GNR Letter to ICANN

Hello Patrick,

This is to confirm our understanding that the two-character release request go forward to the RSTEP process.

I would like to reiterate and amplify four important facts we also described in the submitted document, that are vital to understanding the issue and which I believe will be important for RSTEP to consider.

1) RFC1535 is not specific to two-character domains or subdomains. It describes bad resolver behaviour, not normal resolver behavour. In fact, RFC1536, released at substantially the same time (in 1993), describes how to fix this bad resolver behaviour.

2) There are already far larger domains active on the Internet today, domains which would be affected and unstable if RFC1535 was a real issue. For example: li.com, ng.net, co.kr, name.com, name.de, com.au, co.uk and me.uk. If one concludes that there are instability or security issues prohibiting .name two-character names resulting from RFC1535, then one must also conclude that the Internet today is unstable and compromised as a result of existing (and well established) infrastructure. Clearly this is not the case. For example, the issue has never seriously been discussed in the GNSO, CCNSO or SSAC as a current stability threat and as described in our submission, we have not been able to find any substantiated evidence to arise any concern. Therefore the problem described in RFC1535 is not a problem for releasing two-character names on .name.

3) The behaviour described in RFC1535 was fixed in release 4.9.2 of BIND in 1993, more than 13 years ago (!). The BIND 4 resolver is officially deprecated (http://www.isc.org/sw/bind/bind4.php) (it is now in version 9). In other words, there have been 5 major (and dozens, if not hundreds, of minor) releases of BIND, over 13 years, since the issue was first fixed. Therefore, we should not, and cannot, restrict .name two-character names because of an old deprecated resolver which poses no threat to security, that, if real, would exist anyway because of the existing infrastructure outlined in 2). The only resolver in the 4 series that can be used, if one really has to use this old version, is 4.9.11, which does not have the "1535" bug. According to http://dns.measurement-factory.com/surveys/200608-full-version-table.html, less than 0.02% of all resolvers use version BIND 4.8 or lower. This further illustrates the fact that this problem is very old, has been resolved (as further evidenced by the stable existence of otherwise affected domains on .com/.net/.de/.au/.uk/.kr and in fact any other top-level-domain (since all ccTLDs are "affected" by the current .com two-character domains, and .co, .com, .org, .net and .me are particularly affected by the wide use of these strings as substructures on ccTLDs, e.g. com.au, me.uk or org.uk) on the Internet today) and does not impact our proposed release of two-character names.

4) Releasing the two-character names on .name has a real and larger purpose for the Internet community. Given the large population with two-character names - 250M (!) in China alone (for a list see e.g. http://en.wikipedia.org/wiki/List_of_common_Chinese_surnames), we believe it is reasonable to assume as a default that people should be able to use their name on the .name gTLD, created for this very purpose. We believe it is fair to release the names for the benefit of the Internet community (note that two-character names are not limited to Asia, only more prevalent in Asia, but exist all over the world).

We are of course always available for any questions the RSTEP team might have in evaluating this issue.

Yours truly,

Hakon Haugnes
President, Global Name Registry
hakon@haugnes.name