GNSO Working Session Cairo, Egypt 02 November 2008 >>AVRI DORIA: Just about ready to start. Okay. I'd like to start. It's now 8 minutes after 9:00 and we have people here for a very short time this morning on the gTLDs. Not you. Everyone. I'd like to get started. Cute picture. Okay. We're starting now. Is -- could the recording be started, please? Thumbs-up? Okay. Thank you. So we're now being recorded. Welcome to the Sunday morning meeting. We're starting this morning. We have only two hours, minus 10 minutes, of continuing the new gTLD discussions. We are still in Module 2. We have many more modules to get through. I know we still have many questions. Now, what we're going to have to do is find some way (a) to make it through as many modules as we can today, because a lot of people have questions, so I'm going to ask people to sort of be very conservative in having follow-ups, and also be very short in your questions. Again, I ask people -- they'll have to introduce themselves up front quickly. I'm not going to go around the table and do that because that would be ten minutes, but -- so please introduce yourself when you speak, and we'll see how far we can get. Now, I had -- as I remember, I had a list that we were still on, and actually if I remember, I had -- is this a correct list? >>CHUCK GOMES: Yes. >>AVRI DORIA: Chuck, Philip, Edmon, Adrian, Eric, and Jeff already in the queue. Okay. And Tim already in the queue on Module 2. So are you ready? Okay then. Chuck? >>CHUCK GOMES: Good morning. Chuck Gomes from the registry constituency. My first two questions are on -- related to Page 2-13 of Module 2. The first one -- and I -- has to do with this sentence at the top of that page: "Evaluators are entitled, but not obliged, to request further information or evidence from an applicant and any such requests will be made solely through the TAS system, rather than by direct means such as phone, teller, e-mail, or other similar means." And my question is very short: Why? And I don't mean why they have to why use the TAS system, but why are they not obliged to request further information or evidence from an applicant if they need it? >>KURT PRITZ: Oh, I think that's the point, check. If they need it, then they'll request it, but if the application can be judged without that additional iteration of information, then the evaluation -- >>CHUCK GOMES: Okay. >>KURT PRITZ: So it's an opportunity for the evaluators if they don't understand something or need clarity about the application to have an iteration where they can seek additional -- >>CHUCK GOMES: Okay. No, that makes sense. But then shouldn't it say they're obliged to request further information if they need it? >>KURT PRITZ: Well, I think that's a fair comment. >>CHUCK GOMES: Okay. The second -- next sentence after that, it says, "Only one exchange of information between the applicant and the evaluation may take place within the initial evaluation period." Why is that? >>KURT PRITZ: Well, I think -- and it's an area where we have some learning from previous rounds where there might not have been the sense of urgency to close it or the applicant, even when requesting information, didn't give complete information, so it's intended to keep the application evaluation timely. In the event that that first set of information, that first iteration, does not result in an application being passed, there's another opportunity for exchange of information in the extended evaluation. So it's meant to provide some uniformity and some timeliness to the application process. >>CHUCK GOMES: And I can understand the concern about timeliness, but this seems a little too rigid to me to say that you can only have one exchange because even after this -- the first exchange, something else could come up. Maybe you just need to say here what you just said to -- in response to my question, but you get the point. I won't belabor that. On the next page, Page 2-14, it says in the like fourth paragraph, "If ICANN's preliminary determination reveals that there may be significant security or stability issues surrounding the proposed service, the application will be flagged for an extended review by the RSTEP." And am I correct in assuming that that would be the same RSTEP panel that's in existence already? >>KURT PRITZ: Yeah, that's it essentially. >>CHUCK GOMES: Yeah. >>KURT PRITZ: We're streamlining it somewhat in order to reduce the cost. >>CHUCK GOMES: Thanks. And on Page 2-15, at the top there, it says, "An applicant may request an extended evaluation if the application has failed to pass the initial evaluation elements." But that's restricted to four areas: Technical and operational; financial; DNS stability; and registry services. Is there any particular reason why it's restricted to those areas? >>KURT PRITZ: Well, we -- I think that -- >>CHUCK GOMES: Here. >>KURT PRITZ: So certainly all of the -- there's two kinds of evaluation going on here, right? There's a string evaluation and an applicant evaluation, so in the case of the applicant evaluation, where they're demonstrating technical capability or financial capability, those items can go into extended review. The RSTEP -- if a registry service goes into the extended review where the technical evaluation panel looks at it, that's, by definition, an extended review. And then the one other area that's not straight -- completely straightforward is DNS stability. So I -- there's a clear set of rules that govern which strings can be applied for in the DNS stability section, but it was thought that there should be some reservation, in case there's some string that might somehow tend to break the DNS, and just have a safety gap there, so that's why that one was chosen as a potential for extended review. And we thought the other -- the other tasks were more or less decided in the initial evaluation round. Okay. So I still have the question. I'm not totally convinced that it should be restricted to those four areas, but I made my point, so I won't -- >>KURT PRITZ: Okay. >>CHUCK GOMES: -- I won't belabor that either. Going on to Page 2-16, the fourth or fifth paragraph down there, it says, "If an application is subject to such an extended evaluation, an independent three-member panel will be formed." Would that also come from the RSTEP panelists or does it depend on the subject? >>KURT PRITZ: No. It's intended that they come from the RSTEP panel. >>CHUCK GOMES: Also from the RSTEP. Okay. >>KURT PRITZ: That's the same registry services (Speaker is off microphone). >>CHUCK GOMES: Okay. Thank you. And that's the last of my questions. >>AVRI DORIA: Okay. Thank you. Philip? >>PHILIP SHEPPARD: Good morning. Just a couple of quick questions on confusing similarity. The panel envisaged is, again, like the others also intended to be an external panel? >>KURT PRITZ: Yes, that's true. >>PHILIP SHEPPARD: And likely to be also a panel of one, typically, or what's the feeling? >>KURT PRITZ: The way string examiners work now, it's presently one. It's not been decided yet whether that would be multiple people. And also, understand that there will be a requirement for experts in different scripts or examiners for different scripts. >>PHILIP SHEPPARD: Sure. And just on the algorithm itself, I think we all know an algorithm only goes so far in being indicative, rather than definitive, and I'm sure we've all found a whole new online game in trying various combinations with it already and if you haven't, I do advise so. It's great fun. But the -- what's the process for improving that algorithm? Are you going to use a human evaluation to feed back into that in any way? Is that part of the ongoing process? >>KURT PRITZ: So I'm not sure whether your question pertains to improving the algorithm over time or -- >>PHILIP SHEPPARD: Yes, over time, yes. >>KURT PRITZ: So I think that at the end of each round, there would be a correlation between -- a correlation made between the scores that the algorithm displayed and the results of the examiners, and that would be reported back to the creators of the algorithm in order to tweak it. It's mostly an existing product that's used by examiners, largely in Europe, but across -- in other jurisdictions around the world. But I can see that, well, this is a new use of that application, so, you know, we really haven't considered how to feed back the information into the algorithm to improve it, so that's a good point that we should consider. >>PHILIP SHEPPARD: I'm done. >>AVRI DORIA: Thank you. Edmon? >>EDMON CHUNG: Edmon Chung. I guess this is a mixture of comment and question. It's also on the algorithm issue. It seems like I'm quite interested in that. And the main interest there is IDNs. Especially the eastern Asia languages. You mentioned that it was developed for -- mainly for European areas as well, but it is currently under development for like Chinese, Japanese, Korean. The main question is: How -- you know, what -- how is that done and is it language-based? Is it script-based? Do you look at trans-script, like different across scripts, and eventually I'm still not sure whether -- I guess it's a good idea that definitely there should be human examination, but what's really the value of the algorithm, given that? And then what's the IDN capacity of that panel? You know, would they -- will it include expertise from different languages to -- because a person familiar with Chinese or Japanese looking at a string could feel they'd be very different versus, you know, somebody who doesn't look at it all the time. And would the panel seek outside expertise in -- you know, how would that sort of function, especially for IDNs, I guess? >>KURT PRITZ: I forgot the penultimate question. So the -- I'm going to start and then Craig's going to provide some information as to how the new scripts are being developed for the panel. So the panel is meant to provide an objective measure to the examiner, so we talked about yesterday confusion being a human judgment. The algorithm will provide some -- not all -- evidence of similarity, so that when the examiners make their judgment, they have some objective measure upon which to rely. Certainly that -- certainly that judgment needs to be made by someone very -- you know, that lives with that script, so in forming these panels, as I stated, I think talking to Philip earlier, we will be recruiting panelists worldwide, so we have the right -- although you might find them in L.A., I don't know -- but in order to find the right experts in each script. So, you know, and that -- so as a two-minute plug, that all spins back to: Why does this cost so much? In so many of these instances, we talked about recruiting panelists worldwide with expertise in all scripts. >>EDMON CHUNG: Is it viable, though? Because there are many languages, as we know. I guess the core of the question is: How would it work? Perhaps the -- I'm just more suggesting now. Would there be a core of panelists and then they can call upon experts or... >>KURT PRITZ: Yeah. So that's not settled yet, but, yeah, the -- the plan is to recruit core panels with, say, the six U.N. languages, and then have the ability -- you know, have outside capability on call for other languages, as need be, as applications are made. So, you know, a steady-state panel that covers -- you know, the U.N. languages are the most highly used languages, and then for ones that are more rarely used, especially in the DNS, you know, locate that capability before -- beforehand, so we can call on it if needed. >>EDMON CHUNG: Will that mechanism be, you know -- will we have -- will we see the draft of the, you know, how it would work, and will the panelists also be list -- I mean publicly listed so people know who the panelists are? >>KURT PRITZ: So I think -- I think the answer to that is yes. That that will be made publicly available. Remember, we're implementing this policy recommendation that strings should not result in user confusion, so I don't know of any way of going about this when you say it is viable. You know, I think it is viable and it can be done. It's just, you know, quite a bit of -- quite a bit of significant work. If you read the -- if you read the, you know, papers accompanying the guidebook, you'll see that there's been a lot of research done on several of these areas, and that research really goes across all jurisdictions, so it's a much broader effort. And the other point I just wanted to make is the -- you know, the panelists, you know, will probably necessarily be people of differing expertise, so they can apply not only their local script expertise, but then different cultural or different expertise depending on what they do in life. So it's just not one type of profession looking at it. >>EDMON CHUNG: Last question is: I think I asked that before in another location as well. So when do you think the algorithm will be ready for the IDN part? When can we actually get to see it? >>KURT PRITZ: Well, so it's ready now for Greek and Cyrillic and Latin, and Craig's going to tell us about the next -- the next scripts that are going to be developed. We can still do an examination without an algorithm. The algorithm is only helpful, and we think it will grow in its usefulness as people come to understand its reliability. But, you know, that has to be done slowly. >>EDMON CHUNG: Yeah. I think that's a good -- very good statement. I think it's quite important that, you know, people, I guess, know that even though the algorithm may not be ready for a particular language, the examination part can still go on and they can still apply. You know, that's -- that's very useful information. But still, I would like to know when some of the other scripts are going to be -- >>KURT PRITZ: Sure. >>CRAIG SCHWARTZ: So the other five scripts as we mentioned the other gay, Chinese, Japanese, Korean, Devanagari, and Arabic are currently under development right now by in-country linguistic experts and then what will happen is those linguistic panels will come back with recommended approaches to how to incorporate those scripts into the algorithm and then what we'll be doing is reaching out to, for example, the Arabic script working group to validate the work of the language experts. So we'll use independent second-opinion groups to validate the recommendations from the linguistic experts that are being coordinated by SWORD, this vendor in paragraphs. And then once the recommendations are validated, they'll be available in the algorithm and I think that that will probably happen sometime in around the February time frame. So there will be ample opportunity to experiment with the algorithm prior to its availability with the final RFP. And then moving forward, there will be a discussion about what other scripts to incorporate beyond the eight that will be launched when the algorithm goes live with the posting of the RFP. >>EDMON CHUNG: Okay. Cool. I guess we should also evaluate how useful that algorithm is, whether -- >>CRAIG SCHWARTZ: Correct. >>EDMON CHUNG: -- You know, we spend a lot more on developing all the hundreds of languages. >>AVRI DORIA: Thank you. I have Adrian next. At the moment, the list is Adrian, Eric, Jeff, Tim, Paul, Marilyn, Mike, Palage. >>ADRIAN KINDERIS: Good morning. Adrian Kinderis. Registrar constituency. I thought all night about my question, so I just hope -- I hope it lives up to its expectation. Just in regards to financial capacity, are you reviewing each applicant and their financial capacity relevant to their application? And I'll explain my question. Because if I -- my financial capacity may be based on my single application. If I have multiple applications in, say I put in 50 applications, do I have to have the capacity to manage all of those 50 or only the successful ones? So will you look at an applicant and the names they're going for as a total or individually and their ability to deliver on, for example, their financial capacity? >>KURT PRITZ: The evaluation is meant to scale and accommodate different business models, so it -- you know, all the questions are supposed to ask, you know, "What are you doing? How much is it going to cost? How are you going to pay for it? And how are you going to protect registrants in the process?" So, you know, "how much is it going to cost"? Well, if I have a big cost, it's going to cost a lot, if I have a little operation, it's going to cost a lot. Then how are you going to fund it. So the evaluation is to compare the funding to the cost and say, "Do those things kind of match up?" So it's not -- so there's not a -- >>ADRIAN KINDERIS: Right. I get that. That's a single -- but if I go for dot shoe, dot sock, dot tree, do I then need to have enough money to run three -- potentially three TLDs, should I get through the process. When I'm putting in my application, do I need to say that I'm also going for others? Because I need to have the financial capacity to run all three? >>KURT PRITZ: You should just -- well, I'm not telling you what to do. I mean, the application needs to stand on its own, right? So it needs to identify how you're going to -- how you're going to fund that registry. >>ADRIAN KINDERIS: Right. But can I use that funding in other applications? >>KURT PRITZ: How can you? >>ADRIAN KINDERIS: Well, what I mean is so I've got -- say I've got $1 million in which I can put forward a TLD, right? That shows my standing, my financial standing. Now, I'm going to use that $1,000,000.20 times in 20 different applications because I don't know how many I'm going to be successful for. >>KURT PRITZ: You're going to use the same dollars twice? >>ADRIAN KINDERIS: Right. Or multiple times because I'm not sure how many I'm going to be successful for. Do you understand? How many applications will actually get through. So in the end, I might only need enough money to run two TLDs but I'm putting in for 50. >>KURT PRITZ: Uh-huh. I would think you'd want to be really clear about -- you know, I think each application is going to have to stand on its own, and each application needs to be clear how that application would be funded and that the fund -- you know, and I would want to demonstrate, you know, how that funding is available. >>ADRIAN KINDERIS: Thank you. >>AVRI DORIA: Thank you. I've got Eric next. >>JEFF NEUMAN: Thanks. My question is on -- >>AVRI DORIA: I have Eric next. >>JEFF NEUMAN: Sorry? >>AVRI DORIA: I have Jeff after Eric. >>JEFF NEUMAN: Oh. >>ERIC BRUNNER-WILLIAMS: Sorry, Jeff. Eric Brunner-Williams. Kurt, looking at the string contention, Page 2 -- Section 2, Page 3, this isn't so much a question as a suggestion for looking at this not being a one-time production of text, but part of an ongoing process, as we look forward to future rounds. The reference here to ISO-3166 doesn't mention that it's updated and I -- as -- if this set of -- if we're going to be doing this for many years to come, not just a one-shot deal followed by a completely new and equally horrific learning experience, we should mention that ISO-3166 has updates. So that's the first observation -- observation about the continuity of that standard and our process itself. Secondly, there is the question arises for a gTLD -- excuse me. I'll take a specific example and Jeff, I'm going to pick on you, but please, this isn't personal. Let's suppose that NeuStar does not respond and the United States does not respond to the fast track application for Chinese for the United States. Let's just suppose that as a -- and -- but NeuStar applies for "beautiful country" in Chinese as a gTLD, which is the common reference or representation of the United States in the Chinese language. It's the string they should have applied for under fast track if that was appropriate under fast track. We don't have a protection here for gaming the IDN string of a non-fast-track applicant, okay? So if there are non-fast-track countries that -- or countries that decline to participate in the fast track that are technically qualified -- or qualified to do so, we don't have any mechanism for protecting their future application for their -- the IDN representation of their 3166 country code in the process yet, so it's possible to take this bad example, for NeuStar to apply for "beautiful country" as a gTLD rather than as the IDN application for its dot US ccTLD, so we haven't caught that -- the case of gaming that. A related issue is that we don't also deal with the things that -- well, I already mentioned the changes in the country codes. So finally, one last thing, also in string contention. In Page 2-8, again the all-digits rule is there, and I owe you an update to correct that, because 63 zeros is not likely to be, you know, viewed as an IP address, and -- but it would be a valid address, so thank you. >>KURT PRITZ: Okay. You know, the draft applicant guidebook as presented affords protection for country names, and so the United States in Chinese is a country name that would have some protections, if applied for as a gTLD, if you read that section. >>AVRI DORIA: Thank you. Now, Jeff. >>JEFF NEUMAN: Just so no one is confused in this room, NeuStar is not planning on applying for the Chinese version of dot US. [Laughter] >>JEFF NEUMAN: So my question is on the -- so I guess I'm one of the few people that reads the actual criteria and the technical stuff. It's funny, we sometimes miss -- even as a technical coordinating body, we sometimes miss a lot of the technical issues. Is there going to be any other information provided to the evaluators on the technical criteria, other than what you've set forth here? And the reason I say that is there's -- you know, in a lot of the technical questions, there's reference to -- references to "meets requirements" or "exceeds requirements" and then a scoring based on that and you have to score I think it's a minimum of 19 on the technical criteria. I think I got those numbers right. I may be off a little bit. Is there anything that's going to be given to the evaluators as to what those requirements are, aside from the descriptions that you give? In other words, you say for -- randomly -- SRS performs, you say "exceeds requirements" -- which is a score of 2 -- "if it includes highly developed and detailed plans around the registry operational criteria and provides a high level of resiliency and full interplay and consistency of technical and business requirements." Is there anything else that you're going to give to the evaluators to actually -- because it seems pretty subjective to me, as opposed to objective. >>KURT PRITZ: Well, it's subjective to a certain point, and that is that, you know, we could write a criteria that says, "Have three gold-plated nameservers, you know, measuring 18 inches by 24 inches" and that would be very objective, but you lose that ability a little bit when you try -- when you want to provide the ability to scale an operation to what the requirements are. So that when we consulted with technical experts who designed these questions and criteria for us, they -- they designed them in mind with the idea that like-minded, like-educated, like-skilled people to themselves would be reviewing the applications. And so the criteria, you know, at -- the criteria at this stage just says that the -- the plan needs to demonstrate, you know, a knowledge and understanding of what they're trying to do here, and that their plans -- you know, their plans here scope to their business model and what they're trying to do, and that it's adequately resourced. So that we think that the way that this was written and designed, that technical experts reading this could look at a plan and make a judgment. So we think it's adequate. >>JEFF NEUMAN: Yeah. I guess I'm just trying to cover for when -- when you do an evaluation and organizations question, after the fact, "Well, why did I get a 1 as opposed to a 2," and that becomes more important when you set a minimum number in order to pass the evaluation. So if you set a number of 19 and someone's got 17 and they wonder, "Why did you give me 2s -- or why did you give me 1s on this as opposed to 2s," you know, that's going to mean a lot to someone that's gone through and spent a lot of money and -- >>KURT PRITZ: Yeah. You know, it's not quite the case, but essentially that means you don't get any zeros. So... So if you have suggestions regarding how these can be improved, because as you pointed out earlier, ICANN went to some effort in order to retain experts in this area, and paid outside experts in this area, in order to formulate this, so to the extent that you or members of, you know, your working team can suggest improvements, I think that would be great because there's a lot of struggle in this area, balancing subjectivity versus objectivity, and flexibility and all that stuff, and so, you know, part of this -- part of this whole effort now is to broaden that discussion beyond the experts that were consulted and ICANN staff and other members of the ICANN community, so that would be great. >>AVRI DORIA: Thank you. Tim? >>TIM RUIZ: Tim Ruiz, with the registrars constituency. A couple questions. The first one's kind of a follow-up to something I didn't take as good of notes on as I should have yesterday, and that's about the implementation guideline that says that the submission date should be four months after the RFP. And then there was some discussion on that. And so I don't recall if -- when we are talking about the submission date, are we talking about the date that submissions would close or was it assumed that we're talking about the date that submissions would begin? >>KURT PRITZ: The policy advice was to not accept applications for a period of four months after the publication of the final version of the guidebook in order to be able to fully communicate it globally. So four months later, you -- we would receive our first application. >>TIM RUIZ: Okay. I wasn't clear, reading the guideline, just as it was written. It was kind of ambiguous. >>KURT PRITZ: Yeah. >>TIM RUIZ: So then there -- we had some discussion was there -- and there was some suggestion that perhaps that that four months could begin from this particular RFP. What was the decision based -- did we come to a decision on that or... >>KURT PRITZ: No, I don't -- I think what we were talking about was whether we could -- we could accelerate the start, move forward the start of the four-month period to some date in advance of the publication of the final RFP, but I don't think we got to a conclusion on that. >>CHUCK GOMES: I think that, Tim, is an area that would be a good idea for the council to take up in the next month or so, to see -- revisit that issue and talk about that. >>TIM RUIZ: Okay. Good. Good. >>CHUCK GOMES: Okay? >>TIM RUIZ: All right. Then my other question is in regards to actually Module 2. On Page 2-18, Section 2.3 -- and it says that the applicant or any of its agents or representatives can approach anyone on the evaluation committee or the board or the staff, I believe, during the entire evaluation process. But it isn't clear that that refers only to approaching them in regards to the application. So I just wanted to make sure that that was the intent, and that if, you know, we needed to approach the board or someone else, you know, involved in the application process for some other reason, that that was not being prohibited here. >>KURT PRITZ: Okay. Good point. >>AVRI DORIA: Thank you. I have Paul next. At the moment, the list is Marilyn, Mike, Kristina, Adrian and then Steve. >>PAUL STAHURA: My question is -- relates to Page 2-15 regarding the technical and operational or -- I'm sorry, regarding the string -- hang on. The extended evaluation about registry services, so my question is: If more than one applicant proposes the same registry service, I notice that there's a fee if it goes to the extended evaluation period, but if more than one applicant proposals the same service, do they both have to pay the fee or is it just one has to pay the fee or how does that work? >>KURT PRITZ: I haven't sorted that -- I don't think we've sorted that out yet. Multiple applications applying for the same service, is that what you said? >>PAUL STAHURA: Yeah. If there's two applicants applying for the same service and it goes to extended evaluation, you probably don't have to evaluate it twice. >>KURT PRITZ: Right. >>PAUL STAHURA: Do they both pay, or just one. >>KURT PRITZ: Well, I'll draw a parallel with the way it works now. Sometimes a registry will apply for a service that goes through RSTEP, and then a second registry applies for that same service, so in certain circumstances in the past, it hasn't had to go through RSTEP. In certain circumstances, it goes through RSTEP "light" because there's just one small inquiry left for that application that might result in a lower cost. >>AVRI DORIA: Thank you. Marilyn? >>MARILYN CADE: Thank you, Avri. My name is Marilyn Cade. From 19 -- from 2001 through 2002, I served on the President's Committee, called the committee on new TLD evaluation process planning task force. It was an interesting learning experience, and drawing on that background, I have a concern about the effectiveness and fairness of using a rating scale of only 1 to 3. And let me explain why. As I looked at the evaluation process, the difference, to me, in walking through -- and we did an extensive review of the process involving the first seven gTLDs on that task force -- the process of walking through how an evaluation would take place and how a panel would rate someone with a 3 versus a 2, to me, seems to be too vague. So if I -- and I'm particularly looking at the community TLDs and noting that someone could have a very broad base of community support and they would get a 3. Someone could have medium community support and they would get a 2. And so I'm -- I would -- I'm asking why a scale of 1 to 3 was chosen versus a scale of 1 to 5 which actually provides more discrimination or fineness to the decision that is made. I know some people will say, "Well, that introduces objectivity," but it also actually allows you to evaluate more deeply what the applicant is putting forward. >>KURT PRITZ: So as you can imagine, this is all a balancing -- right? -- and using outside consultants and staff staring at white boards, going through various scenarios of how application evaluations would work and scoring them. In that balancing where we went through scenarios where we had 0 to 10 or 0 to 5, we found it difficult to parse between 8 and 9 or 4 and 5. It becomes an evaluation where you're actually comparing applicant to applicant instead of applicant against criteria: "Well, this applicant seems a little better, a little more strongly related to its community or has a little more support from its community, so" -- and then in trying to determine how the scoring would be used to create a bar for identifying whether an application was -- met the requirements of the community base, in that contention resolution process. Again, in many scenarios it seemed to work out better when the scoring choices were limited and there was -- you know, for a community, there's -- you want a fairly high bar that the TLD is really, in fact, the representation -- representative of that community and that's the label for that community. >>MARILYN CADE: I assumed that last point, but I don't -- I don't agree that using a scale of 1 to 3 actually gets you to assessing the difference between the two, particularly in community support. So we can talk more about it, but I do -- I think based on the past experience that the community has had with what I would consider inadequately supported evaluations in the past of the process -- I've said that before when I was on the council -- I'm not sure we've taken quite as much of the lessons learned out of that process as maybe we could, and maybe some of us should really be looking hard at that with you all. >>KURT PRITZ: Yeah. And I'd enjoy seeing any other analysis, because we're -- you know, as you imagine, quite a bit of study went into this, and in this case it was empiric, right? It's all about scenarios? What if we get this, what if we get that? You know, how is that -- how is that evaluation actually going to run? So any other analysis or people that can do analysis that would seem to point to a different conclusion, I'd be -- you know, we would be very interested in seeing. >> AVRI DORIA: Thank you. Mike Palage. >> MICHAEL PALAGE: Mike Palage. Question to Kurt and perhaps Craig. In the October board meeting, the ICANN board, they approved up to $700,000 to be paid in connection with the algorithm -- the SWORD algorithm. What are we getting for $700,000? Are we just getting the first three scripts or how many scripts do we get? What do we get for $700,000? >> KURT PRITZ: Well, that's an upper bound. We think the final cost will be less than that. We got a beta version algorithm that staff used in testing in three different scripts and then this version of the preproduction algorithm that's currently posted, we will get an algorithm then developed in -- how many other scripts? >> CRAIG SCHWARTZ: Five more. >> KURT PRITZ: Five more scripts so we will have eight scripts all told. Those tools will be turned into a production model. The production model will include the capability for all the strings to be piled into the algorithm, and the algorithm will sort through all the different combinations or permutations -- I forget which one we use -- of the different string pairings and assign scores to every string and rank for the examiners. And then that tool will be provided on an ongoing basis essentially. There will be a small licensing fee, but that's also part of this. So then we'll be able to use the tool on an ongoing basis. So where -- for example, where we have panels that we're hiring, those panels will be paid for by the pound forever and anon. This is a one-time upfront expense to develop a tool. >> MICHAEL PALAGE: Okay, two follow-up points. The first goes to a comment that Edmon had raised earlier in which I also have a concern. If we find that the algorithm is not performing to the level of reliability, is there any type of discount or is it we paid a couple hundred thousand dollars, it didn't work, oops? In that contract, will ICANN receive any type of rebate? Because what you just said is you will have a perpetual license. It is a one-time fee. If, in fact, it is not doing what it is supposed to be doing, will we receive -- >> KURT PRITZ: Well, ICANN is going to have to accept the tool before we pay. But as I also said, we've gone through two iterations already where SWORD has developed a beta version of the algorithm including the upfront interface that does the sorting and the cross-evaluation of many pairs. So for -- I forget how much the initial contract was. Let's say 35,000 or something like that, we received that beta version. And then for another 50 or 60 or something like that, we received this preproduction version. In each case, you know, we tested -- you know, we tested the product. We solicited suggestions from the outside for strings that could be tested against the algorithm. We compared -- we compared the results of the algorithm against what individuals thought. So, you know, it is not a contract that's being let for the first time but, rather, it is the culmination of many months of work to prove what we have so far and then go ahead. But certainly, you know, we're going to accept the tool before -- we're going to accept the tool before we pay for it. >> MICHAEL PALAGE: And thank you for that detailed explanation. I think what Edmon was saying is we really won't know how the tool works until we actually test it out with actual applications. And, again, this is -- what we have to understand is this is just a tool. It is still going to be humans in the panels making the decision. >> KURT PRITZ: That's right. >> MICHAEL PALAGE: And that's why $700,000 for a tool to assist humans is just a concern. But thank you. >> KURT PRITZ: So we can test -- you know, hey, Michael. So we can test the algorithm using tens of thousands of strings where we expect maybe 500 applications. So the testing can be a lot more extensive than the real life. And, like I said, we're going to be spending a lot more on the examiners, you know, in forever and anon than we will for what will be less than $700,000, which is a really small percentage of the money flow we're talking about here to evaluate all these applications. >> MICHAEL PALAGE: Just putting on my engineering hat, if you are looking for a data set to test the algorithm, perhaps you may want to look at the existing database of UDRP decisions where there have been strings and see if it works. And you can actually compare it to real, live decisions to see whether it is up to snuff or not. >> AVRI DORIA: Thank you. Kristina? >> KRISTINA ROSETTE: Two questions. The first relating to 2.3, which at this point really only relates to contacting staff and evaluators. What are the plans for determining that at least initially and on an ongoing basis that the evaluators themselves have no conflict of interest? >> KURT PRITZ: What is the upfront process or the ongoing? >> KRISTINA ROSETTE: Both. >> KURT PRITZ: You know, other than that's a necessary element -- that we all understand we a necessary element for implementing the use of panelists and ensuring that there is no conflict of interest. I don't think, unless Dan or Karla has something else to say, that we have gone through and written down the vetting process for how we will -- how we will admit or not admit panelists or how -- actually how our -- you know, whoever we hire to hire the panelists will do that. >> KRISTINA ROSETTE: Once that happens, will that be made available? >> KURT PRITZ: Yeah. You know, if you want to help, I'd appreciate it. We'd appreciate advice on that. >> KRISTINA ROSETTE: Okay. The next question has to do with the confusingly similar string context in the context of IDN ccTLDs. If this question needs to be better held for when we speak about the geographic names paper, it seems as if at least at this point the geographic names paper is dealing with direct, meaningful representations as opposed to confusing similarities. The question I have about that specifically is: Was that an intentional decision to leave it limited to meaningful representations? >> KURT PRITZ: The geographic names paper does just -- you're correct in your assessment, and handling of names that might be confusing was left to that -- to the other part of the evaluation. But I think it is still included. So I feel like I am not answering your question. >> KRISTINA ROSETTE: Well, I have another one. >> KURT PRITZ: Okay, good. >> KRISTINA ROSETTE: The follow-up is I could imagine you could have a scenario in which you have an applicant that makes it past this confusing similarity analysis with regard to existing strings based on what the environment is at that time. But at some point before -- and let's just assume for purposes of discussion that string makes it all the way through, there is no objection on any other basis. They pass everything else. They are getting ready to enter into the contract. And then you have an IDN ccTLD that is presented to which that gTLD which at this point has gotten through would be considered confusingly similar. Is there a plan for that, or is there going to be a time cut-off? >> KURT PRITZ: Right. There is the issue identification. As you know, ICANN recently published an implementation plan for IDN ccTLDs. And that issue occurring and the apparent parallel time frames for application, you know, caused people to think this sort of scenario that you're describing right here could very well occur. And so in discussions, we've talked about what that cut-off period would be, but that has to be really carefully thought through and set of ground rules thought through because the two application periods will probably overlap and how to handle that is a very interesting issue. So hasn't been thought through. It was just identified a few weeks ago as a probable issue. >> AVRI DORIA: Thank you. I've got Adrian, then Steve, then Tony Harris. Adrian? >> ADRIAN KINDERIS: I think my question is more suited to Module 5 so assuming we'll get there, I'll take it then. >> AVRI DORIA: Thank you. Yeah, assuming we get there. If we don't get there, we will figure out a way to get there in the future. But anyway, okay, thank you. Steve? >> STEVE METALITZ: I have two questions. First, there are some features of this proposal that I think are new to the new gTLD processes that ICANN has gone through before and they seem to be just placeholders in this document. I will give two examples. One is post-delegation review and possibly dispute resolution process I have heard talked about; and the other is a refund policy. I don't think either of those were really features of previous rounds. Will there be more detail well before the December 8th comment deadline? At this point, there is not very much -- there is a refund policy but we don't know what it is. There will be some post-delegation procedure, but we don't know anything about it. Will there be more detail on it before the comment period? So that's the first question. >> KURT PRITZ: So I never turn the microphone on when I'm going to say "no." So the answer is probably not. The development of those post-delegation procedures will take some more time and probably be in the next draft version of the RFP. That will have a comment period. So there will be an opportunity to comment. Yesterday we laid out a schedule where there is this version of the draft RFP we think there will be considerable change based on public commentary, and that change will necessitate a second draft version before the final version. And the detail you are suggesting in both cases would be in the second draft version. >> STEVE METALITZ: Thank you. I apologize. I wasn't here yesterday, so I wasn't aware of that. My other question has to do with the "community" definition. Is that in order at this point, or is that premature for this round of questions? It is really just -- I'll pose it then. >> AVRI DORIA: Okay, yeah, pose it. Did you have a chance to listen to the transcripts or not? >> STEVE METALITZ: From yesterday? No. The definition has -- there is several points in the definition, the various definitions that refer to the number of people and the population that's covered and so forth. I wondered if was there a definition the concept of economic sectors as a community in favor of communities that are made up of individuals, or were these simply examples and it would be possible to define a community based on an economic sector without necessarily demonstrating how many people, quote-unquote, are in that sector? >> KURT PRITZ: What you are describing are factors to be balanced in determining whether the applicant is a bona fide representative of a real community. So the really short answer is no, it is not meant to exclude economic entities. >> AVRI DORIA: Thank you. Tony? >> TONY HARRIS: Good morning. My name is Tony Harris. I would just like to refer to Number 2.1.1.4.1 in Module 2 which is requirements for strings intended to represent geographical entities. I'm a little confused here because I thought that the GNSO had taken a position on this, but subsequent papers which I have read indicate that the president of ICANN has taken a commitment to the GAC about how to handle this situation with geographical -- with TLDs related to geographical objectives. And I'm not too sure if that's still open to discussion or it's -- you know, it's already in cement there that anybody presenting an application for a geographical TLD must undertake the cost and effort of obtaining a series of approvals. So that's my question, and I have a small comment which falls on to that, which is as a perspective applicant for regional continental TLD for Latin America, the paragraph which refers to an application for string which represents a continent or U.N. region appearing on the composition of macrogeographical, et cetera, et cetera. Well, the link that that points to just says that Latin America is divided into the Caribbean, Central America and South America. I'm not too sure which governmental bodies represent each of those regions. You could probably have quite a number of organizations saying "We're a Latin American representative body," and it could have to do with agriculture, with health, with a number of issues. But who do you see? Which doorbell do you ring to comply with that? And, finally, my only concern is are we not opening the door to a situation which we could equate to a rather colloquial expression we use in South America [speaking non-English language] which means the dog who takes care of the orchard, he doesn't eat the apples and he doesn't allow anybody else to eat them. So maybe we should be a little cautious on how we handle this. >> AVRI DORIA: Thank you. No comment? Okay. Thank you. Margie? >> TONY HARRIS: I'm sorry, there was a question. Is this still open to discussion with the GAC, or is it a closed thing? >> KURT PRITZ: I think it is open to discussion. It is on the agenda for your meeting. >> AVRI DORIA: It is certainly something we can bring up this evening -- this afternoon when we are talking to them. We will be having an open conversation, so it is an issue that you should bring up during that open conversation. Sorry, apologies. I should have answered. I got Margie. I am really trying to go through without doing follow-up. You want to be on the list for later? >> MARGIE MILAM: Margie Milam with Markmonitor. 2.12, how is it intended to deal with the situation where applicants may set up a wholly-owned subsidiary to be the registry for maybe liability purposes? I would like to understand how you are going to evaluate the financial criteria. Would you look at the financials of the parent company, or would you have to have audited financials and financial information for the newly formed entity? >> KURT PRITZ: I think it depends on the mechanism -- you know, there is all sorts of consortia or joint ventures that are created in order to form -- in order to form a new effort. And so -- I think it depends on that form of entity, if it is a wholly separate entity that has its own, you know, financial mechanisms, its own funding, then it would stand on that. What we want to demonstrate, I think, in this criteria is that this entity proposes to set up a registry and it is going to cost this much in order to comply with the technical requirements. Given our model and given that cost, how are we funding it and demonstrating the funding exists or is being generated to cover that? It is intended to be flexible. >> MARGIE MILAM: I think the drafting is a little narrow right now because it is very specific on audited statements for, you know, the applicants. You may want to reword that a little. >> AVRI DORIA: Thank you. I've got Claudio, Marilyn, Zahid. >> CLAUDIO DIGANGI: Kurt, will there be joinder provisions for essentially the same resolution challenges? >> KURT PRITZ: If your question is about consolidation of disputes, it is encouraged where that can occur. If it is an infringement of rights issue, you know, each case is somewhat different depending on whose rights are being inserted or infringed. They're tough to join. If a name on its face might give rise to morality or public order issues, it seems like maybe those cases could be joined. And the roles of each individual dispute resolution provider will apply. So there has been procedures on how cases will be filed and heard, and those will be augmented by the detailed rules of the dispute resolution provider and they will describe how cases might be consolidated. >> AVRI DORIA: Thank you. Marilyn. >> MARILYN CADE: I was just going to go back to a comment and question about the issue of geographic names. Some people remember that there was a process at WIPO which did not result in a decision about WIPO. But there is a new director-general, and the topic of geographic names may certainly be put back on the work initiative. But I work in intergovernmental fora internationally, and my understanding from both of those is that ultimately those fora do not make decisions that affect the sovereign rights of states. They go back to the individual state. Was that researched, that sort of review of what the authority may be in order to make a decision? Has that been a part of the research, or is that something that you are going to try to take in the future so that as regional name applications may come forward, there may be sort of a list to refer applicants to so they can at least get started? >> KURT PRITZ: So I thought I was following your question right to the end where there would be a list of? >> MARILYN CADE: Well, you know, Tony raised a point about there are a variety of regional entities. They all have different roles and different authority. None of them, to my knowledge -- they coordinate the decisions of member states, sometimes represent them, but they don't actually speak for member states. Generally, my experience has been that the sovereign right of the country allows them and only them to make a decision. Have you -- in the discussions -- and countries do have the right to make a decision about the use of their names. Some countries have laws that govern the use of their names. Is this an area that staff has actually been able to spend time on, or is it something that might emerge as an area that more research would be done on if it seemed to be needed? >> KURT PRITZ: I think there is more research to be done. If I'm understanding your question, ICANN certainly isn't in the business of making a decision if there is a dispute between countries over who has authority over a region but would rather put that back to the countries and say, "Sort it for us and then let us know." >> AVRI DORIA: Thank you. Zahid? I don't see Zahid. He sent me an e-mail. Oh, there he is. Okay, sorry. >> ZAHID JAMIL: Thank you. Sorry. Sort of winding back to the string contention algorithm, I just wanted to ask a question. I ran a comparison between where I come from, Karachi -- it is a city, K-A-R-A-C-H-I, and it gave me a nearly 40% match with AfriNIC. So I was kind of confused. My question is: I'm not sure what sort of result of percentage scoring would give what indication to a evaluation panel. That would be one question. And would there be a presentation or some workshop or something that may be planned by ICANN so they can actually explain to people how evaluators would sort of judge this and use this? >> KURT PRITZ: So, yeah. The question I would ask back is if you think AfriNIC and Karachi are confusingly similar. >> ZAHID JAMIL: Absolutely not. >> KURT PRITZ: You would think then 40% doesn't -- if you saw 40%, that's not a very score close to something rising to confusingly similar names. >> ZAHID JAMIL: I would absolutely agree with you. And so obviously the follow-up question to that would be if evaluators are supposed to take this into account or if the algorithm result is relevant, then how do they deal with that in their decision? Because what you are basically saying is if they think it is not relevant, just ignore it. It brings into question the relevance of the results or the use of the algorithm all together. Either you can make your decision to make it relevant and deal with it or ignore it all together. I'm wondering if there will be a workshop or presentation to explain that. >> KURT PRITZ: A lot of people at ICANN have looked at a whole bunch of scores and whole bunch of 40 percent%s and none of them are confusingly similar. So that all seemed pretty coherent to me. What ICANN will publish in addition to the standard that is given to the string examiner panel, which is already presented, it will present more procedural detail on how that will work and how the string examiner will take the results of the algorithm, take the -- take the standard that's written and apply it. >> AVRI DORIA: Okay. Yes, I was just going to say that was the end of Module 2. But Jon. >> JON BING: Just a short observation, Chairman. We were discussing the algorithm as it is something very novel. It is of course not. Most administrative decisions in today's public administration is supported by algorithms. And you might be interested in taking the same view of the algorithms used by tax administration in assessing taxes and so on, that you look upon this algorithm -- I'm sure -- or I can assure you that there are at least as many interesting aspects of those algorithms as it is with this comparison algorithm. And I also would like to put on record that I personally at least welcome the use of computerized tools in trying to make somewhat more efficient and transparent the decision processes in such a respect by using computer-assisted models. Thank you. >> AVRI DORIA: Mike. >> MICHAEL PALAGE: Just to follow up on the string contention, the algorithm, in the resolving string contention explanatory memorandum on page 9 it states that 60% is the triggering mechanism for the algorithm. Is that correct, Kurt? >> KURT PRITZ: To make things easier as a first blush for the string examiners, they would first look at everything above 60%. As we just identified, you know, 40% is not even close. And if you do enough of these, you will find 60% isn't even close. So in that paper, it suggests instead of looking at all the scores from zero to 100, it is probably reasonable to just start at 60 and have that information. >> MICHAEL PALAGE: And thank you for that point. So my next point -- this goes back to a point that Marilyn had raised earlier regarding the evaluation of the community, which we'll get to in the next thing. What's interesting there is in order for there to be a clear winner under the community evaluation, you have to have 11 out of 12, which is 92%. So it is interesting that you're using a 92% trigger in the community evaluation but you are using the 60% trigger in this, if you will, visual confusion. So, to me, I find those two numbers and that disparity of the spread somewhat interesting, that you are using different percentages to trigger events that impact the ability of an applicant to get a TLD. And I just have trouble reconciling it. And perhaps you could explain those two numbers. >> KURT PRITZ: I think to a certain extent, that comparison is based on the arbitrariness of the scoring selected. So instead of, you know, one, two and three points for community evaluation, if we made it two, four and six points, all of a sudden the percentages change a lot even though the evaluation doesn't change at all and then you would be comparing two different things. Secondly, the 60% was just meant to cut down the number of reports to the examiners from so many tens of thousands, however many combinations there are of strings. If you say there are 500 applications, 500 times 499, I think. Just meant to cut down on that because we know everything below 60 is probably not confusingly similar. But, in fact, the string examiners have to look at all the results in every case, what's the score and -- what's the score for this pair. But it is just meant to pair that down. 60 is not intended in any way to be an indication of what's confusingly similar. It is just intended to convey what is safely below what will become confusingly similar. Maybe it is exactly 92%, and then all the stars would align. >> MICHAEL PALAGE: Again, these are numbers that ICANN staff has put in the documents and, again, as someone reading it, it has been a very well-thought-out, very detailed document. But, again, when you see these differences, there's questions. Just to follow up on one point you just raised, every string set will be reviewed by an actual human which then calls into question why do we spend -- up to $700,000 for a tool. And this goes back to, I think, Jeff's comment yesterday about if we knew some of these cost allocations that ICANN were going to be making, perhaps it would have been beneficial for the council to give a little more direction. So thank you. >> AVRI DORIA: Okay. Thank you. I'm going to call Module 2 over. We've still got several modules to go. We've got -- I don't know how much more time of yours. But we have at most 40 minutes left in this session. So I will take a slight pause now because we are not going to get through all the rest of the modules to talk about what I would like to suggest in terms of how we will continue after the 40 minutes end. I will try and work with staff to schedule a call within the next week -- the week after this meeting, if not within two weeks, where we continue. Ask people to submit their questions up front. Depending upon how many people we can get in a call, it is open to the council, open to those who have submitted the questions 48 hours in advance. So, you know, if you've got a question -- I don't know what the maximum limit is on the number of people that can come into a call. Recording as usual and ask for a transcription of that recording so those who are just interested in hearing it and observing, can observe without necessarily needing to be on the call. And then one other suggestion I've gotten is that the transcription from this meeting and yesterday's and the transcription from that become part of the comment record. Yes, Adrian? >> ADRIAN KINDERIS: Jeff -- >> AVRI DORIA: Somebody's phone's ringing. I don't want to spend a lot of time on this because I do want to get back to the substantive. >> ADRIAN KINDERIS: I just thought -- it was Jeff Neuman's idea actually so it might be a bad one. [ Laughter ] Is it worth going through module by module from now on? Given we only have 40 minutes, given -- can we just throw it out given we don't have another time schedule? Why can't we go through any questions now? >> CHUCK GOMES: Let me give you my opinion on that, just mine. I think we lose the continuity when you start going all over the place and there is some value of continuity. It allows for follow-up and so forth. I think that's a much more effective approach. >> ADRIAN KINDERIS: I agree. If you don't get your question asked -- >> AVRI DORIA: That's why we are talking about how we are going to extend this into continuing it as a phone meeting, I mean, because I'm not sure that in the next 40 minutes we can get everybody's questions asked anyway. So who gets their hand up first. So that's what I'm going to recommend. I will get back to people on the details once staff has sort of figured out when and how and schedule that. Yes, Tim? >> TIM RUIZ: Could we potentially -- and I have no clue if this is the case or not, but potentially skip to -- or focus on a different module than 3? Maybe 3 is the one the majority have questions on. If but if there are more questions on module 5 or another module, could we jump to that module? >> AVRI DORIA: I would have to take a vote and we would have to figure out what the votes were, and I think we should just keep marching through. There is a lot of questions. A lot of people have questions on -- I didn't expect this many in 2. So module 3. I will start taking those for questions. Yes -- by the way, the presentation will be made available. I see Mike, Carlos. I see Marilyn. Who else? >> CHUCK GOMES: Raise your hand again. She didn't see everybody. >> AVRI DORIA: So I've got -- Go ahead, Mike. >>MIKE RODENBAUGH: Thanks, Avri. Two questions. 3-10, the last program of 3.4.6, it says that the DRP decision will be considered and expert determination will be considered by ICANN in making a final decision. Can you explain that a little bit because I thought the whole point was to basically let the DRP panels make the decisions. You seem to suggest that those could be overturned by ICANN's whim. >>KURT PRITZ: Yes, so essentially they are final decisions, but at the end of the day, the ICANN board is going to ratify or approve all the results from the evaluation processes. So just like delegations, the ICANN board is going to approve the delegations of new TLDs and the root zone and also, you know, the results of the evaluation process. >>MIKE RODENBAUGH: Okay, thanks, that's more clear. Then 3, section 15, defenses, the last paragraph of the module. It says for community objection, I read this to say that if the community applicant has met the rules of being a community applicant, that's a complete defense. That doesn't seem to make sense and why would you even have an objection process? >>KURT PRITZ: Right, so there's an objector and the objector says that -- that the objector, in order to have standing has to meet requirements that they're a representative of the community and a bona fide member of the community. And the applicant -- did I say that right? So the challenger has to meet certain standing requirements, right? That in a sense -- essentially satisfy the -- that he is a representative of the community and then if the applicant meets those same criteria, then the applicant has demonstrated that he's a bona fide representative of the community and he's not, you know, misappropriating the label and so that would be a defense to the challenge. Right? He's got the support of the community. The community label's appropriate. >>MIKE RODENBAUGH: So I guess it's not really a defense so much as you've proved your case, basically, I mean -- all right, I guess I just have trouble with the wording, but I'll take it off to the comments. No problem, thanks. >>AVRI DORIA: Carlos. >>CARLOS SOUZA: Carlos from NCUC. Two quick questions about morality and public order. The first is if you look at the explanatory memorandum of October 29, and the question is: We can assume that from now on staff are looking for three major objections regarding morality and public order and that will be segments to violent, lawless actions, racism, and child pornography. And so that means that -- I remember a slide that staff presented to us during the India meeting that we had a broad range of objections such as sedition, obscenity, blasphemy. So we can assume that those objections will not be framed in the guidebook, so we're sticking to the three major ones, so that's the first question. And the second is on 3-3, on Item 3.1.2.3, we have an expression that goes like that "on the legitimacy to stand those objections." It says that it may be appropriate to grant standing only to parties who have recognized authority in the arena of morality and public order such as government. So my question is: How are we going to discern who will be the legitimate party to stand on morality and public order, so the question is just what is the state of art of discussion with staff on this legitimacy? >>KURT PRITZ: So I'm going to do my best to answer your questions but I'm not always the clearest question and I ask you to read the memoranda very carefully. The three criteria that you identified were the result of a research -- a legal research project that undertook to understand restrictions in some jurisdictions in every region. So we made sure in this legal research that we solicited at least one jurisdiction, one country in every region of the world to understand what sort of criteria would be applicable for this standard in every region. The results of that legal research reported more than three and included -- you know, included the ones you were talking about. So sedition was one, I forget what the other ones were but the report also included that if you wanted to choose those criteria that seemed to be in common across the world, you know, which translates in some sense to under internationally recognized principles of law, that's in the standard, then those three were common just about everywhere. And so then the question becomes, and that's posed in the memo, that in addition to those three, in order to address other areas that might be unanticipated or might be an area for a bona fide objection, should the panelists, should the jurists that are staffing the panel be given the discretion to determine if a certain -- the morality and public order concerns of a certain string would rise to the level of causing morality or public order concerns under internationally recognized principles of law. And the -- so the paper suggests that consultations with jurists, with attorneys, with dispute resolution providers indicate that some level of discretion should be given to the panelists and -- but also there needs to be a very high standard for who can serve on such a panel in order to have credence with governments and others who will be examining this dispute resolution process so the panelists themselves would have to be, you know, retired justices from the international peace court or justices that have practiced in international tribunals, some very high level of jurists. So the paper says there are these three, asks the question should they also be given the discretion to determine if there are some other strings that on their own rise to that level. And then the discussion on the state-of-the-art of standing, you're right on top of it. The discussion should be, you know, should that be -- whoa. Should that be limited to -- should that be limited to governments or some other sort of organizations or should individuals be -- in order for protections be able to assert an objection there. And so that's also the discussion right now. >>AVRI DORIA: Thank you. Next up, Marilyn. >>MARILYN CADE: Thank you, Avri. Could I have a few questions that I will just go through quickly. One is, and it came up yesterday but I just want to understand this more clearly. The number of panelists, as I looked at the dispute issue related to the -- the dispute procedure related to legal rights, am I right that it proposes that it would be only one panelists in evaluating the legal rights or are we assuming that similar to the UDRP there could be a request for up to three panelists? >>KURT PRITZ: You know, Amy's not sure, I'm not sure I know the morality or public order objection says three panelists, then the infringement of rights section says one panelist, I'm not sure on the language, providing discretion. >>MARILYN CADE: Okay. I would raise significant concern about dealing with legal rights when you're dealing with the kinds of conflicts that may occur which takes me to my next question and that is: Is it clear that should a party be dissatisfied with determination by an administrative panel, that they have the right to take the issue to a court of competent jurisdiction? >>KURT PRITZ: Well, I think, so we talked about that a little bit yesterday whether a challenger has to sign away their right to do that. The process right now, the decisions are generally certified by the dispute resolution provider. So that, you know, the panel makes a decision and then the dispute resolution provider looks at that decision and the panelists -- you know, certifies it as sort of -- but that's not really a review step. >>MARILYN CADE: I'm not sure how ICANN could require someone with legal rights in other environment to sign their right away in order to -- >>KURT PRITZ: Well, I think you're probably right. >>MARILYN CADE: Yeah, the second question -- then the question that I have that's related to that, experience indicates that there are certain names that are repeatedly proposed. If a party protests a name and establishes that they have the legal right to it but they are not interested in operating a gTLD, they're in another business, does the name -- once you have resolved the dispute, does the name go on a white list so that other parties cannot abusively reregister that name? And I understand people will say a $200,000 filing fee is a barrier, it hasn't been proven so far. Does the name then go on a white list so that the party whose name is being repeatedly reregistered and applied for doesn't have to keep paying an application fee and bear the burden of administrative and legal costs? >>KURT PRITZ: Yeah. So that's a good question. We -- you know, in scenario planning, there are some strings where that seems like a really good idea and some strings where that seems like a really bad idea, so certainly additional thought has to be given to that. >>MARILYN CADE: I need clarification. If I am a party who has established that I have the legal rights to a name, how would it be that it's not a good idea and why would we keep allowing what I would consider abusive -- >>KURT PRITZ: Well, I was talking about across all objections so -- >>MARILYN CADE: Oh, sorry. >>KURT PRITZ: Yeah. >>AVRI DORIA: Thank you. Chuck? >>CHUCK GOMES: Thank you, Avri. I have several questions here. On Page 3-6, in Section 3.3.1, the second bullet down there a ways says, "Each response must be filed separately" so these are -- and to set the context, these are responses to objections that have been filed. And it says, "If an applicant wishes to respond to several objections, the applicant must file a response and pay a filing fee to respond to each objection." I guess the first thing I have is a comment, really, that that seems a little bit crazy to me that to respond to some -- to a complaint, you pay a fee every time. Now, I understand the -- the cost basis of this, but both parties in a dispute are going to have to pay up-front fees anyway. Why is it that you're having the applicant have to pay a fee for every response that they make? >>KURT PRITZ: The -- each dispute resolution provider is going to publish a set of rules associated specifically with how fees are paid, and, you know, I think -- I think your issue is a good one and needs to be addressed in that, in the case of multiple disputes how that would be handled. >>CHUCK GOMES: Thanks. Then in -- on Page 3-8, the -- towards the end there of Section 3.4.2 -- I guess the -- my question is: Will fees be less when objections are consolidated? So we've already kind of talked about the idea that complaints can be consolidated, so my question is: Will fees be less when that happens? >>KURT PRITZ: Yeah, I think so. The fee is based on a flat fee for a hearing or the hourly rate of the panelists, so, you know, the hourly rate's whatever the hourly rate is, and if a hearing is consolidated, then it's not going to be a multiple of. >>CHUCK GOMES: Thanks. Going down just a little bit further on that same page, 3-8, in Section 3.4.3, the third paragraph, it says, "There are no automatic extensions of time associated with a cooling-off period." Now, we know that there are going to be time limits for various elements of the whole process. Does that mean, then, that if two parties elect to have a cooling-off period, that that counts against the time limits? >>KURT PRITZ: No. It says the -- right after that, I think it says the parties can jointly submit for an extension of time. Right? So if the parties -- >>CHUCK GOMES: It does say that, yes. So they could be -- get an extension if they needed a cooling-off period. >>KURT PRITZ: Right, right. >>CHUCK GOMES: Okay. Otherwise it would motivate people not to do the cooling-off period, right? >>KURT PRITZ: Exactly. >>CHUCK GOMES: Okay. On the next page, 3-9, the first full paragraph of -- or, in fact, actually that first section at the top of the page there, and I guess this is really covered by Marilyn's comments, so we can go on. I think it is a concern with regard to having only one panelist. At a minimum, I think there needs to be an option for more panelists and I'll just leave at that because Marilyn already raised that. >>KURT PRITZ: And so of course there's a balancing going on here, right? You want to provide a dispute resolution process that's as economical as possible, and so for each dispute, you want to raise -- you know, you want to weigh the value added of having additional panelists, you know, how much more likely are you to get a better decision by adding panelists than -- than -- you know, and balance that against the increased costs of having the extra panelists. >>CHUCK GOMES: And I understand that, but it's also -- as with the UDRP -- possible to have a higher fee associated, if it's elected to have a larger panel. >>KURT PRITZ: That's right. And then, you know, the suggested panel for infringement of rights cases is the -- is WIPO and these staffing decisions are based on their recommendations. >>CHUCK GOMES: Okay. >>KURT PRITZ: And that's not to say, you know, there shouldn't be discretion to have more panelists. It's just to indicate that these determinations were made in some arbitrary manner but were actually based on discussions, not negotiation -- well, negotiations or discussions with dispute resolution providers that will provide the services, that are experts in the field. >>CHUCK GOMES: Thanks. At the bottom of Page 3-11, the very last paragraph on that page, it says, "String confusion exists where a string so nearly resembles another that it is likely to deceive or cause confusion. For a likelihood of confusion to exist, it must be probable, not merely possible, that confusion will arise in the mind of the average reasonable Internet user." To me, this is too general, based on the recommendations of the GNSO with regard to confusingly similar. It really leaves out much of the definition that we tried to put -- that we did put in, if you look at the detail behind Recommendation No. 2, and I think it would be very helpful to provide more of that detail. Otherwise, I think it becomes too subjective or even applicants don't realize the full extent of what that can mean. And that's just a comment, and I'm not looking for a response on that. And that's all I have. Thanks. >>AVRI DORIA: Thank you. I've got Margie next. >>MARGIE MILAM: I have two questions. The first one deals with limiting brand abuse in the new TLDs, and one of the questions I have is whether -- in the process of developing this proposal, have you considered whether it would be appropriate to publicize the applicant and the string before the period closes, because that might enable parties to resolve disputes even before you -- ICANN does any work in, you know, looking at the application, reviewing the application and going through all the, you know, mechanism of, you know, determining whether the application is successful. You might actually get a lot of informal resolution if you do that earlier rather than later. >>KURT PRITZ: So would an alternative to that be that all the applications are posted at the close of the application period but then ICANN wouldn't act on the applications for a short period of time? >>MARGIE MILAM: I think not, because it may be possible that if someone knows there's an actual string that's being applied for, it may push them over the edge to actually apply for the string, and so if you wait till it's actually closed, the person who wants to object only has an objection right but doesn't have a right to submit an application, so I'm thinking, you know, unless there's a reason why that wouldn't work, you might allow the publication during the application period. >>KURT PRITZ: So let's talk about that some more. There's implications of that if applications are posted beforehand what -- you know, what sort of reactions would that cause from others who -- you know, who might file an application just to get the present value of whatever their application is, or something like that, so -- >>MARGIE MILAM: Uh-huh. >>KURT PRITZ: So, you know, we can't think through all that right now so let's talk about it later. >>MARGIE MILAM: Okay. And then my second question, it's a little broader. I apologize, I wasn't here yesterday. In looking at the proposal, it's hard to understand how the rules apply to a corporate TLD. In particular, a corporate TLD where the corporation is the sole registrant and the registry. I don't know if that's open or community in the way you guys have been thinking about this, and the question is: If it -- you know, if there's that situation and we think that, you know, there may be many applications like that, who would have the right to object in that kind of situation? If it's a -- I guess if it's open, the way I read the rules, there is no community objection. Is that right? >>KURT PRITZ: No, that's not right. >>MARGIE MILAM: Okay. >>KURT PRITZ: So if you misappropriate a community label, even if you identify yourself as an open TLD, there can be a community-based objection, so if you, you know, file for a dot -- you know, the name of some religion or something like that and call yourself open, there still could be an objection. >>MARGIE MILAM: Okay, okay. So either way, there still could be objection. And, you know, just a general comment. If you could perhaps give some thought on how the application period would -- application rules would apply to a corporation. I mean, that's kind of our focus, but in reading the rules, it's not really clear, you know, how some of these rules apply and maybe that's a third category. And not necessarily corporate, but single registry with a single registrant like what was brought up in the report of the third party consultant, you know, on the registry/registrar relationship thing. >>KURT PRITZ: Right. >>MARGIE MILAM: So something like that. >>AVRI DORIA: Thank you. Steve? And just so you've got the list, I've got Steve, Mike, Robin, Tim. >>STEVE METALITZ: Thank you. Steve Metalitz. Just to confirm that the standard for string confusion that's given at the bottom of 3-11 and top of 3-12 that Chuck just read, that is different than the standard for string confusion given on Page 2-3. So, in other words, even if something is not visually similar to another string, it would be open to challenging that at the string confusion stage? So the panel would -- or the dispute resolution provider would have greater flexibility than the examiner does? >>KURT PRITZ: That's correct. >>STEVE METALITZ: Okay. Thank you. >>AVRI DORIA: Thank you. Mike Palage? (Speaker is off microphone). >>MIKE RODENBAUGH: So on is that 3-11, the confusing similarity, it's not clear in here whether it's visual or whether it's the recommendation that we made, which is sight, sound or meaning. Which is it, please? >>KURT PRITZ: It's the latter. >>MIKE RODENBAUGH: Thanks. >>MICHAEL PALAGE: Thank you. Mike Palage. First question is with regard to Section 3.1, Page 3-1. And this is a point I had raised yesterday. The wording says, "Similarly, an objector accepts the gTLD dispute resolution process by filing its objection." The question I raised yesterday is: Would that preclude an objector from seeking redress through a court of competent jurisdiction? Again, it's not clear. I think it needs to be clear that an applicant -- that an objector can still seek redress to a court as they do under the UDRP, so that's just -- that's the first point. Second is with regard to Section 3.1.2.2, which appears on Page 3-3. Under "Let's Rights and Objections," the source and documentation of the existing legal rights. So my question here is when they talk about the documentation of existing rights, are they intending to limit this to just national -- to registered trademarks or will this be over to common-law trademarks? Could you elaborate on whether the -- the scope? Is it just registered marks or common-law marks? >>KURT PRITZ: I don't know. >>MICHAEL PALAGE: Okay. >>KURT PRITZ: I'll get some advice on that. >>MICHAEL PALAGE: Thanks. That would be appreciated. Next is Section 3.2 -- >>KURT PRITZ: You know, I'll just point out that I think -- you know, there's a set of factors, you know, in the standards that will be used to determine if there's been an infringement of rights so, you know, my thought is that those factors are applied against -- you know, to -- against that string, so -- you know, and I think that would be regardless of whether, you know, it's a registered trademark or common-law, but I don't understand this area of law at all, so -- >>MICHAEL PALAGE: No. And again, I appreciate that, Kurt. It's just that when you look at some of the different rights protection mechanisms, typically the sunrise relies upon a national trademark registration. However, in the case of dot biz that used the stop, they allowed the recognition of common-law rights. Again, the UDRP recognizes both common-law as well as registered, and I think, you know -- I don't have an opinion one way or the other at this time, but the lack of specificity I think is important to... >>KRISTINA ROSETTE: I just had a quick follow-up. Just to ask a general question, because it might save us some time here. To the extent that we have questions about things relating to disputes where the dispute resolution provider has been identified, is this the appropriate forum to raise those comments, questions, concerns, or should we be directing them to that forum? >>KURT PRITZ: I don't understand. >>KRISTINA ROSETTE: Well, in other words, should we be directing these questions to WIPO or to you, because if it's to WIPO, we'll save everybody some time and go there. >>KURT PRITZ: Oh, I think for now, it's to ICANN because there's no -- >>KRISTINA ROSETTE: Okay. >>KURT PRITZ: -- Formal agreement yet. You know, there's an agreement in principle. >>KRISTINA ROSETTE: Okay, okay. >>MICHAEL PALAGE: Okay. The next question is with regard to Section 3.2.1, and it appears on Page 3-5. And the specific wording talks about that "any objector wishes to object to several applications at the same time, the objector must file an objection and pay a filing fee for each application." So my question is: Let's just suppose we have five applicants for dot foo and an objector wants to object to three out of the five. Are they permitted to object to three out of the five or do they have to object to five out of the five? >>KURT PRITZ: No, I think that -- you know, I would think they could object to three out of the five. >>MICHAEL PALAGE: Okay. >>KURT PRITZ: I mean, there -- I can -- I could come up with a scenario where -- you know, why. >>MICHAEL PALAGE: Okay. And the only reason I'm -- I think that that potential -- I don't disagree with that assessment. The only thing I think one needs to recognize is there is the potential, though, for a third party to, as Chuck said, try to -- the concerns about an applicant having to pay multiple filing fees before a consolidation. So if, in fact, there were certain segments that wanted to beat up on a specific applicant for a string, they could then discriminatorily -- they have the ability to just file challenges against one and perhaps potentially unfairly burden that applicant. >>KURT PRITZ: Uh-huh. >>MICHAEL PALAGE: So I just think that's something you need to go through from a planning point. Next question is addressed to 3.4.4. It appears on Page 3-8, and it's re- --it deals with the selection of panelists. Under the UDRP, when you go to a three-panelist, the applicant gets to select one, the challenger gets to selection one and then the third is selected by the provider. I think in this case, it's not clear that the applicant or the challenger will have the ability to potentially designate a panelist. Do you envision the applicant and challenger having that ability, as they do right now in the UDRP, or will one or three panelists be selected by the dispute provider exclusively? >>KURT PRITZ: I think the way the procedure is written now, that the dispute resolution provider selects the panelists. >>MICHAEL PALAGE: Okay. Thank you. 3.4.6 on Page 3-10. This -- it says, "Unless panels decide otherwise, each DRSP will publish all decisions rendered by its panelists in full on the Web site." The fact that a decision would not be -- the fact that there is the potential for a decision not to be published I find somewhat inconsistent with ICANN's mandate on openness and transparency. I think all decisions need to be accomplished. I don't think there should be an option in which they can be withheld. >>KURT PRITZ: Well, I agree with that. >>MICHAEL PALAGE: Okay. >>KURT PRITZ: So I don't -- yeah. I'll... >>MICHAEL PALAGE: Next section -- next question is Section 3.5.2. It appears on Page 3-12. On no. 4, it's -- and I read here: "An applicant has" -- this is what I call the TLD or the cybersquatter poison pill. And what it says is, it says, "An applicant has engaged in a pattern of conduct whereby it has applied or operates TLDs or registration in TLDs which are identical or confusingly similar to the marks of others." So my reading of that particular provision is that if an applicant has perhaps lost an UDRP previously, that could be -- perhaps be held against them in the application. Am I correct in that reading? >>KURT PRITZ: What section are you reading. >>MICHAEL PALAGE: It is no. 4 on Page 3-12. The last -- the end of Paragraph 4. >>KURT PRITZ: This is one of the -- this is one of the factors to be balanced in determining whether or not there's been infringement, right? >>MICHAEL PALAGE: That -- yes. That an applicant is potentially interfering with the rights -- >>KURT PRITZ: Right. >>MICHAEL PALAGE: -- Of a third party. >>KURT PRITZ: So your question is? >>MICHAEL PALAGE: So my question is: You will -- when -- you're going to look at the -- so if an applicant has previously lost an UDRP decision, that potentially will be held against them because it says, "Operating a TLD or registrations in TLDs." I read "registrations in TLDs" to be second-level domain name registrations. >>KURT PRITZ: Right. >>MICHAEL PALAGE: Okay. So then the question is: If -- so now here's my follow-up question: Will there be a situation where a party will be able to sit there and track? So if I'm -- if I'm a cybersquatter and I'm pretty smart, I'm going to set up a separate new legal entity. Will there be some way to track, if there's a parent/sub or something like that, to track back the illegal activity back to the parent or the sub, or are you just going to look at the entity, if it's a clean entity that has filed for the application? >>KURT PRITZ: Well, you know, I don't know. I'm -- I am sure there is ways for people seeking to do some wrong to cover their tracks that an investigation could not uncover. >>MICHAEL PALAGE: As I said, I don't have -- I think this is -- I think this is a positive element, so I'm not critical of the element. I think we just need to specify it a little more, so that the intended purpose is not circumvented by someone that's more creative. And that's it. >>AVRI DORIA: Thank you. Robin? >>ROBIN GROSS: Thank you. I've got four questions. The first two are on the legal rights of others objection. Picking up on the section that Mike was just talking about, 3.5.2, looking at the different factors, there's eight factors that have been listed to determine -- I'm sorry. I'll try to make this closer. Is this any better? Okay. So looking at the Section 3.5.2 that we were just talking about on the factors to consider in deciding whether a right has been violated, there are eight factors that are listed but one thing that's missing and that currently exists in UDRP proceedings is whether or not the applicant has a freedom of expression right to use that mark. So I think it's important, particularly because principle G of the GNSO recommendations is very clear that the string evaluation process must not infringe the applicant's freedom of expression rights that are protected under international recognized principles of law. So I think it's really important that in a -- we add this into one of these factors that we're considering. It's already in the UDRP, so it needs to be here as well. Okay. So that was the first point on the legal rights of others. And then the second point has to do with 3.4.4 and this idea that there's only going to be one panelist to here these kinds of objections and according to the materials that we've been provided, it's going to be an intellectual property rights expert. Well, most of these -- or many of these disputes come in where the tension between freedom of expression and intellectual property lie, so it seems to me that if you are deciding in advance that there's only going to be one judge and it's going the IP person, then you've already decided the outcome. So I think we need to have more than one panelist, and if we are going to have a panelist that's a designated IP expert, we also need to have a panelist that's a designated freedom of expression expert, because it is exactly that tension that we're trying to work through. Okay. And so my other two points that I wanted to raise are on the morality and public order issue. One of the -- or the second -- the second criteria -- the second category for denying a domain is because it might incite or promote discrimination based upon race, color, gender, ethnicity, religion, national origin. So I'm wondering: That's not U.S. law. In the U.S., you're allowed to be mean to someone, say mean things, with all those categories, so I'm wondering where did that come from? When you say that these are the three that most -- or all jurisdictions agree upon, because that actually isn't the law in the United States, so I'm wondering if we could see some more -- some of that legal research that you said came to these conclusions. We'd like to have an opportunity to help provide additional information on this point because it's -- like I said, this is not U.S. law. >>KURT PRITZ: The -- the three came from legal research that analyzed the standards in several jurisdictions, nine jurisdictions that covered each region of the globe, including the law of the United States, and found that these factors were common among all of them. >>ROBIN GROSS: So that's exactly the point I want to bring out. We need to see that research because that's not at all my understanding of U.S. law, and I also hope that you're open to hearing from freedom of expression experts on this point, as designated by freedom of expression organizations, because this is a really important point that we need to go through. So are you open to hearing from more experts on this. >>KURT PRITZ: Sure. Yeah. >>ROBIN GROSS: We can help provide some information on this. >>KURT PRITZ: Okay. >>ROBIN GROSS: And will you provide us with the specific research that you found that said that under U.S. law that's illegal. >>KURT PRITZ: I'm sure we can, some form of it. >>ROBIN GROSS: Thank you. And the other point I wanted to raise on the morality and public order issue was in Section 3.2, the procedure for filing an objection. I was surprised that the International Chamber of Commerce is lined up here to hear disputes on morality and public order. A trade organization that represents big business? I'm just wondering: How did that decision come about? Who else was considered? And are -- are you still open to other possibilities there? So there's sort of three questions there. >>KURT PRITZ: Yeah, certainly. So the ICC has renown in providing dispute resolution services, and is the premier -- one of the premier organizations to do that. Their -- you know, they have ability for bandwidth to accommodate a large number of cases and have access to expertise around the world in, you know, different languages and such, different cultures. They also agreed -- they didn't also agree, but part of this also is to ensure, for morality and public order, that a very high level of jurists hear the cases, so that their decisions would have credence with governments, and so the ICC will work with us and work themselves to identify those level of panelists around the world and enlist them for this specific effort. So it will be a special membership -- panel membership criteria that will be allowed to hear these cases. >>ROBIN GROSS: And who else was considered for this? >>KURT PRITZ: Well, we -- you know, other entities that were considered for this probably don't want to be mentioned, and so, you know, without -- without getting their okay, I'm not going to say that in this room. >>ROBIN GROSS: But there were other entities that were considered? Can you give me a rough idea about -- you don't have to say their name but there were -- types of organizations? >>KURT PRITZ: Yeah. All -- all -- all -- you know, think of all the dispute resolution providers you know of. I mean, there's three -- there's three mentioned here in this paper that ICANN is using, so they were all considered for all dispute resolution types, and then other dispute resolution providers were considered also. >>ROBIN GROSS: But it's my understanding this isn't final yet. It's not determined that the ICC will hear these disputes. >>KURT PRITZ: Well, ICANN has an agreement. >>ROBIN GROSS: You're just heading in that direction. >>KURT PRITZ: Well, yeah, ICANN has an agreement in principle with the ICC to provide these services. >>AVRI DORIA: Great. Thank you. At this point, I have to cut off the list because you need to leave, correct? But you wanted to make a last statement, or do I have time for two more people on the list. >>KURT PRITZ: No, I'm already late. >>AVRI DORIA: You're already late. That's what I thought. So we will be continuing, as I said, but go ahead. >> KURT PRITZ: So thanks very much. I think everybody who worked on this material is gratified that it is read. So kind of unique in ICANN annals that people are all reading this stuff. I thought the comments were all very good, and the level of detail is really appreciated. I started with the message about the new TLD program and, you know, what I would like all of us to walk out of here espousing that the new TLD program has certain principles that we described earlier. And it is intended to fulfill part of ICANN's mission and fulfill it in a way that meets each of the policy recommendations and all the work that's been done here. You know, we've all been working on this a really long time. And now we're getting to another stage of the work, and I look forward to working with you all on it. So thanks very much for your time today and yesterday. [ applause ] >> AVRI DORIA: Thank you for your time and realizing that we're probably hopefully a little bit more than half-way through the questions so I'm hoping we can schedule something with you in the week or two after the meeting. Now, I just wanted to say a couple things before we break up into two rooms. We, basically, now are going into -- after the break -- we have a break for 15 minutes -- into the standing committee kickoff meetings. The one for the PPSC, for the Policy Process Steering Committee, will be in this room. The one for operations will be -- >> CHUCK GOMES: In San Souci Number 1. And to get there, you just exit over here to my left behind me, turn left and go to the A, B, C, D bank of elevators, go to level minus 3. And then once you get off the elevator there, turn right into Sans Souci 1 which is the meeting room. Both of these meetings are open to anybody who wants to be there. We have specific committee meeting members, but you can observe. >>JEFF NEUMAN: What room is PPSC? >> AVRI DORIA: Okay. The PPSC is in this room. The policy process is in this one. It is the one I think I saw your name attached to. Okay. Then after that, we come back to this room and we had what is on the agenda listed as an IRTP Part A open working group meeting. I've been informed that it's actually intended to be more a status update to the council on the status of that working group as opposed to an actual working group meeting. So that will be here. I have been told they don't need the whole hour, but -- so if, you know -- but also we have a working lunch scheduled here again. And one of the things I'm going to do, as people are eating, annoy them with a little bit of conversation and ask for a little bit of help, is just basically talking about these things that we had been calling the trans-silo meetings that are now getting called AC/SO for ACs and SOs. It is easier than trans-silo. But I need to get some information from you all because I have to bring up what are our important issues with the new gTLD, what are important issues with the ccTLD, so that I can give a quick update before we start. And coffee break. Thank you. (Break) >>AVRI DORIA: I would like to ask everybody to find their seats so we can start. Okay. Where are the council members? Everybody's leaving? Wow. Let's see if we can get some of the council members back to the table, please. Can we start the recording, please. Okay. The recording has started, so this is basically an inter-registrar transfer policy PDP Part A status update to the council. Hopefully some of the council members will drift back. I've noticed some were sitting in the back. Please, Paul, go ahead. >>PAUL DIAZ: Okay. Thank you, Avri. My name is Paul Diaz with Network Solutions. I was selected chair of this working group. I will be quick. I know lunch is coming, and I appreciate those who are already in the room. We wanted to provide you an update just so that you understood where the working group stands. This PDP A, as you note, is the first of five envisioned PDPs related to transfer policy issues. We have three -- the three issues you see there in our charter, I won't read them over. But fundamentally they deal with exchange of registrant e-mail contact information. They deal with electronic forms of authentication. And then, finally, we're dealing with potential provisions terms for our partial bulk transfer. Very good. Sorry about that. Next slide. Background on the group, we were formed in early August of this year. We have a broad range of participants from all various constituencies, business, IPC, registrar, registry, at-large. Consistently we've had eight, ten folks participating on each of our weekly calls. What we decided as a group is to discuss our charter issues within the working group in parallel with the initial comment period that was open for the public and for constituencies to weigh in. You see our activities. We developed a constituency statement template, the various constituencies used to provide their comments. We got the public comment period underway and the statements came in. We've pulled together -- Marika has pulled together our draft report and, basically, that's where we are at this time. We do not have that draft report ready for posting for the next round of comments yet. We do, in fact, have the drafts on our Wiki site, but we've not been able to sort of polish it off within the working group, get it ready for those -- for the next stage. We hope to have that done probably in the next two weeks, mid-November at the latest. As you can see, the report covers the inputs that we received. We did receive a few public comments. Unfortunately, most of them were not really focused on the issues at hand. They were much broader concerns. Better we received statements from IPC, the business constituency, the registries and the registrar constituencies. All of those inputs, of course, are part of the draft report that we're still working on. Over the course of the weeks that we've been working -- or meeting as a working group, we've had extensive discussions related to our issues. As you can see up here in the first -- our Issue 1, detailed discussions focused on potentially leveraging the EPP, extensive provisioning protocol, as a way to provide this. We had a very useful discussion about IRIS, sort of the next generation of WHOIS alternative. We've talked at some length between differences between registrant versus admin contact approval; thin versus thick registries; a bit about WHOIS, not as a broad issue but really as an enabling mechanism; operational aspects of WHOIS in sharing registrant information. And then, of course, related to EPP would be the AuthInfo code. The second issue about electronic authentication, we have had discussions about incident of hacking and hijacking. One of our participants was able to provide statistics on the level of concern that they've had to address. Additional security measures as well have been bantered around. Finally, for partial bulk transfer, we've begun talking about some of the terms, what would it mean, a definition, requirements, always a concern about security considerations should the working group come up with a recommendation for new provisions related to partial bulk transfer. We're all very sensitive about not potentially creating any sort of loopholes -- security loopholes. The existing transfer policy already has its issues. We don't want to potentially make anything any worse. What we have for you here is a timeline. I would not interestingly, when council chartered this group, y'all didn't provide us with a deadline. Not a problem. We tried as a group to come up with a fairly aggressive timeline. And for the most part, we've done quite well. You'll see the, as we march through the weeks, final review of the initial report. We have, in fact, started that but we have, of course, as I already mentioned, have not finalized that report. Have gotten that very important public comment stage going. The timelines you see up there will probably slip several weeks. So our goal at this point will be to have a final report ideally ready and submitted to council before the end of this year, worst case early January of 2009. Basically, that's it. We wanted to provide you all a quick update. Certainly if council or anybody in the room has questions, happy to address them. >>AVRI DORIA: Okay. Thank you. Chuck, you look like you are ready to have a question. >>CHUCK GOMES: I am. Thank you. On the issues, Paul -- by the way, thanks to the working group and to you for being willing to chair it. Can you give us any indication to where -- just rough indication as to where you think you're going to be able to come up with recommendations with regard to possible policy changes on the three issues? >>PAUL DIAZ: I think it might be a little premature for me to guess at this point, Chuck. The initial statements that came in from the various constituencies have different views on all three issues at this point. Some groups feel that there are not viable policy options. Others have commented they thought something could be done. We haven't really taken it up as a group yet to try and start roughing out a consensus on those issues. >>CHUCK GOMES: So none of them are really clearly looking like there may be consensus on policy issues? >>PAUL DIAZ: Not very clear. I think that we probably will be able to work through Issues 1 and 2. They appear to be a little easier in terms of there is not as much daylight between different positions. Issue 3, that partial bulk transfer provisions, I would not -- our charter question specifically includes partial bulk transfer provisions between registrars. And in the comments that have come in from two constituencies, they've overlooked that final clause "between registrars." As a result, that one might be a little controversial because there is clearly a difference of opinion between who would be eligible if we can come to some agreement on what those transfer provisions might look like, who they would be extended to. So at this point, that one of the three is probably the most controversial. >>CHUCK GOMES: Let me you ask a question on that. So there must have been a misunderstanding of what a transfer is if they weren't thinking it was between two registrars. What were they thinking, if you can share that? >>PAUL DIAZ: The discussion -- or the proposals that have been put forth from business constituency in particular, their view is they want those provisions to be extended to registrants in the case of perhaps after a merger and acquisition. Businesses that might want to move a portion of a portfolio over, their view is to allow the process to be initiated by a registrant, the portfolio holder. The same would apply, say, for a domainer with a large portfolio. So the suggestion has been to extend the ability to start a transfer process, push it out to the registrant. Clearly the registrars will be involved, but it's kind of moving us in a new direction, should that be adopted. >>AVRI DORIA: Okay. Alan. I have a question, though. I saw my own hand before I saw yours, I apologize. I mean, I'd guess I would have a question on the extension of the scope there when it is within a group whose scope is -- and its title is inter-registrar, whether that would require -- I mean, I'm not saying it's a -- you can't do that. I'm wondering whether one would have to come back to the council and say, Listen, you know, there's a request from the group to extend the charter to include this issue because at the moment, I would argue that the charter doesn't include that issue. Now, there is absolutely no reason why a working group can't come back and say, Hey, you know, we started talking about this and we think it's reasonable to talk about these things also. Can the charter be extended to include that? But sort of finding the balance between the group being open to talk about what it needs to, without letting the groups decide sort of on their own mission creep, and that becomes a concern of mine. Okay, I had Alan. Yes, Alan. >>ALAN GREENBERG: In the case of a transfer, let's say, after an acquisition, I see two different categories. One is that they simply want to transfer -- change the registrant name but keep the registrar the same; and the second is the acquiring party uses a different registrar, therefore, you want to change the registrar at the same time, in which case it really does fall under this category. You just happen to want to change the name -- the registrant name in parallel. >>PAUL DIAZ: All right. I think two things there. And the first one, changing of a registrant, staying with the registrar, that's not inter-registrar. That would not even apply to our group. >>ALAN GREENBERG: No, no, I was agreeing. That's just a registrar service, and that has nothing to do with you at all. >>PAUL DIAZ: Right. >>ALAN GREENBERG: But if it is the second case where they want to change the registrar and coincidentally at the same time change the registrant, it really is a flavor of inter-registrar transfer. >>CHUCK GOMES: If my memory is correct, I think the issue of registrant change is an issue on another one of the PDPs. >>PAUL DIAZ: Yes, that's correct. That will be addressed, I think, in PDP C. To get back to your question, though, the changing of registrant and registrar, a regular transfer, that's all well and good. Under the existing policy, if you have an acquisition and all of those domain names get transferred, no problem. That's the bulk transfer process. It is accounted for. What is on the table for us is a partial bulk, only moving some of the names. And to Avri's point, I'm very sensitive about not going beyond the scope of the charter that was put before us and contributing to the registrar constituency statement. We underscored that. The charter said "between registrars," not to open this up to any registrant who decided to move their portfolio around and being able to take advantage of some new provisions that get created. Should the group really want to push this issue -- and it's not been debated fully enough yet that we reached that point. But it is well understood if we get to that stage, we would come back. >>TIM RUIZ: Avri, was I in there? >>AVRI DORIA: You're next. >>SÉBASTIEN BACHOLLET: Sébastien Bachollet, ALAC member and member of this group. And maybe I never understood what was the goal of this group. But if we speak about inter-registrar transfer because one day a registrant asks for something, it is not just a business they want to do by themselves, among themselves for the registrars. Sorry but in English it is really very difficult to be sure that we always use the right words for "registrant," "registrar," "registry," brrr. But I try to. Then the question about if bulk transfer has to happen, it's also because when a registrant needs -- because they have a group of names to change from one registrar to another registrar because we are speaking about the gaining registrar and the losing registrar and somebody has to start that. And I don't see the big difference between doing that for one name or for part of your portfolio or for your portfolio if you are one business user, a company or even an end user with different names. But once again, maybe I am wrong and I will be happy to know that I am wrong and I will be -- I will do better my job if I am knowing that. Thank you. >>AVRI DORIA: Thanks. I will give it to Tim in a second. My understanding was certainly if the registrar is to do something because something has happened in their client base or something has happened among the registrants and their solution to whatever requests they've gotten requires that you're at the inter-registrar. If, however, the registrant can without, you know, the intercession of their registrar initiate something, I think you have got a different situation. So it is are you as a registrant asking your registrar to do something as a corporation? And to do it, they need to do a bulk transfer between two registrars, that that's -- yes, that's inter-registrar. If, on the other hand, you as a company want to initiate it yourself, a bulk transfer of data from registrar to yourself or from yourself to another part of your company or something else, that's something different. Okay, Tim. >>TIM RUIZ: I apologize because I missed the first part of this. I just want to make sure that the genesis of this particular issue had been discussed. It actually relates back to Part B of the inter-registrar transfer policy, which is actually talking about a bulk transfer from one registrar who has for whatever reason been -- gone out of business, has failed, has been merged with another registrar and so it is the bulk transfer of their names to another registrar and it's done -- if there is under a certain number, it is done without cost and without the addition of a year. It is more kind of a maintenance mechanism when a registrar goes out of business or is merged with another. That's kind of the genesis of this because what's happened is you'll have different business models where a registrar will have a particular business unit, perhaps you have a business -- you have a retail unit and you have a business unit that deals just primarily with large portfolio management. And that unit might be sold off so there was no mechanism to be able to sell a business unit and move those -- and have a partial bulk transfer of those names to another entity and as a result registries who want to do that have to actually go through the funnel process to try to get something like that approved. That was the genesis of where this issue came up. I think what the concern, at least, from my viewpoint that arose in this working group was that that was -- there was a push to move that towards all kinds of other things, a registrant, a domainer like we discussed who might want to just move a large portion of names for whatever reason from one registrar to another and do it without cost and without adding another year. And that was something in addition to what was, I think, originally contemplated when this issue was raised and where the problem actually started to arise. Right now today bulk transfers are possible. If you want to move 405,000 names, you certainly can do it but you can't do it without cost and a year is added to the registration when it is done. >>CHUCK GOMES: Tim, so it seems to me that an option for the working group would be to come back with a recommendation for a policy with regard to how those kind of optional partial transfers could occur. And it could involve cost. I mean, that could be part of the policy or something like that. I don't think they should be restricted to the model that's in the agreements right now with regard to the ICANN-approved bulk transfer which includes all the names. Certainly from a registry perspective, it would give us more flexibility because we really don't have any provision for doing partial bulk transfers. If the committee actually had some means -- had some recommendations and it was to come to consensus on some things there, I think that's a perfectly legitimate thing to do. >>TIM RUIZ: I think the question is whether it's in relation to the types of things that were contemplated with Section B of the transfer or if we are talking about something completely new. If we are talking about something completely new, then, you know, that's a different issue. It wasn't really part of the terms of reference, and I don't know what the process would be then to go back to say, "We need to reconsider this." Where we came up with this list of issues to consider in this PDP were based on issues raised. It went through a couple different iterations of working groups about identifying the issues, their priorities, et cetera. So that's where these PDPs were developed. And now if we're going to add new things to it, I think some process should be followed before the working group would get -- would go off on to just completely new concepts or terms of reference as far as -- >>CHUCK GOMES: I guess I'm not following totally because if the only thing -- >>TIM RUIZ: Like, if all of a sudden they decide -- well, it wasn't really mentioned here. But we want to but we want to discuss a type of a new transfer -- we will call it a no-cost transfer -- where someone can transfer a name at their choice, at their bequest without any cost and they just wouldn't get a year added to it. I mean, that's really what we're talking about. Can that just get added to, you know, one of these terms of reference in a PDP just because the working group decided, "Well, oh, this is a cool idea, you know, let's come up with this new thing. We are just going to add it to what we're doing." That's really what's happened here with this particular -- with this particular -- >>CHUCK GOMES: I don't think that -- it doesn't make any sense for the working group to be restricted to the Part B restrictions because it only covers full transfers, not partial bulk transfers. And I haven't looked at the terms of reference in a long time, so I may be missing something here. But the whole question of a partial bulk transfer is a different question than the provision that's already in there right now. Now, the reasons -- does the terms of reference, do they actually constrict the reasons to be considered for that? I would see that as a legitimate policy issue to be considered by the working group. I'm wondering whether we are being over-restrictive. Again, I haven't looked at the terms of reference. >>TIM RUIZ: I don't think it is overly -- >>CHUCK GOMES: -- in a long time. >>TIM RUIZ: -- overly descriptive or prescriptive. The idea was -- the issue raised was, was Part B doesn't cover certain situations. So can we have Part B modified to allow partial bulk registrations between registrars? So if you look at Part B, what it's talking about is a registrar who failed, a registrar who's purchased or acquired completely by another registrar. What if that happens of a partial nature, only part of that registrar is acquired? Only -- or something -- that was the genesis of this particular issue. What I'm asking is can a working group just decide, "We're going to" -- "this is cool." It raises other questions. We can have these new kinds of transfers. Can the working group just decide we're going to add this to it and pursue it without it having gone through the same process that this particular issue did? >>AVRI DORIA: And that's where I was thinking that no. They could decide that they want to and they can recommend a change in their charter to the council, and then the council needs to decide. Sort of the model we've been working on is that a working group can certainly make any decision it wants to about what it wants to work on. The council needs to change their charter. If council didn't change their charter, it doesn't change. >>TIM RUIZ: Then what's the point of issues report? What's the point about council making decisions about PDPs that should be pursued? If the working group can decide we want to add this to it, where does it end? >>AVRI DORIA: That's the point. Once the council looks at it and says "This is a completely new issue." In other words, it is hard to say this is a completely new issue that requires a new issues report and requires a different PDP or the council looks at it and says, "This was a reasonable variant that was covered under the issues report and, therefore, yes, it is a reasonable extension that we didn't include in the charter when we wrote it." So it is the council that gets to basically discuss the notion of whether it requires a new issues report or whether it really was covered, it just didn't get written up in their charter that way. >>TIM RUIZ: What's the threshold on that? >>AVRI DORIA: I mean, it is the council's discussion. There is no -- you know, I mean, I would say reasonableness. But it is really up to the council to then look at it and say, "Was this covered by the issues report?" >>TIM RUIZ: Just trying to figure out how that decision is made. Because that really could open things up -- to me that opens up a whole can of worms when you give a particular issue or a particular topic to a working group and they can come back with anything and suggest it to the council? Where do we go with that? >>AVRI DORIA: That's, of course, one of the issues for the group that we were meeting with earlier, is that -- the PPSC. How exactly does it work with working groups? At the moment, it's been set out that if they questions, if they have issues, whether it is "is this included in our charter" -- >>TIM RUIZ: Right now we have a very specific process for how PDPs are -- how they're started, right? You request an issues report. It comes back. They talk about whether it is in scope or not. There is a decision made about whether the PDP will be pursued, a working group is formed. What we're talking about here is kind of a back-door way -- >>AVRI DORIA: No, I don't think so. I don't see it that way at all. Because we've got an issues report; and from that issues report, we voted to do a PDP. From that, we derived a charter. Now, we could very -- there is no saying that what that -- what is in that charter of that working group is all that the issues report would have allowed. So we may say, okay, as a council we decided to do a PDP. We took a vote on a PDP and then we came up with a charter. Now we've got a charter extension that we believe is within the issues report. We've got to take some kind of vote to say yeah. And perhaps it is the same threshold as a PDP vote. And, you know, if we think it's that -- so you're right in that we haven't really set out that process. And I think that's part of what we have to do to understand working groups. >>TIM RUIZ: It is one thing, Avri, if they are going to come back and say, "We need a clarification of this term of reference." I understand that's happened before and we've dealt with that issue. But it is another issue if a working group is going to come back and say, "Here is a completely new issue we want to deal with." That I don't know if that's been dealt with at the council level. I'm not sure exactly what the process is. >>AVRI DORIA: And I think it's something we would have to deal with and if it looked -- I know what I would suggest if I got something that looked like an extension of the PDP but still covered by the issues report, would be basically to take a vote on it with the same threshold as a PDP, perhaps, you know, that sort of says, listen, this is within the issues report, we just didn't happen to put it in our PDP drive, so it's still a legitimate extension of the issues report. If it's not in the issues report and wasn't covered and is totally out of bounds, then that might not be possible and then it might say, well, really to do that, we would require a new issues report. So it really depends on the case on what, you know, we would talk about in the council of how we handled this, and you're right, it's a new thing and it's one of the things that in the PPSC we need to start figuring out how we really handle it. But I know before we had that that would certainly be my approach to it. Does the issues report cover it? Yes. Does our charter cover it? No. Well, then we need to have a vote equivalent to the vote we took before, same threshold of vote, to extend. Does the issues report not cover it? Well, then we probably need a new issues report on this issue in order to deal with it. They can't request an issues report; we can. And once we get an issues report, then we go through the process. So, I mean, that's just sort of a first take on how I would suggest looking at it. I had -- Chuck -- but you wanted to say something long since, right, and I've been ignoring you. >>JAMES BLADEL: That's okay. Just to address Chuck's question with some of the -- I'm sorry, this is James Bladel, and I was a participant in the working group. We had a couple of hesitations about extending the charter with this particular issue, one of which is that because we had so many existing products already in the marketplace that we were starting to blur the line -- when we talked about pricing in terms, we were starting to blur the line between policy development and product development. So these things are out there and available. I think that some of the more common scenarios we explored were resellers of registrars becoming accredited in their own right and wanting to transfer from the parent reseller over to their new entity or the reverse of that, losing their accreditation and becoming a reseller for smaller registrars. So I think that we didn't want to go too far down the road of extending this into a mandate for a new product that registrars, regardless of whether their business model supported it or even if they were even a retail-oriented registrar would now suddenly find themselves having this new policy with respect to this new transfer product. So that was some of the thinking and some of the deliberations around this new issue. >>AVRI DORIA: Chuck. >>CHUCK GOMES: Sure, and Mike does too. Yeah, and, by the way, I understand all that, and if may be if a request comes back we would decide it was a totally separate issue. But just to give an example of a couple topics that were brought up here, if the working group was to come back and suggest something with regard to registrant transfers, you know, to me that would be clearly a totally new issue. But coming back with something that involved partial bulk transfers is a little more vague. It may still be out of scope and needs to be a totally separate issue. But it's not totally -- I mean, there is some reasonableness there, some common sense with regard to -- I mean, you can't just introduce a totally new issue, but in this case what I hear you talking about is partial bulk transfers. So it sounds like there might be some room for that, maybe when we really looked at the issues report as Avri described, that we will decide, no, that really needs to be separate, but that's just an illustration of what I'm thinking. I'm hearing you talk about partial bulk transfers, you know, so there is a connection. Whereas if you came back and did something with registrant issues, I would say that's a different issue totally. This may be too, but until looking at the details, I wouldn't know. >>TIM RUIZ: Yeah, I mean, as long as the process that Avri was describing is what we would do, then, you know, that's fine, yeah. >>AVRI DORIA: As I say, we haven't defined it yet, that's certainly something that we should define within the PPSC, but it's certainly the way I would treat it if the issue was brought to the council at this point. You know, or it's how I would suggest treating it. We talk about it like we do on anything else and say, yep, that works; no, that doesn't. Mike, you had a... >>MIKE O'CONNOR: I mostly just wanted to comment that this discussion is a lot more mature than our conversation in the working group has been 'cause we haven't really delved a long way into this yet. And so, Tim, to your issue of -- we did have a brief conversation about sort of trying to stick the nose of the camel in the tent and get a whole lot of sort of free transfers happening. And the working group sort of saw that and acknowledged it and said no, no, no, that's -- if it turns out that we're going where you think we're headed, we really aren't. But the main point I wanted to make is that at least as a part of the working group who admittedly has missed a couple calls, but I don't think that our thinking is this mature yet, right? >>PAUL DIAZ: No, and that's -- I kept trying to weigh in. All the discussions for the last 15 minutes have been purely theoretical. The working group has not issued its report, we're still thrashing out these issues, we'll have it soon. Based on the constituency statements, there has been a suggestion to expand the scope, at least that's how I see it and that's what Harvey led with and I said if we ever reach that point where they really dig in and say we want this particular change, then we will come back to counsel, absolutely, and say this is what's here, we need some guidance, can we do whatever we need to do. >>AVRI DORIA: And I think the theoretical was partly before council benefit of, well, how do we start thinking about handling that that really comes out of our previous meeting too. And at some point, so, we really do need to figure out how we're going to do that and yep. Anyone else? So thank you very much. Okay. It's lunchtime. I think it's lunchtime. Maybe it's not quite lunchtime. It is lunchtime. And then once people have gotten lunch at some point and I will try to disturb people just trying to get some ideas on what kind of issues I should be bringing up in our AC/SO meeting, that will be in here, yeah, lunch is in here, I'm not going to try to do it right away, no recording for that, no transcription for that, thank you, have a good lunch or a good break or whatever, but we're done. Well, until later. [ Break ] >>AVRI DORIA: Now, next we have -- let me make sure we're ready to start for real. Are we ready to start for real? Are we ready to start for real with recordings? Okay. Thanks. We have most of the council back. Is Ram joining us? Is Ram already here? Way back there. Okay. So anyhow, now we're ready to start the next agenda item, which is the discussions with SSAC, and there's basically been several topics. There's been a couple papers that SSAC put out relating to WHOIS. There's been SSAC participation in fast flux and we'd like to sort of hear their comments on that process, and then any other topics that SSAC thought were, you know, important for us to think about or were -- or any issues or questions we had of SSAC. I wanted to welcome Ram Mohan, who is I guess the new liaison to the board from SSAC, and Dave Piscitello, who has been with us a couple times already, sort of helping us to understand SSAC issues, and I'm not quite sure how to go about this further. I don't -- we don't have a set of questions, so perhaps if you guys are sort of -- because in the WHOIS papers, you sort of said, "You know, you guys should really look at this stuff," and so having you guys talk about -- a little bit about the what and why's of what we should really look at and sort of coming back with questions on it I think would be a place to start. Would that be reasonable? >>RAM MOHAN: Sure. >>AVRI DORIA: Should I turn it over to you. >>RAM MOHAN: Thank you. And thanks for having us here. I wonder whether it's a good idea for Dave to go through at least some of the key pieces of the papers that we've put out and that are going to be discussed this week at the SSAC open meeting, some of which has direct relevance to the council itself and to the -- to the overall multiple constituencies. And then, you know, perhaps we have a -- just an open session -- >>AVRI DORIA: Yeah. >>RAM MOHAN: -- after that. A Q&A. There are a couple of places where the only other area that I'd like to add is in the open meeting with the SSAC, we're going to be talking about registrar phishing threats and, you know, some thoughts in that area, so that would be a new area that would be potentially of interest to body. >>AVRI DORIA: Great. Thank you. >>RAM MOHAN: Dave? >>DAVE PISCITELLO: No, there's no slides. Thank you for giving us the opportunity to speak to the council. Would you like me to talk about WHOIS first and then the rest of the week or -- >>AVRI DORIA: I think it's probably worth it to go through the three topics, start with WHOIS, then see if there's any dialogue that we need to have, go through fast flux, and then get to the registrar phishing threats. If that -- you know, and I'll try to keep the time sort of reasonable to it. But thanks. >>DAVE PISCITELLO: Okay. So some of this dates back to February of 2008, where SSAC published a comment to the GNSO regarding WHOIS studies, and then there was a subsequent publication where we added some clarity to some of the statements we made there regarding Internet directory services, and that was SAC 33. Domain name registration records and directory services. It was our observation that we have been using a protocol for over two decades, perhaps well beyond its -- you know, its original intent and capabilities, and as we go into an era where we have internationalized domain names, international or local character set representation of not only the domain names but the contact information in registration records, as we look at the, you know, continued needs for some form of providing, you know, various ways of controlling access or dictating access by some sort of permission model, that perhaps it would be time for the community -- and the council in particular -- to take a look at what is going on in the rest of the world, especially in the enterprise, with respect to a broader set of directory services and capabilities. So, you know, in the enterprise, many of you may be familiar with active directory or, you know, one of the Sun implementations or one of the open source implementations of the lightweight directory access protocol, also called LDAP. You know, some of those protocols and architectures offer good insight into the kinds of services that the community might find very beneficial. Authorization, accounting, auditing, access control, admission control are all -- you know, all very important security features and very important features to most enterprises today. And perhaps it would be useful for -- you know, for the community to think about what we want to have as an information repository of -- you know, of registrations five years hence, ten years hence, and is WHOIS suited to actually provide that repository. So that's essentially, you know, the summary of those two papers. And certainly SSAC didn't intend to throw this over the wall as an engineering exercise for the GNSO to complete. We'd love to be able to interact and possibly, you know -- you know, call other parties who are experts in directory services, you know, to participate in such a study. Thank you. >>AVRI DORIA: Thank you. Yeah. And I'll take a queue on questions on it. One of the questions that I had heard from people, so I'll just bring it out as others are coming up with their questions, is sort of the relationship between those things as tools that could be used and sort of what sort of policies are we actually talking about trying to express, and sort of there being sort of a curiosity. Because very often we've been told, "Well, you know, the solution to the problem is... this tool." And then but how does that respond to the policy issue, and I think that's one of the questions that we haven't even looked at yet. >>DAVE PISCITELLO: My background in security is in the enterprise, and so one of the things that is very difficult for me to grasp sometimes is the notion that there isn't, you know, this autocratic body at the top that dictates what gets -- you know, what gets implemented at the bottom and then there's simply a negotiation of budget and staff. I don't believe that we're, at any point, close to considering a policy because I believe that we really need to think more out of the box and more open-mindedly about how we want to shape information that the Internet relies on for a variety of purposes: Registration, you know, containing abuse, identifying and mitigating abuse. You know, we have a number of needs that are barely satisfied with WHOIS in its current incarnation, and some that are not satisfied at all, and so one of the exercises that we normally go through in a process in terms of understanding what kind of services you need is, you know, go back to the simplest -- you know, simplest form, go back to Step 1 and say, "What are the requirements of a -- you know, of this community five years hence in a scenario where we have many, many more gTLDs, all the gTLDs are not in -- you know, easily represented and the information associated with them is not easily represented in seven-bit U.S. ASCII." And so those are very interesting grounding points to start a discussion and study on, you know -- on this subject that might result in the council saying, "There is a sufficient number of things we'd like to accomplish and we can't do it easily and uniformly today, and how do we get there?" But I think if we start by worrying about the policy and we start by worrying about whether it's IRIS or some other successor protocol, we already kind of make a decision about what we're doing, whereas understanding what we'd like to accomplish first would perhaps make it simpler to understand what the policy implications are and what the protocol implication might be. >>AVRI DORIA: Certainly I wasn't trying to tie the policy discussion with the IRIS discussion. >>DAVE PISCITELLO: Right. >>AVRI DORIA: I was saying they were different. Okay. I had Chuck, I thought, and then I had Steve and did I -- and you wanted to add something. Okay. >>RAM MOHAN: Let me just quickly add to what Dave was saying. I think what we're -- in the SSAC what we're trying to do, particularly in WHOIS but in general it's our approach, but with WHOIS what we're trying to define right now is an observation of inadequacies of a system that's been developed and was built for a -- you know, for a particular purpose a while ago, and we think that, you know, one of the things we're trying to do is to define the kinds of problems that need to be solved. A directory system brings with it some solutions but we're not really trying to propose a replacement or a solution. What we're actually trying to bring forward to the community is that particularly with IDN contacts that get added into registry databases in some potentially finite amount of time, that might be -- that might serve as an end-of-life notice for a -- you know, for an ASCII-only system that displays contact information, right? And so that's really much more of what we're trying to flag is that we're a short while away from having a system that might get antiquated by the progress of technology even within the TLD space, especially with the introduction of IDNs and IDN contacts. >>AVRI DORIA: Chuck? >>CHUCK GOMES: My personal feeling is that it's critical that we separate the policy work from what SSAC is recommending we look at. Regardless of whether we go with this archaic system that we have now or some new service in the future, the policies initially have to be resolved, but it's my opinion that what you're recommending we do doesn't have to be -- and in fact, it's better not to be tied to the policy work. Otherwise, nothing will get done. >>RAM MOHAN: Just to be -- just to split a hair, I don't think we're recommending that it should be done by policy or should not be done by policy. I think what we are saying is problems lie ahead. So I don't think we -- we are actually recommending that you initiate a PDP or some other policy development process to fix this problem, but we are certainly seeing quite clearly that the current way of showing contact information is going to run into -- is likely to run into trouble as the complexity of what's being stored in the contacts increases. >>CHUCK GOMES: And let me clarify because I can see there's some confusion about what I just said. By the way, I totally agree with you about the need and your recommendation. When I'm saying "policy," I'm talking about the policy issues related to public display of WHOIS and those kind of issues. I'm not talking about whether it's a PDP or not. A PD -- I wouldn't have any problem with a PD -- I'm not saying we shouldn't have a PDP on this particular issue that you're recommending, but I just think we have to keep separate those other policy issues that we've been battling with for six-plus years and focus on this as an independent effort that's -- obviously, policy will have to support that as well. That's what I'm saying. >>RAM MOHAN: Okay. And on that, I pretty much agree. Dave, I'm -- I don't think there's much disagreement with that. >>STEVE METALITZ: Steve Metalitz. I think we're all in violent agreement here on some things, which are that I think it's very valuable for the SSAC to give us this warning sign, this warning flag, and I also agree, as people have said, that the GNSO Council is not the place to have this discussion, really, because it's not a public policy discussion at this point. But there certainly are people around this table, or groups represented around this table, that ought to be involved in that discussion. I know people from my constituency, I think, would be very interested in being involved in it. So the question is: Where would that discussion take place? Is it really an ICANN issue or is it more a standards issue? And if it is an ICANN issue, you know, what is the framework under which it could take place? Could it take place under -- kind of under the auspices of the SSAC or in some other way? I don't have an answer to these questions but I think it would involve people who are represented here. And it also would involve the ccNSO community ideally. We would come up with an answer that would work for them also and make sense for them, and that would be a good thing, too. So I'm just -- I guess I would say that I think IPC members would be eager to engage in this discussion, but we're -- we need to figure out where that discussion should happen. >>AVRI DORIA: Thank you. Jon? >>JON BING: Thank you. Though I do agree with Chuck's initial assessment, I'd like to emphasize that in developing a design, a different technical solution, there will, of course, be an interaction with the policy, a substantial part of the policy elements. So, for instance, to display an element, if we decide to prohibit the display of an element, that will be a good thing to exclude that element from the possibility of being represented, and so enforce it in this way. So the interrelationship between the solution, the technical solution, and the policy basis on which that technical solution is based and should implement should, of course, not be forgotten and we should find a way of taking -- making sure that the sufficient communication is there both ways, both for the technical solutions -- the limitations and possibilities of technical solutions to be conveyed to those who are developing the policy, and vice versa and time will go. Thank you. >>DAVE PISCITELLO: Actually, you know, I agree with everything you say, and one of the values of doing an exercise and studying requirements is, you open up a discussion that says, "I want to make -- I want to have the ability to block the display or allow the display of an individual object," because in a directory service vernacular, what that says is that I need a database access model that has per-object permissions, and each object might be defined in a schema where one -- every single piece of contact information has an individual control. And so that -- you know, you're actually leading into the kind of discussion that allows you to, later on, decide what -- you know, what the policy is for permission to display or to restrict the display. But you have the framework available in the new protocol or the new implementation of WHOIS. I wanted to answer the question about whether this would be in the standards, you know, world as well. I think, you know, the IETF has already weighed in on what standard they would recommend and that would be IRIS CRISP. Whether IRIS CRISP is -- you know, is correct or not is inappropriate to ask yet because we still want to make certain that if we choose IRIS and CRISP, it has the same database richness that -- you know, and the ability to do all the services that you might want to have. And I also think it's very important that we don't look at this as a taxation or a burden, but also as a service opportunity for -- you know, for registrars and registries. There are a number of things that we might be able to do five years hence if we plan ahead that would be beneficial, you know, not only to the registrants and not only to the Internet users, but also to the people who are deploying the service. Thank you. >>AVRI DORIA: Chuck. >>CHUCK GOMES: Yes. Steve, a question for you. Why do you think this isn't a GNSO issue. By the way, I agree it needs to involve more than the GNSO, but why would you think -- and the reason I'm asking that is-in -- obviously domain name issues are part of the -- gTLD domain name issues are part of the GNSO and right now registry -- gTLD registries and registrars are required to implement the old WHOIS protocol under a different name, but that's what we commonly call it, so I'm curious. You may be right, but I wanted to understand further why you made that conclusion. >>DAVE PISCITELLO: >>STEVE METALITZ: It might be more accurate to say it's not a GNSO Council issue yet. At some point, it may well be. But the warning flag that I saw waved by the SSAC was "Your existing protocol is not going to be up to the job in a number of ways in the near future, so you better be -- start working on something else." And that's what I think we need to respond to. Obviously, with the input of all the interested parties, hopefully it will be a system that works for everybody, and that ultimately it could become a public policy issue or an issue of inclusion in the contracts or some other way made operational, but I think at this point it's trying to bring people together to understand what are the requirements and what are the trade-offs. So maybe I should -- should have said "yet," it's not an issue "yet" for this group. >>CHUCK GOMES: And I guess I would say I'm not sure I agree with that, because we've got IDN -- we already have IDN second-level domain names, and that's a problem in terms of display right now. Next year, we'll have IDN top-level domains and that's an issue, but we don't need to belabor that. >>AVRI DORIA: Ram, you wanted -- >>RAM MOHAN: Thank you. Just a brief follow-up on, Steve, your thoughts about, you know, what is the venue. Inside the SSAC, we've talked about this and we feel like we are participants as well, that we're not in a position or want to be in a position to be saying, "This is what, you know, the replacement ought to be." Because it's far more complex than simply a whole-scale replacement of one versus the other. The fact is that the WHOIS as it exists today does an adequate job for a large proportion of the populace, and it does an adequate job for some of the proportion of the populace as well today as it exists. Really, what we're trying to say is, as you rightly pointed out, it's inadequate and if, in our community, we want to do something about it, then (a), you know, we certainly are open and willing and eager to contribute our knowledge and our ideas into it; and if it is something that is done in the -- either in the GNSO or as a cross-constituency, you know, cross-SO thing, that might work as well. But I don't think we have a dog in that hunt, so to speak. >>AVRI DORIA: Yeah. That's one of the places where the notion of working groups comes in, where working groups can be composed of people from many places and not necessarily on a direct policy development process. So putting together -- you know, we've already started to experience within the ICANN several multiple cross-area working groups to come up with something. So -- sorry. >>RAM MOHAN: You know, just following through on that, one model that really, in the last four or five years that comes to mind that has really worked is the IDN guidelines working group. You know, it crossed SOs. There were ccTLDs, gTLDs, et cetera, involved in it. It came up with a two-page outcome or a three-page outcome, and it was actually one of those documents where, you know, in many cases you declare success when everybody is equally dissatisfied. This was the other way around: Most people who were involved in it were pretty satisfied with the outcome. >>AVRI DORIA: Had a great chair, too. Tim? >>TIM RUIZ: I'm just trying to understand why policy -- this decision and policy are completely separate issues because doesn't policy impact what we may need as far as technology is concerned, you know, or what we may not need? Currently, right now if policy doesn't change in regards to WHOIS -- let's just say it stays where it is, for example -- what do we need with, you know, more granular access capabilities or being able to, you know, authenticate or check credentials. None of that is a part of what the current policy is. That may change down the road. Something else may happen down the road. I'm just trying to get a handle around why we would change the technology or the standard today to something different if we're seriously considering policy changes. And if we're not, then are we so sure that what we have today isn't going to work if we're going to maintain the current policy that we have? >>AVRI DORIA: I could make one comment and then I ask others to make comments. Certainly I think we've already made one policy decision that affects it somewhat, and that's getting all the information in for IDN ccTLDs and all the contacts and all of that. I think we have perhaps already in some cases made a policy decision that says we got to do some thinking. In terms of the other, I tend to agree with you. It is always -- but this is a very personal, almost philosophic point of view that one can never really separate the technological concerns from the policy concerns. Although, occasionally there are things like ASCII, how far can you get with ASCII? So there you have a technological thing, but still it was the policy decision for IDNs that make the ASCII a problematic issue. In terms of some of the other issues, I'll leave it to others to answer. >>TIM RUIZ: Just to follow up, though, while I understand the whole IDN issue and that, in reality -- maybe I'm wrong, but I think the majority of that problem is going to arise outside of the gTLD space. And there is probably a lot of that going on already outside of the gTLD space as, you know, ccTLD fast-track IDNs. Or do we know that ICANN is going to have an agreement with these ccTLD operators that's going to require them to do something with WHOIS? I would be highly surprised if that happens. So, again, even there, I'm not really sure that the policy decision we made is going to have -- that the biggest impact of that is within the gTLD space. I'm not convinced that it is. >>CHUCK GOMES: Go ahead. >>DAVE PISCITELLO: I think Ram articulated it extremely well. I think that following in the IDN model this is not exclusive to the GNSO. There is certainly value in having the ccNSO weigh in and having, you know, a multi-service organization, multi-advisory committee examination of what the impacts are. My feeling is that policy comes after we do a reasonable study of first principles and determine whether what we have today is sufficient. So I look at it in the same way that an enterprise might look at a three- to five-year networking plan and try to understand whether there are services and opportunities that we will miss or we will not be able to implement efficiently or uniformly if we don't have a better tool in five years than what we have today. >>AVRI DORIA: Chuck. >>CHUCK GOMES: Sure. Thanks, Avri. Let me try and explain again. By the way, I think Jon said it pretty well and Dave really hit on it, too. You need to know what your possible policy requirements are to develop the technical tool to deal with that. So I fully recognize that. But if we don't separate the two efforts, the one the SSAC is pursuing and the one that -- or SSAC is recommending and our other policy work, whatever that may be going forward, then the chances are high that we won't get anything done on either. I hope that's not the case but that's it. And the technical requirements, analysis, et cetera, even though that's going to need to look at the policy side to make sure that the requirements include that, it shouldn't be dependent on us resolving those policy issues to move forward. >>AVRI DORIA: Okay, thanks. Oh, okay, I did have -- because I was going to say it would be time to move onto the next topic. >>TIM RUIZ: Just quickly. Chuck, what you are saying is that the standards -- some standard being developed that might solve -- that might come in be useful to the GNSO based on policy decisions they may make down the road. That's the useful endeavor but that's a separate endeavor from what the GNSO needs to do right now. So is the GNSO involved in this standard effort? I mean, it seems like -- like what we need to do once we have policies that require different standards, then we look for those standards. Are we involved in the development of those standards? >>CHUCK GOMES: We are not a standards-making body. We all know that. Should be we involved in that? Yeah, I think so. Certainly, like I pointed out earlier our registry and registrar agreements are relying on an old standard and some body would have to change it. Could we do it by ourselves? No. It involves many more than us. But I disagree that we need to solve the policy issues before we can work on this other issue. I just -- I don't think that's true. >>AVRI DORIA: Mike. >>MIKE RODENBAUGH: I completely agree with you Chuck. At minimum what we need to do, while both policy effort and the technical effort are on parallel tracks, we need to -- and I think today is a really good first step, and I thank Ram and Dave for coming. We need to have a much better and more fluid line of communication going between the SSAC and the GNSO. It's far too ad hoc today, I think, and we need to really build in a routine process on both of our ends so we understand what each other is up to and how we might help each other. >>AVRI DORIA: Thank you. Zahid? >>ZAHID JAMIL: I have sort of a different question all together. Can I make that now, or are we sort of following through a thread? >>AVRI DORIA: If it is still on the WHOIS topic, then please. Because I'm about to try and end the WHOIS topic so we can go to the next topic. >>ZAHID JAMIL: Just a question in terms of trying to get information from the SSAC. You gave some statistics about some of the missing records and contact details, et cetera, that are in those statistics. That's fine. Have you done any study seeing how ICANN is enforcing its contracts and sort of trying to remedy this? What are your thoughts and what has your research been in that? How effective has that been so far in regards to accredited registrars? >>RAM MOHAN: Let me take that. And, Dave, if you want to bracket it. No, we have not looked at -- we have not looked at or thought of reviewing ICANN's performance in enforcement of WHOIS accuracy. We've kind of -- we look at ourselves as much more of a relatively independent body that looks at substantively significant issues that either today or in the future can cause a security and stability threat. So I can't speak for all of the committee, but I suspect that if this proposal went in front of the committee, we'd probably have more than a few members raise their hands and say, "Monitoring enforcement effectiveness is not in the scope of SSAC, but tracking what are today and tomorrow's security/stability type of concerns in the domain name space is within the realm." >>AVRI DORIA: Dave, did you want to add something? >>DAVE PISCITELLO: I do a fair amount of liaison representation for ICANN and SSAC in anticrime and anti-phishing fora. And I hear plenty about the community's perception of ICANN's execution of compliance. I think part of the problem is that there aren't a lot of contractual means that ICANN has, you know, to do breach and termination. So the community often views -- that often views ICANN as a regulatory body or regulatory agency tends to think ICANN can just walk in the door, throw somebody out who's not behaving as everyone expects them to act. And most of what we've done over the past two years in communicating with these organizations is to try to explain to them what ICANN can and cannot do, what registries are accountable for directly, what registrars are accountable for directly. That education has actually been very, very fruitful. I believe a number of the people in that community are going to be coming to the GNSO and using open mike opportunities to talk about things that they would like to see in the RAA that might help stem abuse, help improve the overall perception of our industry and I think that's a good thing. SSAC doesn't do this directly, but we try to bring people into the forum that will possibly be able to shape better policy in the future. >>AVRI DORIA: Okay, thank you. I don't have anyone else on my list so I suggest we move onto the next topic, which was fast flux. And I'm not sure that there was a lot, but it was one of the topics that was brought up there was something that you all might have something you might want to add. >>DAVE PISCITELLO: Sure. Tomorrow's Monday, correct? Yes, tomorrow SSAC is having an open session, and I will be giving a presentation that takes a look at the evolution of fast flux and flux attacks since about January of this year. So we're going back and taking a look at the broader space of the flux attacks and the techniques and the characteristics that the industry is slowly starting to use to detect those forms of attack. It will be about a 20-minute presentation. Some of the information that I'll be discussing is information that is probably going to appear in the fast flux working group report. Having said that, it is information that has nothing to do with any policy recommendation but largely focused on the technical aspects of the attack, sort of the anatomy of the attack and some of the algorithms that the community is using to distinguish between a fast-flux attack and similar behavior that might be exhibited in a production network. >>AVRI DORIA: Thank you. Any questions? Comments? People would like to know more? No. I see none. Okay. In which case, we'll move on to the next topic, which was the -- or did you want to add something? >>RAM MOHAN: Ready for you. >>AVRI DORIA: Ready for me -- which was the registrar phishing threats. >>RAM MOHAN: Thank you. This is something that, again, at the open session we plan to speak about it. For those of you who have been following some of the activity in the registrar and other space, the security space in the last few -- perhaps a week now, but maybe ten days, you would have seen some commentary about Network Solutions' commentary about eNOM and Moniker, several registrars that sponsor a good number of domain names under them being exposed to phishing attacks. Of course, phishing itself is not a new phenomenon and so that by itself is not the issue. But at the SSAC, we felt compelled to raise the topic up again. There were two things. SSAC has already issued several recommendations and thoughts about having registrants, actions and steps that registrants can do to avoid being hijacked, to avoid their accounts and their credentials being taken over. And we'd like to flag that and bring that up again. But specifically given that there is a bit more, perhaps, scrutiny and enforcements even that are happening on registrars, we believe that increasing scrutiny and enforcement actions might prompt bad actors to focus on capturing existing credentials and existing accounts rather than building new ones. The anecdotal data that we have is that so far many of the bad actors are focused on registrars or resellers of these registrars and have built new accounts with them, new credentials with them, and then, you know, registered domain names and then done spam and phishing and malware and things like that. But given some of the higher scrutiny coming on some of these bad actors, we are somewhat worried that the focus might move from the low-hanging fruit which is just create new accounts and go forward with that to try to capture existing accounts, existing credentials that not only allow -- provide these bad actors ability to register new names but to hide their identity. On top of it, steal existing domain names that are registered to a current registrant. So we wanted to bring that up as a -- I mean, that's really the reason why -- what's prompting us to focus on this issue in this meeting. We are suggesting -- or we're thinking of suggesting -- and certainly input and feedback would be very helpful -- measures which would be reiterated from prior recommendations of SSAC. But there are some well-known measures that it might be the appropriate time for registrars, especially those registrars, resellers and registrants who have not considered it to start considering measures such as two-factor authentication rather than just having a single try and if you get in, you got everything; to consider two-factor authentication. If you are a registrant or if you're, you know, someone who is involved in selling or renewing domain names, to consider implementing straightforward measures like three-tries-and-you're-out or something like that. There are several user interfaces today that are vulnerable to brute force attacks and cracking of passwords because the folks involved in it have not implemented a relatively straightforward measure where given a user name almost any number of e-mail -- sorry, any number of passwords can be tried before it is cracked. We clearly don't think that's a good idea. There is also -- we've noticed in several accounts, or several registrars and resellers, access to the account is through the same e-mail address that is listed in the WHOIS and it is not protected either by two-factor authentication or it is not protected by the three-strikes-and-you're-out type of methodology. If you combine that and you are a bad actor who is trying to crack your account, all they have to do is look up your domain name, find out your e-mail address, they know the registrar, go to the registrar site and type in the e-mail address which is the username and attempt to crack it. And, you know, passive cracking programs are available for free. So many of these are things that folks in the community -- security committee and in the regular community do know. And many registrars, resellers already have implemented it. But, you know, we'd like to recommend that more do it. It ought to be something that is done across the board rather than ad hoc. And one of the things that we'd like is for the council and the council members and the constituencies that you represent to spread the word in your groups because this is -- this is not about registrars or resellers. This is really about end of the day ensuring that registrants do not have their domain name stolen, do not have their financial information compromised. There are also in some cases -- and we have another thought there that in some cases you have those who are involved in actually selling the domain names store payment methods and payment information in systems that, you know, where the software is still relatively vulnerable, buffer overflow attacks and things like that, using older versions of software, MySQL, et cetera, that are vulnerable to those kinds of attacks. In general, the advice is stuff that if you go and Google it, you will find the advice and you will say, duh, this is common sense but it is not being applied in an uniform way. That's really the thrust of what we are trying to do. We also think if it is not already in place that especially on the registrar's resellers, that entire area -- and registries as well -- that threat monitoring is a function that ought to be considered seriously. And some level -- some ability to coordinate an escalation if you detect a threat or if you detect a problem, some ability to coordinate an escalation is useful. And we know several registrars who have a very sophisticated way to address that. But, again, I don't believe that is uniform. And that's an area that would be, again, helpful to spread the information, spread the knowledge. So it is less pejorative. It is less about saying, you know, you guys are doing something bad. It is much more about we need to understand that some of the low-hanging fruit is going away and these guys -- the bad players are -- we're afraid that the bad actors are going to start turning their attention instead of registering 1,000 domain names, then cycling through it and running phishing attacks, that they may instead take over your accounts, take over your customers' accounts and then do some real damage. So that's the general thrust. Dave? >>DAVE PISCITELLO: Again, tomorrow I'll be giving a presentation on what we call high-value domains. And the purpose of the presentation is to build upon some knowledge that we acquired having done interviews following three fairly visible security incidents involving compromised domain accounts: ICANN, eBay and Comcast. We spoke with both the registrars and the companies that had a hijacking and we talked about measures that did not seem to function as well as they could have, measures that weren't present that might have thwarted the attack. And we talked about measures that these customers felt would be appropriate given their experience in trying to recover from the incident. We also spoke to some of the other registrars that offer services in conjunction with what are called brand equity or brand protection. And the presentation I'll give is sort of an interim report on what we've learned from both a registrant and registrar/reseller perspective. From the comments we received, one of the things we realized is there is an increasing obligation on the part of the registrants themselves when they see that they have an asset or a very valuable high-target, high-profile resource and measures they can take to improve security on their own end. And so I will be discussing some of those. We also not only talk about the measures but also the ability for an organization to insulate itself from social engineering attacks, which have been in the past methods by which an attacker has circumvented normal processes for accessing a domain. And lot of them are not heavy-handed. And SSAC explicitly states in one of the slides that this is not an encouragement to begin a policy process, but it is one where we see the possible opportunity to create a new type of service that lies somewhere between the kind of consumer level, heavy transaction-based registration of domains and the extremely expensive brand protection and equity protection services that are offered by a very small number of registrars. And the target for such a service would be any company, whether it makes $60,000 or a couple million dollars a year, to be able to afford better than consumer-grade protection. And there might be a service opportunity that registrars could consider that says in addition to all the other things that people want to check in their box when they go to add their cart -- add to their cart before they complete their registration, it says, "I would like protection services" and protection services could be any from the list that we choose. And you could price them however you imagine the market would tolerate or accept. But I know that there are lots of companies that are probably submillion dollar a year gross revenue companies that would severely be impacted if their domain names were hijacked or were their service disrupted for any meaningful amount of time. While they may not be able to pay 10 and $20,000 a year to protect a portfolio of several thousand names, they might be interested in paying $100,000, $200,000 to protect one to five. We can't see anyone in the industry that actually services that segment of the market. So tomorrow's talk is going to be largely one where we put something on the table and say maybe there is a marketing opportunity here and in the process, there is an opportunity to significantly improve the security baseline of many people for whom domain names are a very, very important asset. Thank you. >>AVRI DORIA: Thank you. Thank you, both. I would like to take a queue of people with questions or comments at this point. Okay, I see Eric. Anyone else to start off? I see Jeff. Anyone else? Eric, please. >>ERIC BRUNNER-WILLIAMS: Thank you, Avri. Question for Ram. The attacks that you have seen thus far, these are all dictionary attacks, aren't they? >>RAM MOHAN: Yes. >>ERIC BRUNNER-WILLIAMS: So standard dictionary protection will be sufficient. >>RAM MOHAN: I am not going to say what will be sufficient but today a standard dictionary attack is enough to uncover these accounts -- some of these accounts. >>AVRI DORIA: Jeff. >>JEFF NEUMAN: Dave, Jeff Neuman. I'm still trying to digest that last thing you were talking about. You are saying the SSAC is doing a study on marketing and how that can improve? >>DAVE PISCITELLO: No. >>JEFF NEUMAN: I was trying to draw the correlation there. >>DAVE PISCITELLO: It is very difficult to do a 25-minute presentation in three minutes and cover everything that I would like to encourage you to hear. So possibly if you can make some time tomorrow and come, you will get the whole story. And certainly I can spend some more time offline in talking with anyone. What we see in the market is -- are two kinds of services and we are suggesting that there might be an opportunity from a security perspective to introduce a third. And the anecdotal observation is that if we introduce the third and it doesn't necessarily have to be introduced as a policy, it might be creating a market opportunity for certain registrars. >>RAM MOHAN: May I add to that? The focus of doing the high-value domain study was because we found three instances where high-value domains got compromised, got basically hijacked or got lost for whatever reason. And when we did a post-mortem -- and we had pretty good data on at least one of them, right? But when we went and did some analysis of it, it was obvious that there were several gaps in the security procedures and in what the baseline of what a security procedure ought to be. And when a high-value domain gets compromised or stolen or lost, the impact on the organization of the registrants behind it is devastating. That is a real thrust of the study and what we are doing. Along the way, an observation is that at least an empirical look at what we have seen in the market, didn't find somebody who was offering a specialized service. Doesn't mean we are recommending that somebody go and create it and price it, et cetera, so you should take that as an observation. But the real thrust is that, you know, the punch line would be if you have got a high-value domain, beware, be careful. There are things you ought to do with it to protect it and be careful choosing where you keep them because that may have an impact on how quickly it can be compromised. >>AVRI DORIA: Any other questions? Comments? Yes, Edmon. >>EDMON CHUNG: Just a suggestion to sort of move off the vocabulary of "high-value domain" perhaps. It is sort of a -- it gives me the impression that the registries should charge differently for these domains. But I think it is a good point and probably a suggestion would be to call them critical infrastructure, like mission-critical domains or something. But is this something SSAC is studying on only the registrar area or, you know, could this be a registry service as well? Have you looked into -- is it even within the scope that you would be looking in? >>RAM MOHAN: I don't think we've looked at it. I mean, the focus of this is much more from the registrants rather than from the registrar or the registry. I think we're pretty agnostic as the SSAC as to who is offering it. It is clear there is a vulnerability. And registrants that have mission-critical domains, if they're not careful, they know it is mission critical, but if they are not careful about where they store it, what they do with it, who their provider is and what the provider's measures are, they get themselves exposed, right? So that's really been much more of our focus. Dave, you wanted to say something. >>DAVE PISCITELLO: We approached this looking as registrars and resellers because that's where the exploits succeeded and that's where the vulnerability point and the access point -- or the attack vector existed. While we were talking with some of the parties that we interviewed, at least one mentioned that they did think that it would be -- it would be nice if they could go directly to the registry and say, "I want this name forever, I don't want you to ever let anybody change it unless we come with three people from our IP and trademarks group and we all bow seven times towards our corporate headquarters." We didn't feel like that was an appropriate recommendation because the existing path between the registrar and the registry is through a reseller -- I'm sorry, the registrar and the registry -- registrant and the registry is through a registrar or reseller. Sorry. So I didn't want to open up an entirely orthogonal can of worms and make any sort of suggestions that we wanted to perturb that model. There might be things that can only be implemented at a registry that a registrant would find extremely valuable. We did not look at that side of the elephant. >>AVRI DORIA: Thank you. Anyone else, yes, Jeff. >>JEFF NEUMAN: I guess I just have a question and more of a general question. How does -- how does the SSAC agenda get set, I mean, how do you guys decide and prioritize what you're working on, what the issues you're going to study are, and kind of prioritize that and then do you also have something where it says these are the issues we're going to be looking at in the future as to kind of inform the community as to these are the issues that are upcoming? >>DAVE PISCITELLO: So the way that -- we have two primary avenues for beginning new projects. One is that some incident occurs and it spawns the attention of one or more members of the community. So, you know, the hijackings over the summer, for example, are that -- is an external stimuli. Another is where members of the committee who are all, you know, security and DNS experts in the course of their normal business identify, you know, issues that appear to be needing addressing. So those are the two major courses. Now, obviously, you know, we have a chairman who has, you know, has more years of experience in the Internet than half the people have years in their lives in the room. And so he has a very, very broad, you know, broad scope and interest and Steve Crocker quite honestly brings a lot of these subjects to the, you know, at the table at SSAC meetings and we discuss them and we say yes, that's something very relevant. Since I'm a full-time staff and I work full-time on SSAC I bring subjects in. How do we prioritize? We prioritize, quite honestly, by the strength of participation and, you know, and the willingness to contribute. Because we are, you know, outside of me and entirely volunteer organization and if we can't get the sufficient manpower interest to work on a particular project, that project tends to fall lower in priority. I believe that currently we have 23 topics that we like to cover. And we are addressing actively about seven of them. >>RAM MOHAN: Let me just add to that the SSAC meets regularly, we have an active mailing list as well. It's an internal mailing list. And SSAC meets regularly to discuss issues and to decide whether, you know, whether it's deserving of an action. So as an example, if I look at some of the things that we've discussed in the last two or three months, we had a briefing on the cyber war in Georgia just recently. Because you wanted to find out if there were -- you know, if it was done using some DNS exploits or, you know, what kind of learnings could come from that and if there are any learnings that can be applied for the rest of the community as kind of an example. We've also spent time talking about the routers and the compatibility of routers for DNSsec, because if you want to put DNSsec out there then you need to do it in a stable way, in a way that it can be rolled out appropriately. We've looked at IPv6. So those are -- so in general, the vast number of topics that we look at you can probably compartmentalize them into three areas. And most -- if you look at the reports we've put out you'll find that they can be compartmentalized into the same three areas. One is broadly registrant protection, registrant-oriented issues, protecting yourself against hijacking, things like that. The other tends to be core infrastructure-oriented issues. So you look at IPv6 or DNSsec or strengthening the IANA function and automation and metrics and things like that that tends to be the core infrastructure area. And then we look at name space issues, some of the things that we've done on the WHOIS or IDNs, for example, tend to be name space issues. But those are the three broad categories that we spend our time on. And as Dave said, we are open to suggestions of what we should look into both from within the committee as well as from outside. You know, the very first domain hijacking effort that we began came as a result of two affected registrants actually coming up to several SSAC members and saying isn't this something more general, or just a specific case of a much bigger problem? And usually that becomes a litmus test. Is this something unique or is this something that could it be indicative of a larger problem. As a direct example, if you look at the registrar phishing and the -- what we currently call high-value domains, but as Edmon is suggesting mission-critical domains. Both of those areas I think the internal discussion has -- there's a fairly decent level of consensus that these are -- they look like they're specific issues, but they actually go to address what might actually become either/or or might become a systemic issue. >>AVRI DORIA: Thank you. I've noticed one more hand on Eric. I wanted note that we have gone over our time. We can certainly stick with it longer. I know you can't, I don't know if you can. Eric does have an extra question but I know if you needed to run, I wanted to give you a chance where running wasn't running out on someone. As I say, with what we're going into next, we can stay with this a while longer, if you can, but that's your call. Eric did have one more question. >>ERIC BRUNNER-WILLIAMS: Thank you. I was, Ram. Run. >>RAM MOHAN: Thank you for having me here and I appreciate the invitation. And to the earlier comment from Mike about, you know, having regular interaction, it's very welcome, if you need to find some mechanisms for it but we're open to your suggestions as well, it's a two-way thing. This registrant phishing threat, for example, we're going to look to all of you for help in disseminating the information but, you know, it's something that we ought to work together. Thank you for having me. >>AVRI DORIA: Thank you. >>ERIC BRUNNER-WILLIAMS: Actually, Ram, my question was for you, I was sort of teasing when I said run Ram. This is Eric Brunner-Williams. Do you know how many hours were spent on SSAC time were spent on front running? >>RAM MOHAN: The short answer is no. >>ERIC BRUNNER-WILLIAMS: Thank you. >>RAM MOHAN: But I'm actually curious as to -- as to the intent of the question because I don't -- I -- I'd love to get some context around what your -- what point -- sounds like there was a point being made. I missed it. >>ERIC BRUNNER-WILLIAMS: At a previous meeting at the -- it was Los Angeles, I think, front running was the main subject of the open SSAC meeting and I was concerned about how much resources were spent chasing a nonproblem in the existence, well, real problems do exist. >>RAM MOHAN: Ahh, okay, thank you for the context. I think we actually spent in general a fair amount of time running after nonproblem except we don't know it is one when we start and the actual analysis helps us get there. And if you looked at the domain name front running report, you know, we ended up in our conclusion section saying not enough evidence exists that this is a systemic issue. And I think actually from time to time you will find us going down these paths. I'd like to say this: I'm not sure that going down these paths is always a bad thing. Because sometimes you need somebody to actually go and say, hey, there are no dragons here. And, you know, so I'm not sure that, you know, even if you spent X amount of time that it was completely wasted. Just because we don't have a concrete recommendation for someone in the community to go and work on. >>AVRI DORIA: Thank you. Ram is leaving but can you stay a little while longer. >>DAVE PISCITELLO: I have a 4:00. >>AVRI DORIA: You can stay a little longer. Thank you very much, Ram. >>DAVE PISCITELLO: Since I do most of the report-writing and most of my hours are engrained in my own head, I can tell you, Eric, that we spent less time as a committee on domain name front running than we do -- than we did on WHOIS, than we did on DNSsec, than we have on high-value domains. It turned out that actually studying that and writing the original paper was maybe a couple days' work, and then following up on the 150 or so complaints that we had took perhaps another day and a half of my -- my staff time and then I had assistance with some of the -- with some of the volunteers in evaluating and assessing other paths. We also entertained doing some other studies and, you know, they have not taken up a significant amount of time. >>AVRI DORIA: Thank you. I have Kristina and I have Philip. >>KRISTINA ROSETTE: I just had a quick suggestion. Just in one way that I think would be very helpful to get SSAC input very early on and to make you aware of some of the policy issues that we're working on would be to formally have a liaison. But it appears as if structurally in the bylaws that that would have on an attempt to the SSAC portion of the bylaws as opposed to the GNSO portion of the bylaws. And where I'm going with this is that one thing that I think we should really think about is, you know, to the extent that procedurally we need to like formally invite and encourage such an amendment, then I think that we should do so. >>AVRI DORIA: Okay, great. I mean, that's something that I think we already had tagged as an any other business that we have to put in sometime if we wanted to talk about that and I think you're right. What I think we would need to do is to decide as a council that we wanted to make such a request. It would probably be worth talking to SSAC and see how they would view such a request because not only would we have to request it but they'd have to obviously agree with the request, or at least hopefully agree with the request, I don't think we'd want to try and do it if they didn't agree with the request. But so, yeah, I think it's something that I think the first step as a council and now I guess we've passed on the message that we'd sort of be interested in looking in it but we're certainly at the beginning of the path of looking at it. It's an idea that sort of came up last week repeated now and we haven't talked about it yet other than just now and so, yeah, I think it's something that we've got on our schedule to talk about and we've sort of passed on the idea and I'll connect with, you know, Ram and Dave as time goes on if we get further down the path so that if we are making a request we can make one that is receivable favorably. Does that make sense? Okay, I don't know if you wanted to comment on that but -- no. Okay, Philip? >>PHILIP SHEPPARD: Thanks, actually it was really a falloff from what Ram had said I wanted to thank SSAC on behalf of users for wasting your time and indeed following through what was a wit thread perception problem of front running and looking at a scientific and technical way in what was a valuable exercise I think. >>AVRI DORIA: Are there any other comments, questions? No? In which case thank you very much, Dave, for coming and for having come often for participating in our work groups, et cetera. [ Applause ] >>AVRI DORIA: Okay. We've got one more thing on our agenda before we take a break on our way to the GAC meeting, and I don't know if we want to talk some more about the GAC meeting before we go, we certainly can. The item was basically the follow-up on the two steering committee meetings that we had. Also, actually, I'd like to take a chance, before he leaves, Terry, sorry, I know you were going to -- sorry, I know you were going to talk -- >>DAVE PISCITELLO: We're old friends. >>AVRI DORIA: Yeah, you're old friends and I just wanted to disturb Terry for a second. I wanted to introduce Terry Davis who is the new NCA who will be joining the council, NomCom appointee joining the council at the end of this meeting. [ Applause ] >>AVRI DORIA: And to welcome him. Okay, thanks. And NCA -- I repeated right after I said it, NomCom appointee, we've been using that over and over and over again. As soon as I said NCA, I said NomCom appointee, but I guess I sort of said it under my breath, mumbled. But yes, we get an acronym now, too. You know, basically when we were working on the recommendation to the board that came out with the bicameral system, I think we got tired of writing "NomCom appointee" all the time. So we became -- we actually got acronymized, acronymized. Anyway, we graduated to having an acronym, so the NCAs. Anyway, so, okay, getting back to the agenda topic. We basically had the two meetings, sort of the first time we sort of split up into the two committees, had the two kickoffs, basically what I wanted to do with this section, is -- first of all, I didn't know how that would work out. We could have split into these two things and had it be an awful disaster and come back to the council and say, "Help, we don't know where it's going." I don't get the impression that that's what's happened but that's one of the reasons for the meeting but also just to give a quick report on the two and to deal with issues that might be of interest and if there are any cross issues. And I don't know if you want to go first or I go first because I'm already talking. Okay. The PPSC, basically I'm acting as interim chair until the next meeting when we will have the election of a real chair. We had most of our membership, we were short two members from constituencies, I was informed after the meeting that that was merely a communications oversight and so was told that the NCUC rep has actually been picked, wasn't at this meeting, and but will be participating. So we will add -- I forget the name. >>CARLOS SOUZA: Constantinos. >>AVRI DORIA: Constantinos. And the last name is? Or is that the last name? >>CARLOS SOUZA: Now that's the hard part. >>AVRI DORIA: You can write down later. But anyway Constantinos with a difficult-to-pronounce last name. And I'm very happy that we have one more member to get in. We started talking about the charter. We started looking into the idea of what was needed to sort of figure out -- in terms of looking at the PDPs and we're going to start to sort of gathering a certain amount of information of what works with the PDP at the moment, what doesn't work, what is it that needs to be changed. We started looking at a schedule for when we had to have things done, looking at basically the requirements from the board as to when the bicameral system was supposed to be in place as sort of the end that we were pushing to, to at least have the PDP issues resolved and hopefully into the bylaws. We basically said that we would be looking at an every-two-weeks meeting while we were trying to get this initial chunk of work done. We have yet to go through, or Glen has yet to go through with us the doodle exercise of actually finding a time that works for our intercontinental meeting scheduling. One of the things -- I'm going to bring this up -- one of the things that Chuck brought up as a reason why we have to spread the work out more and maybe I was stealing his thunder by saying this is that when you have the same person in many meetings and you look at the scheduling, when we talk about Asia to Pacific we maybe end up with maybe one or two hours' window of possible meetings a day. And just basically, as soon as we get to that point, if we basically take a rule in mind that nobody should have to meet before 5:00 or 6:00 in the morning and nobody should have to meet after midnight and you take that on a worldwide spec you end up with almost no time and, in fact, I think there's always exceptions at someone going at 1:00 in the morning and someone going at 5:00. So if you have the same person in more than a few things and you only have one window a day, when you can have a meeting, then it's almost impossible to get that person included. Yes, Adrian. >>ADRIAN KINDERIS: I'm happy to move [speaker off microphone]. >>AVRI DORIA: You're happy to move. Well, that's good. We've got to get Norbert moved also. And Edmon -- well, Edmon, as far as I can tell, Edmon's almost willing to meet at any time of day or time at night. He's always been a little, "Yeah, 3:00 in the morning." >>CHUCK GOMES: I think he's changing a little bit. >>AVRI DORIA: What, did you get married or something? >>EDMON CHUNG: The worst time is right where we are right now, it's at 8:00, right about dinner, like every time I have dinner. >>AVRI DORIA: So you don't mind the middle of the night; it's dinnertime we shouldn't mess with. >>JEFF NEUMAN: Edmon has the most exciting dinner schedule of anyone on this planet because his dinners go from 7:00 p.m. until at least 10:00 or 11:00 so between that four-hour block we cannot have a registry meeting. >>AVRI DORIA: I see. And so anyhow, with that pleasant aside, so that's one of the -- sounds good. Only invited him. That's one of the sort of practical reasons other than getting more people involved and having a broader base of what it means to be, you know, bottom-up is basically we have it -- it's almost impossible to schedule meetings if everybody has to make every meeting. So anyhow, so we'll be working on scheduling a meeting. We're working on a two-week schedule. We're going to vote on a chair at the beginning -- not vote on, we're going to do consensus. We did not come up with anything other than consensus so I think this group's going to work on that consensus basis. We didn't really discuss alternates except that alternates were sort of accepted but we haven't talked about where alternates fit into the consensus yet. Did I miss anything from the people who were at that meeting? We had certain questions about, you know, just looking at scope and may come back to the council at some point with scope questions on some things and then we had certain questions about -- well, is that being taken care of in the OSC so maybe those are the questions once OSC or there anything I left out that should be brought up. >>JEFF NEUMAN: I think timing, timing of when we would have to have everything done by and whether that needs to be coordinated with the effective date of the bicameral. >>AVRI DORIA: Yeah, I think I said that but I said it differently. >>JEFF NEUMAN: I missed it, I'm cold. >>AVRI DORIA: Yeah, he tells me I said it so it's not just relying on my memory. No, yeah, so basically that's basically our forcing function and we're going to schedule back from those requirements. Anything else that I neglected to mention, anyone else from the group? Okay, any questions from anyone about it, from -- that wasn't in that meeting? That was in the other meeting, any questions? Okay, Chuck, it's yours. >>CHUCK GOMES: Thanks, Avri. The -- if I can control my mouse here. Anyway, the -- we -- it was basically -- it was a kickoff meeting for the operational steering committee. Or operations steering committee. And we had very good attendance. I, like Avri, am just there as an interim chair until we select a chair. And Avri and I will fill in for each other as we can if one of the others can't make it on one of the other committees. The -- Ken Stubbs will be the registry rep on the OSC, he was not able to attend today so David Maher is his alternate so he was there. Rob Hoggarth is our ICANN staff person. Steve Metalitz -- and this is a very important qualification here -- Steve is an interim representative on there, and the IPC will be electing -- or choosing a representative for the committee, hopefully this week. Stephane Van Gelder is the registrar rep and he was in attendance. Mason Cole will be his backup, and was also there. Philip Sheppard is the BC rep. And a couple other people were there from the BC as well, which was fine because it was open to observers. Olga Cavalli, the NomCom appointee -- I already have a criticism for the PPSC. The interim chair of that should have kicked her out of the PPSC meeting and sent her over to our meeting. >>AVRI DORIA: Sorry. >>CHUCK GOMES: Yeah. That's okay. [Laughter] >>AVRI DORIA: We talked about it afterwards. [Laughter] >>CHUCK GOMES: Anyway, Olga will have to come up to speed but she's familiar with most of the things anyway. Wolf Knoben was the ISP rep, and Tony Holmes. Both were there. Tony will the alternate. Robin Gross was there from the NCUC. So I think we're just missing one primary rep from the IPC, but as I said, Steve Metalitz was there to represent them, so we had good representation. Then what we -- I won't go over a lot of the things we discussed. We certainly talked about -- like Avri said, we talked about the recommendations from the Board Governance Committee that represent to the Operations Steering Committee and the work teams. We talked about the basic model of the steering committees and the work teams below them. We had quite a bit of discussion in terms of what was expected and I think hopefully all of us have a better understanding that there's quite a bit of freedom -- understanding that the board recommendations need to be implemented -- that it's up to the working teams that we will coordinate to come up with plans to propose to the council for consideration for implementation and that those would ultimately be approved by the board. And a lot of good interaction in that. Hopefully everybody left with a better understanding of what the tasks are. We also talked about the election of a chair and decided to do that after our committee was fully formed, so that would happen shortly. We actually made our first consensus decision. We're a little bit ahead of the PPSC in that regard. And our decision was to allow for alternates to participate, and we did not make a decision on meeting times. I suggested that early on we might have to meet weekly. Whether we can achieve that or not we'll see, but especially until we get the working teams up and functioning. And then as the working teams are operating smoothly, probably we could meet less frequently, but that's a decision still to be decided. Certainly went over the immediate tasks that are needed. Both the SCs have to finalize the charter. A draft charter has been prepared and charters for each of the working teams that will be started would also need to be -- would need to be finalized, and that could be done with the cooperation of the working teams, once those are formed. I'll reiterate -- I said this in the OSC meeting, but I'll reiterate what Avri said, in that it's going to be really important for us to enlist new blood in participating in these things. If the proposed working teams are established for the implementation work, there will be at least seven -- and probably more -- working teams underneath the two steering committees, and we will all be fighting for meeting times in that narrow window that Avri described, so it's really important -- and the planning team -- in the planning team recommendations, at least within the draft charters, was that no two people serve on the same working team. And so hopefully we'll all be able to enlist the support of a lot of different people to work on these. Otherwise, we're going to have a scheduling nightmare. Plus people will be overloaded. Because of some of these tasks really involve quite a lot of work. That pretty much covers it, I think. We -- we will use the function we've been using to schedule the first meeting. That will happen next week. I think our list -- our e-mail list is close to being up-to-date, and so we hope to kick things off working together next week. >>AVRI DORIA: Thanks. Any questions or comments or additions? I notice Chuck listed the names of all the people. Should I go and list the names of all the people in the PPSC or... I'm sorry, I was remiss in not listing them, but I can. Anything else people want to talk about in terms of the GNSO improvements slash restructuring? A reminder that that is the -- the restructuring, specifically, is the dessert topic at tonight's dinner, so whatever comments you all have that you want to pass on to the board about restructuring, it's a good time to do it. Not that they have that many decisions left to make, but there still are the discussions of how board members are elected. There's still discussions about how chairs are elected in a bicameral, et cetera. Anything else at all on the improvements and restructuring? Anybody want to comment, bring up a question, or an issue? Okay. In which case, we'll still keep working on it. We'll probably add another status update to our council meetings, at least at the beginning, to figure out where we are. We sort of have to balance the "how do we make all these changes in our structures and you're working methods" while attempting to still get the work that we're supposed to do as a council done. And we'll talk some more about that in the Thursday meeting. The last thing I wanted to bring up, because that's the end of the agenda items before we break before going for the GAC meeting, is to ask whether there was any further discussion on the GAC meeting and what was going to be brought up. As I said, the schedule of topics -- we only have an hour. The list of topics included three things. It included WHOIS, and I think we're going to lead with that, where Chuck is basically going to give a quick update on where we are and what decisions lie ahead of us and basically, I would assume, invite them again to comment and participate and let their views be known about the various tests, et cetera. Then we're going to talk about new gTLDs where I'm going to bring up the two issues -- and I don't have a presentation and I don't plan one -- bring up the two issues. The one has to do with geographic names and the variance between our positions, their position, and the initial recommendation -- the draft recommendation from -- in the staff implementation report and then bring up the concern of the, you know, agreement conditions, contractual agreements, whatever they get called -- and I'll actually look at the ccTLD proposal to make sure I'm using the right word before I say it -- and then really, though, leave it open to people to express -- I won't go into detail on these issues than say those are two issues that, you know -- because we did have, in our response to the ccTLD fast track, we did have those issues. And leave it open at that. And so hopefully you all will contribute your thoughts and concerns in the discussion, because I'd really like to see a discussion get started. And then the third one is the PSC, which they requested be on the agenda, where I'll basically mention that we really haven't, either as a council -- and I don't know what else has happened in the GNSO constituencies -- we haven't spent a lot of time on it at all, and are curious to hear from them. Because it's not something that we have formed opinions on. Yes. >>MARILYN CADE: I'm sorry, Avri. I'm a member of the PSC. We have a public forum on Thursday. >>AVRI DORIA: Yeah. No, the PSC was one of the topics that the GAC chair put on -- >>MARILYN CADE: Okay. >>AVRI DORIA: The agenda of things they were interested in -- >>MARILYN CADE: Okay. >>AVRI DORIA: -- Talking to us about. >>MARILYN CADE: Okay. I just wanted to be sure that everyone was aware that we have a PSC public forum on Thursday. >>AVRI DORIA: Yeah, yeah. No, this had nothing -- right. Thank you for reminding. No, this had nothing to do with this. It was just one of the topics that Janis basically said should be on this agenda so I said, "Sure," but it's really -- I mean, as individuals, you may all have opinions you wish to express, but I will start out by saying that as a council or as the GNSO, as far as I know, we have no position that's a formal position. I don't know if anybody wants to bring up any issues on that. Any questions? Any recommendations of things we should do differently? In which case, it looks like we can have a longer break between now and the GAC meeting. Now, having sat here pretty much since 9:00 yesterday morning, I don't know what I'll do with such a break, but I want to thank the technical support. I think it was flawless, and I really do appreciate it. I wish we had more people participating on the phone system, but I think from past experience, too many people got convinced that it wasn't the best thing and now we have to tell them, "Listen, it works!" I also want to thank the transcribers who have been transcribing every word, syllable, utterance, "um," and whatever else we came up with. I betcha you got the "um." [Laughter] >>AVRI DORIA: Yes, Steve. >>STEVE METALITZ: Looking on the ICANN schedule, we see the meeting that starts at 5:00, but we don't see a location for it. The GAC/Gonzalez meeting. Does anybody know where it's going to happen. >>AVRI DORIA: Actually, let me look at the full schedule. It's going to be in the GAC room, wherever the GAC room is. That's where it always is. >>NORBERT KLEIN: Al Saraya. >>AVRI DORIA: So, yeah. It's always at the GAC's house. The GAC's house is where? >> (Speaker is off microphone). >>AVRI DORIA: Al Saraya 1, which is where? >> (Speaker is off microphone). >>AVRI DORIA: Oh, minus 4. So downstairs. How many minuses are there. Thank you to all of you. Thank you to support. Thank you for the contributions and the good meetings and see you all at the GAC meeting later. Bye. Thank you.