Month: October 2003

Steve Crocker at the microphone.Quiet group without much to do until recently. SECSAC membership. Technical people, not political people. Committee activity in last month dominated by wildcard. Sitefinder generated complaints and problem reports. Preliminary advisory. Information gathering. Still gathering input on substantive technical input, thoughtful commentary and analysis: secsac-comment@icann.org.October 7 and October 15 meetings in Washington DC. Information posted on web site. SECSAC is writing report; part of larger process. SECSAC is strong on technical aspect. Also policy issues and economic impacts. Appreciate being an advisory committee. Not a decision-making body.Back to wildcard: What happened? Wildcard. Some things broke. Some took defensive action. BIND patches, ISPs blocking sitefinder. Areas of concern: no notice. Is it the thing right? Competition and contracts.Just don’t do wildcards? But: Existing registries; ccTLDs, .museum, but world has not come apart. Why is it a problem now if it wasn’t a problem then? Issue of size?Initial Advisory. Three recommendations. To Verisign: Please roll back, and provide time for everyone to think hard about this. To tech community: Ambiguous specifications / best practices? To ICANN: Please clarify procedures. More to say when finished with writing.October 7 and October 15 meetings. Transcripts are available.Tentative Issues: Abruptness, rightness, systemic stability, confidence, technical clarity, process clarity, displaced costs, innovation at core v. edge, future architecture, role of standards (do RFCs say everything?), existing wildcards, scope/size.Will finish work over month or so. Will release report.Cerf: Wildcards in general? Crocker: Yes, look at it in general. One step further: Wildcard is internal device for how you implement a broad set of reswponses or response to broad set of queries. Look at wire protocol — doesn’t matter what’s in zone. Other kinds of synthesis. General questions: What are expectations in this area? What is impact of change? Align specs with practice? Align practice with specs? Live with a certain degree of discrepancy?

Suzanne Woolf. Anycasting root servers. AAAA records. Input on renumbering ofo B.root-servers.net. No objections raised. Renumbering in the next few months. GAC named liaison to RSSAC.See www.root-servers.org for public information about committee’s work.Cerf asks about discussions re improving security of root system information by using DNSSEC. Answer: Active discussion. Not concern directly for committee, not yet ready for deployment. Waiting on IETF standardization. IETF is getting close, making progress, but not ready yet.Cerf: AAAA records significant introduction. Test environment for such things? RSSAC does not operate test environment, but some participants do. RIRs and several root name server operators do participate in experimental activities of that kind. Have input.

Sharil Tamizi is delivering the GAC’s communique.Standard preamble. ccTLD redelegation, IANA function. Pending redelegations for some GAC members. Priority. Review ccNSO progress. Encourage continued work. Move forward on GAC principles. WIPO2: Welcome creation ofo joint working group. Mandate of WG limited to analyzing the practical and technical aspects of implementing wipo2 recs. GAC regrets that the working group has not presented an outliljne and timetable for its work on the GAC meeting at carthage, welcomes request from president of ICANN that wg report to board at Rome meeting.GAC whois and gTLD working groups met GNSO Council, discussed gnso PDP. WHOIS use by govt authorities, GAC will share with GNSO.IPv6. New registry services: GAC follows debate on use of DNS wildcards. Received briefing from ICANN president and CEO, and secsac chair. GAC recognizes that many interests have raised concerns about competition, technicasl and user issues. GAC recognizes ongoing review. GNSO PDP on review of registry services. GAC will continue monitoring.Root servers; GAC recognizes efforts to increase security and stability of root server system.Outreach: GAC workshop dedicated to arab and african regions with participation from 17 countries.Future of GAC organization and financing. Agreed a procedure for updating operating principles, and election of vice chairs later this year. Working group to consider structure, organization, financing of GAC.Thanks to local organizers. Next GAC meeting in Rome.

Twomey gives his report to the public forum.Vision becoming clearer. Commitment to global outreach. Have gTLD registrars in 26 countries. Agreements with 15 ccTLD managers. ccNSO. Increased cooperation with relevant intergovernmental organizations. IDN introduction as important part of outreach. Local focus and commitment and key stewardship for integrity, security, stability of single Internet. Multi-lingual communications. ALAC as part of international outreach.Commitment to innovation in the Domain Name System. Clear understanding of commitment to integrity, stability, security of single Internet. Keeping and building community. Work closely with other bodies — ISOC, IETF, others.Move from vision to how to achieve it. MoU extension. Strategic plan. Some headings: How build sustainable business operation. Management controls. Building capable staff. VP Biz ops: Kurt Pritz. VP SOs and ACs: Paul Verhoef (Brussels). GC: John Jeffreys. Focus around business unit model, key accountabilities. Measurement, make performance more accountable. Performance of IANA function. Share more statistics. Automation of operative processes. Stable, adequate, fair funding. Open small targeted offices in regions. Verhoef in Brussels office. “Lean and mean” offices, target on cooperation with regional communities and organizations.Potential risks. Community consensus on key issues. WHOIS. WIPO2 implementation issues. Bring community together, work together to find pragmatic solutions going forward. Don’t work in silos, interact. Heavily involved in WSIS. Working with many member states, attending prepcomm meetings. Want to leave report at this level today.Detailed reporting on some function areas available. Will be posted later during the day.

new gTLDs (PDP initiation moved by Milton Mueller) unanimously deferred until next meeting.Lengthy discussion of STLD (non-) RFP under AOB, and how sharply the Council should phrase a possible resolution on that topic. “Concern and ask for clarification” or more? Wording suggestions. Dan Halloran at the microphone. Points to oct 13 board minutes. Emphasize bottom-up nature. Commitment?^*Resolution is drafted on the fly and adopted unanimously: Council requests clarification and is concerned that board may have made decision in gTLD policy area without consulting council.UDRP is deferred for the time being. Expenditure authorization to GNSO secretariat. Enforcement of contracts scheduled for another meeting.Disclosure: I participated in the council session as the ALAC liaison to the council.^*) Stricken on 2003-11-02.

We’re two almost three hours into the GNSO Council session now. After long debate, the GNSO Council has adopted moderately updated versions of the Terms of Reference that the WHOIS Steering Committee had generated, and has also agreed to kick off all three Task Forces at this time.Ultimately, all council members except the ISPCP representatives voted in favor.

I was on the data element review panel of today’s WHOIS Workshop. Unfortunately, that panel was chartered to look at things from a data user point of view only, without space for the data subject perspective.The brief summary is that the usual statements were made.The slightly longer summary: Bruce Tonkin reported about the current data element situation. Jane Mutimear gave the IP perspective, recycling some slides from the Montreal workshop. Marilyn Cade told a story about an abuse case. David Maher noted that registries don’t need personal WHOIS information. I complained a bit about the lack of registrant perspective, pointed to the ALAC’s new WHOIS statement, and noted that individual Internet users really don’t have essential WHOIS uses, and that existing uses can easily be covered by some kind of person directory where information is entered voluntarily. Tom Keller noted that registrar mostly need WHOIS for transfers. Brian Cute confirmed that, and gave some customer quotes on WHOIS privacy.The NCUC’s Kathy Kleiman made the case for registrant privacy, and suggested that a technical contact should essentially be the only thing published in the WHOIS; this technical contact could then be someone at an ISP, not the individual itself.

A large group of NGOs, lead by EPIC, has sent a letter to ICANN that emphasizes the need for moving forward on WHOIS privacy.The letter suggests a number of useful and important principles for dealing with WHOIS. The most critical one: The purposes for which domain name holders’ personal data may be collected and published in the WHOIS database have to be specified; they should, as a minimum, be legitimate and compatible to the original purpose for which this database was created; and this original purpose cannot be extended to other purposes simply because they are considered desirable by some users of the WHOIS database.It’s somewhat unfortunate that the authors of this letter have given in to the very temptation they warn about: In the next bullet point, they suggest that combatting spam should be the most relevant purpose for collecting WHOIS data.

John Klensin points out that whois data in strange languages may quite well kill port 43 whois, and notes that that protocol has outlived its useful life. Some panel discussion about what languages should be where, and about experience in China.

Barbara Roseman joins the meeting. Bruce Tonkin points out Twomey’s broadly-worded core question. Barbara. Have talked to comm. user constituencies; will let GC figure out what’s in scope for ICANN. Will go to outside entity asking about competition/confidentiality aspects; expertise available to GNSO.Should new services or significant changes be reviewed before or after introduction?Contract changes re stabililty/security?Dominant vs. non-dominant registries? Comm. users had asked about differentiation between sponsored/non-sponsored?Who should initiate process? Registry? Notification to ICANN, ICANN initiates? GNSO initiates? External party?Desire to have definition of services provided?Comm. users requested briefing what contracts say today.Discussion ofo time frames? What time scales?Involve other advisory bodies/SOs? Considerations from these overriding?Concern about time frame for this PDP.Time frame concerns?Additional input from registrars?Check or review for determination that something is registry service?Review of anti-trust implications? Roseman: ICANN intends to make experts available.Issues report will be posted CoB Friday, California time.Add. questions: What’s time table when service is not considered as registry service? “Registry service” covered by contract. But for non-registry service change, no contract requirement. Review of stability implications after the fact?Tonkin: Add that issues report is starting point, not end point….Suggestions to Barbara welcome, done by Friday.