Keeping the Internet a Reliable Global Public Resource: Response to New.net "Policy Paper"
New.net recently published a policy paper that asserts that consensus policy development is not a workable system for managing the Domain Name System (DNS). New.net is a commercial entity seeking to promote a collection of domain names unilaterally established without participating in the Internet community's ICANN consensus process.1
New.net primarily accomplishes this in a three-way technology pastiche described in Section A. Compared with the relative simplicity of the Internet's fundamental architecture, there are serious questions about the maintainability of New.net's complex panorama of technologies.
Besides technology concerns, the fundamental problem with New.net's unilateral approach is that it facilitates domain name conflicts across the Internet and breaks the notion of universal resolvability. Universal resolvability means the ability to find the same answer to the same query from anywhere on the public Internet. The position advocated by New.net relies on the fundamentally erroneous assumption that universal resolvability is not an important feature of the DNS.
To the contrary, universal resolvability is one of the key design elements of the DNS. If users perceived that the DNS began to produce different results in response to the same question, this would seriously undermine confidence in the reliability of the Internet to users and potential users around the world. This would be comparable to dialing a telephone number correctly and sometimes reaching one person and sometimes another. For more information on the dangers of breaking universal resolvability, see Section 1 of "A Unique, Authoritative Root for the DNS" (ICP-3), which describes current ICANN policy on a single authoritative root and the reasons supporting that policy.
In simplest form, ICANN policy recognizes that, every day, hundreds of millions of Internet users rely on the DNS to provide near-perfect reliability, meaning that they depend on the DNS to deliver messages to their intended destinations. Without near-perfect reliability, users will not be willing to use the Internet for e-commerce or communications, because they will not be able to know with certainty that their credit card numbers or personal e-mails will reach the intended destinations. In other words, an authoritative DNS coordinated through a single root system is critical to maintaining user confidence.
The New.net paper
is an exercise in commercial advocacy cloaked in the guise of a "policy"
paper, even in those sections where it sets forth its own interpretation
of the history of the DNS and of ICANN. This so-called "policy"
is a corporate prescription designed to justify New.net's business model.
Adoption of the prescription proposed by New.net would produce a dramatic
change in the functionality of the DNS a change that would significantly
hurt, not help, the broad range of Internet users and consumers.
New.net's technology is a compound technology of fixes to accomplish its objectives. One fix is to make payments to a few Internet Service Providers that are willing to accept New.net's proprietary software. This software intercepts the domain name look-up process and redirects those names that correspond to New.net's so-called "top-level domains" (TLDs) to New.net's own resolver servers.2 Right now, fewer than 10% of the world's Internet users can take advantage of this approach.
The second fix is to offer a software plug-in for users to download and install in their browsers that allows New.net to offer "pseudo-TLDs". These pseudo-TLDs look like they are true TLDs in the ICANN-coordinated authoritative DNS, but are actually third-level domain names in the .net TLD that is part of the authoritative root. For example, New.net offers a .kids TLD. If someone types in the URL toys.kids, the New.net software, if correctly installed and configured, will automatically append ".new.net" to the URL before it is forwarded to a resolver. Thus, while it looks to the unknowing user as if there is a .kids "TLD," in fact .kids is simply a third-level domain in the .net TLD (.kids.new.net). This browser-plug-in approach only works for access to websites; it does not work, for example, for e-mail that is not web-based.3 It also depends on users maintaining the right plug-ins in their browsers.
New.net's third fix is to run an alternate root. Users must configure their computers to point to the New.net root to resolve domain names. New.net assures users that its alternate root is a strict superset of the ICANN-coordinated single authoritative root. It makes no promises that conflicts will not occur in the future (indeed it has no control over this) or that conflicts do not already or will not occur in the future with names in other alternate roots. In fact, as discussed below, there is significant overlap already.
New.net argues that "the market" should determine the composition and structure of the DNS. Anyone, the argument goes, should be allowed to create a new TLD it will be successful only if it gains market acceptance. And if it does gain acceptance (according to some unspecified criteria), ICANN should be obligated to enter the new TLD into the authoritative root. This, New.net proposes, is the market-driven solution to what it sees as the artificial shortage of TLDs. This argument rests on two critical assumptions, the first of which is false and the second unproven.
Universal Resolvability. The first assumption - that it is not necessary (or even very important) for DNS names to be unique for the DNS to continue to function effectively - is false. According to New.net, universal resolvability is merely a feature, not a requirement, of the DNS. Universal resolvability essentially means that when a user types in a name, that name is translated to the Internet address of the Internet location the user intended to reach. New.net asserts (without any foundation): "one can have stability without universal resolvability."4
This self-serving definition of "stability" is not one that would be recognizable to the people who created the DNS or more importantly to the hundreds of millions of users who rely on the DNS to navigate the Internet. To most Internet users, a DNS that is not characterized by universal resolvability is neither a stable nor a truly functional DNS.5 Most users would prefer their e-mail to be delivered to the intended addressee, and not that the recipient depend somewhat arbitrarily on the mailing location or even, under some circumstances, the time it was mailed. People expect to reach the same location each time they correctly dial a given telephone number not just most of the time, but always. And they want the equivalent to happen on the Internet.
This simple requirement universal resolvability is not intended to interfere with the operation of market forces, but to place a constraint in the public interest. This constraint was formulated in the many documents that led to ICANN's founding. New.net argues that the constraint results in slow progress that impedes the marketplace. We respond to that point below. But the irony is that New.net itself depends on an authoritative root for its own technology to function at all. So New.net wants everyone else but itself to obey the rules to New.net's advantage.
As importantly, the Internet as we know it today has been constructed on the premise of universal resolvability. The tens of billions of dollars of worldwide investment in browsers, portals, sites, search engines, and the like all assume that the DNS is there, offering unique and universal name resolution. It is a critical element of the DNS that when one enters a domain name, it always appears to the user to resolve to the same Internet location. If it does not, the utility of the DNS as a means for connecting to particular sites or people is severely compromised.
The general Internet
user thinks that a stable DNS is one that provides consistent, predictable
results. Of course, there are occasions when, because of particular operational
service interruptions, a name appears not to resolve to an Internet location
for some short period of time, such as when the target computer is down.
This is inevitable, but when a name does resolve, it should always appear
to resolve to the same location. In this context, any ambiguity is characteristic
of a broken system.
"Artificial" Shortage. The second critical assumption of the New.net paper that there is an artificial shortage of TLDs is unproven. Of course, it is surely true that there are people and entities in the world who would prefer to see more TLDs, but whether there is an "artificial shortage" depends in significant part on the capacity of the DNS to absorb new TLDs. And it is this question raised by the fact that until now there has never been a widespread introduction of new commercial TLDs to the Internet as we know it today that is the subject of ICANN's ongoing proof-of-concept introduction of seven new TLDs.
Today, there are only three global commercial TLDs in the authoritative root, all operated by a single registry operator. The four6 new global commercial additions (operated by four different registry operators) endorsed by ICANN represent a greater-than-100% increase in the number of global TLDs, and a 400% increase in the number of separate registry operators.7 If experience shows that these additions can be made without adverse effects and there is every reason to hope that will be the case then presumably additional TLDs can be established more quickly in the future should that prove desirable.
Those (like New.net) who assert that there is currently an "artificial" shortage of TLDs accept as an article of faith that the DNS could absorb the addition of many more TLDs without harm. That may or may not be correct; we do not know for certain. No one today, however, can credibly make the statement with 100% certainty that the DNS can absorb an indefinite number of new TLDs.
Included among those who are uncertain are those most knowledgeable on the subject such as the Internet Engineering Task Force (IETF) who have joined with the majority of the Internet community to urge ICANN to proceed cautiously, not recklessly, with the introduction of new TLDs. In an earlier information document the IETF wrote: "Thus, stability of the system calls for extremely conservative and cautious management of the public root zone: the frequency of updates to the roots zone must be kept low, and the servers for the root zone must be closely coordinated."
There is a good reason for this caution: if general expectations turned out to be wrong for some unforeseen reason, the adverse effects of "breaking" the DNS (and hence effectively "breaking" the Internet) could be catastrophic to users. Under the circumstances, it is better to be a little slow but safe, than too fast and risk serious effects. These serious effects could damage the smooth functioning of the most critical new tool for communications to be developed for decades a tool that promises to revolutionize the ways we conduct nearly every facet of our daily lives. ICANN has a public trust to protect the stability of the Internet, and simply does not have the luxury of "probably" being right. We "must" be right. The potential effects of failure are too great.
For all these reasons, ICANN believes in the single authoritative root not as a philosophical or economic matter, but as a matter of practical utility. This is not rocket science, in spite of some of the contorted arguments that have been used to detour around the obvious. Without a single authoritative root, and the resulting universal resolvability, the DNS will not function as it was designed to function.
More importantly, the loss of universal resolvability would mean a significant diminution of the utility of the Internet for its growing range of purposes. ICANN was created to manage the coordination functions required to maintain the stability and functionality of the Internet including the single authoritative root, and thus does not and cannot support efforts, like those of New.net and other alternative root operators, which at their core are inconsistent with the concept of an authoritative root.
It is helpful to be clear about New.net's business model. It hopes to be able to sign up consumers (many of whom will not understand the limited reach and effect of the New.net names) and then use that "marketplace success" to force ICANN to accept New.net as the operator for those TLD strings in the authoritative root. The strategy, no doubt, will involve encouraging all the name registrants in the New.net TLDs to send e-mails to ICANN pleading that their investment in that name will be wiped out if ICANN authorizes a different operator to manage a TLD with the same string. New.net will complain loudly to the press about the "monopolistic" ICANN attempting to crush its smaller competitors. This phenomenon has occurred before with other alternative root operators, who have claimed priority based on a first-come, first-served philosophy, and New.net apparently hopes to be able to stake out a similar claim for preference for the 30 so-called TLD strings it is currently promoting and any it might promote in the future.
But consider the consequences if this approach were to become successful. What would prevent New.net or anyone else from establishing 1,000 or 100,000 pseudo-TLDs, and thus claiming to have preempted all (or most) meaningful new TLD strings? The Internet community, working through the ICANN consensus development process, would then be faced with abandoning its effort - encouraged by a broad consensus of the global Internet community and by most of the world's governments - to manage the introduction of new TLDs for the benefit of the Internet community as a whole, and with accepting the claims of what would essentially be the TLD equivalent of cybersquating. New.net would have hijacked the community process by prempting the name space. New.net would in effect have used its financing to establish a private, for-profit monopoly over the TLD space, one that is operating outside of the public interest and without any community oversight.
New.net asserts in its paper that conflicts will not happen that allowing any entity to establish any TLD at any time for any reason would only rarely result in conflicting TLDs.8 That notion conflicts, however, with New.net's very existence and approach. For example, at least four of the TLDs it has established (.law, .travel, .xxx and .kids) already overlap with applications to ICANN for new TLD introductions. In fact, history shows us that the introduction by alternative root operators of conflicting TLDs - or at the very least, the introduction of new TLDs with the hope of preempting the use of that string by others9 is common.
Let us take a closer look at this. Regardless of any potential conflicts with ICANN-sanctioned TLDs, over 80% of the "TLDs" that New.net is offering today already conflict with "TLDs" being offered or earmarked by just two of the other alternate root operators: PacificRoot and NameSpace! If New.net, PacificRoot, and NameSpace became prevalent, these existing conflicts could lead to serious problems of resolution involving second-level domain name holders employing alternate roots. The actual conflicts may be few if most of these second-level holders are in fact speculators and not real users, but they will multiply many times with time if the New.net prescription becomes established practice.
Is the apparently well-financed New.net trying by choosing conflicting names to put other alternate roots out of business, strand their users, and assert a monopolistic position outside of any community oversight? What will happen when a second, even-better-financed "Newer.net" enters the fray and causes yet more confusion? Under New.net's prescription, with its real potential of perpetual ownership by a private company of an important global resource and the financial rewards that some might think would follow, one would expect an even more active "land-grab" of the most interesting possible TLD strings in the hopes of frightening off real competition, even if there is no serious intention of exploiting those names in the marketplace. This is not something to be encouraged.
According to New.net, its scheme at its current level of distribution "merely" replicates the occasional failures that we have seen with the relatively small alternative roots in the past as though any resolvability failure is tolerable. New.net's attitude is that consumer inconvenience does not matter, nor apparently does the very real prospect of damage to the reliability of the Internet or damage to the public interest. If the policy advanced by the New.net paper were to become the dominant policy governing the management of the DNS,10 it would effectively mean the end of universal resolvability as an inherent characteristic of the DNS. To a very great extent this would eliminate the rationale behind the design of the DNS in the first place. The Internet would cease to be as useful a resource as it is now, and its promise of even more utility in the future would be impaired. Public faith in the relative simplicity and reliability of the Internet would evaporate.
New.net partly justifies its proposal by providing what it says are four historical examples of "innovation in the name space" that have occurred "without ICANN's official sanction." These demonstrate, it says, that its proposal is also workable. Even a cursory examination of these examples, however, shows that none of them supports the New.net proposition:
These examples provide no support for the position advanced in the New.net paper.
New.net argues in its paper that consumers would be well served by simply letting the market decide how and when and by whom new TLDs should be introduced. In support of this, it advances what it says are useful analogies: the cable television system and Internet browsers. Consider why these arguments are not persuasive:
New.net's paper argues that consensus is not a workable process for the introduction of TLDs. It asserts that, rather than seek consensus on which and how new TLDs should be introduced, ICANN should be limited to accepting (in its technical coordination role) the results of the "market," which apparently means whatever New.net's venture capital can buy, and apparently without regard to the adverse interim or long-lasting effects on the Internet's utility to users.
The acceptance of New.net's demands would transform the Internet from a global resource, accessible to everyone through a system of unique domain names resolvable from any location or computer in the world, to something considerably less useful. The Internet would be degraded from a system with essentially universal resolvability today to one that generates significant ambiguities, frequent errors, and common misdelivery of data. This would seriously reduce the reliability of the Internet for the global user population, as well as reduce much of its future potential for personal communications, e-commerce, and media.
Obviously, continued innovation on the Internet is critically important. This requires experimentation, in ways that are explicitly acknowledged as such, controlled to ensure that outcomes can be objectively evaluated, and carried out in ways that do not threaten stability and interoperability. The New.net argument that consensus is simply not a workable process challenges both these concepts and the global process that brought about the creation of ICANN. And it ignores the evidence to date that the consensus process can and does work, as demonstrated by the impending introduction of seven new TLDs in a measured and controlled proof of concept that balances the desires of some with continued protection for all.
The ICANN process is far from perfect; it is often contentious, sometimes tedious, and frequently tests the patience of all those participating. It must and will improve over time; after all, ICANN is a unique institution that is still in the process of being created. But in significant part these characteristics result from the fact that the ICANN process is open to all interested stakeholders, and is designed and intended to maintain the DNS as a workable system for navigating the Internet. ICANN is intended to and does accommodate and attempt to resolve many different viewpoints and perspectives, many of which are in conflict with each other. That is a feature, not a bug.
The process of
introducing new TLDs has followed the consensus community preference to
move steadily but carefully until it is clear that this process, which
has never been tried before with the Internet as we know it today, can
move forward without adversely affecting Internet stability. As the process
moves forward, and presuming that no unexpected events occur, experience
will produce streamlined objective criteria and procedures, for so long
as there continues to be interest in new TLD introductions.
The Internet as we know it is a public good, created in large part by government funding and volunteer effort. ICANN has been handed a public trust to manage that resource for the public interest. This public trust is inconsistent with acquiescence in this form of commercial pressure. To accept this philosophy would likely mean the abandonment of the Internet's community-based process by most of those who are participating in it today. And that would almost certainly result in renewed efforts to substitute some form of inter-government organization for ICANN, since it seems highly unlikely that the world's governments (or most of the world's users) will be comfortable with absolutely no management or oversight of this critical global resource.
For all these reasons, ICANN cannot allow the actions of individual entities like New.net, who choose to avoid the community consensus development process, to dictate or even influence its results.
1. ICANN (Internet Corporation for Assigned Names and Numbers) is the non-profit, private-sector body established by the global Internet community to manage certain technical and administrative coordination functions (and related policy issues) connected with the Domain Name System (DNS). The DNS is the system of unique identifiers (e.g., icann.org) by which most Internet users navigate the Internet. DNS identifiers map to the unique numeric IP addresses that identify all devices connected to the Internet. A non-technical explanation of the DNS and why universal resolvability is important is available on the InterNIC web site.
2. New.net's agreements with its ISP partners require the ISP to install New.net's proprietary software, which automatically routes a domain-name query corresponding to a New.net TLD to the New.net resolvers rather than other resolvers that may not (and probably do not) recognize the New.net TLDs. This automatic routing would take place whether or not there were two different TLDs using identical strings. For example, if there was a New.net TLD using the string .com, every effort by a user of an ISP affiliated with New.net would be directed to the New.net resolvers, and not to the .com domain operated by VeriSign under contract with ICANN.
3. It is, of course, possible to write plug-ins for other application programs that also cause them to redirect URLs in the New.net manner. But many different applications use the DNS, and the potpourri that would result from a plug-in for each application would likely produce unreliable results.
5. This is not a complicated concept; the telephone system is perhaps the best analogy. If one dials a specific telephone number, the expectation is that the caller will be connected to the person he or she wanted to communicate with. If dialing a telephone number only sometimes produced the proper connection, the telephone system might still be a technical resource of some value, but it would be very different indeed from what telephone users have come to expect. Similarly, a telephone directory maps a name to a phone number; if "alternate" phone books contained numbers that did not always work, all telephone directories would be see their reputation for reliability, and presumably their attraction to consumers, reduced. If entering an e-mail address did not create the expectation that the communication would be delivered to the intended person, one likely result would be that fewer people would rely on, or even use, e-mail communications.
9. Indeed, there is a recent illustration of this phenomenon. ICANN first began accepting expressions of interest in the creation of new TLDs in July 2000; among those submitted in July were two separate expressions of interest in a .biz TLD. At about that same time, according to statements by its owner, a company known as Atlantic Root Network, Inc. (ARNI) arranged to take over a previously existing but dormant .biz TLD offered by another alternate root operator. ICANN subsequently accepted applications for new TLDs during a period which ended on 2 October 2000; five separate applications requested a .biz TLD. As best as can be documented, ARNI began accepting public registrations in its .biz TLD on October 23, 2000. ICANN selected one of the .biz proposals to be one of the seven new TLDs included in its initial proof of concept; by the time that happened, the ARNI .biz had 297 registrations, in the name of a total of five individuals, and 178 of those (60%) were in the name of ARNI's President. Given these facts, and particularly the congruity of the timing in relation to the ICANN process, it seems clear that this activity was driven by a desire to preempt this TLD string without having to participate in the ICANN community consensus process. See "Analysis of Registrations in the ARNI .BIZ Top-Level Domain."
10. New.net's business model calls for the purchase of relationships with ISPs and others, and thus it has been more successful than alternative root operators in the past; financial incentives will always be more attractive to some. To date, it has not been successful with most of the largest ISPs, but it has been reported to have made offers of very significant financial incentives to some or all of them. The recent downturn in the Internet economy doubtless makes New.net's monetary blandishments more tempting to struggling ISPs.
if a consumer entered a domain name or e-mail address in a browser,
and the browser would resolve either not at all or differently depending
on the particular root, the consumer would probably find that browser
Comments concerning the layout, construction and functionality of this site
should be sent to email@example.com.
(c) 2001 The Internet Corporation for Assigned Names and Numbers. All rights reserved.