ICANN Hear the latest on new gTLDs, IDNs and DNSSEC

29 September 2011 - A Open Forum on Critical Internet Resources in Nairobi, Kenya

Session Transcript

September 29, 2011 - 14:30PM


The following is the output of the real-time captioning taken during the Sixth Meeting of the IGF, in Nairobi, Kenya. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.


     >> ROD BECKSTROM:  If everyone could please take a seat, we'll get started momentarily.  I'm Rod Beckstrom, President and CEO of ICANN.  And I'm extremely pleased to welcome all of you here in the room today and also our listeners and community participants online.  Turn that off.  We're delighted you could join us.  The purpose of the session today is to update IGF participants on ICANN's recent work and progress made in a number of areas that relate to our mission, specifically the new gTLD programme and all the efforts that have gone on there to provide education on the availability of that programme; secondly, to talk about DNS second option efforts underway around the world; and, thirdly, also talk about some of the progress on Internationalized Domain Names and to talk about some development of these programmes.

     We're honored to have five panelists and distinguished leaders from the ICANN community and IGF with us here today.  We have Dr. Steve Crocker, of course one of the early Internet pioneers contributor to the developers of the Internet and the Chairman of the Board of Directors of ICANN.

     We have Alice Munyua, representative of Kenya, and of course the Chair of this entire IGF Nairobi event.  Let's all actually give her a hand for the exceptional ‑‑.


And we also have William Stucky, who is Chairman of the Africa ISPA who will be speaking to us about their success in DNSSEC implementation in South Africa. .

     We may be joined in some point by our fellow Board Member, Katim Touray from Gambia.

     I will talk last about our last word from Vilnius.  How many were here at Vilnius at the ICANN open Forum last year?  Great, great.  It's great to see the continuity of the community and your investment of time.  And I think many of you who raised your hands have been very involved in the ICANN public meetings, as well, since Vilnius.  So there's a lot that's happened since last year.  At the highest level, three sick nigh can't things.

     First is ‑‑ significant things.

     First is new gTLDs were approved in June.

     Secondly, more IDNs, International Domain Names, again the root of the Internet.

     And, thirdly, DNSSEC deployment is exceeding our expectations at the Top Level Domain level.

     And I briefly want to mention some of the progress in each of these areas.

     The new gTLD programme, which of course was approved as a policy initiative in Paris in 2008 and which was advanced here in Nairobi last year when we had our meeting in the spring.  Issues such as integration were addressed, and other points were.  This programme was approved by the ICANN Board with the rules set by ‑‑ the programme was approved in June in Singapore and was publicly announced.  It's certainly one of the most significant developments in the evolution of a Domain Name System in terms of opening it up to innovation and new potential entries in the group, which of course was one of ICANN's initial missions as cited in the green papers and white papers developed in the late '90s before ICANN was even formed and with a view that new gTLDs were important to offer more consumer choice and to introduce more competition into the marketplace, which at that time was completely concentrated in gTLDs.

     The goals of the programme were then, in fact, to enhance competition, increase consumer choice, and to allow for innovation.

     We are presently in the middle of a long road show to raise awareness around the world of this programme.  That road show goes through 20 countries and five continents for two months and will continue through a third month, as well.

     Our goal is to educate, not to advocate.  And we're not encouraging any organizations or parties to apply for a new gTLD.  That's not our goal as a service provider and a coordination organisation.

     Our goal is simply to execute the programme successfully according to the policies developed by the community and approved by the Board and the application guide book and to implement those rules fairly.

     With respect to applying for a new gTLD, it's not for everybody.  It's a very significant investment of money.  The application fee alone is $185,000.  Some parties have estimated roughly a half million dollars of expense just to prepare and pay that application fee and perhaps several million dollars of expense to also operate that registry over the following 10 years.  So it takes a significant investment.  And even more significant investment of manpower, time, legal resources, technical resources.  And the application process itself is a long and complex process because that was necessary to implement the guidelines and rules developed by the community. .

     As many of you know, there's work underway to look at support for applicants that request financial assistance or need financial assistance, including those in developing countries.  And I understand Katim may have some more remarks about this later.  The programme itself has been costed out by ICANN as a nonprofit public service organisation to be cost neutral. .

     The panels, the objection panels, evaluation panels and process objections and all those aspects, roughly two‑thirds of the estimated programme support costs and one third is set aside for a contingency reserve for litigation or other issues that might arise as previous rounds have generated some.

     We just launched a microsite last week, which if you go to www.ICANN.org, the button in the upper left is called "New Top Level Domains."  If you click on that button, you get an entirely new site which has a considerable amount of information on the programme.  And many of the documents are in all of the United Nations languages.  Also that's a place where other parties can have questions and we'll do our best to answer those.  So there's a body of knowledge developing with questions and answers. .

     Then the programme, as many of you know, because many of you helped to shape the programme ‑‑ and I think there's some international property experts in the room and I'm not one, I'll confess, not an attorney and not an intellectual property expert, but very committed to the success of this programme ‑‑ the programme contains many new intellectual property protections that were not available in the previous generation Top Level Domains.  An example of some of those is simply the objection process itself where any party in the world can choose to file an objection.

     Once all the applications are received, the list of all those things will be made publicly available in May of next year.  When they're made publicly available, then any party can choose to file an objection based on different rules of the programme.  So there's an objections process that leads to the expert panel's reviewing issues. .

     Secondly, there's sunrise protections in every one of the TLDs where trademark holders can ‑‑ will have the privilege to register their domain names, or the marks that they own.

     Thirdly, there will be a clearinghouse, a trademark clearinghouse, which will be a global database where organizations that own trademarks and service marks can record those in a central trade mark clearinghouse so that they're notified if any party tries to register their trademark, their registered trademarks or terms at the second level from any of the new top level domains.  And considerable work is going on toward that effort right now.  There's also the UDRP or Uniform Dispute Resolution Process is supported for all the new gTLDs and a process called the uniformed racket distention.  So if parties are concerned that their rights are not being respected, and there's demonstrable rights, there's a process they can get a more rapid suspension than was available in the past.

     And finally there's a post‑delegation dispute resolution process, PDDRP, which is ‑‑ allows ICANN to have some authority with respect to any TLD operators and operations which have experienced repeated abuse.  And this is the first time that ICANN has had those protective rights to help the rights of various parties.  As many of you know, it's around 300 pages of detailed material, and it's precisely as complex has the community has developed to address the core issues.

     And of course there's a range of views on the programme.  There was a consensus reached by the community and by the Board to approve this programme.  And there are also certain parties that still have different views and must not like the programme or to apply.  That's fully understood.  That's part of a multistakeholder process Steve will talk about later.  So that's a significant block of work that has to come to completion this past year and now we're in the process of executing on since June.

     Secondly on IDNs, there's around a billion users of this past year and now languages on the Internet today as populated on non‑Latin scripts:  Chinese, Japanese, Arabic, Russian and Korean and roughly descending order.

     ICANN has received 36 unique requests from eligible countries since the launch of that group in 2009.  Today there are 30 ‑‑ in the group representing 20 different countries and there's more that are in the pipeline. .

     An important part of the internationalized domain name issues is looking at the various issues.  It's a very complex, technical and linguistic issue.  We have a varied issues project which is studying various issues in Arabic, Chinese, Cyrillic, I may need help with this one ‑‑ can someone help me pronounce that one?  Devanagari, the script used in India, some of the language groups, Greek and Latin. .

     By the way, those efforts are all being staffed with research efforts in the world with those local geographies.  We really appreciate the local partners around the world that are supporting those research efforts. .

     So ICANN has a coordination role and a staff support role, but the actual research efforts are being coordinated in places like Qatar, for example, on Arabic script.  So we made significant progress and still more work to be done.  They expert a report by the end of this year. .

     DNSSEC was deployed on a number of large gTLDs this year and Steve will provide a more important detail update.  And also we made progress in the multistakeholder model in many areas. .

     As I mentioned in my opening remarks, on Monday here, the theme of this conference is that the Internet is a catalyst for change in the world, and I think we can probably all agree that the catalyst for the change of the Internet is the multistakeholder model.  The multistakeholder model has allowed the rapid evolution of the technology standards, the policy and the governance structures; and it reflects, in some way, the Internet itself and the collaboration that it demands.

     So that's a summary of my remarks.  And now I'd like to hand it to our Chairman, Dr. Steve Crocker.

     >> DR. STEVE CROCKER:  Thank you very much, Rod.  You were quite comprehensive, so I think you covered the majority of the major points.  And I'll try to be quite brief.  DNSSEC, the security extension for DNS, is a very, very important improvement in the security of the infrastructure of the Internet.  And as Rod mentioned, that's progressing quite strongly.  It's moving along nicely.  The root assigned all the major top level domains are signed, with one exception that probably will be taken care of shortly.

     On the signing ‑‑ on the validation side, some leading ISPs are now putting in checking of signatures as a regular part of their DNS lookup process.  And we expect to see more of that.  And the frontier is now moving into the adoption by enterprises and the creation of applications that actually depend upon the signatures in the DNS system, it's very heartwarming.  A long road behind us and equally long road in front of us, I suspect, but it's good to see the progress that has come there.

     We are organizationally going through an adoption process for the recommendations that came out of the ATRT, the Accountability and Transparency Review Team, recommendations.  We're in the middle of the implementation of all the recommendations.  And the criteria that I have for success is that they stopped being separate and apart from our operation and are completely integrated and embedded within our operation.

     I had a discussion recently in which it was proposed that the criteria for success would be that if outside people come and interview the staff, can they say what's different, what are we doing different because of these recommendations?  I think that's a very reasonable question in the short run.  In the long run, I'd like the answer to be:  I don't know what you're talking about.  This is what we do.  And then if anybody looks, it turns out all those recommendations are just absolutely part of our standard operating procedures and that there's nothing to inquire about.

     We live in a very complex environment, and ICANN was purpose built to be the solution for a relatively narrow portion of the spectrum of problems that exist in the Internet.  We focus on, try to be a gold steward for the Domain Name System for the address space in conjunction with the RIRs to be the clerk, if you will, for the protocol parameter space in support of the ITF.

     And then the issues that flow out of that, one of which certainly dominates the majority of our time, is the complexities that come from the marketplace in the Domain Name System.  And you're all quite familiar with that. .

     So I think that's where I will pause and turn the floor over to ‑‑ where do we go?

     >> ROD BECKSTROM:  We'll go to Alice next, yes.

     >> DR. STEVE CROCKER:  And happy to answer questions on any subject.

     >> ALICE MUNYUA:  Thank you very much.  You know, I begin by saying that I'm not going to be speaking on behalf of the GAC.  And I see a number of my GAC colleagues sitting around.  And so I request that they also contribute to the areas that I miss.

     But basically I think I was asked to speak about GAC's involvement in the new gTLDs.  Being very new to the GAC myself, I think this is my third year.  But I'll try to bring up from where we've come from.

     GAC, I think, had its first meeting in 1999.  And it was set up as an advisory committee.  And one of the challenges, now speaking from a Kenya government perspectives, is of course the legal terms of GAC advice and the collaboration with the various stakeholders, especially taking into consideration the value of GAC's input and also taking into consideration the way governments work generally.

     In terms of GAC's involvement with new gTLDs, I think the first was in 2007 when GAC released the GAC principles of new gTLDs and which the ICANN took as helpful guidance.

     And some of the public policy principles stipulated on the gTLD principles, the provision for universal declaration of Human Rights in terms of affirming the fundamental Human Rights and the dignity and wealth of the human person and the sensitivities regarding the national, cultural and geographic and religious significance and also the issue of geographic names, territory, place names, regional and language names and people descriptions as well as making proper allowances for third parties; in particular, trademark rights as well as rights in the names of acronyms in terms of organizations, and the issue of consumer protection and consumer confidence and security of new gTLDs in terms of insuring that we're not confusing the similar to existing TLDs and avoiding confusion with our ccTLDs, as well.

     And then more recently with a development of the draft applicant guide book, GAC has been involved more actively, especially again as I repeat, toward the realisation that the new gTLDs are not just a resource but also have implications for political, social and cultural meanings. .

     And so we developed what we call the GAC score card, which underlines 12 areas, public policy areas that are important to all governments.  And the first one is on the objection procedures, including requirements for government to pay fees, procedures for review of sensitive streams, the roots as in scaling issue, market and economic impact of the new gTLDs, the issue of registry/registrar separation, post delegation dispute, the protection of rights of owners and consumer protection issues, again the issue of geographic names, the legal procedures and recourse for applications, and important ones for developing countries is providing opportunities for all stakeholders, especially those coming from developing countries, and then the issue of law enforcement and due diligence, and then the need for early warning to applicants where the proposed stream would be considered controversial or raise sensitivities including geographic names.

     The score card has been evolving and has been a case for discussion for quite a while between the GAC and the Board on various aspects.  And some of it there's been an agreement, while others we are still hoping to continue those discussions and to see about those issues are going to be resolved.  But then that looks back again to the value of GAC advice and how the GAC relates to the various stakeholders and the legal meaning of GAC advice.  But I think I'd like to invite my of my GAC colleagues to add on to that, if the Chair will allow.  Thank you?.

     >> ROD BERKSTROM: Are there any further comments at the time from any GAC members in the room that would like to share?  Maria?

     >> Maria:  Thank you very much.  Maria Hoff from Sweden.  Also one of the ‑‑ from the advisory committee.  I have so much to share.  You are kind of in a very good way, Alice, wrapped it up what we have been doing the last time, and for sure it's going to be a challenging period of time ahead of us in the GAC because we need to find our own procedures to fit in as an adviser for ICANN in this new gTLD programme.  So we're going to have to discuss more with ICANN, of course, and other groups internally in our own group to see how we can move forward and find those processes to be efficient and also to take into account our public publicity interests.  So we have some very interesting time coming in front of us, I think.  Thank you..

     >> ROD BERKSTROM: Sure.  Thank you, Maria.

     Any other comments from any GAC members at this time?  And I'll actually ask for input from other community members after William has an opportunity to speak.  Any other GAC comments at this time?  Okay.  William?

(no audio).

     >> Can we get a test?  Can we get an AV tech?  Can somebody please get an AV tech in the room to try to help out, please? ‑‑ securing names, IP address and names.  Oh, any other information in the Domain Name System.  I'm sure you all know people use names like Google.com and computers use IP addresses like 1028081 for a name or ‑‑ for an IP6 address.  Any time you type in an address for a machine, machine or web page, you type a name or string of characters and the Domain Name System puts it into a numerical address that it understand specifically to make your connection.

     Unfortunately, it's possible to compromise the lookups.  If you were to type Google.com it could take you somewhere different, like pornographic website or another.  As it applies to a bank site.  That particularly applies if you go to a bank site where you may end up at a fake replica of the bank website.

     DNS sec prevents this completely by ‑‑ (audio lost ‑‑)

It's good information.  The sign zone, all the domain service records in that zone such as the public half of security keys or able to be secured, that worked.  Validated.


Okay.  So who needs DNSSEC?  Any institution that works with money.  Anyone who wants to guarantee that their customers will get to their website and not just ‑‑ site.  Probably ever up with.  And the DNS protocol has such a serious security design which makes ‑‑ takes a few hours, not as hard to do as it used to be.  It used to be believed to be hard to do until it was demonstrated categorically both theoretically and in practice.

     So any finance, institution or commerce site should seriously consider using DNSSEC for securing their information.  Because the DNS protocol has the weakness in its design, some protocols, the most appropriate fix to the problem.  But DNSSEC is not use.  The people have simply been too lazy to implement it in the past.

     So how is it implemented?  Perhaps because no one agency can flick a switch, to switch on DNSSEC for everyone, a little bit like 6, I guess.  That the takeup of DNSSEC is going very slowly.  Financial institutions keep things quiet so no flags are raised that problems have happened.  And I guess most men that end up on a pornographic website probably keep that news to themselves, too.

     Security keys do become stale with use.  So there they need to be periodically updated.  It is still something new and there's not many people are doing that so far.

     So DNSSEC is not just the ‑‑ requires participation of the registries, the ISPs and the domain holders each have separate but quite different roles to play.

     The four primary roles that we began to look at are the role of the ccTLD or the gTLD, the Top Level Domain name in your context.

     And the ccTLD needs to sign.  That's simple to do by hand but repetitive signing should be done by a script.  And there is a product called open DNSSEC which is an open source product designed by some European ccTLDs which is probably the right solution.  There are also organizations, like PCH or others where you could run your home grown script or you can go overboard with a cryptoscript.

     Then signed in mid July of last year, 15th, in fact.  Since then ccLTD operators have been able to provide the roots.  Signing on is simple.  Also simple to break.  There are some good tools you can use the job.  And open DNSSEC is written as a clever effort between the UK and Swedish TLDs and the Web site is open DNSSEC.org.  It has helped for cryptographic device in the system and how the root zone is kept and the author has written some scripts that will do the job which could be fine for an ISP is available from www.posixafrica.com.  Signing services for their clients.  Unsigned zones can be clearly connected.  Sign will return to the ‑‑ as well as on their system.

     So continuing with the role of the ccTLD, while signing is simple, the biggest job is to collect the DNS keys from the domain holders who wish for their domains to be correctly signed.  This exchange of DNS keys has to be done in a safe and secure manner.  And if the ccLD does the registrar registrant model that refers to the way domains are registered within the process, then they're probably using EPP.  And EPP is the extensible provisioning protocol, to communicate to the registrar.  And this is by design a secured link.  And using EPP exchanges to DNSSEC will be done to securely coordinate the DNSSEC keys.  That may not be the only way.  Secures information through the ccTLD via SCP, which is a secure copy programme.  But to each other at the time and knew the identity of the other and were able to pass the information over correctly.  So some of the other protocols were obviated at that.  But you can't always be face‑to‑face to exchange keys.

     Another method may be via secured website.  But the initial data would have to be very securely done.  This may be fine for smaller CCRTDs with smaller or limited known customers.

     Moving now on to the role of the ISP or the registrar who are often the same person, the ISP is often running the customer's as part of the agreement.  If the ISP is also registrar, the results are known customer of the ccTLD and something like EPP is in use, then there should be no problems.  The ISP usually has a good view of their customers as secure web interface and some kind of monthly interaction such as payments and invoices.  And so there is an inherent trust relationship between the ISP and the customer.  So even if a customer runs ‑‑ DNS keys can be the customer facing administration system operated by the ISP.  And that would be passed on to the ccTLD.

     >> MODERATOR: Thank you very much.

     >> I'm got two slides..

     >> ROD BERKSTROM: Sorry.

     >> The role of the ISP continues to provide DNSSEC, provides security to their customer by exchange of email service and DNS servers.  And the DNS servers need to be DNSSEC‑aware.  Which is a reasonably easy thing to do.  Once with a valid copy of the root key can be large be left alone.  There is an automatic company to automatically download the new root key for further use.  Running DNSSEC‑aware names could be done at any time and ISPs should be encouraged to implement them sooner rather than later.  This ‑‑ is using DNS sec from August so everyone can enjoy a slightly safer Internet experience.

     Moving on to the domain holder, the task becomes simpler, often there's nothing for the registrant domain holder to do.  But if the registrant has no access to domain name security, ‑‑ demanding this service from their upstream service provider.  A large customer can be one way to drive their ccTLD into action.  And also complain if the action does not IEPP6.  Because no one asks for them.  So go and ask for safer Internet.

     The consumer need to be using ‑‑ very little to do.  If an incorrectly signed record gets resolved and security by DNSSEC, it will be rejected.  So the consumers will only get good data.  For those curious ‑‑ plug‑in in Fire Fox, for example, they go to an improperly validated web site a key will appear and or knowledge will say something is broken and the red key says where the zone itself is incorrect.

     Whoa is using DNSSEC in Africa.  Namibia is the only one that is using it.  And there's currently no process for getting DNS keys into the Namibian zone.  This will be changed soon.  It always ‑‑ to run fresh keys just to make sure all processes work.

     Deposit systems, experimental entry into the ‑‑ NA and is working just fine.  The AfriNIC will soon be launching a secure web portal allowing all LIRs or locally ‑‑ registries or ISPs.  U. Africa counts to upload DNS keys for their provider member resources.

     I mentioned EPP just now.  That's the Extensible Provisioning Protocol.  It's the protocol used to allocate resources and it's currently being used in South Africa with the current ‑‑ system.  It actually went live last week.  And the first EPP systems are up and running.  And that includes the ability to securely upload DNSSEC information.  I'm sure if I'm supposed to spread the word just yet.  But once the system is settled in, it will have the zone signed and then presumably one day the ‑‑ zone signed, as well. .

     In exercise it takes under 30 seconds to generate a signed zone.  We signed something like NSEC 3 which prevents people from walking the zone with the opt out records so that any that have the associated DNS key will be included in the zone process.  And because those zones are the largest in Africa, about 700,000 domains and expected that there are less than a million African domains using African CKTLDs.  Hopefully with time that will increase.  Also providing training class which has included DNSSEC training for the last five years.  And it is provided courtesy of Afrinet.  That's it, thank you..

     >> ROD BERKSTROM: Thank you very much, William.  And I also want to mention as we transition here, there is a number of one‑page documents that we handed out to you.  One of them is a one‑Page DNSSEC overview for people that are new to learning about the programme.  They're not only available here in the room today at your desk perhaps and also I think at a side table but also happy to provide them if you want them for education at any events that you're part of in your communities and industries, there is also a one‑pager on new Top Level Domains to help educate parties apt a high level over view in the programme.  As well as a one‑page strategic plan.  And this one‑page strategic plan is a formal planning document for ICANN prioritization and the process of evolving the strategic plan involves all of you, everyone in the community, and opens up again very soon.

     So we thank you for your help on that.  We only had room on the panel today for four of us.  Katim Touray expresses his regrets.  He was not able to join us.  I do want to open it up quickly before we take questions for any members of the AC, the other advisory committees in supporting organizations.  So there's also the AWAC, the SSAC, the RSAC, the CCSNO, which is the country code name supporting organisation, the ASO and the GNSO.  And there's members from those communities and leaders here.  If any of you would like to share anything before we go to Q&A, in is the time for an open mic if you'd like to share.  Steve?  Steve Delbianco?  GNSO?

     >> Thank you, Rod.  Not an official position but member of the GNSO if that's what you're looking for.  Alice, thank you for summarizing the government advisory committee's 2007 letter of principles for the new TLDs.  And the vast majority of the principles that you read out are explicitly reflected in the ICANN guide book process that we all designed.  But I did want to point out that a couple of the principles you described were going to be exercised by the governments here and the GAC through their own judgment using mechanisms like the early warning, the objection process and even GAC's formal advice.  And I'm speaking here of just the first two that you listed, the UN's declaration of Human Rights including dignity and gender equality for instance and the other is a sensitivity of a new TLD in terms of, say, national, geographic and religious significance.  My point is to clarify that ICANN can rely on governments and the GAC to make judgments if they believe a new TLD goes against those two principles.  The rest of the items are automatically judged through ICANN's evaluation process.  So the role of governments will be, again, very visible during the evaluation process.  Thank you..

     >> ROD BERKSTROM: Thank you, Steve.  Moktar, please?  Please introduce yourself fully, thank you.

     >> Thank you, Chair.  My name is Mokatar, I'm from the African union commission.  And from those of who don't know what is African union commission, it is the Secretariat of the African union organisation representing the 53 countries in Africa who have signed the charter of the African union and therefore we are representing here the entire continent with regard to ICT‑specific issues in this area.

     Having said that, Mr. Chair, thank you very much for giving me the floor.  And I would like first to congratulate you and to congratulate ICANN for what you have achieved in order to implement the new gTLDs.

     A lot has been done, but also a lot still to be done.  And we assure you with our support to take the entire of the community of work.

     But I would like to reiterate the concern of GACs with regard to geographic names.  And I would like to also insist that the things such as North Africa should be sensitively and reserved for Africa and the African Union Commission is committed to work with you, to work with the GAC and the community to make sure that dot Africa is implemented for the interest of the community exclusively without exception.  Having said, I would like to thank you and encourage you for your work..

     >> ROD BERKSTROM: Thank you very much.  And I think the credit is due to the entire community that worked so hard on this.  The Board of ICANN and also the Staff.  But thank you very much.  And we appreciate your comments and there are quite a number of protections in the programme for geographic names.  And some of the experts have helped contribute to those are even in the room.  But we appreciate your sharing those views.

     Do we've ‑‑ yes, Chuck Gomes from GNSO.

     >> Thanks, Rod.  I guess for those who may not be aware, I just wanted to point out that the GNSO initiated the new gTLD Policy Development Process at the end of 2005.  So this hasn't been a trivial process.  There have been huge numbers of communities, community members and stakeholder groups involved.  And many of you were a part of that.  So a tremendous amount of work has gone into it.  None of us thinks it's perfect, but we think a legitimate effort was made to accommodate stakeholder interests as much as possible on a consensus process.

     And I would also like to compliment the ICANN team that was tasked with developing the recommendations that we gave them in the GNSO, because in a consensus process, it was not possible for us to go into great detail and still reach consensus.  So we gave ICANN staff a huge challenge in implementing, coming up with an implementation plan for the recommendations.  And they've been working on that for the last four, five years.  And I thank them for the work they did..

     >> ROD BERKSTROM: Thank you.  Thank you very much, Chuck, for sharing that.  In fact, there were enormous amounts of work by the GNSO since 2005 and I believe that's where the original Policy Development Process started.  And thank you for recognizing the staff who worked so hard to help support your excellent efforts..

     Was there another question here on the background?.

     No?  Anyone from ALAC like to share any remarks?  Jess, Tan, Jani?.

     >> Thank you, Rod.  First of all, I want to mention that at large, which is the representative of the Internet end users, didn't have a representative inside the Board.  We had a liaison, but now one of the Board Members is a member selected by at large who is Sebastian ‑‑

Second point, ALAC have given a huge number of advices to the Board in the last period.  And we worked a lot on the support to the applicants needing assistance.

     Something which was not very ‑‑ we didn't emphasize in this session was this aspect of the new gTLD programme.

     You know, one of the core values of ICANN is the inclusiveness.  And the new gTLD programme should be inclusive, too.  And when you know that 185,000 cannot be afford by the applicants from the developing countries, you will understand that the developing countries will be excluded from this programme.

     So after a huge effort, the Board decided Nairobi given the resolution to form a working group to look how we can support applicants from developing countries..

     ALAC worked a lot on this issue inside the working group.  And the working group have issued his final report.  And I do hope that the Board will approve it because it is the only way to make people from developing countries applying for new TLDs.  Thank you..

     >> ROD BERKSTROM: Thank you very much for that.  Meanwhile, while we've been talking, Katim sent a note and asked me to convey sentiments along similar lines that the joint applicant support working group work has been very important and we will definitely take it into account..

     There is about to put on the table something to think about.  Was real empathy for trying to make this programme as inclusive as possible.  As Rod said, it's not a programme for everybody.  The $185,000 application fee is but a small portion of the overall total cost to actually bring a new gTLD into existence.  The board approved the creation of a modest fund of 2 million dollars.  We are eager to see something constructive happen.

     At the same time, we're also eager not to create unintended problems.  We want the applicants who come through such a programme to be successful rather than simply get put into a position where the first step is taken care of but the next several steps are not taken care of and then we have a different kind of problem on our hands and it becomes everybody's problem.

     So there is more thought to be put into this to make it a real programme, to make it really successful and not to simply create an illusion that ‑‑ and spending money to create that illusion.  I don't object to the spending of the money, but I want to make sure that the whole thing is real.

     But it is of great concern.  We definitely are very focused on inclusiveness.  And anything we can do that expands the participation and provides opportunity for all parts of the world, all languages, all speakers we're eager to do.  Not just willing but I would say stronger than willing.

     >> Steve, we are aware.  And we think a lot about this question of being able to run after getting the gTLD.  And inside the report, we will see that we put some barriers to those who cannot.  So it is inside the report.  The report is ‑‑ everything is inside.  So I think that we do need the support.  Because otherwise as you said, the $185,000 are only for the preliminary evaluation.  So there is a lot of money to pay after that.  Thank you..

     >> ROD BERKSTROM: That's correct.  It's $185,000 for the application fee and $25,000 a year at a minimal level for the TLD and the registry.  So over 10 years that's another quarter million dollars.  And if more than 50,000 domain names are registered, the fees go up from there.  So you rightly point this out.

     We also appreciate that you brought it up since Katim couldn't be here.  And a very brief comment would be that our challenge will go from the concepts to a distilled form of some offering that hopefully can be implemented in the extremely tight time frames that we have.

     But we very much appreciate all the efforts of the community to move the concepts forward.  Steve, do you have something you'd like to say?  Or I was going to ask Sebastian for some input?  Go ahead.

     >> DR. STEVE CROCKER:  No I was looking for other inputs around the room..

     >> ROD BERKSTROM: Since Sebastian is the first person to be seated in the ALAC, would you like to share your experience on the first AWAC representative on the Board in seat No. 15, your lucky number?

     >> SEBASTIAN BACHOLLET:  Thank you very much to allow this discussion.  I think it's very important this new seat on the Board because it shows a commitment of ICANN to open to the end user, up to the Board to have not just liaison beautiful voting member..

     I will not say it is very easy because as you imagine, it's advisory committee who gathers votes of the at large to put somebody onto the Board.  And at the same time the ALAC ‑‑ then it's sometimes tricky to have an advisory committee with no liaison to the board to con say their advice.  But we are trying to work on that.  And I think the ALAC is really keen and we are working well..

     I think we need to do more.  But the future will tell us how we can go in that direction.

     In the same time the discussion about the JAS group, or the Joint Application Support group, is a very important one coming in front much us.  The other topic of course this one is important because it's about inclusiveness.

     But just to be clear of what the process is.  We are, this working group send the report to the GNSO and ALAC.  And when they will take a position on this, if it will come, I guess both to the Board and probably come in pairs and it will be important for the public to comment on that issue to see how we can tune the programme to be really inclusive.  And I thank all the ‑‑ to make a terrific and very hard work on that.  Thank you..

     >> ROD BERKSTROM: Absolutely.  And thank you, too, Sebastian.  I see another question coming from the Steven DelBianco.  I want to open up to anyone else's comments or questions you'd like to share.  Steven.

     >> STEVEN DELBIANCO:  Thank you.  It's a followup to the discussion of supporting applicants financially and technically.  And I think that that will be particularly helpful to a few applicants, although as you indicated the financial burdens are significant.

     There's another element of support that I hope that ICANN can work out during the implementation of the support, and that's the notion of trying to get applicants to offer versions of their new TLDs in the really underserved linguistic communities, the underserved languages and scripts that are represented by a lot of foal the folks in this room, we're talking about.org for instance, are we going to see it in Arabic, Korean, Hangul or other scripts?  And it's very difficult to justify that for particularly small linguistic communities.  So we're anxious to see that even innovative new TLDs like dot bank would be ideally deployed in all scripts across the planet, particularly in the upcoming rounds since it may be many years before we see another round.  So we are working closely at ICANN and encouraging staff to come up with ways to encourage applicants to offer multiple versions across multiple linguistics.  Thank you..

     >> ROD BERKSTROM: Thank you.  And Baheare, Esmont our region liaison for the Middle East is taking questions from online.  Bahar, can you please share some online questions.

     >> Thank you, Rod.  There's a question from the remote hub in Pakistan.  University of NUST.  Questions reads a few months ago, ICANN announced new STLD of xxx domain that would carry adult content only.  The question is whether this initiative is to move present such content to dot xxx domain to allow control or filtering or is that step taken to promote that industry?.

     >> ROD BERKSTROM: Steve, do you want to take this one since it's a Board‑level decision?

     >> DR. STEVE CROCKER:  No, but I'll do it anyway.


I'm not sure I quite got all the pieces of this.  The xxx domain was approved.  We'll have to see where things are going to go with that.  There is no rule that is going to force content to move out of one domain into another domain whether it's xxx or anything else.  Certainly things that are in the xxx domain will be easier to focus attention on, for better or for worse.  And if you want parental controls for xxx, that's one of the things that that will facilitate.

     I see Sebastian's hand was raised.  Would you like to chime in, as well?

     >> Yes.  But first I need to declare that I am a member of the I4 board's organisation who was set up to take care of the policy issue about the dot xxx.  I will not talk before one or the other.  Just to give information.

     The current system developed for the dot xxx, but who will benefit to other TLDs that currently just working on one broader, specifically Fire Fox.  But hopefully it will work in other.  And taking system developed by the WswissC, is a company whose name is better cert, who will tag or label the website..

     And if you try, it's not just labeling the dot xxx website.  It's labeling the website with other content from all across‑the‑board.  And it's a quite interesting ‑‑ I don't know if it answers the question if the parents can or can't, but with the system put into place, it seems to be that it will be cross‑TLD and not just for the xxx.  And it's just to show that ‑‑ I hope that the future of the new gTLD will come with real innovation.  And for me, this one from dot xxx, it's one coming to the Internet.  And really I hope that it will be useful not just for this specific TLD but for all TLDs.  Thank you..

     >> ROD BERKSTROM: Thank you, Sebastian.  And I also want to just mention that on this topic and on others, many others we discussed DNS new gTLDs, there's many experts in this room from our community.  So if you're new to the ICANN community or new to the topics of DNSSEC or new gTLDs, you just have to look to your right or left and meet some of the people that are around you because the room is filled with experts even on geographic names, for example, where ‑‑ from Germany was one of the key contributors to many of the concepts that advanced the programme.

     So I want to ask do we have any more questions from online at this time?  No.  Do we have any more questions from the room?  Yes, sir.

     >> I'm going back to the DNSSEC.  Yesterday there was a debate in one of the workshops regarding how to deal with illegal content.  And one of the inputs that I got is that DNSSEC is not going to support the blocking.

     My question is:  Is ICANN community working on this to resolve?  Because it seems there is a reluctance to have a technical solution and go for the source of the illegal content?.

     >> ROD BERKSTROM: Dr. Crocker is one of the world experts on this topic so I'll hand it over to him.

     >> Yeah, there's been a lot of attention to how to counter illegal content or infringing content on the Internet.  The content is at the web‑level from a protocol stack point of view.  It's up at the application level.  The DNS operates down at the sort of interior plumbing of the net.  And it's sort of a technical mess to ‑‑ when you try to use DNS as a way of blocking access.

     I'm one of the coauthors of a white paper addressing the difficulty of using DNS blocking that's anticipated in some current legislation pending in the U.S.  And there's comparable efforts around the world.

     It's simply the wrong level to accomplish that task.  The right level is up at the URL level.  There's no opportunity, for example, the DNS to explain to the user what it is you're trying to accomplish when you redirect or when you block.  The protocol is a very thin, simple low‑level protocol that just does not have the mechanism to add messages.  And it doesn't ‑‑ it's not used by users.  It's used by the systems that the users are using..

     So that's not a very appealing answer to people who don't care about the technology and just say "Well I know what I want, so you make it happen."  That gets to be kind of an awkward conversation because there are technical issues.

     DNSSEC is an extension to the DNS protocol that is intended to thwart misuses of various sorts.  And the idea of using DNS blocking runs afoul of that because it looks, even though there may be good purpose involved, it looks and acts just as if it's an attempt to redirect or to misuse the DNS..

     That's just going to have to get sorted out.  In addition, there's a bigger you that it doesn't work very well and a lot of experience behind that.

     There are some subtleties.  There are some positive forms of blocking that are on behalf of the users attempts to say that blocking on behalf of a third‑party is just the same ‑‑ fuzzes over, makes indistinct some very important distinctions. .

     I could go on a bit but that's basically where the subjects are.  There are much, much better ways to counter infringing content.  I think the main appeal is of using DNS blocking is that it looks so simple from a distance, particularly if one's not involved in the actual technology or operations.

     >> Thank you.  The next question or remark is from Sabina is the CEO of the dot DE in Germany.

     >> It's a remark and also question.  I'm from Detee, from Germany.  I was puzzled when the question came up when dot xxx and the content issue.  We are still talking about content DNS.  Coming from my understanding, domain names have practically nothing to do with DNS..

     So we're talking about a domain name, such as Natasha.de, it doesn't say any kind of content, may be illegal or not illegal or whatever.  But DNS as far as, at least I understand it technically the last couple of years was that when we are talking about domain name, Natasha.de, it is simply a lookup to an IP address where the content of Natasha.de lies.  And the content of Natasha.de can change without any change in the DNS, the DNS infrastructure and the infrastructure provided by the registry or the registrars.

     So I'm a little bit puzzled by the lack of distinction about these principles.  That we mix up so much of these.

     So my next question:  Is ICANN supposed to go in that direction such as suggested to come up with technologies in the content rating of websites or something like that?

     >> So, thank you.  The answer to your last question is no ICANN's not supposed to go in that direction.  I should be clear that my involvement in writing the white paper is as an individual and not as an ICANN representative.  I also want to thank you very much.  The points that you made about distinguishing DNS from content, very, very important points and very well said.

     And while we're at it, I want to congratulate you on the signing of your domain, the dot DE domain which I think everybody understands is the largest of the country code top level domains.  So that's an extremely important event and a major piece of leadership.  Thank you very much for that..

     >> ROD BERKSTROM: Great.  I think the next question is from the ICANN board of directors.

     >> Thank you, Rod.  Actually no it's not a question.  It was a compliment to the discussion that has been made before.  And actually I am extremely happy that Sabine highlighted this point.

     If I want to make an analogy to make things as clear as possible, the relationship or the lack of relationship between the DNS, as a system of addressing and routing, and the content that is on websites can be best understood if you imagine the following question:  Is the yellow pages book concerned with the activity of the companies or the shops that are listed in the yellow pages?  Of course not.  It's an address.  Company X is at address Y.  That's the yellow pages role.  And that's what it is about with the DNS system.  It doesn't care about what you put behind; it just matches understandable name with an IP address, Ie, a server.

     And so it's a very important distinction to make because I'm a Board Member of ICANN now but I used to be in the GAC as the French representative.  And it's extremely important to understand that ICANN is dealing with a system of addressing and naming.  And that there is no connection with the content.

     The second point I want to make which is connected to that is that this meeting in Nairobi of the IGF has demonstrated the incredible benefit of getting the different actors in the same room.

     Some of you may have attended the workshop on blocking that took place yesterday or two days ago, I am mixing it up now.  And it was an amazingly informed discussion between actors who were coming from all over the place, from Interpol to activists to technical parties and so on, a kind of discussion that cannot happen in any other space and that is only possible in a multistakeholder format like the one at the IGF.

     And I want to conclude by saying that the multistakeholder approach is not a doctrine or desire that is driven by political motives or any ulterior motive.  It is something that is based on a necessity to address concrete issues.  Most of the issues that we have to deal with with the Internet, they require having all the different actors around the table.  And to take the example of ICANN and the new gTLD programme, there is no way on earth a programme about opening up the opportunities on the new gTLD programme, basically what I call allowing the allocation of the semantic spectrum, which is a resource that is common in a fair or as fair as equitable and as transparent manner.  There is no way it could have been accomplished in that amount of time with that level of detail through any other approach than bringing all the actors around the table.  It is a difficult process.  And no process implementing the multistakeholder approach is perfect.  But both the IGF and ICANN are striving to move constantly towards more participation, more internationalization.  And it's a constant improvement process as we see in the IGF with the improvement process and in ICANN with the transparency and accountability review mechanism that some of you have probably followed.  So I wanted to take the opportunity to make the point, and I thought this Forum was the right one..

     >> ROD BERKSTROM: A very important point as was Sabina's.  We have one coming from Thomas Snyder with the Swiss government also involved with the GAC.  Hen Snyder.

     >> Thank you, everybody.  We have a question really discovered by accident that in the guide book there is a new deadline or at least to us it is new that has been introduced in the process for a user, so‑called user registration with a deadline of 29 March.  Maybe that would be good to communicate if that is so, if that means that if I want to apply for a TLD, that the deadline for if I don't register as a user, I cannot apply for it until the 12th of April.  It would be good to communicate that.

     And the question is:  This is just a user registration?  I just have the to give you my name and some details, I don't have to pay anything, nothing happens with that, just so you know who I am.  Are we correct in this understanding?.

     >> ROD BERKSTROM: Thank you very much, Thomas.  Headliner, governor affairs of Americas is going to provide a response..

     >> That is correct.  There is a March 29th deadline to register with our as the system, which is ‑‑ TAS system online system that's used for applications.  I believe when someone registers for TAS, one does have to put the deposit in, as well.  But I could be wrong on that.

     But if you do not register as a TAS user by March 29th, then you will not be able to apply.  The closing window, the closing deadline for filing applications is April 12th.

     >> It's $5,000.

     >> MODERATOR: Okay.  Thank you.  We had another question over here, sir, please?

     >> My name ‑‑ from the NGO ‑‑ activities.  My question is about the new guide book published a few days ago.  It's not declared that it's a draft or a final version.  And we know that there are still is points that are in discussion.  And the question is that:  Are you still open to hear the voices and comments?.

     >> ROD BERKSTROM: The applicant guide book that was published last week is the complete applicant guide book.  The term "final" is not applicable to the applicant guide book because the Board of ICANN, the applicant guide book itself states in it that it can be amended and revised, roughly speaking, by the board of directors of ICANN in order to protect the security and stability of the Internet, for example.

     So changes are possible.  Right now, the only public policy process or public comment and discussion process open on the guide book is the issue of support for applicants that request financial assistance.

     So at the present time, that is the only process ‑‑ actually, or maybe my staff member may correct me here ‑‑ Jamie?

     >> Jamie:  Yeah, just to point out that there's one other issue..

     >> ROD BERKSTROM: It's not a public process, though.  There are other operational details and implementation details that are being worked on by ICANN.

     >> Jamie:  I was going to point out that the GAC the Governmental Advisory Committee is going to provide updates or provide additional input on the issue of early warning and treatment of sensitive strings..

     >> ROD BERKSTROM: Thank you, Jamie.  Sir?

     >> Thank you.  Thank you very much.  Muhammad from Somalia.  I manage the ccTLD but I also attend and I'm a member of the CCSO.  And sometimes I travel quit a lot in the continent and I'm also based at the university in Australia.  My comment may even turn into a question is:  The need for clarity in the way as a community within the ICANN we communicate.  And I just noticed we almost missed an opportunity recently when there was a question from Pakistan, someone asking about the xx issue.  Now, I don't want to bore or go back to those issues, but I guess the comment I want to make is why is it as a community, within ICANN, people who deal with the whole enterprise based on information and sharing information and assimilating, why can't we be just very concrete and provide very succinct information?  If someone asks the xxx ‑‑ is ICANN promoting xxx material?  Or are we saying everything in that industry will be moved to xxx in gTLD?  Why is it we just can't say yes or no?  I know it's a very difficult issue.  But nevertheless why can't we say this is what it is.  As I travel in the continent and that's the question that many people ask.  What is this all about?  And even not only Africa but elsewhere, too.  I guess I'm asking for the need for clarity.  Thank you..

     >> ROD BERKSTROM: Thank you.  I think Steve has a response and then another.  I have a question I'd like to move to after that.  Thank you.

     >> DR. STEVE CROCKER:  You raised a good point about how well we communicate.  And I think we want to take inputs, questions, suggestions on that..

     Let me try something.  Are we going to insist that all adult content move to XXX?  No.  What was the other question about xxx?

     >> Just that..

     >> ROD BERKSTROM: Just succinct answer to the question..

     >> DR. STEVE CROCKER: There were two questions.  But the answers to your question as you phrased them were no, full stop.  I don't know if that's satisfactory to everybody.  But if you want short, succinct answers, that's it..

     >> ROD BERKSTROM:  Thank you.  Betoin?

     >> Actually, the answer is no and no.  There will be no forced migration to the label.  And, second, because the label has nothing to do with actually whether there are many more or less content that qualify as adult content on the Internet, the existence of the TLD doesn't change in any way the amount of material that is online.  Just like the existence of a dot music or dot sport doesn't change at all the amount of material that is related to music or sports online.

     So the answer very clearly to the question is no and no.  In French we have an expression nil el ‑‑.

     >> ROD BERKSTROM: Thank you very much.  Now I'd like to hand over the mic is to one of the true pioneers or greats of the Internet in Africa.  We're fortunate to have many, but Ni is one of the individuals who's really helped to build and develop ICANN from very early on.  And so, Ni?

     >> Thank you very much.  I'd just like to make a brief intervention on behalf of the African registrars.  We like to thank you for having taken us through the process of accreditation.  We think that it may be a response to the question of the state of Internet industries in Africa.  We may indeed end up being the ones that pave the way for clarification or clear identification of that industry.

     We see ourselves as ones who are going to push the business side of our industries.  Questions such as:  What really do we add value?  How do we add value?  It is because we can be looked up and be close to the registrars.  And in so doing, we get to appreciate the need for the registrants and therefore begin to offer more targeted services to them.

     The kinds of issues we face, of course, is a learning curve.  There is a lot of things to appreciate in the process of the accreditation.  And then we have to build.  We have to build a business.  We have to build infrastructure.  And at the same time, we have to do something very important, which is to activate a community near where we are let's say headquartered.  And in so doing, we bring more people the Internet, and the Internet will bring more names into the system.

     And if anyone for the moment thought that there was no market for this in Africa, it is not true.  It was the same in the 90s that there was no business for Internet in Africa, but we showed that it existed.  Maybe what we need is education.  Maybe it's a totally new thing and if no one are interested, we are interested.  We will build it and we will take it and we will keep it if we can..

     And of course we are very grateful that you embarked on the process of new gTLDs.  We think it also helps.  It gives us more options to offer to our registrants.  So we urge you to proceed as quickly as you can on the process.  Thank you very much..

     >> ROD BERKSTROM: Thank you so much, Ni.  And I see a last comment or question I think from Chuck.  We're up on our time limit, Steve.  So it's okay.  I'll hand it to Chuck and let the panelists make a brief closing remark if they want.  And bring it to a close.  Chuck?

     >> Thank you, Rod.  I wanted to reinforce and hopefully simplify what say bean an said, what Bertrand said what Steve Crocker said.  A lot of people expect ICANN to be something they're not.  I encourage you to look at ICANN's limited technical mission that's posted prominently on their website.  They do not have any responsibility or authority to deal with content.  It's domain name coordination.

     And so that is one of the values of the IGF.  The IGF is a discussion Forum that allows us to communicate together, to discuss and debate areas beyond that limited technical coordination mission.  Thank you..

     >> ROD BERKSTROM: Okay.  Steven Delbianco is lobbying for just a very brief intervention.  Just a sentence or two, then we'll go to Alice for any closing remarks she might have.  Thank you.

     >> In a new round an applicant might well promise who can register a domain name or what kind of content.  They may promise that in their application.  Dot bank will promise to give only domains to banks.  If fact they may have to make that promise to avoid having governments object to their application.

     Dot family may promise to have family‑friendly content on the domains.  It is a promise they make.  It isn't ICANN's job to enforce at the registration level whether banks are in dot bank and family in dot family.  However, the TLD operator has a responsibility if they made a promise.  Should ICANN, should the Internet community expect that ICANN will hold the TLD applicant to promises they made in their application to help it get approved?.

     >> ROD BERKSTROM: You said short.  Well answer that offline with respect to the time clock.  Thank you.  Alice, would you like to share any closing remarks?

     >> Alice Munyua:  Thank you very much.  I'd just like to refer you back to the GAC Singapore communique which what the GAC mentions that the GAC really does appreciate the potential beneficial opportunities provided by the new gTLDs.  But we remain committed to continuing to discuss ways of resolving some of the several elements of our adult advice on the important public policy issues and also quite keen to continue seeing how the evolving nature of GAC's collaboration with other stakeholders, that's important to us, I think..

     >> ROD BERKSTROM: Thank you so much, Alice.  William, any closing remarks?

     >> William:  Thank you for the opportunity to make the presentation on behalf of Elkins..

     >> ROD BERKSTROM: I want to thank you for being here to build the multistakeholder model ICANN, IGF I want to hand it over to Dr. Steve Crocker for closing the session.  Thank you.

     >> DR. STEVE CROCKER:  Thank you, Rod.  I want to echo your remarks.  Chuck, I was a little surprised when you talked about ICANN in terms of you.  You're as much a part of ICANN as anybody.  And, in fact, everybody here.  I mean, we talk extensively about a multistakeholder model..

     So my closing remark is we are all ICANN.  All of us here in the room and all of our communities.  Thank you very much.  And the dialogue's been very much appreciated..

     >> ROD BERKSTROM: By the way, if you want ‑‑ let's actually give applause to everyone in the room.  Thank you for all of you.


And Rochelle has just told me.  These documents are also in other languages, other UN languages at our booth upstairs if you'd like them in another language.  Thank you.


     (end of session)