and Networking.
In 1988 the management of the country code Top Level Domain .it was delegated by IANA to CNUCE, as the major reference point in Italy for activities related to Internet. The networking department of CNUCE has been recently established as an autonomous institute of CNR, named IAT (Institute for Telematic Applications), and IAT is the organization presently delegated for the management of the TLD .it. Until the early nineties, the management of the TLD .it was mostly a research activity, with very few names registered under .it. The explosive growth of Internet started in 1995 (the total number of domains under .it has gone from 153 in 1994 to 1443 in 1995, to 6653 in 1996, to 21451 in 1997, to 45762 in 1998, to 92057 in 1999) has forced a reorganization and a rationalization of the management of the TLD .it.
Starting from 1994 the activities of the Italian NIC (the Network Information Center, i.e. the customary way to indicate the organization "taking care" of Internet in a country) have been subdivided among two different entities: the Italian Naming Authority (NA), whose main task is to define the rules under which domain names can be assigned in the TLD .it, and the Italian Registration Authority (RA), whose main task is to verify that a request for the registration of a domain name under .it complies with the rules set by the NA, to actually register the domain in the domain names data base, and to manage and ensure the integrity of the data base and the functionality of the authoritative name server for .it.
4. The Italian Naming Authority
The first group which later became the Italian Naming Authority was established in 1994 by UNINFO (the Italian counterpart of ISO, specifically dealing with matters related to computer science) to comply with the specification ISO 6523, which requested each member country to establish a body for the definition of the rules and the operational procedure of the OSI names. This working group (composed of experts in the field of naming both from the R&D environment and from the telecommunications area) soon recognized the need to maintain a strict relationship between OSI and Internet names. At the end of 1994 the working group was renamed ITA-PE (PE are the initials of the Italian words for electronic mail) and was chartered to deal with the matters of domain names both for the TLD .it and the country code "C=it".
The operational model of ITA-PE was patterned after the model of the Internet Engineering Task Force (IETF) groups. Free participation of experts in the activities of the group was welcome and encouraged, the technical work was undertaken in periodical meetings and through the ITA-PE e-mail discussion list, and decisions were taken according to the principle of "rough consensus", without any formal voting. In 1998, the need for a structure able to make operational decisions more rapidly, and the problems of always acting according to the principle of "rough consensus", led to the revision of ITA-PE working model. ITA-PE was renamed Italian Naming Authority, and a formal statute was approved, defining the three main bodies of the NA: the General Assembly, the Executive Committee and the President.
The General Assembly (GA) is made of all the members of ITA-PE and the Internet Service Provider registering domains under .it; the Executive Committee is made of 8 members elected each year by the GA, plus one member nominated by the Registration Authority, one member nominated by UNINFO, and other members nominated by the Ministries and governmental agencies; the Executive Committee has the responsibility to define and decide on the rules and the procedures for the registration of domain names. The President, elected each year by the GA, has the power to veto those rules or procedures which appear not to be in agreement with the general opinion of the GA (as it appears from the GA discussion list), and send them back to the Executive Committee for reconsideration.
The present Naming Rules define a geographical structure under .it, based on the names of the Regions, the Provinces and the Municipalities of Italy (they are all reserved names). For government central organizations (such as Ministries) there is a governmental office charged to provide guidelines for a uniform naming structure. Local public administrations have their canonical name (Comune. Provincia, Regione) reserved under the appropriate geographical structure. All commercial organizations (and associations) can request a domain name directly under .it, and the name does not necessarily have to be (or resemble) the name of the organization.
During the years the Naming Rules have been revised to take into account the evolution of Internet, but the main point which has remained unchanged is that a domain name is "assigned in use" to the requestor (the Registrant), and cannot be sold or transferred to another subject; the correct procedure is for the old assignee to relinquish the use of the domain name, and for the new assignee to request the assignment of the name, which has become available.
The two major restrictions for registering names under .it, namely that only entities (as opposed to persons) with a legal status in Italy can request a domain name under .it, and that only one domain name per entity is allowed, have recently been removed. Starting on December 15, 1999, all organizations with a legal status in any country of the European Community and private persons residing in any country of the European Union are allowed to request names under .it; an organization is allowed to request an unlimited number of names, while a person can request only one name.
Based on the first few weeks of experience with the new rules, we have seen a ten-fold increase in the number of requests for registrations, much higher than the most optimistic (or should we say pessimistic ?) estimate done before the new rules went into effect, but we believe that to be a temporary situation due to massive wharehousing, done by a few organizations. At the same time the requests from private citizens are building up more slowly than expected, and that may be due to the fact that (as we will see in the next section) before accepting a domain name for registration the functionality of the name server for that domain is checked. We have not seen a significant increase in cybersquatting, probably due to the fact that until now, in most of the cases ended up in Court, the judge has generally sentenced in favor of the trade mark owner.
For what concerns a procedure for dispute resolution, the Italian Naming Authority has provided input and comments to the document issued by WIPO (The management of Internet names and addresses: intellectual property issues). Also for .it the recommended procedure is to use arbitration in case of a dispute about the assignment of a domain name, but each party can choose between going to Court or using the arbitration, whose outcome, in most cases, is binding. The Naming Authority maintains a list of experts available for arbitration and, if requested, will nominate the chairperson of the arbitration commission.
5. The Italian Registration Authority
The Italian Registration Authority is responsible to verify that the requests for domain names under .it are complying with the Naming Rules established by the Naming Authority, that the technical requirements for the proper working of the new domain name are met, and finally to register the new domain name in the data base of the registered domain names. It is also responsible for the management of the primary name server for .it.
This service has always been provided by CNR-IAT (the Institute for Telematic Applications of the Italian National Research Council, formerly part of the CNUCE Institute), and until the end of 1997 it was free of charge. Starting in January 1998, the increasing number of requests for registration and the corresponding increase in the required effort forced IAT to start charging on a cost recovery base. The tariff structure and rates were defined in October 1997, in the first meeting of the so called "Contributor's Committee", i.e. the community of all those requesting registration of domain names under .it, consisting almost exclusively of Internet Service Provider. In the fee model, there is a yearly charge for the maintenance of existing domain names (20,000 Italian lira in 2000) and a one time charge (30,000 Italian lira in 2000) for the registration of a new domain name, which includes the maintenance for the calendar year. An ISP (in this context any organization requesting the registration of domain names on behalf of its customers) must establish a contract with the Registration Authority (RA), and the fees are charged to the ISP, and not to the assignee of the domain name (the end user). There is also a provision for organizations which want to request their own domain name directly to the RA, and in this case they will establish with the RA a different type of contract.
The Naming Authority has also established the procedures to be followed by the requestor of a domain name, in particular requiring the requestor of a domain name to sign a letter stating that the use of the requested name does not infringe the rights of any third party, and that it will comply with the "Netiquette" rules described in the RFC 1855 and RFC 2635. In many cases of litigation, where the offending party was in good faith, the RA has been able to intervene, based on this letter, and help the parties to find a suitable agreement. On the contrary, in all cases of litigation ended up in court one of the parties was clearly in ill faith, and was hoping to get an out of court settlement, less expensive for the other party. In some cases of litigation in court the RA has been called to clarify to the judge some technical points, but until now no one has sued the RA for direct responsibilities in the litigation.
To give more strength to the clauses contained in the letter signed by the requestor (the assignee of the domain), it has been proposed to make those clauses part of the contract between the ISPs and their customers (the requestors), so that an ISP would have a legal base to dismiss a customer in case of misbehaving. At the same time the RA would insert in the contract between the RA and the ISP a new clause requiring the ISP to have those clauses present in its contract with the customer, and that would give the RA the possibility of not accepting registration requests from an ISP not enforcing the Netiquette. This model is presently being debated within the Executive Committee of the NA.
Under the pressure of the increasing number of requests, and with the availability of increased resources due to the revenue of the service, the RA has developed a number of tools to assist in the registration of domain names and to improve the ease of access to the domain data base. The turn around of a request for registration is on the average in the order of two days, which may seem long if compared to completely unregulated TLDs such as .com, but may be reasonable when one considers all the checks and controls done before registering or changing a domain, in order to try and ensure a use of .it as dispute-free as possible.
To prevent the "booking" of domain names, one of the rules established by the NA requests that the name server for a new domain must be operational before the new domain can be registered. An automated procedure, based on the technical information provided in an electronic form sent by the ISP, checks the functionality of the indicated name server, and notifies the ISP if any errors are encountered. The requirement for a domain to be reachable must be met also after registration, and a procedure, presently under test, will periodically check the functionality of all the second level domains (in a round robin fashion) and will warn the ISP responsible for that domain in case of problems. In this context it is to be noted that the RA provides at no charge the service of secondary name server to all domains which request it. Another useful tool is an indexed access to the domain data base, through the WAIS search engine, which allows to retrieve data based on any information contained in the domain object, and not only on the domain name.
6. The next steps
Given the evolution of the "Internet Governance" at the international level, with the establishment of ICANN and the three Supporting Organizations, what are the major challenges in front the Italian Naming Authority and Registration Authority ?
First there is the need to establish a formal agreement with ICANN for the provision of the root server service and for the delegation of ccTLD management. Since it is unlikely that ICANN will negotiate a different agreement with each ccTLD Manager, the Italian RA, as a member of CENTR (Coordination of European National TLD Registries), is actively participating in the definition of the best practice guidelines, which should be the base for a formal agreement with ICANN. Actually CENTR is the main proponent of the self regulating international organization of ccTLD Managers acting in accordance with best practice guidelines, mentioned before. The main concern is not the fee structure, as for a well organized registry the payment of a reasonable fee to ICANN should not be a problem, if the registry is managed on a cost recovery base, as in Italy. The main problem still to be understood is to what extent (if any) the agreement between ICANN and the ccTLD Manager should include some involvement of the government having jurisdiction over the nation or territory corresponding to a Country Code.
This consideration leads to the other major challenge in front of the Italian NA and RA, i.e. how to establish in a more formal way their role in the management of the "Italian Internet", in agreement and in cooperation with the governmental bodies responsible for these matters. In the past year there have been efforts to sensitize and involve government representatives in the activities of the NA and RA, and some representatives have been co-opted as members of the Executive Committee of the NA. A few months ago CNR-IAT (i.e. the RA) helped AIPA (the Authority for the coordination of Information Processing within the Public Administrations) to organize a Conference in Rome to sensitize the government institutions to the problems of Internet Governance. A positive outcome of that Conference, well attended by many representatives of Ministries and other agencies, is that the Presidency of the Council of Ministries has taken the lead in establishing a joint commission to coordinate those activities which are more closely related to Internet. The first tasks of this commission will be to coordinate the participation of Italy in the GAC, and to start the debate on how to participate in the agreement with ICANN for the delegation of the TLD .it.
One last consideration is the evolution of the present situation (the RA being the monopolist for .it) to the same situation as the gTLDs, where multiple Registrars can register names into a Registry managed by a non-profit organization. We believe that such evolution is a logical one, and we expect that as soon as the situation will become stable, this model can be adopted also by the ccTLDs. We hope that CENTR can continue its leading role also on this subject, as it would be in the best interest of everybody to establish common rules of Registrar accreditation for all the ccTLD Registries willing to adopt this model.