Testimony before the

Subcommittee on Basic Research

of the

Committee on Science

on the subject of

Internet Domain Names

Rayburn House Office Building

U.S. House of Representatives

Washington, D.C. 20515

by

Dr. Robert E. Kahn, President and CEO

Corporation for National Research Initiatives

1895 Preston White Drive, Suite 100

Reston, Virginia 20191

March 31, 1998

I am pleased to be here at the invitation of the House Science Subcommittee on Basic Research to testify on the subject of Internet Domain Names.

My name is Robert E. Kahn and I am President and CEO of the Corporation for National Research Initiatives (CNRI), a not-for-profit scientific research organization established in 1986 and located in Reston, Virginia. Prior to founding CNRI, I was employed by the Defense Advanced Research Projects Agency (DARPA) from 1972- 1985 where the last position I held was director of the Information Processing Techniques Office. Before that, I was on the technical staff of Bolt Beranek and Newman (now a part of GTE), the faculty of MIT and the technical staff of Bell Laboratories. At BBN, I was responsible for the system design of the ARPANET, the pioneering computer network that led directly to the Internet. At DARPA, I was involved in many activities related to the subject of this hearing, but the most relevant is the Internet program which I started and in which I was a key contributor.

By way of disclosure, you should know that CNRI is actively involved in various aspects of research and development that relate to the Internet or can benefit from the availability and efficiency of the Internet. CNRI has and has had interactions with many of the interested parties in the subject of this hearing. Included in this list would be most of the large Internet Service Providers, many of the telecommunications and computer companies, the Internet Society, Network Solutions, USC/ISI and the U.S. Government. CNRI hosts an organization of Internet Service Providers known as iops.org and also a Cross-Industry Working Team (known as XIWT) with diverse interests tackling many issues of concern for a national and international information infrastructure.

Another CNRI activity, not directly related to the subject of these hearings, may be of possible interest from a technical perspective. CNRI has been providing both registry and directory manager services for an alternative identifier system (known as Digital Object Identifiers or DOIs) on the Internet in conjunction with publishers in the U.S. and Europe. The technology was developed with support from DARPA and is being used by other groups such as the Department of Defense and the Library of Congress, and in various digital library research efforts. The registry is a single logical entity that is distributed in multiple locations and supports open interfaces. Multiple directory managers will likely be added by the publishers in the coming year, but the basic identifier system can be used by others as well.

The Green Paper proposed one specific approach to the issue of domain names for comment. Other approaches have been expressed by others. I believe there is considerable overlap between these approaches and some significant differences. I address some of the basic agreements later on in my remarks. At this point, among the differences, I would identify 1) the exact nature of the future governance and evolution of the Internet and 2) the specific mechanisms identified to implement competition within the domain name system in the future. These two subjects are actually quite complex and difficult issues to resolve and often different apparent agreements can turn into disagreements based on details and nuances.

I believe the present debate over domain names could benefit from a further deliberative period in which contending parties can work toward a consensus on feasible solutions. For this to work, a kind of temporary "safe-harbor" or "cease-fire" period would be helpful to allow the process to converge. In this context, it is especially important to take into account the views of the international community not only in reacting to the proposed solutions already put forth, but also in helping to further shape and refine them over time. The U.S. Government should facilitate this process by continuing to articulate 1) fundamental principles of competition, where competition is appropriate, 2) openness in the standards process, and 3) integrity in the Internet architecture including the management of IP addresses and the need for oversight of critical functions.

With that said, I would like to acknowledge the work of this committee in tackling this problem, to Mr. Magaziner for all his efforts to bring some clarity to the situation and to all the interested parties for contributing their views and opinions. This is critical to the nation and to the world. The solution should be an effective one, even if it appears difficult at times to achieve and even if it takes longer than any of us may wish.

In the remainder of my remarks, I would like to list some specific assumptions that I believe are sufficiently agreed upon that I have taken them as givens. Then, I conclude with three specific recommendations for the House Subcommittee on Basic Research. These recommendations are necessarily very high-level, but are essential to making the right long-term decisions. Basic research is needed on issues of scalability, reconstitution and advanced functionality in many areas of networking (including those being addressed today), but I specifically do not address this topic in any detail in my remarks today. However, at the end of my comments is some additional background information relating to the evolution of the Internet, the domain name system and the Internet governance mechanisms that may be relevant to today's discussion.

The Internet would not exist if it were not for the U.S. Government. It helped to create the Internet, and has been an excellent steward for it since its creation over 25 years ago. It funded the necessary research, made sure the community had the responsibility for its operation, and insulated it to a very great extent from bureaucratic obstacles and commercial matters so that it could evolve dynamically. Rather than trying to retain control, the U.S. Government has continually ceded control while retaining ever diminishing oversight responsibilities in critical areas. The U.S. Government has enabled an enormous industry to be created and to grow, such that a large part of our economic base can be attributed to the Internet, and increasingly, this situation is likely to occur in other countries around the world. The US is still in a position to insure that a stable management structure for the Internet is put in place without the need for government involvement in its day-to-day operations at almost any level. I believe the U.S. Government has a responsibility to do the right thing, not the most expedient thing or the most politically acceptable solution of the moment, even if it takes time to discover what it might be.

The rapid increase of commercial activity on the Internet has brought along with it a major international component. Increasingly, the rapid growth areas of the Internet are global in reach, and that segment can be expected to grow at a faster rate as the rest of the world continues to increase its participation. This naturally adds a political factor to the equation as the governance issues must take into account the needs and desires of others outside the United States to participate. While it is natural for the U.S. Government to take the lead in evolving the Internet to a form where its direct support and involvement are no longer required, I believe it has an obligation to continue to do so in a way that leaves the Internet in a stable and workable state to evolve for the future. Representatives of the international community should be invited to participate in the overall process by which the future management structure is determined and also to participate in its overall operation in the future. This will require considerable further discussion within the international community.

Even if other countries are not involved directly, not every country has the same interpretation of what it means to privatize a function that was previously run by government. In many other countries of the world, telecommunication providers are closely associated with governments, if not actually run by governments. Thus, it is likely that any privatization approach will bring other governments into the picture either directly or indirectly. A reasoned plan for how the Internet can run, that takes into account the international dimension along with the commercial dimension is critical. While the US should take the responsibility for formulating a plan, it may take time and further discussion with the other countries for them to feel part of the process yet to unfold and to get comfortable with the overall plan.

Both the Green Paper, and the CORE/POC approach have helped to move the deliberative process forward. The comments received on these proposals and the views of the Internet Assigned Numbers Authority (IANA) on its future have also added to the process. While there is considerable overlap among the proposed solutions, none of them are such that there is yet universal consensus for the details in any one of them. Over the past year, the space of solutions has continued to get increasingly reasonable and will likely continue to do so. This does not mean that consensus is guaranteed to be forthcoming, but the proposals now under consideration could still improve significantly. Further discussion of the alternatives (particularly among the international community) will surely help and improvements could involve hybrid combinations of some of the proposed solutions.

There is still enough time to find a reasonable solution to this problem. Certain steps could be taken to neutralize temporarily the legal risks and economic concerns associated with the current Internet management structure and its transition to "whatever comes next". One such step would be to institute a temporary immunity time-zone so that these matters could be worked out in good faith without need to take preemptive action to ward off law suits pertaining directly to the current structure on Internet infrastructure management. Another interim step would be to see if a temporary reduction in the cost of registrations would be possible while this matter is further discussed. Another would be to create an interim period of competition for the "registrar" functions while existing registries are operated on a cost-recovery basis.

The critical thing needed by the Internet Service Providers and all Internet applications programs is that IP addresses work reliably. Domain names are a simple way of using names instead of numbers and, while they have become tightly associated with use of the Internet, for mainly historical reasons, they are not a fundamental requirement for operation of the Internet. Other means of naming and identifying machines, devices, software objects and other resources have been developed and are in use, and many more such approaches will likely be developed in the future.

1. Take more time to resolve the outstanding issues.

This would involve embracing the various commercial, technical and international issues more directly through discussions and dialogue which would help to shed light on the various structural options. This is intrinsically a governmental matter to help resolve, although the solution should be implemented within the private sector. The goal should be to institutionalize Internet management in an appropriate way so that a long-term stable situation results. A key subgoal should be to establish a phased transition strategy such that new mechanisms and functionality can be introduced, evaluated and refined over time. Temporary remedies should be provided for the short-term concerns that are fueling the need for a quick resolution. The relevant US government agencies should remain involved until a workable solution is found and, thereafter, retain oversight of the process until and unless an appropriate international oversight mechanism can supplant it.

2. Separate the management of Domain Names from the Management of IP Addresses to ensure that new naming systems can be introduced and compete on a level playing field.

The IANA functions are critical to the continued operation of the Internet. Several distinct functions are involved here; they should be institutionalized and moved to two distinct bodies so as to keep these functions separate and operated in such a way as to insulate them as much as possible from bureaucratic, commercial and political wrangling. These can be existing or newly created bodies and housed within one organization or two. A start down this path recently occurred with the formation of the American Registry for Internet Numbers (ARIN) in the U.S.

Domain names are not an intrinsic part of the Internet, but rather one convenient naming convention that exists because it got an early start. While the IANA currently handles policy for both domain names and IP addressees, it is not likely that the IANA will handle policy for every other naming convention that ever develops. As long as both are bundled together, it will make it increasingly difficult in the future for other naming conventions to compete on a par with domain names and IP addresses. Domain names will likely continue to be used for a long time, but it would be a mistake to assume that the current functionality of the DNS System is appropriate for the indefinite future. Even the current functionality and scalability has to be carefully examined because of the growth of the network and the many new applications which will put increasing load on the Internet. It is highly desirable to make sure that alternative systems and competition can develop here; the rules for competition should be clearly articulated and maintained. The exact mechanism or set of mechanisms still needs to be developed and should involve the affected parties.

I recommend that one body deal primarily with IP addresses, protocol parameters and the like. The other jurisdiction should deal exclusively with domain names. Jon Postel has performed these functions admirably over the past twenty years. However, to stimulate competition, the time has come to split these functions apart. His involvement, as a technical advisor or in some other capacity, in both functions should not be ruled out as part of the process.

3. Provide for integrity of the Internet Numbering system, open standards practices, and competitive services. These are among the most critical parts of the internet management infrastructure.

The IP Address system is one of the most critical functions of the Internet, and its integrity almost surely requires knowledge and context that is not easily transferred to others. One trusted organization, a small set of cooperating trusted organizations or some other trusted body, is appropriate to handle this IANA-related function. This aspect should not be competitive, but requires oversight by the U.S. Government or by a duly constituted group with international participation to ensure the interests of the public are protected as the Internet becomes increasingly global in reach.

An open standards process in the Internet has been maintained since day one; this is a cooperative function open to all participants and is led by the Internet Engineering Task Force (IETF). CNRI has been providing the Secretariat for the IETF for the past decade with NSF support on a cost-recovery basis. The leadership of the IETF, drawn from the international community, is also known as the Internet Engineering Steering Group (IESG) and now provides oversight for this activity in lieu of NSF. Internet standards are determined by the IESG under the auspices of the Internet Society.

Services on the Internet should to the maximum extent be required to be competitive. This principle should cover all the relevant services, of which the domain system is but one of the more important early examples. This will also require coordination with other governments to insure that anti-competitive practices are eliminated.

The nature of the topic you are considering today, being quite intricate technically, also involves a complex mix of architectural, procedural, service-related, economic, legal and international dimensions. Even if there were sufficient time to go into all the possible choices and options, as well as the details within each of them, it is not clear that it could be conveyed that easily in a single hearing or meeting. As I indicated earlier, I hope this can be done in a deliberative well-reasoned consultative process, while tending to the immediate urgencies that have arisen in ways that do not prejudice the larger Internet governance matters. I know this will take more time than can be allocated here.

In the early 1970s, DARPA was exploring radio and satellite-based packet networks along with the ARPANET. Each network had different communication speeds, interfaces, packet sizes and internal operations. After joining DARPA, I became the principal architect of the packet radio network, a high-speed forerunner to today's CDMA cellular technology. I also assumed management responsibility for creating a packet satellite network, which was ultimately deployed on Intelsat IV and linked several European sites with a kind of "ethernet in the sky." The challenge, back then, was to connect these three different packet networks into a seamless whole whereby any computer on one of the three networks could talk to any computer connected to any one of the three networks without necessarily knowing the location of the other sites or the underlying network connectivity.

The Internet resulted from this effort to connect those three networks and their computers in such a way that other networks and computers could be easily connected in the future. At the time, there were no personal computers or workstations as we now know them. Local area networks (such as the ethernet and ring networks) were only in development within various research laboratories, but had not been deployed. By solving the network and computer connectivity problem in a generic way, we were able to ensure that new technological developments in the future could be accommodated.

The key technical contribution which enabled this "network of networks" to be constructed was an architecture consisting of gateways (now called routers) which were placed between the networks, and a protocol, now known as TCP/IP, which was used by the computers and the routers. I collaborated with my colleague Vinton Cerf, then at Stanford University, on the development of this protocol which was presented publicly for the first time in September 1973 at a meeting in Sussex, England and published by the IEEE in May, 1974. Subsequently, I enlisted the help of BBN and University College London to work with Stanford in creating the initial implementations of the protocol (for different computers). With support from DARPA, BBN created the initial Internet gateway software for experimental use in the mid 1970s.

Until the early 1980s, the Internet was used primarily for experimental purposes. During that period, the protocols were steadily refined and tested. Other networks were connected during that period including many of the early local area networks; a few European research networks were also connected. During this period, the overall management of the Internet was handled by DARPA in the person of either myself or Dr. Cerf, who was with DARPA during the period 1976-1982. Many of the basic issues under consideration in this hearing can be traced to decisions we made during that period. However, since there were few commercial organizations participating at the time, and very little international involvement, decisions we made were largely determined on the basis of logically defensible criteria and fairly complete knowledge of all the relevant matters; fortunately, we were also in charge of the overall research program and, as a result, there was remarkably little controversy about the Internet within the research community.

One of the decisions we made during that period was to delegate responsibility for maintaining information about key Internet parameters to Jon Postel, currently a researcher at the University of Southern California (USC) Information Sciences Institute who had been carrying out similar functions for the ARPANET. While DARPA retained the ultimate authority for decisions about policy and procedures, increasingly Jon Postel assumed primary responsibility for these functions, with DARPA retaining an oversight responsibility in the event this was necessary to invoke. During that period, no occasion arose when there was a need to second guess his decisions (although we often would inquire as to how he came up with certain decisions). This function, performed by Jon Postel under USC's contract with DARPA, eventually became known as the Internet Assigned Numbers Authority (IANA) and included certain policy matters associated with domain names as well as IP addresses and protocol parameters. With DARPA's permission, Jon delegated certain clerical and operational functions to SRI International, while retaining other functions. Among the former were the maintenance of a database which mapped Internet names to Internet addresses and making this resource available on the Internet.

Moving ahead toward the present, the ARPANET was phased out in 1990 and was effectively replaced by a higher-speed backbone known as NSFNET built by IBM, MCI and Merit under an award from the National Science Foundation (NSF). With encouragement and help from DARPA, NSF took over responsibility for maintaining most of the Internet management infrastructure from Defense, and recompeted the contract that the Defense Department had with SRI International. Network Solutions, Inc. (NSI) won the competition for providing the domain name registration services and has provided this service ever since, with a few exceptions, such as country codes.

When the Internet naming service known as the Domain Name Service (DNS) was first proposed in the 1980s by Paul Mockapetris (also from USC/ISI along with Jon Postel) most of the then existing sites could be characterized as educational (EDU), US government (GOV & MIL) or other (this included network (NET), organization (ORG), some commercial sites that had first class research laboratories (COM) and a few special cases involving matters such as testing and multi-national experiments (ARPA and INT)). It was envisioned at the time that the overall database of names, which had previously been so small that it was trivial for a site to download the entire database from SRI daily, might become somewhat unwieldy if the number of hosts or networks increased significantly. Breaking the Internet names into categories such as EDU, COM, etc. would allow them to be managed separately and resolved into IP addresses separately, thus affording an opportunity for efficiency and increased autonomy in the operation of the Internet.

In addition, two letter country codes were introduced as domain names that could be managed by individual countries according to policies developed by the countries themselves. It is not necessary that all countries participate, and indeed not all have in the past. The IANA made the determination of who in a given country would be responsible for that countries domain, but gave deference to the legitimate government of the country if it chose to weigh in.

In the mid 1990s, the rapid commercial growth of the Internet was fueled in large measure by the success of the NSFNET, the introduction of many commercial Internet Service Providers, the Boucher bill which allowed NSF to open the NSFNET for commercial use (in addition to research and educational use), the continuing attraction of electronic mail and file transfer capabilities, and the subsequent introduction of the point-and-click browser for the World Wide Web. With competitive commercial service available for access to the Internet, NSF reduced its subsidy for the NSFNET and stopped subsidizing the services provided by NSI in order to put them on a pay-as-you-go-basis. NSI has continued to do an excellent job of providing such services for the Internet under a Cooperative Agreement with NSF that is currently due to expire later this year. However, with several million domain names in existence and the potential for many more in the future, the annual revenue derived from domain name registrations could easily exceed a hundred million dollars per year if the current level of fees were to be maintained. Although the fee for individual domain name registrations has been $50 per year (it has since been announced that the fees will be reduced somewhat), many individuals and organizations have expressed strong feelings that the existing fee structure and organizational arrangements are untenable in the long term and should be rectified.

One proposed approach for domain name registration is to require the separation of service provider roles into registries and "registrars", although one party can provide both roles. In this approach, domain name registries would be placed on a not-for-profit basis, with the registrars offering competitive commercial services. I presume this need not imply that the organization running a registry must be non-profit, but only that the function must be based on cost recovery. In this model, NSI and/or other competent organizations could provide this function. Oversight would still have to be provided from some appropriately constituted body. It is still unclear how best to introduce competition in this approach.

My view is that, in general, fewer separately managed gTLDs are better than more, but there is no obvious choice of the right number in a competitive environment unless, in principle, it can be arbitrarily large. Still, this general approach of increasing the number of gTLDs, at least as an interim approach, holds considerable appeal and almost all the parties are endorsing the principle but with considerable divergence of opinion about how to achieve it equitably and technically.

Another solution is for the U.S. Government to recompete the function, as it did for the InterNIC, according to a set of agreed principles (hopefully with broad community consensus) with a goal of enabling this function to operate in a stable and reliable fashion without direct US government involvement in its operation. Others feel that this can be sorted out completely within the private sector. There would likely still be a need for an oversight role of some sort as there is for any critical societal function (even a competitive one) that cannot be allowed to fail. But even here, there is no consensus yet on what that oversight should be, who should provide it or even that it is needed.

More time is needed to reach a consensus on how best to proceed here.