Response to the Green Paper Follow-Up Questions For Dr. Kahn

Below is Dr. Robert Kahn's response to follow-up questions on the subject of Internet Domain Names, posed by the House Science Subcommittee on Basic Research of the Committee on Science. Dr. Kahn testified on the subject of Internet Domain Names at the invitation of the committee on March 31, 1998.

On January 30, 1998, the National Telecommunications and Information Administration (NTIA), an agency of the Department of Commerce, issued for comment the proposed rulemaking, or "Green Paper", "A Proposal to Improve the Technical Management of Internet Names and Addresses".

RESPONSE TO THE FOLLOW-UP QUESTIONS FOR DR. ROBERT E. KAHN

1. Concerning the successor corporation described in the Green Paper:

1.1. Is the creation and operation of the Green Paper’s successor corporation by September 30, 1998 realistic?

The Internet is a public resource without precedent in terms of ability to provide information access and enable computer networking. I am particularly concerned about finding an approach that balances the various corporate interests with those of the general public and those of government both at the state and federal level. There are also significant international interests to resolve here. I am skeptical that most of the long-term corporate interests have yet been represented, much less those of the public, particularly with respect to ownership of the DNS database and the purposes for which it can be used by the private sector. It is critical that we keep the Internet open as a public resource while electronic commerce also flourishes on the net in parallel. Public health and safety, education and access to government information, and similar matters should be taken into account in the evolution of the DNS system as well as other identifier systems that may emerge in the future.

While the proposed new corporation could be started by September 30^th, it is unlikely that the above concerns will be resolved in time. Evaluation and oversight by government and the private sector of the appropriate administrative structures for the evolution of the Internet should continue in the coming years, not just in the context of the proposed corporation, but in light of the new and emerging data structures and identifier systems such as the system described below.

It would facilitate the timely establishment of the organization if the existing IANA staff were transferred or seconded to it, or if the new organization subcontracted the technical tasks to the present group at USC/ISI. I believe it makes little sense to try to bring in a completely new staff and start from scratch. Eventually, some new staff additions would be highly desirable to reflect the growing diversity of the Internet. As I see it, the main questions here are: (1) how to properly scope the charter of the corporation; (2) whose interests should it represent; (3) who should sit on its initial board; (4) what processes are used to select future board members to insure reasonable representation; and (5) what oversight or recovery functions are desirable in the event the corporation cannot function effectively in the public interest. There may be some issues of senior staff selection as well, but these ought to be relatively straightforward to resolve, once the initial board is in place.

1.2. What should be done if it doesn’t occur by that date?

In that event, I think there is no choice but to continue pushing diligently to resolve the above issues. During the interim, the existing mechanisms should continue to be used and the role of the U.S. Government should be extended for this period. Alternately, an interim activity could be established at some existing non-profit organization (to put some distance between the status quo and the formation of the new organization), or a task force could be set up to administer the overall activity. This interim activity should invoke the existing mechanisms, possibly along with other new mechanisms until the issues are finally resolved to the satisfaction of the Federal Government.

1.3. How long should a transition team or task force operate?

Once the corporation is established, a one-year transition period seems to be a reasonable minimum. However, I would limit the time period to a maximum of two or three years. If USC/ISI continues to perform the IANA functions after September, no transition would be required until after they relinquish the function. In the event USC/ISI wishes to stop performing this function, they should locate a successor organization, or establish one, with concurrence from an appropriate oversight body in the Federal Government (which would normally forbear from direct involvement in the IANA operations). After any such transition period is over, it is advisable that an oversight body in the U.S. Government be tasked with the responsibility of tracking the evolution of this process and reporting on its progress to Congress and others, as appropriate.

2. It has been suggested that an interim board of directors should be chosen to establish the Green Paper’s new non-profit corporation, after which a process for electing new members of the board would be established. How would one go about establishing an interim board and who should be a member of the interim board?

The Green Paper process or the POC/CORE process may work acceptably well, once the above issues are resolved. A compromise would be to form the union of the two, with a correspondingly larger board. In my view, the larger board would not be a disadvantage in this case. The primary constraint should be to make sure that the overall composition of the board was representative. My personal approach to representation on the interim board, for a total of up to 30 members, would be:

Internet Administration (e.g. RIPE, ARIN, APNIC, NSI) (4)
Internet Service Providers (3)
Computer, Software & Telecommunications Firms (3)
Education & Non-Profit Inst. (1)
Research Representative (1)
Representation of Public at Large (4)
US, EC & AP (6) - 2 per
IANA designee (1)
ISOC/IAB designee (1)
IETF designee (1)
Special designees (5) - to diversify representation on the board

3. It has been suggested that "unified network directories" may join DNS as an Internet resource.

3.1. Please describe the directories and their potential role and value.

While it is not clear exactly what is meant by this term, I would strongly urge the Federal Government to insure that a distributed scalable root system is available for the DNS in the event of a failure in the private sector to adequately maintain the system. One possible way to accommodate this is to use the existing Handle System technology that was supported by DARPA and has been operating on the Internet for the past several years. This could be incorporated with essentially no change in the way the existing DNS system operates. A major feature of this System is that it provides the necessary coordination mechanisms for a unified directory system and can easily support multiple registrars for a given TLD, which is what I believe the comment about unified network directories is really getting at.

3.2. When might they be developed and adopted?

The Handle System technology is in place now on the Internet and could be made available in time to be used in conjunction with the new organization at its outset. Other technology could also be developed or adopted from industry. I cannot comment on those other options.

3.3. Could they supplant the DNS?

I can only comment on the Handle System, which could supplant the DNS system. However, I don’t think this is likely to happen in the foreseeable future because of the considerable investment in the currently deployed DNS system. However, it could augment it today and provide a path to a more advanced identification system for the future.

4. As presently written the Green Paper states that domain name disputes should be resolved at the registry level. Is this appropriate, or should these disputes be handled by the registrars rather than the registries?

I believe domain name disputes should be resolved by legal means - in court, if necessary. Registrars should be free to adopt whatever rules they want about the acceptability of names; a first-come, first-served policy would be ok, as would a first-come – if no trademark objection – policy. The registry would merely record the actions of the registrars, forming no judgments. It would act like a recorder of deeds, in effect, and specifically not allow any duplicates to be entered. The main question here is whether simple disputes can be adjudicated without the need for formal legal proceedings and, if not, what court (or other body) to fight in when a name is used internationally. There are many possibilities to be considered here. For example, a streamlined alternate dispute resolution mechanism might be implemented under the auspices of the American Arbitration Association, or a switch takes place to numbers instead of names so that semantics play no significant role in the identification process. Building enough flexibility and diversity into the system can ensure that there are both no blockages in the system and clear guidelines to disambiguate otherwise similar terms that are subject to trademark protection in multiple countries.

The Handle System would allow multiple parties to share the same domain name in a variety of ways. In areas where sharing is not otherwise possible, the user could be given a short menu of choices from which to choose (e.g. Budweiser in Europe or the Budweiser in North America).

5. In your written statement you argue that policy oversight of the distribution of IP numbers should be conducted by two distinct governing entities so that one group does not set policy for both. Your fear is that the DNS is simply one way of naming computers on the Internet and that if one entity oversees both functions it could become difficult for new alternative naming systems to evolve on the Internet. What changes to the Green Paper would you suggest in order to establish distinct governing entities for the DNS and IP numbers.

If the DNS issues are separated out (i.e. not the responsibility of the new corporation), then existing organizations could continue to perform these functions. If the overall responsibility for DNS functions is placed in the new organization, along with its other responsibilities, a great deal of care should be taken to insure that it doesn’t provide this one naming function (i.e. the DNS) an anti-competitive status with respect to improved naming schemes for the future. I further address the DNS issues below.

6. While the discussion has focused mostly on two competing proposals for transferring the Domain Name System to the private sector, a third option – doing away with the Domain Name System – has received little attention. You testified that "the answer is clearly yes" that the Domain Name System could be replaced, but that it would take some time. Please explain how much time you think it would take to move to a system that does not use domain names.

The basic problem here is that, with an alternate system such as the Handle System, existing Internet software would have to be modified somewhat. The extent of effort required would vary. In some cases, changes in one system would mandate changes to other systems. For this reason, I cannot give a time frame to make a complete changeover. However, there is a relatively simple way to get started. The Handle System can be used to backup the existing DNS root server system in the event of failure. This capability is currently in place and requires no change to the rest of the DNS system or any of the existing user software. The Handle System can also be used for DNS resolution with no changes on the user side, but that would be an alternate technology approach to maintaining the DNS system. The Handle System can support many other identification systems as well as new capabilities that rely on identifiers such as management of rights, interests and transfers of value in the Internet environment.

Having said that, I would strongly urge the research organizations in industry and academia to explore the potential for more advanced identifier systems, including the use of the existing Handle System. Pursuing new alternatives in parallel with the DNS seems like the right approach here.

7. Mr. Magaziner testified that there were four principles that the administration’s Electronic Commerce Working Group and the Department of Commerce were trying to follow: (1) that the stability of the Internet should be preserved; (2) that increased competition should result; (3) that the governing entities should be private-sector led; and (4) that there should be broad representation in the technical management of the Internet, both functionally and geographically. A fifth principle which could be added is that any proposal should minimize trademark disputes. A sixth principle which could be added is that any proposal should maximize portability. Addressing each of the four Green-Paper principles and the issue of trademark disputes, please explain how you think a system that did not use domain names would compare to the competing Green Paper and POC/CORE proposals.

Most importantly, the new organization should focus only on the fundamentals. Not all policy conflicts should be placed on its agenda. It would be good if the reach of its responsibilities could be kept reasonably small. It should not automatically be assumed that such a corporation should handle all regulatory matters pertaining to the Internet. Trademark is just the tip of the iceberg. There are many other bodies of law that will come into play as the Internet grows. For example, disputes involving financial institutions and new financial instruments made available over the Internet, will bring banking laws into play. The proposed corporation would not play a role in this context. Within the new organization, I would focus on simple mechanisms and implementable policies to deal with the management of IP addresses and related parameters as the primary concern. The integrity of the IP addressing mechanisms needs to be maintained in the public interest, much as frequency allocations and even street addresses have been maintained in the public interest. While, as an interim matter, the proposed corporation may concern itself with DNS technical issues, to the extent possible, the corporation should endeavor to avoid dealing with extraneous issues like trademark law.

Let me focus my attention on the Handle System alternative. The stability of the internet will largely depend on the processes that are put in place, of which the new organization could be the most important component. However, I worry about stability in the event that the private sector is unable to adequately maintain the DNS system as a working entity. For this reason, I strongly support the notion of a well-defined recovery process with designated roles and responsibilities. One small part of this is the ability to reconstruct the DNS system in the event of a collapse of some kind within the DNS registration process or the DNS resolution process. The use of a distributed scalable root system that can back up the private sector operations (and work closely with it) seems the most effective path. Similar approaches can be developed (or determined) that can provide adequate backup in other areas of concern as they arise.

The Handle System option will support free and open competition in the area of names and identifiers. However, along with open competition comes the combined issues of quality of service and trust. Some providers may not function as well as others and thus the benefit of brand names and "branding" becomes important. The private sector is the natural choice to provide the registrar functions, but any governmental body could provide these functions for its own purposes in the public interest. The Handle System does not distinguish between registrars or other administrators in any meaningful way, and does not dictate or restrict the choice of administrators or how they operate. Thus, it is completely consistent with a private sector management strategy.

With respect to broad representation, the Handle System is one technology but other technologies could also be selected by the new organization, as it deemed appropriate. On the trademark dispute topic, the use of numbers instead of names would help dramatically. The Handle System only requires unique identifiers, which are variable length bit strings. Thus, they can be all numeric, as well as alphanumeric, and even unprintable. Finally, the Handle System is portable to many different platforms.

8. Of the three options – the Green Paper proposal, the POC/CORE proposal, and the no-DNS options – which in your view is superior for the long-run growth and stability of the Internet?

In my view, the replacement of the DNS by a directory-based identifier system, such as the Handle System, is the best technological choice for the long-run. Any of the management and organizational aspects of the Green Paper or the POC/CORE proposal could be implemented using the Handle System. For certain domains outside the DNS, there may be multiple existing bodies that already provide management and organizational functions. For example, a current use of the Handle System is to identify publisher disseminated materials. There is today a body called the International DOI Foundation that provides management and organizational functions for the publishing industry users. It is anticipated that there will be other groups established in the future for managing other digital material using the Handle System. The International DOI Foundation is but one example of how a DNS organization might be structured in the future, and represents industry leadership in the area of identifiers. The www.doi.org web site has more information.

The management and organizational structures envisioned in the Green Paper and the POC/CORE proposals could be put in place in parallel with those of the various content providers such as the publishers. Similar structures are in process in the music industry and other content industries where digital objects of all kinds are likely to be made available commercially. The Library of Congress is using the Handle System for identification of many items deposited at the Library, none of which would normally come under the aegis of the DNS, but can be serviced by the Handle System technology (as can the DNS).

9. In both the Green Paper and POC/CORE proposals, creating and allocating domain names is done at the registry level. Under a system in which domain names are not mandated, could this function be moved to the registrar level, creating competition for "domain names" or other naming conventions?

The short answer is yes, and that is where the interface with the end user should reside. In the case of the Handle System, multiple registries may be contained within the system, each managed by a registrar (also called a "register" or "administrator") who is responsible for providing its overall local functions. The composite set of registries are fully distributed and provided by the Handle System. It can therefore serve as the authoritative repository of existing identifiers. It will not accept duplicate entries. Thus, most decision-making functions can be placed elsewhere. I would opt to have a policy that lets the registrars set most of their own rules, except for certain basic policies such as the prevention of duplicates. An unlimited number of domain names at any level is possible here, subject only to having sufficient machine resources (i.e. storage and processing).

10. You testified that, "There’s no right number of domain names. On the other hand, if you’re going to add more, the right number is probably infinity. But the minute you get into an infinity number, you get into this whole issue of trust." If an alternate system to the Domain Name System were developed, please explain what would need to be done to ensure that the system was seen by users to be trustworthy.

There is no way to ensure complete trust except by some authorization or accreditation means. For example, not all banks provide equal levels of service and some fail; however, there are well-developed government controls and oversight of the process, as well as oversight mechanisms in the financial community. In some cases governments provide limited amounts of insurance. Brand names are important. Users will tend to give their business to organizations that they trust. If there were only one provider of banking services, a customer would have no alternative but to trust it or not do banking. Similarly, with one or only a few registrars, maintenance of a very high trust level is essential. With hundreds, thousands or millions of registrars, the situation is very different. Many users today have no idea how much trust to place in their internet service provider. Trust is usually developed over time based on performance and other factors. The role of organizations that can identify providers of acceptable service, or provide authorization or accreditation services, could be very helpful here. The government may make a useful contribution to this process as well.

11. You testified that, "Right now, we’re all traveling on the horseback called the DNS system." In your view, should we be rushing to maintain a system – the Domain Name System – when it becomes obsolete? Would we be better off taking a bit more time to set up a system that has the flexibility needed to incorporate the "better solutions" you mentioned instead of rushing into a plan that locks the Domain Name System into place?

I would strongly support setting up a more advanced system in parallel with the current DNS system and focus on more future oriented applications. There need be no change to the current DNS system in order to make it compatible with the Handle System. All the "in-place" software can continue to operate as is, and the existing policy mechanisms can continue to be used or adapted, including moving to the new organization under discussion. The Handle System can also support more advanced applications while, at the same time, supporting the DNS system as well.

Also, I would treat the new organization as one such organization to manage one aspect of naming and identification on the Internet. There will surely be many others developed and deployed independently in the private sector. There will be a need for coordination among the various emerging systems. By having a unified directory system, such as the Handle System, it makes it possible to have a standard mechanism for resolving identifiers, even if the management and administrative policies for each is for the most part different and separate.

12. Should the federal government have any role relative to the Internet addressing and numbering functions after termination of the current IANA and NSF contracts and the establishment of the corporation called for in the Green Paper?

Two important roles the federal government should have (other than carrying out its own functions as it best determines) are: (1) to maintain an appropriate liaison and oversight role with the relevant private sector bodies so that the government has a basic understanding of what is happening. This is important in the event of a collapse in the private sector that requires government intervention to maintain an "orderly society" that depends critically on the Internet as infrastructure; (2) insure that an authoritative repository of identifier information is maintained (this could be in the private sector) for use by the government in the event of failure of the private sector to maintain the DNS functions (and possibly other critical societal functions such as those in the health care arena). This repository, acting (at a minimum) as a distributed root system, should be distinct and separate from the operational registry used for DNS functions so that it can start to bootstrap the recovery function with the detailed information from the registrars that can still provide it. Those that cannot will disappoint their users. If most of the system recovers, that may be sufficient. If the Handle System also provides partial or full DNS resolution, it can provide continuity of service directly for those entries it contains.

Finally, there may be numerous privacy concerns to consider. One day, the new organization could be in a position to track information flows on the Internet and possibly penetrate private information. The organization may also refuse to interact with other relevant bodies for political, corporate or other reasons. While the best of intentions may be assumed, some means of insuring reasonable behavior by the new organization that minimizes the need for litigation in a court of law would be highly desirable.

[ home | about CNRI | programs | news | publications
special interest topics | site map ]