CORE is submitting an application to ICANN in this proceeding as a Sponsoring Organization for the .nom TLD and as a Registry Operator. CORE is submitting a detailed Section D as part of its .nom TLD Application. The MDMA believes that the information contained in CORE’s responses to the Section D questions in the .nom TLD Application will provide very detailed information to ICANN about its abilities to provide the registry operator services for the ..museum TLD.

MDMA’s responses contained herein may direct ICANN and interested participants in this process to additional information that may be found in CORE’s responses to questions in Section D of the .nom TLD Application, submitted to ICANN under separate cover.

E-mail address: tldapp@corenic.org
 
 

Note: CORE is an association whose members have their own marketing and customer service functions. CORE's members have offices in 20 countries on 4 continents and interact with customers in over 19 languages. (Please see attached.)

CORE's current membership qualification criteria are the same as those currently used by ICANN for registrar accreditation

CORE shared registry System (Düsseldorf, Germany): 5 staff provided by CSL GmbH

CORE Secretariat (Geneva, Switzerland): 5 staff provided by Axone SA

For the sake of comparison to existing gTLD registrars with centralised business models, CORE has made an approximate count of CORE member staff concerned with domain registrations via CORE. The approximate aggregate number of number employees concerned with CORE registrations is 200.

For the CORE-Registry operations, a directly employed staff of 10 is to be built up prior to launching its first TLD. This staff will partly be newly hired and partly be seconded from members of the Association.

Mr. Ken Stubbs, Chair

Dr. Jonathan Robinson, member of Executive Committee

Mr. François Luc Collignon, member of Executive Committee

Mr. Hal Lubsen, member of Executive Committee

Ms. Rosa Delgado, member of Executive Committee

Mr. Robert F. Connelly, member of Executive Committee

Mr. Werner Staub, member of Executive Committee and Head of CORE Secretariat

Siegfried Langenbach, Head of Shared Registry System (SRS) Operation and Development

Christoph Schiffer, SRS Operation and Development, Back-end systems

Marc Baradez, CORE Secretariat

Radek Maturana, CORE Secretariat

Cary Karp, Director

Department of Information Technology

Swedish Museum of Natural History

Svante Arrheniusv. 3

Box 50007

104 05 Stockholm

Sweden

Email: ck@nrm.se

Phone: +46 8 5195 4055

Fax: +46 8 5195 4235

2) J. Paul Getty Museum:

Kenneth Hamma, Assistant Director

The J. Paul Getty Museum

1200 Getty Center Drive

Suite 1000

Los Angeles, CA 90049-1687

Email: khamma@getty.edu

Phone: 310-440-7186

Fax: 310-440-7752
 
 

Please contact either or both of these individuals and they, in turn, will contact the appropriate individuals at CORE.
 
 

- World class telecommunications companies (Cegetel, France Telecom, Deutsche Telekom, KPN, Saritel/TelecomItalia, Telia, Colt Telecom);

- Highly specialised domain name registrars, a large number of whom are already ICANN-accredited;

- ccTLD registry operators (in particular DENIC, the largest registry after .com with over 3 million domains under .de; NIC-SE concerned with ..se; DKNIC concerned with .dk);

- Internet Service providers;

and

- a standards organization (ETSI European Telecommunications Standards Institute). ETSI is the forum for key standards such as GSM and UMTS, and one of the four members of the ICANN´s PSO.

The co-operation of members through the CORE framework is limited to areas where shared resources are technically necessary. The shared resources are developed and managed by way of multi-lateral consensus building and fair sharing of costs.

CORE is committed to contribute to the convergence of shared registry protocols and concepts. However, CORE does not feel that the current RRP is an appropriate working basis. CORE is looking forward to work on a common shared registry protocol with ccTLD registries and new and existing gTLD registries, within the ITEF framework.

Value-added service by member registrars can be built upon instruments provided by the registry, such as the ability (available equally to all member registrars) to store optional information in the registry: PGP Public Keys, Personal Ids …etc.

As a Registrar organization, CORE is committed in contributing to converge on shared registry protocols. There is reason to expect productive dialogue between registries and registrars in this area as soon as the TLD application period ends. CORE will ensure that members can operate in compatibility mode and work with the registrar community at large to develop next generation protocols. There is a widely held view within CORE's membership that new protocols should give due consideration to recent standards such as XML and be developed on the traditional "rough consensus, running code" philosophy.

Before initiating registry operations, the association intends to split into a Registrar and a Registry. Under the current working hypothesis,this will involve the creation of a new association to which the assets and liabilities related to registry operations are transferred.

The CORE Registry will also be a not-for-profit Association under Swiss law.

The CORE Registry will also have its Secretariat in Geneva, Switzerland. It is also expected that the main Registry Database will be hosted in Geneva. Additional database sites and points of presence may be located elsewhere.

The IAHC process preceding the launch of CORE

The gTLD-MoU formalised an open public consultation process launched at the initiative of the Internet Society (ISOC), the Internet Assigned Numbers Authority (IANA) and the International Telecommunication Union in response to the explosive growth of the DNS. The need for additional top-level domains was also felt in the context of the full monopoly held then by Network Solutions, Inc. on the registration of generic top-level domains. The need to specify an alternative was also felt because the contract between Network Solutions Inc. and the US National Science Foundation wasdue to expire in March 1998.

The consultation process leading to the gTLD-MoU and subsequently to the creation of CORE was organized through an ad-hoc multilateral committee called IAHC (International Ad Hoc Committee) composed of representative appointed by ISOC, IETF, IAB, INTA and the International Telecommunication Union.

The IAHC recommended the addition of 7 new Top-Level Domains to be managed in the public trust by a newly created shared registry to be called CORE Internet Council of Registrars. It specified the framework under which was to be set up including the gTLD-MoU, the CORE-MoU to be signed by all CORE members, the draft Articles of Association and Regulations of CORE, CORE's legal form as a Swiss not-for-profit Association, the membership criteria for CORE, the independent membership qualification approval process, the independent Policy Oversight Committee for CORE and the seven new TLDs to be managed by CORE. These specifications were published before companies could apply for membership.

Development of a scalable shared registry system

During the second half of 1997, 88 membership applications were approved. After the formal creation of CORE in October 1997, CORE started to build a shared registration system in 1997 in order to be ready for registrations by February 1998. This first version of an automated shared domain registry system based on the principle pre-payment was tested by a large number of CORE members.

In the context of CORE's ICANN registrar accreditation and selection in 1999 as a Testbed registrar for the newly shared .com/.net/.org registry, this system was adapted to operate as a shared registrar system.

At the time of writing, CORE's shared registration system handles over 800,000 domain names. Over 30 CORE members participate as so-called reselling members in CORE's current role of ICANN-accredited registrar.

CORE's current shared Registrar System is a variant of the second implementation of its SRS design. Both implementations of the CORE SRS have originally been developed as a full-fledged registry system.

The CORE SRS version used for .com/.net/.org is based on the second implementation of the CORE SRS developed in 1999. The interconnection with the NSI Registry took place in the framework of the NSI shared registry testbed for which CORE was selected as a "testbed registrar" by ICANN. It is important to point out that technically, a shared registrar system to be kept in synchrony with a "dorsal-spine-only" shared registry is more complex than a standalone registry. Moreover, CORE's work on the NSI interconnection could only start in June 1999 as NSI had not previously published its RRP protocol and at that time required a non-disclosure agreement and a performance bond before supplying any information.

Additional plausibility-checking, automated archiving and the SRS team and the CORE secretariat run verification tools. These systems are updated and improved continuously.

Despite its generally decentralized organizations, CORE relies on certain centralized verification mechanisms, such as those involved in domain holder changes. Experience with these mechanisms is key for CORE's proposals for distributed enforcement and verification mechanisms with a central audit electronic trail.

The biographies of the current executive committee members are attached. As a result of the projected separation of CORE's registrar and registry functions, the composition of the Executive Committee in charge of the registry at the start of operations may be different.

Also attached are biographies of several managers and technical experts who have already been identified as candidates who would be seconded by CORE members. CORE expects additional commitments from CORE members in the near future. For reasons of personal privacy and because the CORE membership at large has something to say in the choice of the candidates retained, the names are not for publication at this stage.

Given the immediate need for specialized managers and technical experts, CORE will primarily draw on membership resources to build the first nucleus of the Registry team. This will be based on seconding arrangements with members with a minimum duration of 1 year for senior positions and three months for junior positions.

As pointed out under 13.1.7, the attached CVs are not for publication at this stage for privacy and due process reasons.

A new policy is to be negotiated for the CORE Registry as soon as its separation from the CORE Registrar is complete.

This principle in many ways implies what products and services the registry operator offers to members and indirectly to end-users.

For historic reasons, the CORE association is currently active as a registrar for .com, .net, .org registrations. Given many members' and end-users' reliance on these functions, there is a need to continue these operations as a shared registrar. The shared registrar will therefore be separated from the newly created shared registry operator and may become a member of the latter.

The membership qualification criteria currently used by CORE is in principle identical to those practiced by ICANN for accreditation except that CORE accepts supporting documentation in several additional languages. It is expected that after the split the CORE Registry would continue to relay on member qualification criteria equivalent to those used by ICANN. Indeed, as explained in the S.O Proposal, CORE favors a gTLD wide ICANN Registrar accreditation program.

For registration in the .museum TLD, the registrar has to sign the policy document and be approved by the MDMA. The MDAM approval concept and the related registry access privileges may be differentiated by type of operation Additional information on MDMA’s policy on registration are found in section E of this proposal .

The registry in principle trusts its registrars and their due diligence in authenticating end-users. The registrars have the professional responsibility of submitting well-formed requests to the registry after reasonable verification as can be expected of a professional registrar in the specific circumstances. Failure to act professionally can lead to the member registrar being barred from certain transaction by decision of the registry operator or the MDMA.

Certain transactions, such as registrar transfers, are placed under cross-verification, random verification or systematic screening regimes.

User authentication by registrar

The responsibility to authenticate users is placed on the registrars. Thanks to this principle, registrars can compete in terms of quality of service and the overall concept becomes scalable. This principle does not exclude designs where registrars place customers' digital certificates or other verification resources into the central registry database for additional security.

If pre-screening is used and administered through the MDMA, the member registrar has the responsibility of submitting adequately pre-verified requests that can reasonably be expected to pass the screening hurdle. This is essential to keep the screening costs low and avoid irritation of end-users.

The registrars in turn interact with the public and/or with resellers. Depending on the model used for chartered TLDs, additional services may be provided in interaction with specific bodies designated by the MDMA (e.g. pre-screening mechanisms).

Types of information stored by the registry

Note: the technical plan contains a detailed description of information resources managed by the registry.

Domain, name server, holder, contact, and maintenance information

The array of registration services provided is significantly larger than that of the current .com/.net/.org shared registry. CORE Registry will not only host domain and name server information, but also domain holder contact and maintenance information, or agent for contacts information.

Additional records

Moreover, additional information required by the MDMA could also be stored in the registry. As the registry evolves, additional value-added records (such as public key certificate IDs or key fingerprints) may be stored in the registry by the registrar at the request of the end-user.

Direct pointers

From a technical standpoint, the registry has the ability of maintaining direct pointers to hosts, eliminating if need be the delegation via additional name servers managed by third parties.

Electronic document storage

In the context of some transactions, registrars can store electronic copies of supporting documents in the registry and reference them from within the domain or contact records.

Information to the end-user provided via the registrar

The registrar is the end-users partner for registration, but also for providing status information on the registration where the data cannot be published for privacy or other reasons. Data that is not published on the public Whois service can be checked through the maintaining registrar.

Cross-verification mechanisms

In the event that a domain holder wishes to perform a registrar change or wishes to check the data lodged in the registry without going through the maintaining registrar, a cross-verification mechanism is used. This mechanism is based on automated central procedures used to ensure that another registrar can only access a customer's information after having been specifically instructed.

An example of such a mechanism is the registry sending, at the request of Registrar B, a one-time password to the recorded customer address. The customer then can give this password to registrar B and obtain confirmation without having to go through the maintaining registrar A. This mechanism illustrates how important it is to store customer contact information centrally in order to foster competition between registrars.

Whois service

CORE will operate a unified Whois service i.e., contrary to the current concept use for .com, .net and .org, users can find all the data on the central Whois service. The Whois is run on several machines independent from the registry database. They only provide information that can be shown in line with policies, ICANN guidelines and applicable privacy legislation as set forth in the registration policy.

For performance and availability reasons, CORE will eventually operate several Whois servers on different locations providing information on all the domains registered.

As the Whois servers are separate from the registry database, updates are sent from registry back-end system to the Whois server whenever a change is made. A given domain or contact record will thus show in the registry within 30 seconds. This technology has been successfully used on the CORE registrar Whois server and has performed well for over 1,500,000 domain, contact and host records managed by the current SRS used for CORE's registrar activity.

Some specialized servers will be provided to facilitate pre-registration check queries, i.e. queries whose purpose is to verify if a domain is still available in the registry.

Third parties with legitimate interests

The SRS has the ability to administer, on a granular basis, information requests from third parties with a legitimate interest. In this context, it keeps track of the requests and the information provided. The requests are administered by the maintaining registrar whenever possible. Based on automated cross-verification and supervision by the registry, it is possible to process request involving several registrars in a single request.

The policy of providing information to third parties is subject to the registration agreement, registration policy and the applicable privacy legislation.

The registrar competition model organized by the registry can be regarded as a service to the community at large.

The registry manages the mechanisms for transfers of domains betweenregistrars at the request of the domain holder. This procedure is different from the one known as "change of sponsoring registrar" in the current ..com/.net/.org registry in as much as the registry holds all the domain holder, contact and maintenance information. This provides additional security against accidentally or maliciously initiated transfers affecting data protection.

Outside Sponsoring Organization

The underlying registry-level revenue model is separate from the MDMA revenue model.

The registry-level revenue model is based on cost recovery whereas the MDMA will define its own model based on its own role and process.

MDMA pre-finances the adjustments needed to the CORE SRS to accommodate the specific processes required. Once the registration phase begins, the financial flows are based on the pre-payment principle as follows:

MDMA-based pre-screening model

The CORE Registry SRS is being designed to accommodate pre-screening functions performed by outside organizations or individuals appointed and funded by the MDMA. The cost of effective formal pre-screening is normally a multiple of cost of the registry operations.

As soon as a registration is performed, the member registrar's prepayment account is debited. Unless otherwise mandated by the registration policy, no refund takes place if the MDMA’s screening framework rejects the registration. (This principle encourages the submission of well-formed and carefully prepared applications). At regular intervals, the MDMA's portion of registration fees is wired to the MDMA.

MDMA-based post-screening model

The model used in this case is identical to the pre-screening model at the moment of registration, but may involve adjustments when records, deleted, put on hold, cross verified etc.

The charge to the registrar would include the cost-recovery for the Registry operator and the MDMA, including verification costs for acceptance of the application. The renewal process will further be linked to the re-verification of registration data.

Disincentive and special cost recovery charges

Disincentive charges are not designed to have a significant influence on the revenue stream. These charges may be used to manage resource bottlenecks or unexpected high demand for services that would usually be provided free of charge. This business plan does not take into account these charges. Examples of disincentive charges are fees charged to registrars for avoidable repetitive queries in excess of a set limit or ratio. Special cases are fines for accidental registrar transfers and similar problems.

Special cost recovery charges allow the registry to cover the expenses needed for special verifications and actions. They are not expected to have a significant impact on the Registry's financial results because their purpose is precisely to compensate possible perturbations. The idea behind special cost recovery charges is to be able to keep the price low and ensure that considerate customers to not have to pay for those who cause unreasonable costs. Examples of a special cost recovery charge are those applying forre-authentication, for complaint registration or for trademark protection requests (exclusion mechanism).

The CORE registry operator will gradually increase the number of languages in which central information is provided. The current CORE secretariat can currently support members in 5 languages, which in turn facilitates members' outreach in their respective environments. Members will be able to contribute the creation of central multilingual information resources.

Given the fact that CORE has an existing shared registry system and an ongoing registration operations through members, the additional requirements for financial resources can be met through existing funds and equal contributions from new members. The financial requirements for a restricted TLD such as .museum are expected to be relatively low compared to high-volume TLDs.

Technical

CORE principal technical resource is its shared registration system (SRS) and the TLD servers. CORE will obtain housing and connectivity from members at market prices based on flexible contracts reflecting actual usage.

The projected physical plant is composed of a main SRS installation located at a protected co-location site with high-end hardware and network installations. A back-up site is to be hosted by a CORE member as is currently the case. The connectivity available through CORE members is virtually unlimited.

The TLD servers will be distributed and based on a staggered implementation plan. Initially, bandwidth and capacity requirements are modest as long as volume is low.

Staff

CORE expects to have 10 staff working for registry activities (including .museum) in various managerial, technical and clerical capacities. This seems credible based on CORE's current