ccTLD Drafting Task Force


Best Practice Guidelines for ccTLD Managers Best Practice Guidelines for ccTLD Managers A working document of the Best Practices and Redelegation Working Group of the ccTLD Constituency of the DNSO, part of ICANN August 16, 2000 Version 3.2 The Word version indicating modificiations to the version of June 12th 2000 is available in http://www.cctld-drafting.org/documents/BPR_v3.0.doc The text version of June 12th 2000 is available in bp.12jun00.html Table of Contents Introduction Background 1. Objectives of this Document 2. Definitions 3. Best Practice 3.1 Status and Responsibilities of ccTLD Managers 3.1.1 Service to the Community 3.1.1.1 Promotion of the Internet 3.1.1.2 Investment in the community 3.2 Registration Policies 3.2.1 Formation and Creation of Policies 3.2.2 Minimum Requirements of Registration Policies 3.2.2.1 Contracts with Registrants 3.2.2.2 Identification of Registrants 3.2.2.3 Fairness 3.2.2.4 Privacy 3.2.2.5 Domain Dispute Resolution 3.2.2.6 Restrictions on Domain Names and Content 3.3 Operational Requirements 3.3.1 Service Quality 3.3.2 Technical Operations 3.3.2.1 Data Security 3.3.2.2 Duties 3.3.3.3 Information to IANA 3.3.3.4 Access to zones 3.3.3.5 Subcontracting 3.3.3 Financial Matters 3.3.3.1 Business Model 3.3.3.2 Promotion 3.3.4 Law Introduction Whilst recognizing that existing managers of ccTLD registries do not necessarily fully conform to best practice, most of the ccTLD Manager community is committed to work towards compliance. As ICANN will formalize its relationship with ccTLD managers in the foreseeable future, there is also a need for a redelegation procedure. Background The Domain Name System structure contains a hierarchy of names. The root, or highest level, of the system is unnamed. Top Level Domains (TLDs) are divided into classes, ccTLDs and gTLDs, based on rules that have evolved over time. ccTLDs - country code Top Level Domains - are associated with countries and territories. gTLDs are (with some exceptions) generic and global in nature. To date, ccTLDs have been assigned to countries and territories using the ISO-3166-1 list, on the basis that ISO has a procedure for determining which entities should and should not be on that list. Historically, the management of ccTLD Registries was delegated by IANA to the existing ccTLD Managers, under the guidelines originally set out in RFC 1591 and elaborated upon in ICP-1. RFC 1591, published in March 1994 by Jon Postel of IANA, is a compendium of the experience and best practices of the majority of the ccTLD registries in existence at the time. ICP-1 is an alternative name for a document entitled "Internet Domain Name System Structure and Delegation", jointly issued in May 1999 by the then separate ICANN and IANA (www.iana.org/cctld/icp1.htm). ICP-1 contains a statement of policies then and still followed by the IANA in connection with ccTLDs, and is thus the most current reference for existing ccTLD policy and changes to it, which the current document attempts to present. A list of current TLD assignments and names of the ccTLD Managers may be accessed at http://www.iana.org/cctld/cctld.htm A ccTLD Manager's authority comes from its delegation from IANA, from serving the Global and Local Internet Community, and from the affirmation by IANA and the Local Internet Community of that authority. The IANA and the Local Internet Community, including governmental and other authorities, have a responsibility to support and protect the ccTLD Registry, and to assist the ccTLD Manager serve that community. The Internet Assigned Numbers Authority (IANA) is the overall authority for day-to-day administration of the Internet Domain Name System (DNS). The IANA function is currently located administratively within the Internet Corporation for Assigned Names and Numbers (ICANN). IANA staff carries out administrative responsibilities for the assignment of IP Addresses, Autonomous System Numbers, Top Level Domains (TLDs), and other unique parameters of the DNS and its protocols. This document describes the role of IANA and the role of managers of country-code Top Level Domains (ccTLD Managers) in the administration of the DNS with respect to the operation of ccTLDs. ICANN/IANA is the international organization charged with supervising the Internet Domain Name System based as far as possible on constituent consensus with respect to policies affecting and affected by the DNS. ICANN's ultimate accountability is for the reliable performance of the Internet and the broadest dissemination of Internet knowledge, technology, and development. ICANN will supervise the operations of the ccTLD Managers and will serve as the dispute resolution forum for complaints against a ccTLD Manager, or by a ccTLD Manager with respect to any actions deemed by the ccTLD Manager to affect adversely its operation of the domain. 1. Objectives of this document To set out areas to be addressed in creating Best Practice Guidelines for ccTLD Managers. 2. Definitions ccTLD - A country code top level domain in the top level of the global domain name system, assigned according to the two-letter codes in the ISO 3166-1 standard codes for the representation of names of countries or territories. ccTLD Registry - The entity which records names as domain names in a register of domain names for the country-code top level domain name, according to policies and rules, and following procedures, established with the Local Internet Community (see below). ccTLD Manager - A company, organisation or individual managing a ccTLD Registry. Registrant - A company, organisation or individual for whom a name has been registered as a domain name in the ccTLD domain name register. ICANN - Internet Corporation for Assigned Names and Numbers. IANA - Internet Assigned Numbers Authority (Incorporated into ICANN in 1999). Local Internet Community - The Internet industry and users (e.g. the educational community, the private sector, Internet societies, individual users, et al.) and the government and authorities of the state or territory with which the ccTLD is associated. The definition of the Local Internet Community may vary from one country/territory to another, and is essentially a matter for the community in a given country/territory to decide. The definition of the Local Internet Community should be documented, available for public inspection, and transparent to the local community. ccTLD Dispute Resolution Body - a Body, as further defined in Redelegation Procedures, a sister document to this Best Practices Guidelines, which will function as a panel to adjudicate disputes concerning the management of a ccTLD or the right to manage a ccTLD. 3. Best Practice 3.1 Status and Responsibilities The primary duty of the ccTLD Manager is one of Public Service. The Local Internet Community, in conjunction with the overall authority of IANA, is the source of the mandate under which the ccTLD Manager manages and operates the domain. The Manager's fulfillment of that mandate should be ensured through an ongoing consultative process with the Local Internet Community, which should, in turn, result in the protection of the interests of the Global as well as the Local Internet community. A ccTLD Manager is therefore a trustee for the delegated domain, and has a duty to serve the community of the Nation it represents as well as the global Internet community. Concerns about "rights" and "ownership" of top-level domains are inappropriate. It is appropriate to be concerned about "responsibilities" and "service" to the community. The ccTLD manager should be judged on his or her performance, and the extent to which it satisfies the needs of the Local and Global Internet communities. ccTLD Managers are entrusted with the management of the TLD Registry. The ccTLD Manager and Registry are not responsible for any alleged or actual violations of intellectual property or other rights, merely as a consequence of listing a domain name in the ccTLD register unless they have received prior notification from ICANN that registration of the domain name in question is restricted. No intellectual or other property rights in the 2-character code accrue to a ccTLD Manager as a result of the act of delegation of the responsibility for a ccTLD Registry. ccTLD Managers may have rights to the intellectual and other property developed by them as a by-product of managing the ccTLD Registry, subsequent to the delegation of such responsibility. The ccTLD Manager, in the absence of pre-existing arrangements, in consultation with IANA and the Local Internet Community, and unless agreed otherwise with the Local Internet Community, and consistent with the requirement to best serve the interests of the Local Internet Community, should be resident in the territory of the ccTLD and, if the Manager is a corporation, the ccTLD Manager should be incorporated there. The ccTLD Manager should recognize that some of the functions of the registry may be considered to be a monopoly and should not abuse its special position. 3.1.1 Service to the Community 3.1.1.1 Promotion of the Internet - It is the obligation of the ccTLD Manager to foster the use of the Internet in the geographical location associated with the ccTLD's ISO-3166-1 code for which the domain is named. The Manager should take a leadership role in promoting awareness of the Internet, access to the Internet, and use of the Internet within the Country. The ccTLD Manager should develop, over time, a consultative process with various elements of society including the government, the education interests, the health care interests, the cultural and other non-commercial interests, the business interests, and other sectors of society that may be affected by and which may profit by the use of the Internet, and who together make up the Local Internet Community. 3.1.1.2 Service - As community service is an essential and central element in the mandate of a ccTLD, the ccTLD Manager should from time to time, and depending on its financial situation, identify activities serving the interests of the local community with respect to the Internet. The ccTLD Manager should engage with the local community to stimulate broad usage of the Internet through initiatives such as educational programs, technical assistance, programs to enhance Internet access opportunities for residents, identification of innovative benefits to the local community through the Internet, or other activities as the ccTLD Manager may from time to time identify as serving the best interests of the local community with respect to the Internet. As part of its operating agreement with ICANN, the ccTLD Manager should develop a plan, consistent with its financial capabilities, for fulfilling its obligations to the Local Internet Community, including a consultative process interfacing with important elements of the local society both public and private. In general, the ccTLD Manager should attempt to provide service at the best level possible. 3.2 Registration Policies 3.2.1 Formation of Policies - Procedures for registration of domain names should follow policies rules and procedures that have been established and published in a transparent manner in consultation with the Local Internet Community, consistent with IANA's requirements. 3.2.2 Minimum requirements for Registration policies 3.2.2.1 ccTLD registries should have a standard contract agreement with Registrants setting out the expectations and obligations of each party. Registrants should be obliged to supply accurate and complete contact information at the time of registration, and to keep it current. 3.2.2.2 ccTLD registries should collect the necessary information to ensure that the Registrant can be authoritatively identified. Registries may choose to generate passwords, authentication tokens, digital/paper certificates, etc to assist in identification. Registries should provide an easy (Web based) means for registrants to update their details in the registry database. 3.2.2.3 Fairness - The ccTLD Manager should be equitable and fair to all eligible registrants that request domain names. Specifically, the same rules should be applied to all requests and they should be processed in a non-discriminatory fashion. The policies and procedures for the use of the domain should be made available for public inspection. Policies defining which organizations, businesses, individuals, etc. are eligible to register domain names under the 2-character ccTLD should be defined by the ccTLD Manager in consultation with the Local Internet Community. Specifically, the registration of domain names should be based on objective criteria that are transparent and non-discriminatory. Policies and procedures may vary from country to due to local customs, cultural values, local policies and objectives, law and regulations. The definition should be documented, available for public inspection, and transparent to the Local Internet Community. Requests from for-profit and non-profit companies and organizations are to be treated on an equal basis, and no discrimination may be made between customers or classes of customers based on race, gender, national or ethnic origin, creed, physical disability, or political affiliation. No bias shall be shown regarding requests that may come from customers of some other business related to the ccTLD manager. There can be no stipulation that a particular application, protocol, or product be used. 3.2.2.4 Privacy - The ccTLD Manager should have a consistently applied policy on privacy, and that policy should be published. The ccTLD Manager should attempt to provide unfettered public access to the contact information necessary to look up a domain in the Who-is database, to qualified interested parties on a fair and equitable basis, in compliance with applicable laws on data privacy, for the benefit of the local and global Internet communities., unless such access is clearly prohibited by applicable national law. The Manager should strive to harmonize the need for a global transparent Whois database and the privacy and data protection concerns of the local Internet community by ensuring that any processing of personal data takes place only with the unambiguously given consent of the registrant. [For example, the latter may be advised, at the time of registration, that their application for a domain name in a given zone constitutes consent to the making available to the public of specified data elements contained in the application. Those who were not so advised at the time of domain name registration may be advised that the periodic renewal of their registration would be contingent on agreeing to have certain data elements of their file, as it appears at that point in time, available to the public.] The ccTLD Managers will determine independently how much information to make available to the general public. In order to limit undesirable behavior (e.g. spamming) by those viewing the database, restrictions to protect the integrity and availability of the database, such as limiting may consider introducing restrictions on bulk access to qualified users paying for such access, should be introduced. [Users may look up the contact information for a single domain name, but may not download the data in bulk without a contractual agreement with the Registry.]the database to discourage undesirable behavior, such as unsolicited bulk e-mail (spam), on the part those viewing the database. 3.2.2.5 Domain Name Dispute Resolution. ccTLD Managers should define and publish their domain name dispute resolution policies and procedures, in consultation with the Local Internet Community. Mechanisms should be established by the ccTLD Manager to handle fairly and independently any such disputes arising between registrants, or other parties, and the ccTLD Manager. Making judgments in relation to disputes between third parties and domain name registrants is outside the scope of the ccTLD Manager’s duties. The ccTLD Manager should establish and publish rules providing for independent resolution of domain name disputes consistent with international intellectual property dispute resolution conventions and otherwise providing for swift, definitive, and non-discriminatory resolution of disputes. Such rules may provide for initial action in the best judgment of the ccTLD Manager exercised in good faith, but such action should be subject to the independent dispute resolution process. Each ccTLD Manager should adopt policies and procedures for resolving domain name disputes that suit the laws and customs of their local Internet community and the policies of their ccTLD. ccTLD Managers are encouraged to develop a Local Dispute Resolution Policy (LDRP) which is based on (or in some cases, may be identical to) ICANN approved policies, e.g. the UDRP. 3.2.2.6 Co-operation with law enforcement. A ccTLD Manager receiving a complaint from a relevant and recognized authority (e.g. branches of security agencies that concern themselves with mass media) of harmful or illegal (i.e. activity that is prohibited by local laws on disseminating certain kinds of information [national security-related data, pornography, etc.]) activity being conducted on a domain registered with the ccTLD, should share with that authority information on the holder of the domain name. 3.3 Operational Requirements 3.3.0 ccTLD Managers are charged with operation or supervision of the operation of the DNS service for the domain, including assignment of domain names, delegation of subdomains, maintenance of the zone files for the domain, and operation of nameservers. 3.3.1 Service quality: ccTLD registries must register domain names in an efficient and timely manner. 3.3.2 Technical Operations 3.3.2.1 - Data Security. ccTLD Managers must ensure that all Registry data is secured against damage or loss. For this purpose, they should, where resources permit, avail themselves of the best technology in prevailing use. (See 3.2.2.4 for treatment of privacy concerns) 3.3.2.2 The ccTLD Manager supervises the process of registration of domain names in the registry of the ccTLD, and supervises the operation of the domain name servers and the maintenance of the appropriate zone files for the ccTLD. There must be permanent (24-hours per day) Internet Protocol (IP) connectivity to the name servers and the registry servers. There should be published e-mail and web address contacts, and these should be permanently accessible. The ccTLD Manager must do a satisfactory job of supervising the DNS service for the TLD, and carry out its tasks in a satisfactory manner, with technical competence and with equipment reflecting at least the state of the art prevailing in the DNS system globally. Duties such as the assignment of domain names, delegation of subdomains and operation of nameservers must be performed with technical competence. At a minimum, the ccTLD manager must provide primary and secondary nameservers with 24-hour Internet Protocol (IP) connectivity to the Internet, 365 days per year, and operate the database with accuracy, robustness, resilience, and reliability. (See RFC 1591 and ICP-1). 3.3.2.3 The ccTLD Manager should keep the IANA advised of any changes to the information concerning the domain that is maintained in the IANA's register database, and should respond to requests for information from the IANA relating to the status and technical operations of the domain in a timely manner. 3.3.2.4 The ccTLD Manager must protect the integrity of its zone(s) and must make arrangements with IANA to assure continued operation of the registry, and continued resolution of names within the ccTLD's zone(s), in case of bankruptcy, illness, acts of God, or any other condition that threatens the smooth functioning of the ccTLD. 3.3.2.5 Subcontracting of Operations - Unless otherwise agreed with the Local Internet Community, a ccTLD Manager may contract out any or all of the operation and administration of a ccTLD Registry, provided that the ccTLD Manager contractually obliges the sub-contractor to comply with the requirements of this and any other documents setting down best practices for ccTLD Managers. 3.3.3 Financial Matters 3.3.3.1 ccTLD Managers shall not be limited as to their business model. 3.3.3.2 It is the obligation of the ccTLD Manager to foster the use of the domain. Because of the many options for domain name registrants, the marketplace will, in large measure determine the pricing levels for services of ccTLDs. Nevertheless, the ccTLD Manager should price its services at such levels as to promote and not limit the use of the domain name and to be competitive generally with the market. The ccTLD Manager should not in effect hoard the domain by excessive pricing relative to the market or otherwise act in a monopolistic fashion. A demonstration of financial abuse of registrants will be deemed misconduct by a ccTLD Manager. 3.3.4 Governing Law 3.3.4.0 ccTLD Managers should may operate under the law of the country or territory of the ccTLD, or, alternatively, under the law of the country where they are located. The relationship between Registrants and the ccTLD Manager (whether by explicit contract or otherwise) may then should be governed by the law of the country or territory of the ccTLD, or the law of the country where the Manager resides.

ccTLD Drafting Task Force. For information contact avc@iatld.org