Network Working Group                                         J. Klensin
Request for Comments: 3071                                 February 2001
Category: Informational


      Reflections on the DNS, RFC 1591, and Categories of Domains

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   RFC 1591, "Domain Name System Structure and Delegation", laid out the
   basic administrative design and principles for the allocation and
   administration of domains, from the top level down.  It was written
   before the introduction of the world wide web (WWW) and rapid growth
   of the Internet put significant market, social, and political
   pressure on domain name allocations.  In recent years, 1591 has been
   cited by all sides in various debates, and attempts have been made by
   various bodies to update it or adjust its provisions, sometimes under
   pressures that have arguably produced policies that are less well
   thought out than the original.  Some of those efforts have begun from
   misconceptions about the provisions of 1591 or the motivation for
   those provisions.  The current directions of the Internet Corporation
   for Assigned Names and Numbers (ICANN) and other groups who now
   determine the Domain Name System (DNS) policy directions appear to be
   drifting away from the policies and philosophy of 1591.  This
   document is being published primarily for historical context and
   comparative purposes, essentially to document some thoughts about how
   1591 might have been interpreted and adjusted by the Internet
   Assigned Numbers Authority (IANA) and ICANN to better reflect today's
   world while retaining characteristics and policies that have proven
   to be effective in supporting Internet growth and stability.  An
   earlier variation of this memo was submitted to ICANN as a comment on
   its evolving Top-level Domain (TLD) policies.









Klensin                      Informational                      [Page 1]


RFC 3071          Reflections on the DNS and RFC 1591      February 2001


1.  Introduction

   RFC 1591 [1] has been heavily discussed and referenced in the last
   year or two, especially in discussions within ICANN and its
   predecessors about the creation, delegation, and management of top-
   level domains.  In particular, the ICANN Domain Name Supporting
   Organization (DNSO), and especially its ccTLD constituency, have been
   the home of many discussions in which 1591 and interpretations of it
   have been cited in support of a variety of sometimes-contradictory
   positions.  During that period, other discussions have gone on to try
   to reconstruct the thinking that went into RFC 1591.  Those in turn
   have led me and others to muse on how that original thinking might
   relate to some of the issues being raised.  1591 is, I believe, one
   of Jon Postel's masterpieces, drawing together very different
   philosophies (e.g., his traditional view that people are basically
   reasonable and will do the right thing if told what it is with some
   stronger mechanisms when that model is not successful) into a single
   whole.

   RFC 1591 was written in the context of the assumption that what it
   described as generic TLDs would be bound to policies and categories
   of registration (see the "This domain is intended..."  text in
   section 2) while ccTLDs were expected to be used primarily to support
   users and uses within and for a country and its residents.  The
   notion that different domains would be run in different ways --albeit
   within the broad contexts of "public service on behalf of the
   Internet community" and "trustee... for the global Internet
   community"-- was considered a design feature and a safeguard against
   a variety of potential abuses.  Obviously the world has changed in
   many ways in the seven or eight years since 1591 was written.  In
   particular, the Internet has become more heavily used and, because
   the design of the world wide web has put domain names in front of
   users, top-level domain names and registrations in them have been
   heavily in demand: not only has the number of hosts increased
   dramatically during that time, but the ratio between registered
   domain names and physical hosts has increased very significantly.

   The issues 1591 attempted to address when it was written and those we
   face today have not changed significantly in principle.  But one
   alternative to present trends would be to take a step back to refine
   it into a model that can function effectively today.  Therefore, it
   may be useful to try to reconstruct 1591's principles and think about
   their applicability today as a model that could continue to be
   applied: not because it is historically significant, but because many
   of its elements have proven to work reasonably well, even in
   difficult situations.  In particular, for many domains (some in
   1591's "generic" list and others in its "country code" category) the
   notion of "public service" --expected then to imply being carried out



Klensin                      Informational                      [Page 2]


RFC 3071          Reflections on the DNS and RFC 1591      February 2001


   at no or minimal cost to the users, not merely on a non-profit
   basis-- has yielded to profitability calculations.  And, in most of
   the rest, considerations of at least calculating and recovering costs
   have crept in.  While many of us feel some nostalgia for the old
   system, it is clear that its days are waning if not gone: perhaps the
   public service notions as understood when 1591 was written just don't
   scale to rapid internet growth and very large numbers of
   yregistrations.

   In particular, some ccTLDs have advertised for registrations outside
   the designated countries (or other entities), while others have made
   clear decisions to allow registrations by non-nationals.  These
   decisions and others have produced protests from many sides,
   suggesting, in turn, that a recategorization is in order.  For
   example, we have heard concerns by governments and managers of
   traditional, "public service", in-country, ccTLDs about excessive
   ICANN interference and fears of being forced to conform to
   internationally-set policies for dispute resolution when their
   domestic ones are considered more appropriate.  We have also heard
   concerns from registrars and operators of externally-marketed ccTLDs
   about unreasonable government interference and from gTLD registrars
   and registries about unreasonable competition from aggressively
   marketed ccTLDs.  The appropriate distinction is no longer between
   what RFC 1591 described as "generic" TLDs (but which were really
   intended to be "purpose-specific", a term I will use again below) and
   ccTLDs but among:

      (i) true "generic" TLDs, in which any registration is acceptable
      and, ordinarily, registrations from all sources are actively
      promoted.  This list currently includes (the formerly purpose-
      specific) COM, NET, and ORG, and some ccTLDs.  There have been
      proposals from time to time for additional TLDs of this variety in
      which, as with COM (and, more recently, NET and ORG) anyone
      (generally subject only to name conflicts and national law) could
      register who could pay the fees.

      (ii) purpose-specific TLDs, in which registration is accepted only
      from organizations or individuals meeting particular
      qualifications, but where those qualifications are not tied to
      national boundaries.  This list currently includes INT, EDU, the
      infrastructure domain ARPA, and, arguably, the specialized US
      Government TLDs MIL and GOV.  There have been proposals from time
      to time for other international TLDs of this variety, e.g., for
      medical entities such as physicians and hospitals and for museums.
      ICANN has recently approved several TLDs of this type and
      describes them as "sponsored" TLDs.





Klensin                      Informational                      [Page 3]


RFC 3071          Reflections on the DNS and RFC 1591      February 2001


      (iii) Country domains, operated according to the original
      underlying assumptions of 1591, i.e., registrants are largely
      expected to be people or other entities within the country.  While
      external registrations might be accepted by some of these, the
      country does not aggressively advertise for such registrations,
      nor does anyone expect to derive significant fee revenue from
      them.  All current domains in this category are ccTLDs, but not
      all ccTLDs are in this category.

   These categories are clearly orthogonal to the association between
   the use of the IS 3166-1 registered code list [2] and two-letter
   "country" domain names.  If that relationship is to be maintained
   (and I believe it is desirable), the only inherent requirement is
   that no two-letter TLDs be created except from that list (in order to
   avoid future conflicts).  ICANN should control the allocation and
   delegation of TLDs using these, and other, criteria, but only
   registered 3166-1 two letter codes should be used as two-letter TLDs.

2. Implications of the Categories

   If we had adopted this type of three-way categorization and could
   make it work, I believe it would have presented several opportunities
   for ICANN and the community more generally to reduce controversies
   and move forward.  Of course, there will be cases where the
   categorization of a particular domain and its operating style will
   not be completely clear-cut (see section 3, below).  But having ICANN
   work out procedures for dealing with those (probably few) situations
   appears preferable to strategies that would tend to propel ICANN into
   areas that are beyond its competence or that might require
   significant expansion of its mandate.

   First, the internally-operated ccTLDs (category iii above) should not
   be required to have much interaction with ICANN or vice versa.  Once
   a domain of this sort is established and delegated, and assuming that
   the "admin contact in the country" rule is strictly observed, the
   domain should be able to function effectively without ICANN
   intervention or oversight.  In particular, while a country might
   choose to adopt the general ICANN policies about dispute resolution
   or name management, issues that arise in these areas might equally
   well be dealt with exclusively under applicable national laws.  If a
   domain chooses to use ICANN services that cost resources to provide,
   it should contribute to ICANN's support, but, if it does not, ICANN
   should not presume to charge it for other than a reasonable fraction
   of the costs to ICANN of operating the root, root servers, and any
   directory systems that are generally agreed upon to be necessary and
   in which the domain participates.





Klensin                      Informational                      [Page 4]


RFC 3071          Reflections on the DNS and RFC 1591      February 2001


   By contrast, ccTLDs operated as generic domains ought to be treated
   as generic domains.  ICANN dispute resolution and name management
   policies and any special rules developed to protect the Internet
   public in multiple registrar or registry situations should reasonably
   apply.

3.  Telling TLD types apart

   If appropriate policies are adopted, ccTLDs operated as generic
   domains (category (i) above) and those operated as country domains
   (category (iii) above) ought to be able to be self-identified.  There
   are several criteria that could be applied to make this
   determination.  For example, either a domain is aggressively seeking
   outside registrations or it is not and either the vast majority of
   registrants in a domain are in-country or they are not.  One could
   also think of this as the issue of having some tangible level of
   presence in the jurisdiction - e.g., is the administrative contact
   subject, in practical terms, to the in-country laws, or are the
   registration rules such that it is reasonably likely that a court in
   the jurisdiction of the country associated with the domain can
   exercise jurisdiction and enforce a judgment against the registrant.

   One (fairly non-intrusive) rule ICANN might well impose on all top-
   level domains is that they identify and publish the policies they
   intend to use.  E.g., registrants in a domain that will use the laws
   of one particular country to resolve disputes should have a
   reasonable opportunity to understand those policies prior to
   registration and to make other arrangements (e.g., to register
   elsewhere) if that mechanism for dispute resolution is not
   acceptable.  Giving IANA (as the root registrar) incorrect
   information about the purpose and use of a domain should be subject
   to challenge, and should be grounds for reviewing the appropriateness
   of the domain delegation, just as not acting consistently and
   equitably provides such grounds under the original provisions of RFC
   1591.

   In order to ensure the availability of accurate and up-to-date
   registration information the criteria must be consistent, and
   consistent with more traditional gTLDs, for all nominally country
   code domains operating as generic TLDs.

4. The role of ICANN in country domains

   ICANN (and IANA) should, as described above, have as little
   involvement as possible in the direction of true country [code]
   domains (i.e., category (iii)).  There is no particular reason why





Klensin                      Informational                      [Page 5]


RFC 3071          Reflections on the DNS and RFC 1591      February 2001


   these domains should be subject to ICANN regulation beyond the basic
   principles of 1591 and associated arrangements needed to ensure
   Internet interoperability and stability.

   ICANN's avoiding such involvement strengthens it: the desirability of
   avoiding collisions with national sovereignty, determinations about
   government legitimacy, and the authority of someone purportedly
   writing on behalf of a government, is as important today as it was
   when 1591 was written.  The alternatives take us quickly from
   "administration" into "internet governance" or, in the case of
   determining which claimant is the legitimate government of a country,
   "international relations", and the reasons for not moving in that
   particular direction are legion.

5. The role of governments

   The history of IANA strategy in handling ccTLDs included three major
   "things to avoid" considerations:

      * Never get involved in determining which entities were countries
        and which ones were not.

      * Never get involved in determining who was, or was not, the
        legitimate government of a country.  And, more generally, avoid
        deciding what entity --government, religion, commercial,
        academic, etc.-- has what legitimacy or rights.

      * If possible, never become involved in in-country disputes.
        Instead, very strongly encourage internal parties to work
        problems out among themselves.  At most, adopt a role as
        mediator and educator, rather than judge, unless abuses are very
        clear and clearly will not be settled by any internal mechanism.

   All three considerations were obviously intended to avoid IANA's
   being dragged into a political morass in which it had (and, I
   suggest, has) no competence to resolve the issues and could only get
   bogged down.  The first consideration was the most visible (and the
   easiest) and was implemented by strict and careful adherence (see
   below) to the ISO 3166 registered Country Code list.  If an entity
   had a code, it was eligible to be registered with a TLD (although
   IANA was free to apply additional criteria-most of them stated in
   1591).  If it did not, there were no exceptions: the applicant's only
   recourse was a discussion with the 3166 Registration Authority (now
   Maintenance Agency, often known just as "3166/MA") or the UN
   Statistical Office (now Statistics Bureau), not with IANA.






Klensin                      Informational                      [Page 6]


RFC 3071          Reflections on the DNS and RFC 1591      February 2001


   There are actually five ccTLD exceptions to the strict rules.  One,
   "UK", is historical: it predates the adoption of ISO 3166 for this
   purpose.  The others --Ascension Island, Guernsey, Isle of Man, and
   Jersey --are arguably, at least in retrospect, just mistakes.
   Regardless of the historical reasons (about which there has been much
   speculation), it is almost certainly the case that the right way to
   handle mistakes of this sort is to acknowledge them and move on,
   rather than trying to use them as precedents to justify more
   mistakes.

   This, obviously, is also the argument against use of the "reserved"
   list (technically internal to the 3166 maintenance activity, and not
   part of the Standard): since IANA (or ICANN) can ask that a name be
   placed on that list, there is no rule of an absolute determination by
   an external organization.  Purported countries can come to ICANN,
   insist on having delegations made and persuade ICANN to ask that the
   names be reserved.  Then, since the reserved name would exist, they
   could insist that the domain be delegated.  Worse, someone could use
   another organization to request reservation of the name by 3166/MA;
   once it was reserved, ICANN might be hard-pressed not to do the
   delegation.  Of course, ICANN could (and probably would be forced to)
   adopt additional criteria other than appearance on the "reserved
   list" in order to delegate such domains.  But those criteria would
   almost certainly be nearly equivalent to determining which applicants
   were legitimate and stable enough to be considered a country, the
   exact decision process that 1591 strove to avoid.

   The other two considerations were more subtle and not always
   successful: from time to time, both before and after the formal
   policy shifted toward "governments could have their way", IANA
   received letters from people purporting to be competent government
   authorities asking for changes.  Some of them turned out later to not
   have that authority or appropriate qualifications.  The assumption of
   1591 itself was that, if the "administrative contact in country" rule
   was strictly observed, as was the rule that delegation changes
   requested by the administrative contact would be honored, then, if a
   government _really_ wanted to assert itself, it could pressure the
   administrative contact into requesting the changes it wanted, using
   whatever would pass for due process in that country.  And the ability
   to apply that process and pressure would effectively determine who
   was the government and who wasn't, and would do so far more
   effectively than any IANA evaluation of, e.g., whether the letterhead
   on a request looked authentic (and far more safely for ICANN than
   asking the opinion of any particular other government or selection of
   governments).






Klensin                      Informational                      [Page 7]


RFC 3071          Reflections on the DNS and RFC 1591      February 2001


   Specific language in 1591 permitted IANA to adopt a "work it out
   yourselves; if we have to decide, we will strive for a solution that
   is not satisfactory to any party" stance.  That approach was used
   successfully, along with large doses of education, on many occasions
   over the years, to avoid IANA's having to assume the role of judge
   between conflicting parties.

   Similar principles could be applied to the boundary between country-
   code-based generic TLDs and country domains.  Different countries,
   under different circumstances, might prefer to operate the ccTLD
   either as a national service or as a profit center where the
   "customers" were largely external.  Whatever decisions were made
   historically, general Internet stability argues that changes should
   not be made lightly.  At the same time, if a government wishes to
   make a change, the best mechanism for doing so is not to involve
   ICANN in a potential determination of legitimacy (or even to have
   ICANN's Government Advisory Committee (GAC) try to formally make that
   decision for individual countries) but for the relevant government to
   use its own procedures to persuade the administrative contact to
   request the change and for IANA to promptly and efficiently carry out
   requests made by administrative contacts.

6. Implications for the current ICANN DNSO structure.

   The arguments by some of the ccTLD administrators that they are
   different from the rest of the ICANN and DNSO structures are (in this
   model) correct: they are different.  The ccTLDs that are operating as
   generic TLDs should be separated from the ccTLD constituency and
   joined to the gTLD constituency.  The country ccTLDs should be
   separated from ICANN's immediate Supporting Organization structure,
   and operate in a parallel and advisory capacity to ICANN, similar to
   the arrangements used with the GAC.  The DNSO and country TLDs should
   not be required to interact with each other except on a mutually
   voluntary basis and, if ICANN needs interaction or advice from some
   of all of those TLDs, it would be more appropriate to get it in the
   form of an advisory body like the GAC rather than as DNSO
   constituency.

7. References

   [1] Postel, J., "Domain Name System Structure and Delegation", RFC
       1591, March 1994.

   [2] ISO 3166. ISO 3166-1. Codes for the representation of names of
       countries and their subdivisions - Part 1: Country codes (1997).






Klensin                      Informational                      [Page 8]


RFC 3071          Reflections on the DNS and RFC 1591      February 2001


8. Acknowledgements and disclaimer

   These reflections have been prepared in my individual capacity and do
   not necessarily reflect the views of my past or present employers.
   Several people, including Randy Bush, Theresa Swinehart, Zita Wenzel,
   Geoff Huston, Havard Eidnes, and several anonymous reviewers, made
   suggestions or offered editorial comments about earlier versions of
   this document.  Cord Wischhoefer, of the ISO 3166/MA, was also kind
   enough to look at the draft and supplied some useful details.  Those
   comments contributed significantly to whatever clarity the document
   has, but the author bears responsibility for the selection of
   comments which were ultimately incorporated and the way in which the
   conclusions were presented.

9.  Security Considerations

   This memo addresses the context for a set of administrative decisions
   and procedures, and does not raise or address security issues.

10. Author's Address

   John C. Klensin
   1770 Massachusetts Ave, Suite 322
   Cambridge, MA 02140, USA

   EMail: klensin@jck.com

























Klensin                      Informational                      [Page 9]


RFC 3071          Reflections on the DNS and RFC 1591      February 2001


11. Full Copyright Statement

   Copyright (C) The Internet Society 2001. All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others provided that the above copyright notice and this paragraph
   are included on all such copies.  However, this document itself may
   not be modified in any way, such as by removing the copyright notice
   or references to the Internet Society or other Internet
   organizations, except as required to translate it into languages
   other than English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR  IMPLIED, INCLUDING
   BUT NOT  LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY  IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.

























Klensin                      Informational                     [Page 10]