Minutes | Meeting of the New gTLD Program Committee
A Special Meeting of the New gTLD Program Committee of the ICANN Board of Directors was held telephonically on 13 August 2013 at 21:00 UTC.
Committee Chairman Cherine Chalaby promptly called the meeting to order.
In addition to the Chair the following Directors participated in all or part of the meeting: Fadi Chehadé (President and CEO), Chris Disspain, Bill Graham, Olga Madruga-Forti, Erika Mann, Gonzalo Navarro, Ray Plzak, George Sadowsky, and Mike Silber. Kuo-Wei Wu sent apologies.
Jonne Soininen, IETF Liaison and Francisco da Silva, TLG Liaison, were in attendance as non-voting liaisons to the committee.
Steve Crocker, Bertrand de La Chapelle, Ram Mohan, Bruce Tonkin, and Suzanne Woolf were in attendance as invited observers for part of the meeting.
ICANN Staff in attendance for all or part of the meeting: Akram Atallah, Chief Operating Officer; John Jeffrey, General Counsel and Secretary; David Olive, Vice President, Policy Development Support; Megan Bishop; Michelle Bright; Samantha Eisner; Dan Halloran; Karen Lentz; Cyrus Namazi; and Amy Stathos.
- Main Agenda
The Chair introduced the issue, noting that advice has been received from the SSAC and other organizations recommending that the NGPC prohibits the use of dotless domains. There have also been a lot of comments from the Board as a whole that the NGPC needs to be very decisive and clear on whether dotless domains will be allowed in the New gTLD Program. The Chair noted that Steve Crocker, Bruce Tonkin, Sébastien Bachollet, Bertrand de La Chapelle, Ram Mohan and Suzanne Woolf had all been invited to the NGPC meeting for the purpose of sharing their views on this topics, and that the invited members would then be excused so that the NGPC could deliberate and vote on the matter.
Steve Crocker noted his position that based on all that has been presented, the NGPC should speak clearly that dotless domains at the top level are not going to happen at this time, to allow applicants to understand that this is not an available path.
Bruce Tonkin stated that the timing is wrong to allow the use of dotless domains, given the changes to the DNS that are coming already with the New gTLD Program. Though there could be a limited, narrow use in the corporate environment, allowing any usage today would also result in potential commercial uses, and inconsistent behavior. There could be the possibility of an intermediate route, that there be a moratorium period during which standardization work could occur, such as through the IETF. However, allowing dotless domains today would not be the right thing.
Sébastien Bachollet requested confirmation that any decision of the NGPC would only relate to the New gTLD Program, and that the Board would be required to make a decision that would impact other gTLDs or ccTLDs.
Steve Crocker clarified that the NGPC conversation was about new gTLDs only, and not about the existing gTLDs, nor about the ccTLDs. As it relates to ccTLDs, that topic is not really ripe to be addressed, even at the Board level. For existing gTLDs, each would have to come to ICANN to formally request dotless usage, and that would follow the existing RSEP processes.
Akram Atallah suggested that it might make sense for there to be some consideration of how to bring this subject forward with the full Board, to allow for future thinking on this topic.
Bertrand de La Chapelle noted his support for a a resolution specifically addressing dotless domains in new gTLDs.
Suzanne Woolf noted that she is not comfortable with the setting of a specific time limit for a moratorium. Instead, it is important to reinforce that this is a relatively straightforward questions with a relatively straightforward answer, and the answer is no because it is not a positive contribution to the security and stability of the DNS. There are tougher choices that will be ahead; this is not one of them. The key things to emphasize now are the problems that this could cause in the underlying functioning of the Internet, and there is no way to mitigate those concerns at this time.
Ram Mohan agreed with the suggested ban on dotless domains, as the issue for now is the potential for causing irreparable harm. In addition, there is the principle of least surprise, which is a foundational principle on which much of the DNS is formed. Ram cautioned against setting a timeline for the allowance of dotless domains. Those who want this change have the onus of demonstrating that the irreparable harm will not be caused and the principle of least surprise are no longer valid; the onus is not on ICANN to figure out how to implement this change.
Chris Disspain requested some input from the invited experts on how an NGPC decision on dotless domains is different from some of the other technical issues that the NGPC has been considering.
Ram responded that there is data here that supports that there will be material harm if dotless domans are allowed; this is not a theoretical problem where experts on differing sides are able to create divergent theoretical outcomes. There, there is a empirical evidence, practical usage and theoretical evidence that all point to the same outcomes.
Suzanne agreed that the empirical evidence on this point is there. In addition, trying to follow some principles of conservatism has been part of all of these types of decisions.
The Chair thanked the invited Board members and liaisons for their input and excused them from the call.
Jonne Soininen, acting as the shepherd for this item, refreshed the NGPC on the recommended action before them, which would be to ban the use of dotless domains completely within new gTLDs. There is always the possibility that someone could come forth with new specifications provided by the IETF or other technology or documentation that would support a different decision, but that would be in the future. Today, the NGPC is recommended to approve a ban. Jonne also confirmed that the resolution was limited to new gTLDs only.
Mike Silber raised some concerns with the Carve Report recommendations regarding further study of the issue, but otherwise expressed his support for the resolution. Olga Madruga-Forti supported Mike's position.
Chris confirmed that the resolution would contain a reference to the Carve Report, as it is one of the items that the NGPC received and considered in taking this decision.
George Sadowsky then moved and Chris Disspain seconded the resolution, and the NGPC took the following action:
Whereas, dotless domains consist of a single label and require the inclusion of, for example, an A, AAAA, or MX, record in the apex of a TLD zone in the DNS.
Whereas, Section 18.104.22.168 of the Applicant Guidebook (AGB) prohibits the use of dotless domain names without evaluation of the registry services and ICANN's prior approval.
Whereas, on 23 February 2012, the ICANN Security and Stability Advisory Committee (SSAC) published SAC 053: SSAC Report on Dotless Domains [PDF, 183 KB], and recommended that the use of DNS resource records such as A, AAAA, and MX in the apex of a Top-Level Domain (TLD) should be contractually prohibited where appropriate, and strongly discouraged in all cases.
Whereas, on 23 June 2012, the ICANN Board adopted resolution 2012.06.23.09 tasking ICANN to consult with the relevant communities regarding implementation of the recommendations in SAC053.
Whereas, on 24 August 2012, ICANN staff published the SAC053 Report for public comment requesting input to consider in relation to implementing the recommendations of the SSAC report.
Whereas, in May 2013 ICANN commissioned a study on the stability and security implications of dotless domain name functionality to help ICANN prepare an implementation plan for the SAC053 recommendations, and on 29 July 2013 Carve Systems delivered a report to ICANN identifying the security and stability issues that should be mitigated before gTLDs implement dotless domain names (the "Carve Report").
Whereas, on 10 July 2013 the Internet Architecture Board (IAB) released a statement on dotless domain names, recommending against the use of dotless domain names for TLDs.
Whereas, the NGPC has considered the risks associated with dotless domains as presented in SAC053, the IAB statement and the Carve Report, and the impracticality of mitigating these identified risks. The NGPC has also considered the comments received from the community on this issue.
Whereas, the NGPC is undertaking this action pursuant to the authority granted to it by the Board on 10 April 2012, to exercise the ICANN Board's authority for any and all issues that may arise relating to the New gTLD Program.
Resolved (2013.08.13.NG01), the NGPC acknowledges the security and stability risks associated with dotless domains as presented in SAC053, the IAB statement and the Carve Report and affirms its commitment to its security and stability mandates as the New gTLD Program is implemented.
Resolved (2013.08.13.NG02), in light of the current security and stability risks identified in SAC053, the IAB statement and the Carve Report, and the impracticality of mitigating these risks, the NGPC affirms that the use of dotless domains is prohibited.
Resolved (2013.08.13.NG03), the President, Generic Domains Division is authorized to take all necessary steps to implement these resolutions.
Ten members of the New gTLD Program Committee voted in favor of Resolutions 2013.08.13.NG01, 2013.08.13.NG02, and 2013.08.13.NG03. Kuo-Wei Wu was unavailable to vote on the Resolutions. The Resolutions carried.
Why the NGPC is addressing the issue?
The SSAC issued SAC 053 to the ICANN board which requests action be taken to prevent gTLDs from being approved to operate as dotless domain names. The Board requested staff to prepare an implementation plan for SAC 053. The topic has gained attention of the community and was discussed in several forums at the ICANN Meeting 47 in Durban, South Africa.
What is the proposal being considered?
The NGPC is being asked to consider taking action to provide clarity to the community that dotless domain names continue to pose technical risks to the security and stability of the DNS and that mitigation of these risks will be very difficult to achieve.
Which stakeholders or others were consulted?
The SSAC published SAC 053 in February 2012 and have been consulted over the course of the last year on this issue. ICANN consulted with the community on the issue of dotless domains, and solicited public comment on SAC 053 in August – November 2012. Additionally, ICANN commissioned Carve Systems, LLC, a security consulting firm, to perform a detailed study of the potential risks that gTLDs operating as dotless domain names may pose. In July 2013, the Internet Architecture Board (IAB) issued a statement identifying concerns similar to the SSAC and Carve reports, and advising against the use of dotless domain names for gTLDs. The NGPC has considered the information provided from these stakeholders and outside experts on the issue.
What concerns or issues were raised by the community?
The SSAC expressed concern about the use of dotless domain names for gTLDs in SAC 053 and recommended against their use. During the public comment on SAC053, some members of the community supported the position of the SSAC and noted that due to the security and stability concerns posed by dotless domains, they should not be allowed. Others in the community have argued that dotless domains should be allowed for technical innovation and that the risk assessment is overly conservative as there are ways to mitigate the risks to not unduly upset the security and stability of the Internet. A report of the public comments can be reviewed at
What significant materials did the NGPC review?
The NGPC considered the following significant materials:
- SAC 053: SSAC Report on Dotless Domains [PDF, 183 KB]
- The report of Public Comments on SAC 053 [PDF, 137 KB]
- Carve Systems Report "Dotless Domain Name Security and Stability Study" [PDF, 1.02 MB]
- The IAB statement on dotless domain names
What factors did the NGPC find to be significant?
The NGPC considered ICANN's core role as coordinator of the Internet naming system for the security, stability and resiliency of the DNS and the Internet's unique identifier system. The NGPC also found the reports presented by the SSAC and Carve Systems to be significant factors in its decision. On balance, the NGPC believes technical concerns continue to exist with the implementation of dotless domain names and the use of DNS Resource Records in the apex of a TLD zone beyond SOA, NS, and related DNSSEC records.
Are there fiscal impacts or ramifications on ICANN (strategic plan, operating plan, budget); the community; and/or the public?
There is no anticipated fiscal impact of adopting this action.
Are there any security, stability or resiliency issues relating to the DNS?
The technical experts of the SSAC, Carve Systems and the IAB believe gTLDs operated as dotless domain names will negatively impact the security, stability and resiliency of the DNS. Approval of the proposed resolution to prohibit use of dotless domains in the DNS will not negatively impact security, stability or resiliency issues relating to the DNS.
This is an Organizational Administrative Function for which public comment was received.
Chris Disspain provided an overview of this issue for the NGPC, noting that there is a new version of the scorecard to address the GAC advice coming out of the Durban meeting. Most of that advice is expected to be easy to deal with, however the time for applicant responses to GAC advice is still open. The NGPC should therefore wait to consider the applicant comment before taking action. Chris also provided some suggestions on wording that could be used in the scorecard to provide clarity on items, as well as noting that additional work is still ongoing in relation to the IGO names protection issue as well as the protection of acronyms for the Red Cross and IOC. Chris noted that the NGPC will also need to discuss an appropriate response to the GAC advice on community priority evaluation. George Sadowsky provided some input on the NGPC's proposed response to this issue, and noted that consideration needs to be given to the community applicants/industry groups coming together around this issue.
Chris also led some discussion regarding a response to the GAC advice relating to conflicts of law and the Registry and Registrar agreements and addressing the steps that ICANN has taken to try to mitigate the potential for conflicts.
Chris presented to the NGPC that it is recommended that the Durban advice be handled through the use of a scorecard. Olga stressed the import of continually updating all portions of scorecards relating to GAC advice, while only keeping the scorecards separate for the purpose of understanding timing of applicant responses and other time issues relating to each piece of advice.
The Chair asked for an update on the ongoing work relating to letters from applicant regarding the Category 1 protections raised in the Beijing Communiqué. Chris confirmed that work is still ongoing to review those communications and to develop methodologies to deal with the concerns raised. Chris also confirmed that work is still ongoing to clarify the Category 1 advice, as well as the IGO name/acronym issue.
Akram Atallah provided an update that a communication was being sent out to all of the Category 2 applicants requesting confirmation as to whether they intend to run the gTLD in a closed fashion.
No resolution was taken.
Amy Stathos provided the NGPC with an overview of this history of this Reconsideration Request, noting that DotConnectAfrica Trust ("DCA Trust") sought reconsideration of the NGPC's acceptance of GAC advice as it relates to the DCA Trust application for the .AFRICA gTLD. DCA Trust based its request, in part, on its belief that the NGPC should have sought the advice of independent experts prior to taking a decision on the GAC advice. The Board Governance Committee noted in its recommendation on the request that the NGPC was notrequired to seek expert advice in this instance that that the NGPC had al material information needed to make the decision. The BGC also noted that DCA Trust had an opportunity, prior to the NGPC's consideration of the GAC advice, to mention the "requirement" to seek independent advice, which DCA trust did not do. As a result, there was no additional material information available that was not considered. The BGC therefore recommends denial of the request.
Amy also briefed the NGPC on DCA Trust's claims that the GAC advice issued should be question, because of a subsequent communication from the Kenyan GAC Representative on the GAC's advice. DCA Trust submitted this to both ICANN and the GAC representatives. Neither the Board nor the NGPC has received any indication from the GAC that it is intending to change, or has already changed, its advice on this application.
Ray Plzak then moved and Bill Graham seconded the following resolution:
Whereas, DotConnectAfrica Trust's ("DCA Trust") Reconsideration Request, Request 13-4, sought reconsideration of the Board action (through the New gTLD Program Committee) on 4 June 2013, accepting advice from ICANN's Governmental Advisory Committee regarding DCA Trust's new gTLD application for .AFRICA, and determining that this particular new gTLD application will not be approved.
Whereas, the BGC considered the issues raised in Reconsideration Request 13-4.
Whereas, the BGC recommended that Reconsideration Request 13-4 be denied because DCA Trust has not stated proper grounds for reconsideration.
Resolved (2013.08.13.NG04), the New gTLD Program Committee adopts the BGC Recommendation on Reconsideration Request 13-4, which can be found at http://www.icann.org/en/groups/board/governance/reconsideration/recommendation-dca-trust-01aug13-en.pdf [PDF, 120 KB].
Seven members of the New gTLD Program Committee voted in favor of Resolution 2013.08.13.NG04. George Sadowsky and Mike Silber abstained from voting on the Resolution. Olga Madruga-Forti and Kuo-Wei Wu were unavailable to vote on the Resolution. The Resolution carried.
Mike Silber and George Sadowsky noted that their abstentions were based on the fact that DCA Trust has accused each of them of having a conflict as it relates to this issue, though neither has a conflict to announce on this issue.
Chris Disspain confirmed that he has carefully thought about his participation in a vote on this issue, as he too has previously been accused of having a conflict. Chris has confirmed that he has no conflict on this issue and that is the basis for his participation in the vote.
ICANN's Bylaws call for the Board Governance Committee to evaluate and make recommendations to the Board with respect to Reconsideration Requests. See Article IV, section 3 of the Bylaws. The New gTLD Program Committee ("NGPC"), bestowed with the powers of the Board in this instance, has reviewed and thoroughly considered the BGC Recommendation on Reconsideration Request 13-4 and finds the analysis sound.
Having a reconsideration process whereby the BGC reviews and, if it chooses, makes a recommendation to the Board/NGPC for approval positively affects ICANN's transparency and accountability. It provides an avenue for the community to ensure that staff and the Board are acting in accordance with ICANN's policies, Bylaws and Articles of Incorporation.
This Request asserted that the NGPC should have consulted with and considered the inputs of independent experts before acting on advice from the Governmental Advisory Committee ("GAC") regarding DCA Trust's new gTLD application. The Request calls into consideration: (1) whether the NGPC was required to consult with independent experts prior to making the decision on the GAC Advice on DCA Trust's application and whether consultation with independent experts would have provided additional material information to the NGPC; and (2) whether the prescribed procedure for addressing GAC Advice in the Applicant Guidebook for the New gTLD Program was not complied with because the NGPC did not consult with independent experts in considering GAC Advice.
In consideration of the first issue, the BGC reviewed the grounds stated in the Request, including the attachments, as well as the briefing materials presented to the NGPC in advance of its 4 June 2013 decision, the rationale for that decision, the minutes of that meeting, and the material information from both the GAC and DCA Trust that was available and considered prior to the NGPC's decision. The BGC concluded that DCA Trust failed to adequately state a Request for Reconsideration of Board action because they failed to identify any material information that was not considered by the NGPC. The BGC noted that DCA Trust does not suggest in the Request that the discretionary use of an independent expert would have resulted in a different outcome on their application. The BGC further concluded that, as DCA Trust had an opportunity to provide additional information in their response to the GAC Advice, but remained silent on this point, the NGPC considered all material information in making its 4 June 2013 decision.
In consideration of the second issue, the BGC determined that DCA Trust's interpretation of the Applicant Guidebook to require the Board to seek advice is not accurate. Section 3.1 of the Guidebook provides with Board the discretion to seek the input of an independent expert when considering GAC advice, but does not obligate the Board to do so. Accordingly, the BGC concluded that the plain language of the Guidebook does not support the suggestion that the NGPC violated its process, and therefore made a decision without material information, when it did not seek the input of an independent expert.
In addition to the above, the full BGC Recommendation that can be found at http://www.icann.org/en/groups/board/governance/reconsideration/recommendation-dca-trust-01aug13-en.pdf [PDF, 120 KB] and that is attached to the Reference Materials to the Board Submission supporting this resolution, shall also be deemed a part of this Rationale.
Although not detailed in DCA Trust's Request, and therefore not specifically discussed in the BGC Recommendation, the NGPC also considered DCA Trust's claim that because the designated Kenyan GAC Representative disclaimed the GAC Advice on DCA Trust's application, GAC Advice is in question. DCA Trust's communications on this topic were sent to ICANN and the GAC Chair. As the Board has not received any notice of change from the GAC regarding its advice on this application, DCA Trust's assertions on this topic do not provide any grounds for modification of the decision on Reconsideration Request 13-4.
Adopting the BGC's recommendation has no financial impact on ICANN and will not negatively impact the systemic security, stability and resiliency of the domain name system.
This decision is an Organizational Administrative Function that does not require public comment.
The Chair called for consideration of the minutes of prior NGPC meetings. George Sadowksy moved, and Chris Disspain seconded the following resolution, and the Chair called for a vote.
Resolved (2013.08.13.NG05), the Board approves the minutes of the 18 June 2013, 25 June 2013 and 2 July 2013 New gTLD Program Committee Meetings.
Nine members of the New gTLD Program Committee voted in favor of Resolution 2013.08.13.NG05. Olga Madruga-Forti and Kuo-Wei Wu were unavailable to vote on the Resolution. The Resolution carried.
The Chair then called the meeting to a close.
Published on 30 September 2013