ICANN|ARCHIVES

Internet Corporation for Assigned Names and Numbers

Executive Summary

Network Solutions, Inc. ("NSI" or "Network Solutions") submits the attached White Paper in connection with the request by the Internet Corporation for Assigned Names and Numbers ("ICANN") for applications from entities interested in operating or sponsoring new top-level domains ("TLDs").

NSI supports the careful introduction of additional TLDs to the Domain Name System ("DNS") and is pleased to participate in a process whereby ICANN will select new TLDs in a responsible manner. ICANN's commitment to preserve the operational integrity of the Internet while contributing to overall growth of the medium is of utmost importance to NSI, its customers and the entire Internet community.

To preserve system integrity while promoting growth, we believe, requires that all registries observe best practices. Throughout this White Paper, we describe "best practices" in registry business procedures, technical operations and TLD policies based on the experience acquired by VeriSign Global Registry Services ("VGRS") in connection with .com, .net and .org, commonly referred to as "gTLDs". Not all registries should or will operate in the same way as VGRS, but they should all yield the same quality of service. Some of these best practices describe registrar-liaison efforts, internal security features, Whois services, zone processes, or service level requirements, all of which are essential to the integrity of the DNS. Most important, each of the best practices mentioned has proven effective at VGRS over time.

Our goal in sharing these best practices with the Internet community is to illustrate that they are applicable to .com, .net and .org, as well as to additional gTLDs, and that their use by other operators is likely to continue to ensure the integrity of the Internet, attract global users to it and facilitate growth. Additional TLDs, if introduced properly, will encourage new communities of users onto the Internet, thereby fostering the growth that will cover the quite substantial costs of providing continued integrity itself. The best practices described in this White Paper, we hope, will help to maintain the Internet's current level of stability, foster growth, expedite the availability of new TLDs, and establish standards of quality among registry operators.

The White Paper assumes that the introduction of new TLDs will be conducted as a "proof of concept" and that once deployed, new TLDs will be irrevocable. While the market will be the ultimate arbiter of competitive merit, ICANN has the task of completing the selection process, and overseeing the execution, of new TLDs with sufficient care to effectively eliminate the risk of failure. We believe that the proof-of-concept approach necessarily will rely on legal structures and systems already in place in an effort to facilitate rapid deployment and avoid needless controversy. NSI believes that it will be to the advantage of all Internet users if new, open gTLD registries operate using these basic, current and familiar practices and procedures, thereby avoiding the unnecessary expense and complications for all parties of multiple core procedures. Most of these basic practices and procedures are included in the agreements currently used in connection with .com, .net and .org.

NSI gratefully acknowledges the effort invested by ICANN and all applicants in the process to select new TLDs. We believe that this process will advance the interests of registries, registrars and, most importantly, registrants - or end users. They are, after all, our clients and the reason the DNS exists. The consistent and nondiscriminatory application of such criteria will continue to assure the growth of the Internet, the expansion of the name space and ensure the continued trust and confidence of our clients.

Introduction

This White Paper describes what we believe are "best practices" in business procedures, registry operations and TLD policies based on the experience acquired by VeriSign Global Registry Services in connection with .com, .net and .org. Network Solutions is making this White Paper available to the Internet community in an effort to illustrate how these best practices are used and why they may be instrumental to the continued stability of the DNS, growth of the Internet and introduction of new TLDs.

Since 1991, Network Solutions has been a global pioneer in the development of Internet identification services. We began this by developing a system to register Web addresses ending in .com, .net, .org and .edu; first in connection with the Defense Data Network - Network Information Center and later in connection with the Internet Network Information Center. Currently, NSI is the world's leading registrar with more than ten million registrations, and through VeriSign Global Registry Services operates the registry which is the authoritative database for .com, .net and .org.

The stability of the Internet underlies all of these activities. Therefore, we maintain a principal commitment to the preservation and promotion of the stability of the Internet and recognize that one of the most important elements of this commitment is to ensure operational integrity of all registries. For the following reasons, we believe that the integrity of the Internet in the area of domain names is itself made up of two related, albeit equally important, elements: reliability and performance.

One of the principal reasons that millions of people from every country have decided to obtain domain name registrations, and use the Internet in their daily lives, is that they have come to expect and depend upon the reliability of the DNS. The importance of this systemic integrity cannot be over-estimated. Whether the user is a merchant selling goods in foreign markets, a newspaper reporter describing events of distant cities, a teacher researching the habits of endangered species, or a grandmother sending holiday greetings to her family, hundreds of millions of individuals have come to rely on the DNS as the primary means of identifying places, things and people on the Internet. They simply assume that the DNS is always easy to use, always there and they assume that it always works well and fast. If this reliability were to decline or become unpredictable, users would react immediately. If it were to become a challenge or overly complex to use the DNS, users would eventually abandon the medium. In short, users would resort to the many other ways, on-line or off-line, they have to communicate with each other if the Internet were to fail them.

In order to preserve consumer and user confidence in the Web, the integrity of the DNS and the Internet needs to be of primary concern for ICANN, registry operators and others engaged in providing services to registrars, registrants and all Internet users. Users must have access to a registration system for new top-level domains that is easy to use, works well and works well all of the time. Anything less could result in customer defection and an enormous setback for the Internet.

Reliability alone will not command customer support. Customers want, and require, performance. Poor performance, like a lack of reliability, will drive users away and encourage them to satisfy their needs through other techniques. Performance means that wait times, processing delays and complicated procedures must be kept to a minimum and, wherever possible, eliminated.

For these reasons, the single most critical goal of VeriSign Global Registry Services has been, and is, to preserve and promote the integrity of the DNS, including the root servers for all TLDs and the constellation of name servers which hosts the world's 20 million or more second level domains in .com, .net and .org. Its stability, reliability and performance earn and maintain the trust and loyalty of each one of its users each day. NSI believes that this integrity, and the trust and loyalty that it fosters, must be preserved during the introduction of new TLDs. Because the DNS, and the Internet that it supports, are essentially services that people can choose to use, or not use, providers like registries must earn their customers' trust every single day. And a good job done yesterday counts for little to the customer surfing the Web today. A registry must earn its trust again every single day.

For this reason, ICANN has a critical responsibility to select registry operators capable of managing the introduction and long-term operation of new TLDs. For ICANN to ensure that the Internet's integrity is maintained, it - and the Internet community - needs to understand the functions, activities, costs, and performance criteria that apply to a sound, open gTLD registry. This White Paper reflects what we believe are the best practices of the registry industry and suggests norms that ICANN can apply to the new gTLD registries it approves during this application cycle and in the future.

While VGRS's exact practices may not fit all new registries, NSI believes that anything less than a commitment to, and the capability of providing these standards will undermine the future of both the Internet and ICANN by striking at the foundation of both: preserving the integrity of the Internet. However, no one should believe that reliability or performance could be acquired and maintained without substantial expense. Quite a few organizations and even individuals are capable of patching together the minimum requirements to present a working registry. That is not to say that such registries would preserve the Internet's stability; in fact, many could jeopardize its reliability or performance. The price of reliability and performance is substantial capital and substantial expertise. Any entity that would be a credible candidate to operate a registry must be prepared to commit both.

Business Operations

Maintaining the integrity of the Internet and extending its reach to an increasingly global-reaching audience are of great importance to NSI. Since 1995, it is estimated that the community of Internet users has grown from more than 13 million users to over three hundred million users, and over the next three years, the current number is expected to double to over six hundred million users. Provided that neither its reliability nor its performance is adversely affected, NSI believes that the medium will continue to experience this kind of growth - in users as well as in domain name holders - for the foreseeable future. We are also convinced, however, that any reduction in the integrity of the medium will jeopardize this expected growth.

In order to avoid the defection of dissatisfied consumers and to continue to attract an increasing number of Internet users, new gTLD registry operators should expect that the same reliability and performance standards that currently apply to .com, .net and .org will apply to them. We believe that consumers will demand nearly flawless services, and that it is very unlikely that users will demand anything less than instantaneous, transparent and reliable resolution of their DNS entries.

Providing such a level of reliability has required a major investment by VeriSign Global Registry Services. For example, VGRS now employs 174 professionals who work together to perform at its current standards. And while a new, open gTLD registry may not require exactly the same level of personnel, it will be expected to produce the same results. In other words, it has taken an enormous amount of commitment, both in terms of human and capital investment, to realize simultaneous stability and growth in connection with .com, .net and .org. A new registry would require the same type of commitment to performance.

To date, the enormous popularity of .com, along with the uncertainties that challenge the security of all web-based services, have presented the most significant challenge to managing and maintaining the integrity of the DNS. Despite having increased its daily volume by 500%, VeriSign Global Registry Services has reduced its down time by over 75% in the same period. Performance such as this must be a core part of the commitment made by any significant TLD registry or there will be a loss of confidence in the Internet.

After integrity, the next most important goal that any new registry must achieve is to foster continued growth, in part because it is that growth that will cover the quite substantial costs of providing continued integrity itself. It is apparent to us, however, that the services of a new registry or a new TLD will not sell themselves or generate growth without effort. After an initial, strong, but quite brief, flurry of registrations, any new registry will have to face the reality of over 240 incumbent top-level domains and registries that have both operational and marketplace experience. While there will almost certainly be continued strong growth throughout the Internet, there is no assurance that new TLDs will share in this growth, unless new registries themselves support a major marketing effort that stimulates demand for services among end users.

It is this demand from end users, which is by no means automatic, that will drive revenues derived from any new TLD. But informing and educating the end-user marketplace about the opportunities offered by a new top-level domain will be neither inexpensive nor quick. We anticipate that a multi-year, multi-million dollar marketing campaign will be necessary to support each new TLD after the initial spurt of registrations.

For this reason, it is important that the names or features of the new gTLDs themselves support the marketing process and help stimulate new markets. New gTLDs should appeal to new markets of users who will be attracted to the Internet as a vehicle for communication and commerce; this will make it more likely that new registries will meet their revenue goals.

Customer Affairs; DNS Programs

The goal of this White Paper is to provide ICANN and prospective registry operators with tools developed in connection with .com, .net and .org that may facilitate the efficient introduction of new TLDs with minimal disruption to the DNS. We believe that the integrity of the DNS, and the trust of the entire community of users, will benefit from the use of certain uniform practices and procedures over an extended period of time. NSI encourages ICANN and, where appropriate, other new TLD registries to embrace these models.

VeriSign Global Registry Services' current web site, located at http://www.verisign-grs.com, provides extensive examples of the kinds of resources that any new registry will need to provide to accredited registrars and the public to ensure smooth operation of the system developed under the U.S. Department of Commerce and ICANN. It includes details about the multilingual domain name test bed, access to the gTLD Whois database ("Whois"), publication of the registry-registrar protocol ("RRP"), password-protected services for VeriSign Global Registry Services customers, a description of the Customer Affairs Office and DNS Programs Office, additional information about VeriSign Global Registry Services, and employment listings. Most of these are essential for smooth coordination.

In addition, VeriSign Global Registry Services provides Monthly Reports on performance to ICANN's Domain Name Supporting Organization ("DNSO"). On a monthly basis, certain performance and transaction measurements are presented in statistical form, thereby making it much easier for ICANN, the entire Internet community of registrars and other interested parties to track this data. This is another example of a simple tool whose uniform use by gTLD registry operators would contribute to the long-term development of this nascent industry. Information such as the number of registrars accredited by ICANN, completed SRS releases and daily transaction ranges are recorded. The Monthly Reports submitted in connection with .com, .net and .org are located at http://www.gtldregistries.org/reports.html.

As of September 1, 2000, .com, .net and .org were supported by sixty-two active ICANN accredited registrars operating in thirteen countries around the globe. ICANN has accredited one hundred and thirty-one registrars to register domain names and VeriSign Global Registry Services is working to bring the additional registrars online as quickly and securely as possible. VeriSign Global Registry Services maintains an active liaison effort with each of these registrars.

For example, the Customer Affairs Office is responsible for initiating and maintaining the business and contractual relationship with the accredited registrars. This Customer Affairs department works with newly-accredited registrars to ensure a smooth and quick ramp-up process and is available to help the registrars understand the requirements of contracting and doing business with VeriSign Global Registry Services. After a registrar becomes operational, Customer Affairs remains available to answer questions, as well as assist registrars with ongoing contractual and business issues. Customer Affairs also works with operational registrars to ensure that they comply with the terms of the Registrar License and Agreement. This may involve working with one or multiple registrars to resolve disputes between registrars, or complaints from other third parties.

In addition, twice per year, an outside party is hired by VeriSign Global Registry Services to conduct a customer survey of all operational accredited registrars and to establish a baseline measurement of performance. VeriSign Global Registry Services uses the responses received from the registrars in an on-going effort to improve customer satisfaction.

Any successful new registry will have to support a similar, major registrar liaison group. As the number of accredited registrars continues to increase on a global basis, this relationship management will become even more important to the fluid manner in which registry operations are conducted among many parties.

At a minimum, VeriSign Global Registry Services provides the following items equally to all registrars: maximum number of IP addresses for connecting to the Shared Registry System ("SRS"); the current version of RRP Software Development Kits ("SDKs") and updates; customer support access; access to dispute resolution resources; data to reconcile registration activities; resources to perform basic account management functions; and the absence of algorithms or protocols in the SRS that differentiate among registrars.

Presumably, the equivalent will be expected of new registry operators, as well as the highest standard of customer care. In an effort to preserve the current stability of the DNS and its acceptance among current Internet users, Network Solutions recommends that new TLD registry operators adopt this and the other best practices described in this White Paper, especially while the entire industry proceeds through the proof-of-concept introduction of new TLDs.

In addition to serving its customers (i.e. accredited registrars), a registry needs to play a role in the emerging standards that affect Internet domain name registrations. As an example, the primary function of the VeriSign Global Registry Services DNS Programs Office is to provide support for activities related to the Domain Name System, including developing new DNS-related services and products, supporting the constellation of gTLD servers, promoting DNS protocol development in Internet standards organizations, and consulting on internal and external DNS issues.

Many people mistakenly believe that the essential task of a domain name registry is the compilation of the core gTLD zone file that is used to resolve a domain name to a numerical address. The creation of the file is actually only half of the effort. The other half is its propagation throughout the world and throughout the Internet. Establishing and managing this network of gTLD zone servers, and maintaining its integrity, every minute is a major and costly task.

Providing the highest-level gTLD systems and zone processes is one of the most important responsibilities of VeriSign Global Registry Services. The technical capabilities required to accomplish this are discussed in the next section; the business resources necessary to realize a nearly flawless level of continuous and global resolution service, including personnel in multiple regions of the world and ordinary capital investment in systems hardware and software upgrades, are significant.

For example, the "A" root name server, which currently also serves as a gTLD server, doubled transaction growth in one quarter to over five thousand queries per second with peaks of up to eight thousand queries per second. Though invisible to the end user, the coordination efforts used to make sure that all zone files are propagated properly entail significant planning and constant care. Again, although not all open gTLD registries should employ the exact practices as VeriSign Global Registry Services, all registry operators need to be able to commit to these highest levels of performance and scalability requirements.

Whois Services

Among the most visible services that registries offer are "Whois" services. Since they are relied upon by many people for quite important tasks, Whois services must be highly reliable, scalable and durable. The authoritative Whois service for all second-level domain names registered in .com, .net and .org provides the following information based on the example, verisign-grs.net:

Domain Name: VERISIGN-GRS.NET
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
Name Server: NS.NETSOL.COM
Name Server: NS2.NETSOL.COM
Updated Date: 15-sept-2000

This information is accurate and its availability dependable.

Security

In addition to reliance on a skilled management and staff to execute their respective responsibilities, effective gTLD registries require a highly secure facility to house their main operations. In an effort to expand the current secure facilities, VeriSign Global Registry Services recently leased all of Lakeside II, a 101,875-square-foot office building in Lakeside @ Loudon Tech Center, Sterling, Virginia. It is expected that the .com, .net and .org registry will operate out of this facility no later than November 2000.

Providing physical and logical security for TLD registries is of utmost importance. These requirements also add to the already-significant capital required by a TLD registry operator. The direct correlation between investment in enduring security and the relatively low occurrence of security breaches is an important planning item for ICANN and for new registries. Unfortunately, it seems that the community most likely to pose a threat to TLD registries is, in particular, attracted to gTLD registries. This is another area where new TLD registry operators need to focus both capital and expertise since the importance of providing the highest level of physical and logical security as early as possible cannot be overemphasized.

In this section, we have tried to describe major cost centers used in connection with .com, .net and .org. Our hope is that ICANN and new registry operators will consider the use of these or equivalent best practices in connection with additional gTLD registries, especially in an effort to preserve and promote the stability of the Internet, offer familiar procedures and techniques to their customers and other Internet users and incur minimal disruption to the current DNS. In the following section, technical best practices used in connection with the management of .com, .net and .org are described.

Technical Operations

NSI believes that any applicant interested in operating and maintaining a new gTLD registry must demonstrate that it likely can perform its obligations by showing in its application that it possesses certain technical qualifications. This White Paper presents NSI's technical approach to meeting the quality and performance requirements of a successful gTLD registry, including availability, maintainability, scalability, accuracy, utility, and security. The architecture, operations and management components are also described. NSI believes that any entity proposing to manage and operate a TLD registry must be prepared to provide similar secure, robust and high-performance service.

Shared Registry System

The design of VeriSign Global Registry Services provides for use of the Shared Registration System. Network Solutions developed and implemented the SRS in an effort to accommodate robust competition in the registrar segment, while meeting the need for unified operation of the .com, .net and .org registry. The SRS supports and maintains domain name registrations, DNS server names, IP number information for the servers, and an identifier for the responsible registrar for each domain name. All other data is maintained by the registrar of each domain name or name server.

This proprietary system includes the relational databases, custom registry-registrar protocol interfaces, other technical specifications, and descriptions of the precise features used in connection with .com, .net and .org. We believe that all TLD registries need to have a similar set of conventions in order to provide reliable, predictable and interoperable services. This is, we believe, one of the most challenging items required to manage, maintain and operate a sound TLD registry.

VeriSign Global Registry Services has implemented system hardware, network software and database architecture to provide the following services: Internet services; application and database; operational test and evaluation ("OT&E"); and customer service. Internet services are public Internet infrastructure components that allow public access to VeriSign Global Registry Services, including, for example, Whois services. The application and database components provide the day-to-day processing services, including registration services and corporate support services such as billing and customer affairs dealing with contractual compliance. OT&E includes components that provide an isolated, fully-functional registry interface to support testing and evaluating registrar client software. The environment is also used to test pre-production registry upgrades prior to production deployment. Finally, the customer service components are used by customer service representatives to perform registry data maintenance functions when customers need help. Based on our experience with .com, .net and .org, we anticipate that the market is likely to continue to expect these areas of support and service from all gTLD registries.

Hardware Architecture

The hardware architecture for VeriSign Global Registry Services is segregated into the following areas: network infrastructure, Internet services, applications and database, customer service, and OT&E. These elements are described in more detail in the following paragraphs.

The VeriSign Global Registry Services infrastructure has been designed to account for availability, maintainability, scalability, accuracy, utility, and security. To support these goals, it engages industry vendors who offer: proven solutions that are widely implemented in 24x7 production environments; open, non-proprietary solutions that allow flexibility regarding the use of other vendors' products; a variety of solutions that can be tailored to its unique environment; and a migration path to a larger platform if the need arises.

This approach to the hardware architecture leads to a commercial solution with readily available products from the industry leaders in their specific area. Generally, hardware design is scaled for a three-year projection, which is the technical lifecycle for hardware (i.e. within three years, most computer hardware will have been overtaken in performance). The overall hardware architecture, however, accommodates changes in computer technology and scales with user demand.

Connectivity

For its connectivity segment, VeriSign Global Registry Services requires multiple DS3 connections. These connections are used to configure both the wide-area network and the local-area network ("LAN") in the network architecture. High-capacity routers are used along with fast Ethernet router/switches to configure several virtual LANs within the system. Load-balancing devices are used for load sharing and for balancing high-volume network services to the RRP gateways, Whois servers and Web servers. All firewall systems are hosted on multi-processor UNIX servers. Network connectivity throughout the LAN architecture is provided through switched 100BaseT over CAT5 cable.

We believe that the operational and technical specifications and best practices used in connection with .com, .net and .org offer the security and stability required of all open gTLD operators. Such operations must be prepared to provide services to a global and demanding marketplace 24x7x365.

Internet Services

The Internet services segment of the .com, .net and .org registry resides outside the firewall system and includes multiple DNS servers, mail servers, DNS servers, RRP gateways, Whois servers, and Web servers. All gateways and servers are hosted in a UNIX environment on multi-processor servers. A storage array provides for the registry database and all back-office applications servers. RISC-architecture processors are used with additional megabytes of external cache, additional gigabytes of main memory and multiple input/output channels, which are able to support internal hot-swappable storage and have redundant hot-swappable power and cooling. The enterprise storage system uses a storage array to provide a vehicle that pushes data out to external public servers through a SCSI channel. This architecture permits communication to external networks without compromising security by opening additional holes through the firewall.

The application and database segment has a combination of UNIX servers to support registry applications, and high-speed PC workstations to act as billing servers. VeriSign Global Registry Services uses high-speed PC workstations to support customer service operations, and we configure these commercial workstations as required to support the evolving customer service operations.

OT&E

The OT&E segment provides a test bed for investigating registry issues before going online, as well as a technical verification environment for potential registrars. The test bed has an RRP gateway outside a firewall; all other activities are directed through registry application and database servers with other equipment added as needed. Initial capability is hosted on multi-processor UNIX servers. The OT&E environment does not interact in any way with the live production database system.

To meet the requirements for availability, accurate data from VeriSign Global Registry Services is distributed remotely to a global network of gTLD servers. The system architecture includes protocols and services as well as the database system. The system provides data for all registry products, including zone files, transaction logs and Whois snapshots. The external public services comprise the Whois servers, which manage database queries and the RRP gateways. These gateways provide a protocol interface to registrars and perform the following functions:

• Add - register a domain name or domain name server
• Check - check availability of a domain name or name server
• Delete - delete a domain name or server
• Describe - return the latest RRP version number
• Modify - update a domain name or name server
• Quit - close an RRP session
• Renew - extend the registration of a domain name
• Session - create an RRP session
• Status - query a domain name or name server
• Transfer - transfer a domain name from one registrar to another.

The operations facility used in connection with .com, .net and .org includes the data center, communications room and electrical room. The electrical room houses the uninterrupted power supply ("UPS"), the battery room and the generator to power the UPS in the event of electrical outage. A fuel tank for the generator is available at the facility.

Security

The security plan for the VeriSign Global Registry Services facility includes physical security, computer security, network security, personnel security, and a robust incident response process that facilitates adequate and effective responses to perceived or actual security incidents. The security policies and procedures for the facility are designed to provide the highest possible level of "reasonable" protection.

Security is paramount to ensuring the accuracy and availability of data for the .com, .net and .org registry, and NSI believes that any operator proposing to manage a new gTLD must be required to meet equivalent standards.

The architecture for the .com, .net and .org registry includes several geographically-dispersed sites for backup, redundancy and remote product distribution. Based on our experience, such architecture is critical to the reliable operation of a global gTLD registry.

 

Technical Support

Technical support for users of the .com, .net and .org registry is provided primarily through a help desk that refers problems to technicians who can resolve them. Technical support is provided to registrars for software support, registrar technical support and verification, the registrar OT&E environment, and database support. The systems integration organization provides problem-solving support to the registrars and performs technical verification of the software interfaces between the registrars and VeriSign Global Registry Services. Emergency support services are available 24x7 to support the number and geographic diversity of the registrars. The range of support includes both initial implementations and on-call support if issues arise that affect a registrar's service.

Many benefits to the registry-registrar protocol exist, but perhaps the most significant is the exponential reduction in operational complexity that results as the number of registrars using it increases. RRP software development kits are available on VeriSign Global Registry Services website at http://www.verisign-grs.net as open source software under the GNU Lesser General Public License. All interested parties are welcome to use these SDKs.

In this section, we have tried to describe the best practices used in connection with the operations and the technical management of .com, .net and .org. Our hope is that ICANN and new, open registry operators will consider the use of these or equivalent best practices. In the following section, we discuss various TLD policies used by VeriSign Global Registry Services.

TLD Policy

Network Solutions believes strongly that the integrity of the Internet and the effectiveness of a proof-of-concept phase are enhanced by the implementation of business procedures, technical capabilities and TLD policies that are applied consistently. In particular, policies that are enforced consistently and in a non-discriminatory manner increase continuity and decrease the costs for service providers and thus for consumers, thereby contributing to the overall stability, reliability and growth of the Internet. The proof-of-concept model introduced by ICANN to facilitate the selection of new gTLDs is one example of this approach. NSI believes that the integrity and growth of the Internet in an increasingly competitive environment will benefit most from the cooperative efforts and input of the broadest representation of global users possible.

The aim of policy-making efforts should be to preserve stability, integrity and growth within a consensus among the stakeholders of the Internet. Network Solutions has been on record for quite some time as supporting the careful creation of additional gTLDs and supports the ongoing efforts of ICANN to develop policies related to the new TLDs. In particular, we believe that a level playing field for all open gTLD registry and registrar operators creates the least controversy and disruption of the DNS while contributing most to the ongoing stability of the Internet. This in turn permits registries and registrars to turn their attention to the critical task of attracting new users to the Internet and spurring growth.

The use of the existing practices and procedures or their equivalent for any new, open gTLD is important not just because it creates a level playing field among gTLD registry services, but also because it reduces operating costs for all users and increases the time to market for new gTLD services. Consequently, in order for the proof of concept to proceed as quickly as possible with the least amount of redundant effort and unnecessary expense, new gTLD registry operators should be expected to rely on the procedures and practices developed, tested for and used in connection with, .com, .net and .org.

Basic Standardization

Network Solutions is confident that adoption of these procedures and practices, in other words, basic standardization, will help make Internet end users, gTLD registries and gTLD registrars more certain of the policies underlying all TLDs. While NSI strongly encourages diversity and creativity in many areas related to domain names, especially the addition of gTLDs to the DNS, we recognize the importance of standardization in certain aspects of any maturing industry. For this reason, NSI encourages ICANN to ensure that the registry operators of all gTLDs introduced by ICANN standardize core practices and procedures based on the current successful experience in .com, .net and .org.

The procedures, practices and policies applicable to VeriSign Global Registry Services in connection with .com, .net and .org are the result of the efforts and expense of many individuals over an extended period of time. The documents that embody these results have proven to be convenient, cost-effective and easy to use, important considerations for all end users, registrars and registries.

In addition, the existing contractual templates used in connection with .com, .net and .org embrace standard principles of good business practice, including legally enforceable commitments by all parties. NSI believes that policies involving domain names must reflect a commitment to the protection of the legal rights of the parties involved, including intellectual property rights.

The existing contracts do this and aim to minimize disputes, or, in the event a dispute is unavoidable, enhance their orderly and timely resolution, consistent with the facilitation of dispute resolution and law enforcement. Adoption of these familiar practices and procedures will also result in a satisfied customer base, one not faced with the unattractive alternative of learning and adopting a completely new, untried set of procedures.

Reasonableness

One of the reasons the existing documentation has proven effective in connection with the registration of domain names under the .com, .net and .org TLDs is the reasonableness of the principles underlying them, including, service level requirements, for example. Financial penalties are imposed if VeriSign Global Registry Services exceeds certain thresholds agreed upon by it and registrars. Completion of certain customer transactions is measured each month against these thresholds, providing registrars, registries, ICANN, and other parties tracking information. We believe that all interested parties will be served fairly by an effort to continue to integrate such reasonable procedures and principles into all relevant documentation.

The agreements used in connection with the registration of gTLD domain names, including the ICANN Registrar Accreditation Agreement, NSI Registrar License and Agreement and the ICANN-NSI Registry Agreement ("Existing Agreements"), contain terms suitably generic for use in connection with .com, .net and .org, as well as any other new, open gTLD registry. We believe that the early acceptance of these agreements will help to standardize various functions and policies of gTLD registry operators while supporting the development of business models that may differ from the current registry.

NSI supports the current policy to allow all registrars to set their own prices for domain name registration services. This policy is the cornerstone of the effort to foster market-driven competition for domain name registration services. Registrars are free to bundle registrar services with other products, enhancing the possible benefits to consumers and having a positive effect on the ease of registering domain names on the average consumer. The net effect is to encourage innovation which tends to attract a greater number of participants onto the Internet.

A fundamental aspect of stability of the Internet is that universal and durable connectivity should be preserved so that domain name holders have reasonable assurances that their domain names will resolve to IP addresses of their host computers, even in the event of a business failure of, or other problems with, a registry or registrar. The Existing Agreements protect consumers by setting forth standards for the protection of personal data collected by accredited registrars. They require participation by accredited registrars in a uniform dispute resolution policy, assuring fair and equitable treatment through binding arbitration by independent and international arbitral entities for disputes that arise over intellectual property and domain names. The Existing Agreements also provide for the funding of ICANN's operations through fees collected from registries and accredited registrars. We believe that all of these structures, or their equivalents, should be employed in connection with any new, open gTLDs.

The use of procedures and standards that have already proven successful in connection with .com, .net and .org will greatly reduce costs and accelerate the collection of experience that ICANN has already initiated and allow it to make better and more informed decisions on a comparative basis in the future. This would further reduce delays and start-up costs and effectively focus the registries on developing and introducing new end-user services, rather than reinventing pre-existing and proven procedures and standards. Over the long term, NSI believes that guidelines such as those introduced in the Existing Agreements will be of value to the Internet community in encouraging sound business practices, promoting meaningful competition and protecting the stability and integrity of the Internet.

Dispute Resolution

As one example, NSI recognizes that the Uniform Dispute Resolution Policy ("UDRP"), which since going into effect on December 1, 1999, has been used to resolve more than 1700 proceedings involving approximately 3000 domain names, is one innovation to come out of the domain name registration policy-formation process. More than 1000 proceedings have been disposed of by a decision, including close to 800 involving a transfer, 15 involving a cancellation and more than 200 involving a decision for the registrant.

The UDRP is an example of the benefits of soliciting the input of a wide representation of the Internet, including the intellectual property and civil liberties communities, registrars, registries, governments, international organizations such as the World Intellectual Property Organization, and others. NSI believes that a similar opportunity exists in connection with the introduction of new TLDs, and, in particular, during the start-up phase of the registration of domain names in such TLDs. More than at any other time, when a new, open gTLD begins to accept registrations, a potential for misuse of intellectual property arises. This exceptional circumstance calls for an exceptional response by ICANN, which we support fully.

Conclusion

In conclusion, Network Solutions, Inc. recommends the adoption of best practices that balance minimal restrictions with maximum consensus, and believes that the best practices discussed in this White Paper effectively aim to accomplish this goal. In doing so, they will both preserve the integrity of the Internet and contribute to its continued growth.