|
.NET Application Form |
RFP Part 1: General Applicant Information
1. Name and Address fields
The full legal name, principal address, telephone and fax numbers, and e-mail address of the applicant, and the URL of its principal World Wide Web site. Additionally, each applicant must provide the Application Deposit Receipt Number issued to the applicant upon ICANN's receipt of the wired funds for the application deposit.
| Organization Name: |
| |
| Address: |
| |
| Telephone: |
| |
| Fax: |
| |
| Email: |
| |
| Confirm Email: |
| |
| URL: |
| |
| Application Deposit Receipt Number: |
| |
2. Applicant's Business and Other Associated Activities
Provide a general description of the applicant's business and other activities currently or expected to be associated with the services described in this RFP.
| ||
3. Directors, Officers and other Key Staff
Provide the full names, positions and the qualification and experience of each of the following persons:
|
(i) the person or persons who will have direct
responsibility for the business operations of the registry, | ||
| ||
|
(ii) each person in the chain of command with decision
making authority from that person or persons to the principal executive
officer of the applicant, | ||
| ||
|
(iii) the top two financial officers of the
applicant, | ||
| ||
|
(iv) the person with the principal technical
responsibility for the operation of the registry, | ||
| ||
|
(v) each other executive or management person of the
applicant who will have significant policy making or operational influence
regarding the registry operations, | ||
| ||
|
(vi) all directors or persons with equivalent positions
for non-corporate entities, and | ||
| ||
|
(vii) identify any persons or entities who own or will own
or otherwise control, directly or indirectly, 5% or more of the
outstanding voting power held by all persons or entities entitled to
participate in the election (or other selection) of the applicant’s board
of directors or other governing body. | ||
| ||
|
The independent evaluators may seek additional information from applicants regarding the qualifications of personnel if deemed necessary. | ||
4. Applicant Organization Type
Provide the applicant's type of entity (e.g., corporation, partnership, etc.) and law (e.g., Denmark) under which it is or will be organized. Please state whether the applicant is for-profit or non-profit. If it is non-profit, please provide a detailed statement of its mission. Applicants should be prepared to submit articles of incorporation, or other similar organizational documents later in the evaluation process.
| ||
5. Number of Employees
Provide the number of employees currently employed by the applicant or to be employed concurrently with a selection as the successor registry operator.
| ||
6. Contact Person
Provide the name, telephone and fax number, and e-mail address of person to contact for additional information regarding this application. If there are multiple contacts, please list all their names, telephone and fax numbers, and e-mail addresses and describe the areas as to which each should be contacted.
| ||
RFP Part 2: Technical and Financial Information
The criteria by which the applicants will be evaluated are set forth below. Each criterion is labeled as either absolute or relative. Diagrams, charts and other similar material may be submitted in response to specific provisions where so indicated in the RFP as posted.
1. ICANN Policy Compliance
Criteria: The successor .NET registry operator must comply with all existing consensus policies of ICANN and must agree to comply with all future consensus policies of ICANN. This is an absolute criterion.
Describe in detail your method for implementing ICANN's Inter-Registrar Transfer Policy.
| ||
2. Equivalent Access for Registrars
Criteria: All ICANN-accredited registrars must be allowed to qualify to register names in .NET. The registry operator must treat all registrars that have qualified to operate as .NET registrars equivalently. This is an absolute criterion (except as described below regarding languages).
(a) Describe in detail your methods of providing registry services on an equivalent basis to all accredited registrars having registry-registrar agreements in effect. Your description should include any measures intended to make registration, technical assistance, and other services available to ICANN-accredited registrars in multiple time zones and multiple languages. Please include in your description the languages that you agree to support if you are selected as the .NET registry operator. Support in English is an absolute criterion. Support in additional languages is a relative criterion. In addition, describe the Registry Code of Conduct and other commitments you propose to make to ensure that all such registrars receive equivalent access to registry services. In preparing your response to this item, you may wish to refer to Appendices H and I of the registry agreements ICANN has entered into for other unsponsored TLDs (e.g., .biz, .com, .info, .name, .org and .pro).
|
(b) VeriSign, Inc., the current operator of the .NET registry uses a registry-registrar protocol (RRP) documented in RFC 2832. At the time of the transition, the selected successor operator will be required to continue to support the RRP (unless a migration of registrars in .NET to another protocol has already been completed by that time). In addition, the selected successor operator will be required to implement support for Version 1.0 of the Extensible Provisioning Protocol as specified in RFC's 3730, 3731, 3732, 3733, 3734, and 3735. Provide a detailed description of your plan for supporting RRP at the time of transition, for supporting EPP 1.0, and for providing registrars with a smooth, low-cost migration path from RRP to EPP.
| ||
The applicant's response to Part 2, Section 3 will remain confidential to ICANN and the independent evaluators. ICANN will use reasonable efforts to avoid publication or release of this information, but in no circumstance will ICANN's liability for any release of this information exceed the amount of the application fee.
3. Registry Operations
Criteria: The successor .NET registry operator must provide name registration within the time specified in the Appendix D to the existing .NET registry operator agreement. This is an absolute criterion. The ability to provide additional registry services and/or the ability to provide name registration faster than the specifications on Appendix D are relative criteria. An assessment of this ability will include the evaluators’ assessment of the factors described below.
(a) Provide a full description of all registry services you propose to provide and demonstrate your technical and legal ability to provide them, including your prior experience offering these or similar services. If you propose to offer any registry services that you believe are not now offered, include for such services your assessment of the benefits and burdens associated with such new services, as those benefits and burdens apply to registrants and registrars. In addition, describe the technical components and aspects of the planned registry services, and how you will support the same.
|
(b) To enable the evaluators to assess your capability (both technical and financial) to deliver the registry services you propose to provide, please include the following information:
|
(i) A detailed description of your current business
operations, including (A) core capabilities in registry/database and
Internet related operations and (B) the services and products you
currently offer, with data on how long you have offered them on the
current scale. To the extent this description does not fully capture your
ability to provide the registry services you propose to offer, add the
appropriate supplementary information to fully describe that
ability. | ||
| ||
|
(ii) Whether you currently provide any domain name
registration services and describe such services. | ||
| ||
|
(iii) A description (including location) of facilities
(including available network capacity) available to house staff and
equipment necessary to operate the registry. | ||
| ||
4. Revenue and Pricing Model; Financial Strength and Stability
Criteria: Each applicant must demonstrate sufficient financial strength and stability, based upon its existing financial condition and its proposed business model for operation of the registry, to provide reasonable certainty that it will be able to fulfill its obligations over the life of the .NET registry agreement. This is an absolute criterion. In building their financial and pricing models, applicants should assume that the following fees will be payable: (i) an annual fee to ICANN of US$132,000 for the first year, increasing by no more than 15% each year thereafter and (ii) registry-level transaction fees totaling non-refundable amounts of US$0.75 for each annual increment of an initial domain name registration and US$0.75 for each annual increment of a domain name re-registration registered by a registrar (in addition to preexisting fee obligations payable annually by registrars to ICANN), to be allocated equally to the following three purposes: (a) a special restricted fund for developing country Internet communities to enable further participation in the ICANN mission by developing country stakeholders, (b) a special restricted fund to enhance and facilitate the security and stability of the global Internet’s system of unique identifiers, and (c) general operating funds to support ICANN's mission to ensure the stable and secure operation of the global Internet's systems of unique identifiers. The per-name price charged to registrars is a relative criterion, with lower committed prices being preferable to higher prices.
All applicants should note that registration fees paid to VeriSign prior to the actual transfer of operational responsibility will not be transferred to a subsequent registry operator.
(a) Provide the following financial statements for the applicant (or, if the applicant is a wholly owed subsidiary of another entity, for the applicant and such other entity on a consolidated basis): three years of financial statements (including balance sheet, income statement, cash flow statement and statement of stockholders’ equity), audited by an independent accounting firm and prepared in accordance with either U.S. generally accepted accounting principles or the International Accounting Standards. Applicants who do not have such audited financial statements may substitute such other information and statements about their operations that are reasonably equivalent to such financial statements. The independent evaluators will be responsible for determining whether such information and statements are sufficiently equivalent to allow the evaluators to conduct an evaluation of the applicant’s financial strength comparable to the evaluation conducted on those applicants who do submit the requested financial statements.
|
(b) Provide the applicant's business plan for the operation of the registry, including:
|
(i) a detailed description of all revenue or commercial
benefit to be derived from or related to your operation of the registry,
including but not limited to details of the expected or anticipated
revenue and the assumptions about prices charged for services to be
offered, and anticipated demand for those services at high, medium and low
levels; | ||
| ||
|
(ii) staffing model, showing the number and types of
employees needed at the various levels of demand and the expenses
associated with that staff. Include information on (A) applicant’s hiring
policy and training programs (for both new and continuing staff), (B)
staffing level to handle both expected and unexpected volume levels, and
react to unplanned outages, infrastructure vulnerabilities and security
breaches and (C) customer service staff to support on a 24 hour basis in
multiple languages; | ||
| ||
|
(iii) expense model, incorporating both the staffing
expenses described above and all other anticipated expenses of the
operating the registry; | ||
| ||
|
(iv) property, plant and equipment
budget; | ||
| ||
|
(v) a projection for the sources and uses of cash, showing
the applicant's current cash available and the sources of cash available
to applicant in the future to fund operating and capital
expenditures. | ||
| ||
5. Technical Competence
Criteria: The .NET registry operator must meet the specifications of the current .NET registry contained in the following sections of the current .NET registry agreement listed below (if a “thick registry” model is being proposed by applicant, the specifications for the current .org agreement, rather than the current .NET agreement, shall apply in the case of Appendices O, P and Q). This is an absolute criterion. The degree to which applicant’s proposal commits applicant to exceed these specifications shall be relative criteria:
Appendix C.4, Name server Functional Specifications
[[Note to evaluators regarding all appendices: Enclosed are DENIC's suggestions for appendices C 4, C 5, D, E, O, P, O and R. DENIC is also open to discuss modifications of the other appendices of the existing .net agreement (e.g. C 2, C 3) in negotiations with ICANN.]] [[Note to evaluators: Please note that this list differs from the list of documents currently updating 1034 and 1035 since some of those do no longer have practical relevance (DNSSEC 2065, 2535) or do not apply to either name servers in general (1101) or to the particular registry system architecture (NOTIFY, IXFR, DynUpd). DENIC is aware of the fact that certain aspects of the current set of DNS specifications are subject to discussion and review within the responsible IETF working group(s). DENIC is prepared to actively contribute to the protocol development process. Should DENIC facilitate, endorse or support DNS software development or produce such software on its own, DENIC will ensure to the extent possible that such software be compliant to then state of the art IETF standards and be subject to interoperability tests.]] .NET REGISTRY AGREEMENT: APPENDIX C 4 NAME SERVER FUNCTIONAL SPECIFICATIONS Name servers operated by DENIC for the NET TLD shall conform to STD 13 (currently RFC1034, 1035) as amended and/or clarified by RFC2181, RFC2308, RFC2671, RFC3596, and RFC3597 where applicable. In addition, DNSSEC support will be based on the specification that passed the IESG on September 27, 2004. RFC numbers have not yet been assigned and the Internet Draft names are not to be cited. |
Appendix C.5, Patch, Update, and Upgrade Policy
.NET REGISTRY AGREEMENT: APPENDIX C 5
PATCH, UPDATE, AND UPGRADE POLICY
Any release provided by DENIC will have a dotted schema: that of a major
number, a minor number and a patch level (X.Y.Z)
* The first integer (X) is the major version number. Change in the major number
indicates a significant change in the software features
* The second integer (Y) is the minor version number. Change in the minor
number while the major number stays the same indicates a change that introduces
noteworthy new features.
* The third integer (Z) is the patchlevel, which can consist either of a single
patch or several patches. A change of the patchlevel - while the minor and
major numbers remain unchanged - indicates a change that does not introduce
anything new but fixes bugs. Patches do not require changes to the client
applications developed by the registrars.
DENIC, in its sole discretion, will deploy patches during scheduled and
announced Shared Registration System maintenance periods.
For Updates and Upgrades, DENIC will give each registrar notice prior to
deploying the Updates and Upgrades into the production environment. The notice
shall be at least sixty (60) days, except that if ICANN's registry agreements
with all other unsponsored TLDs provide that the operators of those TLDs will
provide at least ninety (90) days' notice, then DENIC will provide at least
ninety (90) days' notice. Such notice (whether 60 or 90 days) will include an
initial thirty (30) days' notice before deploying the Update that requires
changes to client applications or the Upgrade into the Operational Test and
Evaluation ("OT&E") environment to which all registrars have access. DENIC will
maintain the Update or Upgrade in the OT&E environment for at least thirty (30)
days, to allow each registrar the opportunity to modify its client applications
and complete testing, before implementing the new code in the production
environment. |
Appendix D, Performance Specifications
.NET REGISTRY AGREEMENT: APPENDIX D PERFORMANCE SPECIFICATIONS DENIC complies to the following SLA metrics: Total Registry Outage per Month: 6 hours Unplanned Registry Outage per Month: 3 hours Unplanned Registry Outage per Year: 9 hours Planned Registry Outage per Week: 2 hours Unplanned Registry Outage (per event): < 90 minutes Major Upgrade Outage: 6 hours (twice per year) Check Domain Average: < 100 ms (excluding round trip time) Add Domain Average: < 300 ms (excluding round trip time) Average Update Latency of Dedicated Public whois: Less than 1 second Notes: * Two "Major Upgrades" per year are allowed, each of which may last 6 hours. * Registry Operator and ICANN will discuss in good faith addition of appropriate metrics for name server packet loss and round trip times. * Planned Registry Outages: 2 hours per week and no more than 6 hours per month * Unplanned Registry Outage per year implies a 99.9% availability of the registry service * Update latency is valid for more than 98% of the updates; max. latency of 1 minute for 99.999% of the updates In addition, Registry Operator offers the additional Performance & Support Specifications illustrated in Figure 1 as SLAs. |
Appendix E, Service-Level Agreement
.NET REGISTRY AGREEMENT: APPENDIX E
SERVICE LEVEL AGREEMENT (SLA)
Registry Operator strives to provide a world-class level of service to its
customers. This Service Level Agreement provides metrics and remedies to
measure the performance of the .net registry and to provide accredited and
licensed registrars with credits for certain substandard performance by
the .net registry under the parties' registrar License and Agreement.
(A) Definitions
1) Calendar Day - a calendar day is the timeframe from midnight to the
following midnight, beginning and ending at 00:00:00 Universal Time Coordinated
(UTC). Each day counts as a calendar day, including weekends and public
holidays.
2) Calendar Week - a calendar week is the timeframe of seven days from the
first calendar day of a week to the last calendar day of that same week. The
first calendar day of a week is Monday, the last calendar day of a week is
Sunday.
3) Calendar Month - a calendar month is the timeframe from the first calendar
day of a month to the last calendar day of that same month.
4) Planned Outage - a planned outage shall mean a pre-announced occurrence when
a part or all of the Registry Service (RS) will be taken out of service for
maintenance or care.
5) Major Upgrade Outage - a major upgrade outage shall mean an additional
planned outage of extended duration for major systems or software upgrades.
6) Unavailability of Registry Service (RS) - unavailability of the registry
service shall mean that the registry service is not operational. The registry
service is not operational if either:
a) a registrar cannot successfully establish a session with the RS gateway;
establishing a session with the RS gateway shall be defined as:
1) Successfully complete a TCP session start
2) Successfully complete the SSL authentication handshake
3) Successfully complete the registry registrar protocol ("RRP") command and
respectively EPP.
b) the registry does not complete check and add domain commands according to
(B) 4).
Notwithstanding the foregoing a planned outage, a major upgrade outage, or an
outage due to a force majeure does not count as RS unavailability. Neither does
it count as RS unavailability, if the inability to complete said actions is
caused by problems outside the responsibility of .net registry.
7) Availability of Registry Service - availability of registry service shall
mean that .net registry is not in a state of unavailability as defined in (A)
6).
8) Registry Service (RS) availability per month - RS availability per month
shall mean the percentage of time of RS availability during a calendar month
based on the total time within that calendar month.
9) Unplanned Outage Time - unplanned outage time shall mean the following:
a) the amount of time recorded between a trouble ticket first being opened by
the .net registry in response to a registrar's claim of registry service
unavailability for that registrar through the time that the registrar and .net
registry agree the RS unavailability has been resolved with a final fix or a
temporary workaround, and the trouble ticket has been closed. This will be
considered RS unavailability only for those individual registrars impacted by
the outage. To determine the total RS unavailability time, the unavailability
times for the different registrars will only be accumulated, if the
unavailability times do not overlap.
b) the amount of time recorded between a trouble ticket first being opened by
the .net registry in the event of RS unavailability that affects all registrars
through the time when the registry resolves the problem with a final fix or a
temporary workaround, and the trouble ticked has been closed.
c) the amount of time that a planned outage exceeds the time limits established
in (B) 2).
d) the amount of time that a planned outage occurs outside the window of time
established in (B) 1).
10) Monthly Unplanned Outage Time - monthly unplanned outage time shall be the
sum of minutes of all unplanned outage time during a calendar month. Each
minute of unplanned outage time subtracts from the available monthly planned
outage time as established in (B) 2) and up to the limit given therein.
11) Registry Service (RS) Gateway - the RS gateway is the device within
Registry Operator's network which terminates the TCP sessions used for RRP
commands.
12) whois Service - whois service shall mean the .net registry whois service
running on TCP port 43 of whois.denic.net.
13) Service Reply Time - the service reply time is the time between the last
byte of a service request being received from the registrar at the machine
processing the requested service, and the last byte of the reply to that
request being sent out from that machine back to the registrar. Consequently,
service reply time does specifically not include time incurred through network
round trip times and delays outside the responsibility of .net registry.
(B) SERVICE LEVELS
1) Planned outages will usually be scheduled weekly during the following period
of time: Wednesday between 06:00:00 and 13:00:00 UTC (the "planned outage
period"). This planned outage period may be changed from time to time by
the .net registry, in its sole discretion, upon prior notice to each registrar.
2) Planned outages will not exceed 2 hours per calendar week nor more than a
total of 6 hours per calendar month.
3) Notwithstanding the limits established in (B) 2), each year Registry
Operator may incur 2 additional planned outages of up to 6 hours each during
the planned outage period for major upgrade outages.
4) A RRP check domain command must be executed within a service reply time of
less than 100 milliseconds in 95% of all cases and/or a RRP add domain command
must be executed within a service reply time of less than 300 milliseconds in
95% of all cases, per calendar month.
5) The .net registry will provide a 99.9% RS availability during each calendar
month.
(C) RESPONSIBILITIES OF THE PARTIES
1) Registrar must report each occurrence of alleged RS unavailability to
the .net registry customer service helpdesk by opening a trouble ticket in the
manner required by the .net registry (i.e. by e-mail, fax, telephone) in order
for an occurrence to be treated as RS unavailability for purposes of the SLA.
2) In the event that all registrars are affected by RS unavailability, the .net
registry is responsible for opening a trouble ticket and immediately notifying
all registrars of the trouble ticket number.
3) Both registrar and the .net registry agree to use reasonable commercial good
faith efforts to determine the cause of any alleged RS unavailability. If it is
mutually determined to be a .net registry problem, the issue will become part
of the unplanned outage time.
4) .net registry will perform monitoring from at least two external locations
as a means to verify that all RRP commands can be successfully completed.
5) Registrar must inform the .net registry any time its estimated volume of
transactions (excluding check domain commands) per calendar month will exceed
registrar's previous calendar month's volume by more than 25%. In the event
that registrar fails to inform .net registry of a forecasted increase of volume
of transactions of 25% or more and the registrar's volume increases 25% or more
(over the previous month); and should the total volume of transactions added up
(by the .net registry) for all registrars for that calendar month exceed
the .net registry's actual volume of the previous calendar month's transactions
by more than 20%; and should the ratio of successful to unsuccessful registry
attempts (based on registry attempts per registrar and month) exceed 99%, then
registrar will not be eligible for any SLA credits (as defined in section D) in
that calendar month. Registry Operator will charge an additional service fee
for increased system load, if the 99% ratio mentioned before will be exceeded.
The registrar provides such forecast at least 30 days prior to the first day of
the next month. In addition, the .net registry agrees to provide monthly
transaction summary reports.
6) The .net registry will notify the registrars of planned outages outside the
planned outage period at least 10 calendar days in advance of such planned
outage unless the outages occurred due to security and/ or stability issues. In
addition, the .net registry will use reasonable commercial good faith efforts
to maintain an accurate 30-calendar-day advance schedule of possible upcoming
planned outages.
7) The .net registry will update the whois service nearly real-time. The .net
registry will notify registrars in advance when changes to the whois service
update schedule occur.
8) The .net registry will allow external monitoring of the RS via an acceptable
means to both parties.
9) The .net registry will initiate the registry zone file transfer process
eight times a day. These initiations will be equally distributed over the day.
The .net registry will notify the registrars in advance when changes to the
schedule occur. The .net registry will notify the registrars regarding any
scheduled maintenance and unavailability of the .net name servers.
10) The .net registry will use commercially reasonable efforts to restore the
critical systems of the RS within 12 hours in the event of a force majeure and
restore full system functionality within 24 hours.
11) The .net registry will publish weekly system performance and availability
reports. These reports will include system reply time for the RRP check domains
command and RRP add domain commands for all registrars as well as a summary of
RS availability for the previous week. This will also apply for EPP.
(D) CREDITS:
1) If RS availability is less than the limit established in (B) 5), the .net
registry will provide a credit to the affected registrar(s) who have complied
with sections (C) 1) and (C) 5) above as follows:
(i) In the case of RS unavailability as described in (A) 6) b), a credit will
be given for the sum of the percentage points of total RRP add and check
commands that fall below the 95% performance threshold established in (A) 6)
b), if the 99% ratio of successful to unsuccessful requests is not exceeded.
For each affected registrar, this credit will be calculated by multiplying the
percentage points below 95% by the registrar's monthly add domain volume times
the average initial registration price charged to that registrar during the
month. The maximum credit to each registrar shall not exceed 5% of the
registrar's total monthly add domain volume times that average registration
price.
(ii) In the case of RS unavailability as described in (A) 6) a), and following
the calendar month when the unplanned outage began, the .net registry will
provide a credit to the registrar by multiplying the registrar's monthly add
domain volume times the average initial registration price charged to that
registrar during the month and multiplying that product by the percentage of
time that the monthly unplanned outage time exceeded 0.6% of the minutes in the
calendar month. The maximum credit to each registrar under this subparagraph
shall not exceed 10% of the registrar's total monthly add domain volume times
that average registration price.
Under no circumstances shall credits be applied when a registrar experiences RS
unavailability caused by problems outside the responsibility of the .net
registry.
(E) MISCELLANEOUS:
1) As an addendum to the Registry-Registrar Agreement (RRA), no provision in
this addendum is intended to replace any term or condition in the RRA.
2) Dispute Resolution - Any disputes arising under or in connection with this
Agreement, including requests for specific performance, shall be resolved
through binding arbitration conducted as provided in this Section pursuant to
the rules of the International Court of Arbitration of the International
Chamber of Commerce ("ICC"). The arbitration shall be conducted in the English
language and shall occur in Paris/ France. There shall be three arbitrators:
each party shall choose one arbitrator and, if the two arbitrators are not able
to agree on a third arbitrator, the third shall be chosen by the ICC. The
parties shall bear the costs of the arbitration in equal shares, subject to the
right of the arbitrators to reallocate the costs in their award as provided in
the ICC rules. The parties shall bear their own attorneys' fees in connection
with the arbitration, and the arbitrators may not reallocate the attorneys'
fees in conjunction with their award. The arbitrators shall render their
decision within ninety days of the initiation of arbitration. For any
litigation brought to enforce an arbitration award the sole place of venue
shall be Paris/ France; however, the parties shall also have the right to
enforce a judgment of such a court in any court of competent jurisdiction. For
the purpose of aiding the arbitration and/or preserving the rights of a party
during the pendency of an arbitration, each party shall have the right to seek
temporary or preliminary injunctive relief from the arbitration panel or a
court in which case Paris/ France is the sole place of venue. The initiation of
such court proceedings shall not be a waiver of this arbitration agreement.
3) Any interruption of RS that occurs, as a direct result of the current .net
Registry-Registrar Agreement (RRA) Sections 2.12, 5.4, or 6.3 or any other
applicable contract term of the current .net, will not be considered RS
Unavailability per this SLA.
|
Appendix O*, Whois Specification – Public Whois
.NET REGISTRY AGREEMENT: APPENDIX O WHOIS SPECIFICATION - PUBLIC WHOIS Overview The whois service is compliant with RFC3912. The primary whois services substantially consist of three components: * Port 43 public whois services (thin and thick during migration, thick only afterwards) * Public web-whois service * Port 43 registrar whois services The two public whois services are described in more detail below. Registry Operator's whois service is the authoritative whois service for all second-level Internet domain names registered in the .net top-level domain. This service is available to anyone. Registry Operator will initially operate the .net registry whois in a manner consistent with a "thin" registry. The whois output for thick data sets is described below. For domains with only a thin set of data, the contact references in the domain object will not be shown. In order to access contact data, clients will have to follow the referral included in the domain output to reach the authoritative whois server supplied by the sponsoring registrar. The entire .net registry will have been migrated to a full thick model at the end of the first year of operation. Thin and thick data will coexist until then. Upon conclusion of the transition process, the .net whois service will provide a central, openly accessible system for information regarding a particular second level domain name registration in the .net TLD. The whois service will contain data transferred by registrars during the registration process for every registered .net domain. If a registrant changes any registration information relating to the registrant's domain name, the registrar will communicate these changes to the registry at the time they are received. This will provide interested parties with access to up-to-date information for every .net domain, under a widely deployed protocol with a consistent format. 1. Port 43 Whois Service (Thin Registry) The format of responses for thin registry output will be similar to the guidelines listed below for thick-registry whois. In the case the contact reference is missing from the domain output, the referral information will indicate the name of the whois server of the sponsoring registrar responsible for providing the contact whois information. 2. Port 43 Whois Service (Thick Registry) (a) Thick Registry Model and Data Output Fields Registry Operator will deploy a thick registry model. There are certain mandatory information fields which will be displayed in public whois in order to be able to unambiguously identify the registrant, e.g. for legal reasons. Beyond these mandatory fields Registry Operator will enable registrants the option to limit the amount of information given in the public whois in order to protect their privacy. Each data object shall be represented as a set of key/value pairs, with lines beginning with keys, followed by the colon as a delimiter, followed by the value. The object descriptions found below state per field: * First column: name of field * Second column: fields marked "mandatory" will be present in the output, "optional" fields may or may not be present (NB: data may still exist, but publication may have been suppressed); an asterisk indicates a field is "optional" during transition and "mandatory" afterwards * Third column: "single" indicates field may appear only once per object (exactly once in conjunction with "mandatory", at most once in conjunction with "optional"), "multiple" otherwise * Fourth column marks primary and/or lookup key DOMAIN OBJECT Domain: [mandatory] [single] [primary/lookup key] Domain-ace: [mandatory] [single] [lookup key] Status: [mandatory] [multiple] [ ] Registrar: [mandatory] [single] [ ] Referral: [mandatory] [single] [ ] Registrant: [optional*] [single] [ ] Admin-c: [optional*] [single] [ ] Billing-c: [optional*] [multiple] [ ] Tech-c: [optional*] [multiple] [ ] Nserver: [optional*] [multiple] [ ] Created: [mandatory] [single] [ ] Changed: [optional] [single] [ ] Expiration: [mandatory] [single] [ ] CONTACT OBJECT Handle: [mandatory] [single] [primary/lookup key] Name: [mandatory] [single] [ ] Organisation: [optional] [single] [ ] Address: [mandatory] [multiple] [ ] City: [optional] [single] [ ] State: [optional] [single] [ ] Zipcode: [optional] [single] [ ] Country: [optional] [single] [ ] Phone: [optional] [multiple] [ ] Fax: [optional] [multiple] [ ] E-mail: [optional] [multiple] [ ] Sip: [optional] [multiple] [ ] Created: [mandatory] [single] [ ] Changed: [optional] [single] [ ] NAME SERVER OBJECT Hostname: [mandatory] [single] [primary/lookup key] Ip-address: [optional] [multiple] [lookup key] Registrar: [mandatory] [single] [ ] Created: [mandatory] [single] [ ] Changed: [optional] [single] [ ] REGISTRAR OBJECT Registrar: [mandatory] [single] [primary/lookup key] Url: [mandatory] [single] [ ] Whois: [mandatory] [single] [ ] Admin-c: [mandatory] [multiple] [ ] Billing-c: [mandatory] [multiple] [ ] Tech-c: [mandatory] [multiple] [ ] [[Note to reviewers. Stated below are the reasons for the suggested limitation of the output fields. The mandatory information fields will ensure that the registrant can be identified and contacted. Yet by providing only information on how to contact the registrant via postal mail will establish sufficiently high hurdles to protect the registrant from unsolicited phone calls or e-mails. Abuse of information by the public or by registrar is effectively prevented. Every registrant can, at the time of registration as well as any time afterwards, agree for additional information to be accessible via whois. Examples for these additional fields are registrant phone, registrant e-mail, admin contact phone, admin contact e-mail, etc. The individual privacy flags used by DENIC are a key benefit for the whole .net community. From the experience with .de, where 80% of the registrants do not disclose this data DENIC expects the vast majority of .net registrants to make use of this feature and limit their domain information to the basic information fields.]] All objects and key types shall be specified in a publicly available description on the Registry Operator's website. The key names and objects should change as infrequently as possible, and only upon the agreement of ICANN and the Registry Operator. (b) Input Syntax IDNs can be queried natively via the whois service by using a command line flag (passed through to the whois server) that defines the character set with UTF-8 as default. UTF-16, ISO-8859-1, and US-ASCII are also supported. The web whois identifies the appropriate character set itself and will return the appropriate data. The public whois can be customized by using the flags shown below. Example: Query "HELP" whois -h whois.denic.de HELP % SYNTAX: whois [-h hostname] [-Frk] [-T types] [-C charset] key % % where: % % -h hostname search alternate server % -F fast raw output % -r turn off recursive lookups % -k establish persistent connection % -T new normalized output for domain descr in combination with -T[dn] % -T ace ACE input for domain lookup in combination with -T[dn,st] % % -T type[[,type] ... ] only look for objects of type type % % Available types: status (st), domain (dn) (co) % % -C charset specify character set for the input/output % % Available charsets: US-ASCII, ISO-8859-1, UTF-8, UTF-16 % % NOTE: There are two especial queries % % whois -h whois.denic.de HELP displays text above % whois -h whois.denic.de alive@whois returns alive if whois-server runs properly [[Note to reviewers: Above figure shows current flags for .de public whois. This figure is not to be included in the final Appendix O of the .net agreement and is presented here for demonstration of DENIC's technical abilities solely. DENIC proposes to offer similar flags for .net. The final Appendix O of the .net agreement will contain the relevant flags. Additionally the current flags are and will always be published on DENIC's website.]] 3. Web Whois Service The Registry Operator will make available a whois interface on its website which can also be linked to by each ICANN-Accredited Registrar that is a party to a Registry-Registrar Agreement with the Registry Operator. The information available in the whois database will be returned as a results page on the website. Registry Operator has designed its web based whois as a two step process. (a) Step 1 of Web Whois The first step of Registry Operator's web whois gives information about availability of the requested domain only, serving the highest user demand. (b) Step 2 of Web Whois In the second step the user will receive domain information as described above. When thick registry whois information is unavailable during the transition phase, the registry shall provide thin registry whois information, as specified in the whois output fields section above. The purpose of this web interface is to provide a user-friendly interface for whois queries. It does neither provide any additional search capabilities nor reveal information beyond what is described for the port 43 whois in this appendix. 4. Minimum Data Update Frequency The update frequency of whois data is specified in Appendix D. 5. Protocols through which Access is Provided Access to the whois data is provided through the whois protocol, TCP port 43, by whois.DENIC.NET supporting exact match queries for * domain name * registrar name * name server hostname * name server IP address (both IPv4 and IPv6) All queries will be handled case insensitively with IDN rules applied where appropriate. IPv4 addresses must be supplied as "dotted quad", IPv6 addresses must be supplied in the format specified by RFC3513. The whois data will also be accessible through the registry interface as described above. It is available via and through the website http://www.DENIC.NET. 6. Security General security measures such as password policy, firewalls and network traffic monitoring systems will be provided for the whois servers and services. The Registry whois system has been designed for robustness, availability, and performance. Registry Operator audits access to its whois service and reserves the right to respond to signs of abusive usage, like excessive numbers of queries from a single source to prevent resource exhaustion or breaches of privacy. The security considerations of RFC3912 apply. 7. Extensible-Field Capability Registry Operator provides additional fields for all stored data, e.g. a privacy flag with which the registrant can define the extent of non-mandatory information to be published via information services (e.g. whois). Furthermore Registry Operator reserves the right to introduce new fields to support new services and/or respond to demands from the registrar or registrant community or the Internet community at large. 8. Technological Progress, Standards and Development This appendix is subject to change by agreement of Registry Operator and ICANN during the design process as well as during the IETF standards process. Further, Registry Operator reserves the right to develop these services internally or outsource management of the facilities to an external contractor under terms that are consistent with the standards of the proposed service. |
Appendix P*, Whois Data Specification – Independent Whois Provider
[[Note to evaluators: DENIC can provide bulk access to whois data to an independent whois provider, if one of two conditions is met: * DENIC has the explicit consent of the domain holder to allow bulk access. Only the domains with the individual and explicit prior consent resulting from an educated decision of the domain holder will be included in the bulk access. * The transfer, handling and use of the whois data provided via bulk access to the third party has to comply with clearly specified rules and must be compliant to European and German privacy law. Uses other than the specifically agreed uses are to be prohibited.]] .NET REGISTRY AGREEMENT: APPENDIX P WHOIS SPECIFICATION -- INDEPENDENT WHOIS PROVIDER DENIC does not specify a bulk access data exchange format because the result of our research suggests that any such transfer to an entity not directly related with the registry operations would be in conflict with national German or with EU legislation on data protection and privacy. Supporting material can be found (in German language) in section 9.2 and 9.3 of the 13. Data Protection Report of The State Government of Hessen (2000) and in section 8.7 of the 15. Report (2002). |
Appendix Q*, Whois Data Specification – ICANN
[[Note to evaluators: Registry Operator suggests to provide ICANN with access to escrowed data instead of Bulk Access to whois data. If ICANN prefers to receive Bulk Access to whois data, Registry Operator will accommodate this requirement and will provide procedures, content and format of this Bulk Access to whois during the negotiations with ICANN.]] .NET REGISTRY AGREEMENT: APPENDIX Q WHOIS SPECIFICATION -- ICANN Registry Operator grants ICANN access to its escrowed data. The .net registry data will be transferred and stored at the escrow provider site according to the ICANN agreement. An overview of the schedule, content and format of the reports is displayed in the following: Schedule * Full Deposit on Sunday * Incremental Deposit Monday through Saturday Content Weekly Report * Domain Object Report * Host Object Report * Contact Object Report * Registrar Object Report * Pending Transfer Report Content Daily Report * Transaction Report Format: * All Reports are generated in XML Format Please refer to Appendix R for detailed description of the data escrow specifications regarding: * Company Name of Escrow Provider * Statement of Work * Schedule of Escrow Deposits * Specification of Deposit Format * Detailed Content Description of Full & Incremental Deposit Reports * Escrow Transfer Process * Escrow Verification Process |
Appendix R, Data Escrow Specification
.NET REGISTRY AGREEMENT: APPENDIX R
DATA ESCROW SPECIFICATION
1. Company Name, Statement of Work, Schedule of Deposits
(a) Company Name of Escrow Provider
HanseEscrow Management GmbH
Stresemannallee 118
D-22529 Hamburg
contact@hanse-escrow.de
http://www.hanse-escrow.de
(b) Statement of Work
In addition to the backup procedure with daily full backups as well as
transaction log backups of the registry database, Registry Operator is
implementing a new data escrow procedure to deposit the .de registry data with
an established European escrow provider. By the time Registry Operator takes
over the .net registry, the new procedure will be fully in operation. For
the .net registry data, the same escrow provider will be used. In addition to
this European escrow provider, Registry Operator is currently evaluating
several US escrow providers to deposit .net escrowed data in the US. The
registry data is transferred to the designated escrow provider as weekly full
deposits; transaction data as daily incremental deposits. A verification
process for the transferred data will be developed and implemented by Registry
Operator. This process will be used on both sides to ensure the completeness,
correctness, integrity, syntax and coherence of the transferred data at the
escrow provider. The whole escrow process will be mutually examined and
improved to meet the requirements of the registry agreements between Registry
Operator and ICANN.
(c) Schedule for Escrow Deposits
Full Deposit
The full deposit consists of five different reports, described in 2. reflecting
the complete set of registry data. A full deposit is a snapshot of the registry
data at 00:00:00 UTC every Sunday. Transactions which have not been committed
at this point of time will not be exported. A full deposit file will be
delivered until 06:00:00 UTC on Sunday.
Incremental Deposit
The incremental deposit consists of a report including the complete set of
transactions that were processed by the registry system since the generation of
the last full or incremental deposit file. The first incremental deposit after
a full deposit covers the transactions not yet committed during the full
deposit snapshot taken at Sunday 00:00:00 UTC and all transactions until Monday
00:00:00 UTC. A sequence of six incremental deposits follow until Saturday
00:00:00 UTC. Incremental deposits will be generated, verified and transferred
until 04:00:00 UTC of the related day.
2. Deposit Format Specification
Before describing the detailed reports, the following has to be considered:
* Only if the related database field contains data, the respective XML element
for a given object will be exported in combination with the opening and end
tag. Thus, there will not be any empty elements in the reports.
* All object reports contain an XML attribute id which is used to build the
relation between the objects in the different reports.
* XML files will be UTF-8 encoded to provide fully internationalized support.
(a) Content of Reports
Content of Full Deposit
* Domain Object Report - includes all domain objects in the registry database.
* Host Object Report - includes all host objects in the registry database.
* Contact Object Report - includes all contact objects in the registry database.
* Registrar Object Report - contains all registrar objects in the registry
database.
* Pending Transfer Report - contains all running transfers up to the moment of
the full deposit.
Content of Incremental Deposit
* Transaction Report - includes all committed transaction records processed by
the registry system since the last full or incremental deposit generation.
(b) Format of Reports
All reports will be generated in the XML format (XML 1.0 specification). Report-
specific XML schemas (XML Schema 1.0 specification) will be stored separately.
The schemas will be used for syntax and coherence checks while verifying the
related report files.
All report files will be generated with an XML header including attribute
values for the registry TLD, the report type and the date and time the
report was generated. The format of the header is shown in the following
example.
<?xml version="1.0" encoding="UTF-8" ?>
<escrow version="1.0" tld="net" report="domain" date="2005-12-
21T03:00:00+01:00">
{Here the report contains the actual data being escrowed. It contains one
element for each type (domain, host, contact, registrar, transfer or
transaction) covered by the report. The specific format for each report is
described below.}
</escrow>
(c) Detailed Description of Full Deposit Reports
Domain Object Report
The following report elements are included:
* Fqdn - Fully qualified domain name.
* Status - The domain status code.
* Period - The registration period in years.
* Owned-by - An identification (the "id" attribute of the registrar element) of
the sponsoring registrar of the domain.
* Created-by - An identification (the "id" attribute of the registrar element)
of the registrar that originally created the domain object.
* Created-on - The date/time the domain object was originally created.
* Renewed-on - The date/time the domain was last renewed.
* Updated-by - An identification (the "id" attribute of the registrar element)
of the registrar that last updated the domain object.
* Updated-on - The date/time the domain object was last updated.
* Transferred-by - An identification (the "id" attribute of the registrar
element) of the registrar that last transferred the domain object.
* Transferred-on - The date/time when the domain object was last transferred.
* Host-id - An identification (the "id" attribute of the host element) of a
name servers for the domain.
* Contact-id - Contact-ids that reference the contact records for this domain.
Contact-id has the attribute "type" to denote the type of contact. "Type" can
be one of: Registrant, Administrative, Technical or Billing.
* Expires-on - The date/time of the domain expiration.
* AuthInfo - The authorization information associated with the domain.
* Pending-transfer - An identification (the id" attribute of the transfer
element) for potentially existing transfers.
An example of the domain container appears below:
<domain id="1">
<fqdn>example.net</fqdn>
<status>ACTIVE</status>
<period>1</period>
<owned-by>42</owned-by>
<created-by>42</updated-by>
<created-on>2005-08-14T12:34:56+01:00</created-on>
<updated-by>42</updated-by>
<updated-on>2005-08-23T16:14:26+01:00</updated-on>
<host-id>99</host>
<host-id>100</host>
<expires-on>2006-08-15T13:34:56+01:00</expires-on>
<contact-id type="Registrant">1</contact-id>
<contact-id type="Administrative">2</contact-id>
<contact-id type="Technical">3</contact-id>
<contact-id type="Billing">4</contact-id>
<authInfo>fooBar</authInfo>
<pending-transfer>123</pending-transfer>
</domain>
Host Object Report
The following elements are included:
* Fqdn - Fully qualified host name
* Owned-by - An identification (the "id" attribute of the registrar element)
of the sponsoring registrar of the host.
* Created-by - An identification (the "id" attribute of the registrar element)
of the registrar that originally created host object.
* Created-on - The date/time the host object was originally created.
* Updated-by - An identification (the "id" attribute of the registrar element)
of the registrar that last updated the host object.
* Updated-on - The date/time the host object was last updated.
* IP-address - Any IP addresses associated with this host, with an attribute
type indicating whether it is an IPv4 or an IPv6 address.
An example of the host container appears below:
<host id="99">
<fqdn>dns1.example.net</fqdn>
<owned-by>42</owned-by>
<created-by>42</created-by>
<created-on>2005-08-14T12:40:32+01:00</created-on>
<updated-by>42</updated-by>
<updated-on>2005-09-24T14:21:12+01:00</updated-on>
<ip-address type="v4">192.0.2.0</ip-address>
</host>
Contact Object Report
The contact element consists of the following elements:
* Name - The name of the contact.
* Organization - The organization for the contact.
* Within the "contact" container is a sub-container named "postal" with the
following elements:
* Address - The street address of the contact.
* City - The name of the city of the contact.
* State-province - The name of the state/province of the contact.
* Postal-code - The postal/zip code of the contact.
* Country - The two-letter ISO 3166-1 code for the contact's country.
* Voice - The voice phone number of the contact in E164a format.
* Fax - The fax number of the contact in E164a format.
* E-mail - The e-mail address of the contact.
* Owned-by - An identification (the "id" attribute of the registrar element) of
the sponsoring registrar of the contact.
* Created-by - An identification (the "id" attribute of the registrar element)
of the registrar that originally created the contact object.
* Created-on - The date/time the contact object was originally created.
* Updated-by - An identification (the "id" attribute of the registrar element)
of the registrar that last updated the contact object.
* Updated-on - The date/time the contact object was last updated.
* Transferred-by - An identification (the "id" attribute of the registrar
element) of the registrar that last transferred the contact object.
* Transferred-on - The date/time when the contact object was last transferred.
An example of the contact container appears below:
<contact id="1">
<name>Juergen Mustermann</name>
<organization>aol</organization>
<postal>
<address>Musterstrasse 1</address>
<city>Frankfurt</city>
<state-province>Hessen</state-province>
<postal-code>60000</postal-code>
<country>DE</country>
</postal>
<voice>+49.691234567</voice>
<fax>+49.691234568</fax>
<email>jmustermann@example.net</email>
<owned-by>42</owned-by>
<created-by>42</created-by>
<created-on>2005-08-14T12:42:22+01:00</created-on>
<updated-by>42</updated-by>
<updated-on>2005-09-15T16:42:00+01:00</updated-on>
</contact>
Registrar Object Report
The registrar element has the attribute "id", which is a unique identifier
assigned by the IANA., and consists of the following elements:
* Password - The password for the registrar.
* Name - The name of the registrar.
* Status - The registrar status code.
* Contact-id - Any number of contact-id associated with this registrar. Contact-
id has the attribute "type" to denote the type of contact. "Type" can be one
of: Administrative, Technical or Billing.
An example of the registrar container appears below:
<registrar id="42">
<password>denic12345</password>
<name>REGISTRAR-FOO</name>
<status>ACTIVE</status>
<contact-id type="Administrative">10</contact-id>
<contact-id type="Administrative">11</contact-id>
<contact-id type="Technical">12</contact-id>
<contact-id type="Technical">13</contact-id>
<contact-id type="Billing">14</contact-id>
</registrar>
Pending Transfer Report
The transfer element consists of the following elements:
* Period - The extension of lifetime (in years) of the domain.
* Requested-by - An identification (the "id" attribute of the registrar
element) of the gaining registrar
An example of the pending transfer element appears below:
<transfer id="123">
<period >1</ period >
<requested-by>43</ requested-by >
</transfer>
(d) Detailed Description of Incremental Deposit Report
The report which forms an incremental deposit is the transaction report
consisting of all transaction records since last full or incremental deposit.
Transaction Report
The transaction element contains the properties "operation"
and "type". "Operation" can be one of: add, modify, transfer or delete. "Type"
can be one of: domain, host, contact or registrar. The transaction element is a
container consisting of elements from the corresponding "type" element. For
example, a transaction element with a "type" of "registrar" will have the same
set of elements as a registrar element. For a "delete" operation, only the
object ID is included in the transaction element.
An example transaction container appears below:
<transaction operation="modify" type="registrar">
<password>new password</password>
<name>REGISTRAR-FOO</name>
<status>ACTIVE</status>
<contact-id type="Administrative">10</contact-id>
<contact-id type="Administrative">11</contact-id>
<contact-id type="Technical">12</contact-id>
<contact-id type="Technical">13</contact-id>
<contact-id type="Billing">14</contact-id>
</transaction>
3. Escrow Transfer Process
For a full and an incremental deposit, the related reports will be first
generated based on the format description above. Every report will be verified
against the specific schema to be formed correctly (syntax and coherence).
For a full deposit, all reports will be concatenated. These concatenated
reports form the complete deposit file. The deposit files for .net will be
named as NET followed by a 4-digit sequence number for the related deposit
transfer.
During the next step of file processing, the deposit file will be split to
produce deposit files with a file size of less than 1 GB each. This step is
optional.
Before the files are transferred to the escrow provider, they must be signed
and encrypted. Registry Operator has decided to use PGP software. Registry
Operator uses escrow provider's public key for encryption and Registry
Operator's private key to sign the files. The encrypted files will be
transferred to the data server of the escrow provider.
4. Escrow Verification Process
After the reception of the escrow file(s) within the specified deposit window,
the data will be moved to the non-public area of the escrow agent's server. The
name of the escrow file and the size must be noted.
The file(s) will be decrypted using the private PGP key of the escrow provider
and Registry Operator's signature will be checked. If the whole deposit was
split into several transfer files (not to exceed 1 GB), they will be
concatenated in the correct sequence.
The deposit file will be verified against the related XML schema. The report
files will be encrypted with ICAN |