[ncdnhc-discuss] Paul Hoffman's end ICANN proposal

James Love james.love at cptech.org
Thu Apr 25 21:49:02 CEST 2002


http://www.proper.com/ICANN-notes/dns-root-admin-reform.html

Reforming the Administration of the DNS Root
Paul Hoffman
April 25, 2002

----------------------------------------------------------------------
      Table of contents
      1. Introduction
      2. Run the DNS root for the two most important constituencies
      3. Give the ccTLDs more say in the content of the DNS root
      4. Set up a TLD Secretariat
      5. Add 25 new TLDs every six months
      6. Let the current gTLDs continue as-is
      7. Let the ASO run itself
      8. Let the PSO run itself
      9. Stop perpetuating the hoax of Internet user "representation"
      10. Let ICANN gracefully shut down as soon as the TLD Secretariat is
operational

        1. Introduction
      The president of ICANN has admitted the obvious: The ICANN system is
broken. However, most responses to the issue have focused on reforming ICANN
instead of looking at solutions to the original problem, which is the stable
management of the DNS root. This essay deals with reformation of the DNS
root administration, not ICANN reforms.

      After many years, there are still widely varying views on what ICANN
is supposed to do and how much power it should have. Fortunately, the past
three years with ICANN have offered many lessons, and most of those lessons
point to the same conclusions:

        a.. Commercially run TLDs act like regular businesses. They maximize
profits, minimize costs, and only change when threatened with dire
consequences.
        b.. Running open-policy discussion forums with participants who will
never have to do the work to follow through on any of their suggestions
rarely leads to consensus or even general satisfaction.
        c.. When an administrative body threatens punishment but doesn't
follow through, governed entities begin to ignore the administrator, thereby
diminishing the reputation of both parties.
        d.. Too many unrelated goals diminish an organization's ability to
make progress on any of them.
        e.. Promising administrative representation to countries or
individuals, and then reneging on that promise, engenders justifiable,
widespread mistrust.
        f.. Excessively restricting the number of new TLDs ensures that the
vast majority of registrations in those TLDs will go to name speculators or
existing name holders, not to new users.
      While ICANN looks unfixable, the DNS root is still manageable. Where
ICANN has floundered, the DNS root operators have fostered a useful and
stable Internet naming system. This part of the Internet has weathered the
massive growth of both traffic and avarice, and its resilience is admirable.

      This proposal is not intended as a criticism of the people who have
spent years working for or with ICANN. These people have worked hard in an
incredibly unfriendly atmosphere. Unfortunately, the result hasn't worked
for the Internet.

      As with any proposal for fixing the DNS root administration, the ideas
put forth here are merely suggestions until the DNS root server
administrators have agreed with them. Hopefully, they will agree that these
proposals would lead to more stability and usefulness for the DNS and will
want to move forwards with them.



--------------------------------------------------------------------------

      2. Run the DNS root for the two most important constituencies
      ICANN was supposed to provide administration for two main groups: root
server administrators and the people of the world. Over time, the business
interests of domain name registrars, registries, and commercial name-holders
became much more important to ICANN than the stability of the DNS root or
the usefulness of the DNS for the masses.

      The severity of this misdirection is evident in the proposals to
reform ICANN. Most have emphasized changing the composition of the board of
directors or the supporting organization without showing how the change will
help the DNS root or the people of the world. Simply having different people
on the ICANN board won't necessarily change ICANN's focus or its methods.
The overriding assumption is that ICANN should exist because it currently
exists, although its existence has not yet helped the DNS's most important
constituencies.

      DNS stability and usefulness should be the main focus of whoever
administers the DNS root, without regard to profits for companies in the DNS
market. Part of that stability is technical, but most of it is political.
The ccTLDs are the natural focus for this stability. Mis-identifying an
entire country is much worse than mis-identifying a company. ICANN's rough
treatment of the ccTLD operators -- typified by charging countries for ICANN
membership instead of slightly increasing fees for commercial vendors in
order to support the ccTLDs for free -- shows that ICANN doesn't understand
its constituency.

      Since ICANN's creation, people all over the world have been asking for
a much broader selection of TLDs. ICANN responded by slowly creating a few
new names that were supposed to be tightly controlled. ICANN then abandoned
that control by failing to enforce the agreements that the new TLD
administrators had promised to follow. Further, it has shown no interest in
adding more useful names. ICANN doesn't plan to evaluate the success of the
new TLDs for at least another year, though their failure is fairly obvious.
There's been essentially no significant use of the new names.



--------------------------------------------------------------------------

      3. Give the ccTLDs more say in the content of the DNS root
      The ccTLDs are the closest thing we have to names run by organizations
(or rather, countries) that are responsible to regular people. Regardless of
arguments over the state of democracy in the world, countries are more
representative of the masses than are corporations. Countries should have a
greater say in how country-related names appear in the DNS root.

      ICANN has been a terrible conduit for organizing countries.
Fortunately, countries already have a long-standing, stable organization for
which they have respect: the United Nations (UN). For all of its faults, the
UN has proven stable and useful, and is certainly more widely recognized
than ICANN.

      Given the massive problems that the UN has dealt with in the past 50
years, naming countries in the DNS root will be a minor task. The UN even
has a political/technical affiliate that would be happy to take over the
job: the International Telecommunication Union (ITU), which is a specialized
agency of the UN's Economic and Social Council.

      While the ITU isn't well regarded in Internet circles, it's already
internationally recognized because the ITU administers country-code numbers
for the telephone system. The organization knows how to deal with
international politics in the technical arena, and even has the legal right
to do so. What's more, countries already have representatives in the ITU. In
the past few years, the ITU has begun to understand the importance of the
Internet and the problem of naming countries, possibly better than ICANN.

      Each country would continue to have control over its own ccTLD name.
Further, a majority of the ccTLD body should be able to overrule any new
TLDs added to the DNS root. For example, if an American company wanted to
control a new TLD ".china", or if the government of China wanted to control
a new TLD ".usa", the ccTLD body would most likely prevent those new names
from being delegated.



--------------------------------------------------------------------------

      4. Set up a TLD Secretariat
      We've tried running the DNS root with a large, ponderous committee
that lacks focus. Let's learn from the experiment, and return authority over
the root zone to a single person who is trusted and respected by the main
constituencies (the root server operators and the people of the world). A
new TLD Secretariat would resemble the long-standing system that was in
place before ICANN.

      The TLD Secretariat could easily be a single person. Her or his
allegiance would be first to the root server operators, then to the ccTLDs,
and lastly to the gTLDs. A stable, well-respected, international Internet
organization would appoint the TLD Secretariat. While there are benefits to
having the ITU organize the ccTLD administrators, it would be completely
unsuited selecting the TLD Secretariat because it isn't well regarded in the
Internet community or by the root server operators. The Internet Society
(ISOC) would be a much better choice.

      Given ICANN's current penchant for secrecy and closed meetings, the
new TLD Secretariat will have a harder time gaining the world's trust.
Fortunately, it wouldn't be difficult to make all correspondence to and from
the TLD Secretariat a matter of public record. Although this might initially
cause some consternation for the commercial registries that have benefited
from ICANN's methods, it will build trust in the system.



--------------------------------------------------------------------------

      5. Add 25 new TLDs every six months
      ICANN's failure to introduce a significant number of useful TLDs has
led to speculation that there is no market for new TLDs. It's true that
names in the new TLDs are barely being used, and that the vast majority of
registrations in the new TLDs are to name-squatters. However, remember that
ICANN saddled the new TLDs with rules that ICANN now doesn't enforce, and
also restricted users to a small number of names.

      A TLD Secretariat could radically change this situation without much
effort or politics. After the TLD Secretariat was in place, there would be
an auction every six months. Everyone who wanted to own or manage a new gTLD
(and was technically qualified to do so) would send an application for a
particular name with a check to the TLD Secretariat. All checks would be
validated. At a pre-defined date, the checks would be sorted by value and
the name associated with each one of the biggest checks would be matched
against the existing TLDs and the newly won names. The list would be
approved by the ccTLD administration, and if the ccTLD administration
removes some from the list, additional names will selected so that the
result was a total of 25 new gTLDs were added. The minimum bid would be
US$10,000 to make sure that the costs of running the auction don't become
higher than the value of the new TLDs, and the winners would have to show
that they could properly run the name servers for the new gTLD.

      The process of choosing the names would be completely open to
observation, and decisions made by the TLD Secretariat would be simple and
nonpolitical. On the date of the auction, all of the applications (not just
the successful ones) would be published.

      The TLD Secretariat would give a monopoly on the name for 25 years
from the date of auction. There are no rules on what the new gTLD owner can
or cannot do with the TLD other than that they must properly run five
geographically and topologically distributed name servers for the TLD. The
name owner would be able to use registrars in a fashion similar to the gTLDs
today, or they could manage the registration themselves. Just as with
current second-level domains, each TLD name owner would have a monopoly on
the name, although there would be nothing preventing someone else from
getting similar name if they wanted to pay for it. (Getting ".coolname"
would not prohibit someone else from getting ".cool-name" or ".koolname".)
Also like current second-level domains, the monopoly would come with no
strings attached. Each owner could run the business part of the TLD as well
or as poorly as he or she wanted, as long as they ran the technical part
adequately.

      ICANN has paid lip service to the idea that the business part of the
new TLDs must be run well. However, it has consistently failed to impose any
sanctions for the obvious transgressions on the part of gTLD operators. For
example, the .name TLD has lots of registrations for domains that are
obviously not personal names (such as "a.funny.name"), and registrations by
people who don't have that name (look at the registrations for almost any
famous person's name). Because of this, the TLD Secretariat would offer no
customer service protections. As with most services in the commercial world,
people who bought names from the new gTLD owners would have to enforce the
rules through their local or national court systems.

      In fact, a new gTLD owner wouldn't even have to let anyone register
under it. If someone were to pay a lot of money for a vanity gTLD that only
he or she could use, that would be just fine. Allowing for such situations
wouldn't reduce the stability of the DNS root, and trying to force a gTLD
owner to allow registration under the gTLD without any good enforcement
mechanism would lead to the silly situations that ICANN is currently
fostering. Of course, the fact that only the 25 highest bidders will get
names will probably reduce the number of successful vanity bids because most
gTLD owners would want to sell names in order to recoup purchase costs.

      Initial auctions would probably raise US$millions, which is obviously
more than enough funding for the TLD Secretariat. The auction income would
first create an endowment that would keep the TLD Secretariat and IANA
staffed for at least 25 years. If there were profit beyond those needs, and
it's extremely likely there would be, the rest could go toward research in
global DNS management and technologies, and development of the next
generations of Internet naming services.

      At some point, people won't want to own new gTLDs. The auction process
should be publicly re-evaluated after five years. (Why not sooner? ICANN's
constant re-evaluation process is one of the major causes of its inability
to move forward. Stability is a much more important goal.) After the
auctions have stopped, if they ever do, the TLD Secretariat would continue
to do maintenance, research, and writing. Remember that the TLD Secretariat
is also responsible for handling name changes and additions for the ccTLDs,
and those countries will be around for a lot longer than 25 years. Given
that the TLD Secretariat-issued contracts are for 25 years, the office will
need to be around for a very long time by Internet standards.



--------------------------------------------------------------------------

      6. Let the current gTLDs continue as-is
      Despite the general animosity toward many of the current gTLD owners,
there is no clear way to re-allocate the names over which they have a
monopoly. They should retain their names for the next 25 years under terms
similar to ICANN's, except that they wouldn't have to pay the TLD
Secretariat.

      True, this would reward some companies that have shown incredible
greed and incompetence, but there's no reasonable way to reapportion the
names without falling into a hopeless pit of legalities. Oh, well. It should
be noted that some people are so upset about the current gTLD owners that
they would spend years trying to wrest control of the current gTLDs away
from them. While such fights may be personally fulfilling, they would not
build more stability into the DNS root and make more names available to the
people of the world. Stability for everyone is much more important than
personal satisfaction.

      One huge difference between the current gTLD owners and the proposed
new gTLD owners is that the current owners would have to continue the
registration procedures that they agreed upon with ICANN. If the current
owners did not live up to that agreement, the TLD Secretariat would simply
open their gTLD names for bidding in the next auction. This way, the
registrar community that has built up around the current gTLDs would
continue to exist (and possibly grow, if the new gTLD owners want to use
registrars), and the gTLD owners would gain money that they aren't paying to
ICANN.



--------------------------------------------------------------------------

      7. Let the ASO run itself
      Originally, many of us who formed ICANN thought that it would be able
to focus on multiple technical topics simultaneously. We were grievously
mistaken. ICANN as a group has never fully grasped the goals or problems of
the three regional Internet registries (RIRs), such as IP route table
growth, address allocation policies, and so on. (An excellent overview of
the RIRs can be found in the December 2001 issue of the Internet Protocol
Journal.)

      The three RIRs that make up ICANN's Address Supporting Organization --
Réseaux IP Européens (RIPE), Asia Pacific Network Information Center
(APNIC), and American Registry for Internet Numbers (ARIN) -- haven't gotten
much, if anything, out of being organized by ICANN. They already have lots
of formal cross-NIC ties, so nothing will be lost if there's no ASO in
ICANN. These are mature, well-run organizations; they'll form their own
independent group with their own leadership if need be. Saddling them with
the ICANN mess won't help them, nor will it help the Internet deal with IP
address allocation issues, nor will it help the stability of the DNS root.



--------------------------------------------------------------------------

      8. Let the PSO run itself
      Similarly, the organizations in ICANN's Protocol Supporting
Organization -- Internet Engineering Task Force (IETF), World Wide Web
Consortium (W3C), International Telecommunications Union (ITU), and European
Telecommunications Standards Institute (ETSI) -- haven't gained much value,
if any, from being organized by ICANN. These groups already have lots of
cross-organization ties and official liaisons, so nothing will be lost for
them if there's no PSO.



--------------------------------------------------------------------------

      9. Stop perpetuating the hoax of Internet user "representation"
      Governmental representation requires reasonably accurate voter
registration and solid measures against cheating in the elections. People
who understand the Internet and security know that it's impossible to
accurately register human Internet users if there's much incentive for false
registration. Election fraud would also be trivial; even if votes couldn't
be forged, denial-of-service attacks in electronic elections are much easier
to carry out than in physical elections. Preventing registration and
election fraud for an international online election with hundreds of
millions of potential voters would easily cost US$billions.

      As Harald Alvestrand points out in his excellent essay on ICANN
reform:

              We can thus group voting proposals [for elected
representatives] into three groups:
              a.. Easily breakable, gamable, or fakable,
              b.. Very expensive,
              c.. Nonexistent.



      Many of us wanted to believe that elections were possible, but we now
know that if there were more than a few tens of millions of eligible voters,
such elections would be a security nightmare. It's cruel to tell Internet
users who don't fully understand security concerns that they should be
represented in Internet governance, and then later say "we couldn't figure
out a way to hold the elections." Of course users wills be frustrated and
angry, particularly if they cannot understand why it's so much harder to
hold elections on the Internet than it is face to face.

      Internet users don't need direct representation in the TLD naming
process. Instead, they need venues for learning about, and affecting, their
own governments' regulation of the Internet. Let's face it, gTLD names are
far less important than content suppression and restricting Internet access
to certain groups of people. Getting Internet users to focus on ICANN
because it was the only game in town has done a disservice to those users,
particularly when it became clear that ICANN elections for end-user
representatives would either cost hundreds of times of ICANN's budget or
would be easy targets for fraud.

      The good news is that there are growing venues for Internet users to
learn and become active about important Internet issues. The At-Large
Membership Study Committee did an admirable job in looking at what the
concerns of Internet users would be if they could elect representatives to
ICANN, or more likely, some other Internet governance body. Lots of the
information they gathered is probably more relevant outside than inside
ICANN. Recently, the Internet Society (ISOC) has made its individual
membership free and has increased the value and power of its local chapters.
ISOC represents the best chance for individuals throughout the world to
listen and be heard on the important topics that affect the Internet.



--------------------------------------------------------------------------

      10. Let ICANN gracefully shut down as soon as the TLD Secretariat is
operational
      The folks at ICANN know that they have a thankless job, they hear it
from a zillion people every day. They can see how little they've
accomplished over the past three years, even though many of them have worked
incredibly hard during that time. Why force this group through a major
overhaul of the ICANN structure when the evidence suggests that two years
from now we'd still have as little to show for it?

      As soon as the TLD Secretariat is set up, ICANN can start to shut
down. As that happens, the less civil participants may try to make ICANN
leadership feel bad about the somewhat tortuous experiment, or to make them
look bad in public. The heightened level of animosity and competitiveness in
the ICANN process can be addictive to those involved, and old disputes may
be hard to give up. However, neither of the real goals here (stability of
the DNS root and usefulness to the people of the world) would be served by
giving ICANN staff or board members another kick on the way out the door.
Let's be civil, and begin to clean up the mess that all of us have helped
make.



--------------------------------
James Love mailto:james.love at cptech.org
http://www.cptech.org +1.202.387.8030 mobile +1.202.361.3040


--------------------------------
James Love mailto:james.love at cptech.org
http://www.cptech.org +1.202.387.8030 mobile +1.202.361.3040





More information about the Ncuc-discuss mailing list