Approved Resolutions | Meeting of the New gTLD Program Committee
- Main Agenda
Whereas, dotless domains consist of a single label and require the inclusion of, for example, an A, AAAA, or MX, record in the apex of a TLD zone in the DNS.
Whereas, Section 188.8.131.52 of the Applicant Guidebook (AGB) prohibits the use of dotless domain names without evaluation of the registry services and ICANN's prior approval.
Whereas, on 23 February 2012, the ICANN Security and Stability Advisory Committee (SSAC) published SAC 053: SSAC Report on Dotless Domains [PDF, 183 KB], and recommended that the use of DNS resource records such as A, AAAA, and MX in the apex of a Top-Level Domain (TLD) should be contractually prohibited where appropriate, and strongly discouraged in all cases.
Whereas, on 23 June 2012, the ICANN Board adopted resolution 2012.06.23.09 tasking ICANN to consult with the relevant communities regarding implementation of the recommendations in SAC053.
Whereas, on 24 August 2012, ICANN staff published the SAC053 Report for public comment requesting input to consider in relation to implementing the recommendations of the SSAC report.
Whereas, in May 2013 ICANN commissioned a study on the stability and security implications of dotless domain name functionality to help ICANN prepare an implementation plan for the SAC053 recommendations, and on 29 July 2013 Carve Systems delivered a report to ICANN identifying the security and stability issues that should be mitigated before gTLDs implement dotless domain names (the "Carve Report").
Whereas, on 10 July 2013 the Internet Architecture Board (IAB) released a statement on dotless domain names, recommending against the use of dotless domain names for TLDs.
Whereas, the NGPC has considered the risks associated with dotless domains as presented in SAC053, the IAB statement and the Carve Report, and the impracticality of mitigating these identified risks. The NGPC has also considered the comments received from the community on this issue.
Whereas, the NGPC is undertaking this action pursuant to the authority granted to it by the Board on 10 April 2012, to exercise the ICANN Board's authority for any and all issues that may arise relating to the New gTLD Program.
Resolved (2013.08.13.NG01), the NGPC acknowledges the security and stability risks associated with dotless domains as presented in SAC053, the IAB statement and the Carve Report and affirms its commitment to its security and stability mandates as the New gTLD Program is implemented.
Resolved (2013.08.13.NG02), in light of the current security and stability risks identified in SAC053, the IAB statement and the Carve Report, and the impracticality of mitigating these risks, the NGPC affirms that the use of dotless domains is prohibited.
Resolved (2013.08.13.NG03), the President, Generic Domains Division is authorized to take all necessary steps to implement these resolutions.
Why the NGPC is addressing the issue?
The SSAC issued SAC 053 to the ICANN board which requests action be taken to prevent gTLDs from being approved to operate as dotless domain names. The Board requested staff to prepare an implementation plan for SAC 053. The topic has gained attention of the community and was discussed in several forums at the ICANN Meeting 47 in Durban, South Africa.
What is the proposal being considered?
The NGPC is being asked to consider taking action to provide clarity to the community that dotless domain names continue to pose technical risks to the security and stability of the DNS and that mitigation of these risks will be very difficult to achieve.
Which stakeholders or others were consulted?
The SSAC published SAC 053 in February 2012 and have been consulted over the course of the last year on this issue. ICANN consulted with the community on the issue of dotless domains, and solicited public comment on SAC 053 in August — November 2012. Additionally, ICANN commissioned Carve Systems, LLC, a security consulting firm, to perform a detailed study of the potential risks that gTLDs operating as dotless domain names may pose. In July 2013, the Internet Architecture Board (IAB) issued a statement identifying concerns similar to the SSAC and Carve reports, and advising against the use of dotless domain names for gTLDs. The NGPC has considered the information provided from these stakeholders and outside experts on the issue.
What concerns or issues were raised by the community?
The SSAC expressed concern about the use of dotless domain names for gTLDs in SAC 053 and recommended against their use. During the public comment on SAC053, some members of the community supported the position of the SSAC and noted that due to the security and stability concerns posed by dotless domains, they should not be allowed. Others in the community have argued that dotless domains should be allowed for technical innovation and that the risk assessment is overly conservative as there are ways to mitigate the risks to not unduly upset the security and stability of the Internet. A report of the public comments can be reviewed at http://www.icann.org/en/news/public-comment/report-comments-sac053-dotless-domains-27nov12-en.pdf [PDF, 138 KB].
What significant materials did the NGPC review?
The NGPC considered the following significant materials:
- SAC 053: SSAC Report on Dotless Domains [PDF, 183 KB]
- The report of Public Comments on SAC 053 [PDF, 138 KB]
- Carve Systems Report "Dotless Domain Name Security and Stability Study" [PDF, 1.02 MB]
- The IAB statement on dotless domain names
What factors did the NGPC find to be significant?
The NGPC considered ICANN's core role as coordinator of the Internet naming system for the security, stability and resiliency of the DNS and the Internet's unique identifier system. The NGPC also found the reports presented by the SSAC and Carve Systems to be significant factors in its decision. On balance, the NGPC believes technical concerns continue to exist with the implementation of dotless domain names and the use of DNS Resource Records in the apex of a TLD zone beyond SOA, NS, and related DNSSEC records.
Are there fiscal impacts or ramifications on ICANN (strategic plan, operating plan, budget); the community; and/or the public?
There is no anticipated fiscal impact of adopting this action.
Are there any security, stability or resiliency issues relating to the DNS?
The technical experts of the SSAC, Carve Systems and the IAB believe gTLDs operated as dotless domain names will negatively impact the security, stability and resiliency of the DNS. Approval of the proposed resolution to prohibit use of dotless domains in the DNS will not negatively impact security, stability or resiliency issues relating to the DNS.
This is an Organizational Administrative Function for which public comment was received.
No resolution taken.
Whereas, DotConnectAfrica Trust's ("DCA Trust") Reconsideration Request, Request 13-4, sought reconsideration of the Board action (through the New gTLD Program Committee) on 4 June 2013, accepting advice from ICANN's Governmental Advisory Committee regarding DCA Trust's new gTLD application for .AFRICA, and determining that this particular new gTLD application will not be approved.
Whereas, the BGC considered the issues raised in Reconsideration Request 13-4.
Whereas, the BGC recommended that Reconsideration Request 13-4 be denied because DCA Trust has not stated proper grounds for reconsideration.
Resolved (2013.08.13.NG04), the New gTLD Program Committee adopts the BGC Recommendation on Reconsideration Request 13-4, which can be found at http://www.icann.org/en/groups/board/governance/reconsideration/recommendation-dca-trust-01aug13-en.pdf [PDF, 120 KB].
ICANN's Bylaws call for the Board Governance Committee to evaluate and make recommendations to the Board with respect to Reconsideration Requests. See Article IV, section 3 of the Bylaws. The New gTLD Program Committee ("NGPC"), bestowed with the powers of the Board in this instance, has reviewed and thoroughly considered the BGC Recommendation on Reconsideration Request 13-4 and finds the analysis sound.
Having a reconsideration process whereby the BGC reviews and, if it chooses, makes a recommendation to the Board/NGPC for approval positively affects ICANN's transparency and accountability. It provides an avenue for the community to ensure that staff and the Board are acting in accordance with ICANN's policies, Bylaws and Articles of Incorporation.
This Request asserted that the NGPC should have consulted with and considered the inputs of independent experts before acting on advice from the Governmental Advisory Committee ("GAC") regarding DCA Trust's new gTLD application. The Request calls into consideration: (1) whether the NGPC was required to consult with independent experts prior to making the decision on the GAC Advice on DCA Trust's application and whether consultation with independent experts would have provided additional material information to the NGPC; and (2) whether the prescribed procedure for addressing GAC Advice in the Applicant Guidebook for the New gTLD Program was not complied with because the NGPC did not consult with independent experts in considering GAC Advice.
In consideration of the first issue, the BGC reviewed the grounds stated in the Request, including the attachments, as well as the briefing materials presented to the NGPC in advance of its 4 June 2013 decision, the rationale for that decision, the minutes of that meeting, and the material information from both the GAC and DCA Trust that was available and considered prior to the NGPC's decision. The BGC concluded that DCA Trust failed to adequately state a Request for Reconsideration of Board action because they failed to identify any material information that was not considered by the NGPC. The BGC noted that DCA Trust does not suggest in the Request that the discretionary use of an independent expert would have resulted in a different outcome on their application. The BGC further concluded that, as DCA Trust had an opportunity to provide additional information in their response to the GAC Advice, but remained silent on this point, the NGPC considered all material information in making its 4 June 2013 decision.
In consideration of the second issue, the BGC determined that DCA Trust's interpretation of the Applicant Guidebook to require the Board to seek advice is not accurate. Section 3.1 of the Guidebook provides with Board the discretion to seek the input of an independent expert when considering GAC advice, but does not obligate the Board to do so. Accordingly, the BGC concluded that the plain language of the Guidebook does not support the suggestion that the NGPC violated its process, and therefore made a decision without material information, when it did not seek the input of an independent expert.
In addition to the above, the full BGC Recommendation that can be found at http://www.icann.org/en/groups/board/governance/reconsideration/recommendation-dca-trust-01aug13-en.pdf [PDF, 120 KB] and that is attached to the Reference Materials to the Board Submission supporting this resolution, shall also be deemed a part of this Rationale.
Although not detailed in DCA Trust's Request, and therefore not specifically discussed in the BGC Recommendation, the NGPC also considered DCA Trust's claim that because the designated Kenyan GAC Representative disclaimed the GAC Advice on DCA Trust's application, GAC Advice is in question. DCA Trust's communications on this topic were sent to ICANN and the GAC Chair. As the Board has not received any notice of change from the GAC regarding its advice on this application, DCA Trust's assertions on this topic do not provide any grounds for modification of the decision on Reconsideration Request 13-4.
Adopting the BGC's recommendation has no financial impact on ICANN and will not negatively impact the systemic security, stability and resiliency of the domain name system.
This decision is an Organizational Administrative Function that does not require public comment.
Resolved (2013.08.13.NG05), the Board approves the minutes of the 18 June 2013, 25 June 2013 and 2 July 2013 New gTLD Program Committee Meetings.
Published on 15 August 2013