No Such Weblog

Catching up on the last days' news: ICANN has presented its final ideas on evolution and reform. Vittorio Bertola has already submitted some comments on the final report's ideas on the ALAC, and Alexander Svensson has posted some of his extremely valuable charts which should make it considerably easier to understand what's in the proposal.

As I wrote on the GA list, the comments submitted by IMS/ISC on the final .ORG evaluation report are well worth reading; see also this ICANNwatch story. (all the comments received by ICANN) There is another ICANNwatch story which you should really have read by now: Milton Mueller's anaylsis of the .org results, with some important and far more general observations. (Much of the posting deals with NeuStar; you may also want to read this message from NeuStar to the NCDNHC's discuss list, criticizing the NCDNHC's evaluation.)

Anyway, we'll soon know what is going to happen to .org: As Bret Fausett noted, the board's decision is scheduled for October 14th.

Over the past months, a number of DNSO constituencies were living under the regular threat of losing their voting rights on the Names Council as a sanction for non-payment of their DNSO dues. Today, Names Council chairman Bruce Tonkin forwarded an analysis by Louis Touton which leads to the conclusion that the By-Laws do not allow the Names Council to suspend the ability of representatives to vote.

As Elisabeth Porteneuve has noted, the ERC's final report contains a somewhat hidden announcement for an annual meeting in December 2002, in addition to the Shanghai meetings already scheduled.

Louis Touton has sent a notice on ccTLD root zone updates to the Names Council, and promises further updates.

The RIRs have published their version of a blueprint for reform. For a quick overview, I recommend you take a look at Alexander Svensson's latest charts.

The ERC has published a Supplemental Implementation Report. That report specifically addresses Vittorio Bertola's comment on the ALAC's steady-state future, and promises a revised bylaw draft concerning that point. Also, one of the core values is replaced, and elaborates on the planned terms of ICANN board members.

ICANN has published a Fourth Status Report from the ERC: The Evolution and Reform Committee is carefully reviewing the details of the RIR proposal, as well as the reactions to the proposal from all segments of the Internet community. The Committee invites detailed and thoughtful discussion of the proposal.

For the record: .org goes to ISOC, the board votes 11 : 1 : 3, with Robert Blokzijl not participating in that part of the meeting.

While this is not the prettiest report we have ever done, the WHOIS task force's interim report is finally out. You should read it, since there are a lot of questions included with the text. Comments are, of course, archived.

The aggregator is running. If you have any more blogs it should include, please let me know.

Credits go to Abel Wisman who is sponsoring the hosting of this.

Alexander Svensson has prepared a redlined version of ITU resolution 102 which compares this year's version with the one from 1998.

This Wired article about a possibly pending deletion of .SU has caused a highly interesting thread on the GA mailing list. You should read it.

Louis Touton, in his function as ICANN's General Counsel, has just published a legal briefing concerning implementation of policies by registrars and registry operators. The briefing was apparently caused by concerns raised in response to the latest Transfers and WHOIS Task Force reports. It gives an analysis on how policies must be developed in order to be actually binding for registries and registrars.

New on the official agenda page: For security reasons, meeting participants will be asked to show their passport when picking up their official nametags at the conference registration desk. Name tags will be required to enter the venue for all meetings. Pre-registration is encouraged, although on-site registration will be accepted at the registration desk.

The final agenda for the DNSO General Assembly to be held in Shanghai is out, including background information on WHOIS, Deletes, and IANA access to TLDs' zone files. An additional session which will take place immediately after the GA in the same place is going to address Transfers of gTLD domain names.

The Evolution and Reform Committee has posted an update on the ccNSO assistance group's work. A brief summary is in this message from Alexander Svensson to the GA.

Marc Schneiders has noted that the latest root zone has an updated set of nameservers for .de. It'll be interesting to learn whether or not IANA was granted access to the zone file. (Note that this is also a topic for the GA in Shanghai.)

The ERC has posted its Second Supplemental(!) Implementation Report, including new bylaws and (thanks for that!) a redline comparing the new and old bylaws.

This weblog won't be updated in the next week. News from Shanghai will be available through The Notebook and, of course, The Aggregator. The latter will collect information from all the relevant weblogs I know of.

ICANN has just posted a proposed .org registry agreement. Unless there is an objection by a board member during the next 7 days, Stuart Lynn will be authorized to sign it.

The folks at the Center for Democracy and Technology have prepared an ICANN primer - mostly intended for use by those participants in Shanghai who are being sponsored by the Markle and Ford foundations, and new to ICANN, but probably also useful for others.

If you are at the Shanghai meetings and get any chance to escape, you should visit the Shanghai Museum. It's absolutely amazing.

Just a short note: The ccTLD meetings are completely open for any attendants. Also, an updated agenda of the meetings is available.

Meeting of the at-large folks: Brief overview by YJ Park on the background: 2000 elections of five at-large directors, under the condition that more directors would be elected later; at-large study committee and their recommendations, Ghana decisions. Present situation: No guarantee on whether or not there will be at-large directors in the new ICANN. Nominating Committee process with ALAC sending some of the committee members. Brief historical background on icannatlarge.org: Interim panel after the Ghana meeting, second election (11 panel members) in August.

From the board, Nii Quaynor and Andy Müller-Maguhn attend. Andy on ICANN: Board originally about a balance between users and providers. 9-to-9 situation suggested in the original bylaws: 9 elected by at-large, 9 elected by SOs, and a CEO on the board. More background about the 2000 elections. On his time as a director: People may have expected him to be fundamental opposition. However, best way is to be constructive, getting some influence on the outcome of the process. Make sure they mention user interests. Intellectual Property got into the process very early; freedom of speech and privacy are not in. Balance is missing. USG more affected by industry lobbies than by civil rights folks. Don't overestimate the board. Real power: CEO, staff, lawyers. Real discussions only in conspiracy evening dinner, not in public board sessions.

Nii Quaynor: Comes from a community which can hardly be represented by the DNSO's more powerful constituencies. How to find participation mechanisms for them. Strong barriers - legal, fiscal, process and system, sometimes you don't even get a visa. Geographic diversity is crucial, include staff. Is member of the ERC. Is more comfortable with small changes. Expected small tweaks, turned out to be big, fundamental changes. Hard to keep up for his community. Don't change too many variables at the same time.

YJ: After years of effort, no outcome. In the beginning, 9 directors were supposed to be there. Now: ALAC, but no guarantee that there are "at-large directors" through Nominating Committee process. How to get directors who care?

Esther on funding for ALAC: No guarantees in current reform proposals, but it's crucial. Andy: Funding unlikely. Discussions: Was at-large a good idea? GAC claims to represent users since represent elected governments. Legitimacy question. At-large directors subject to strong questions on their legitimacy. His idea: Get NGOs into the structure just like there is intellectual property etc. Strong organizations around issues, not so much diverse groups of individuals. Question to person from the NTIA who participates in the meeting: MoU is vague. Some comments about what USG thinks about legitimacy? NTIA: MoU is about getting user groups more involved. It's not a blanket. Ass. Secy Victory met with many groups over the course of the reform process to come to conclusion. NTIA can't fix ICANN's problems. Not involved in ICANN's corporate governance. ICANN has one year to fix itself. It's up to ICANN and its constituencies. Current bylaws are a step in the right direction. But lots of changes pending. NTIA open to listening to many entities. Esther: Involved with that kind of negotiation in the past. Like ICANN could cut off Verisign's air supply but never will, USG won't. USG can impose conditions on renewal. Right amount of pressure needs to apply. DoC: MoU for one year. Specific provision on tasks ICANN has to complete. Number of people looking at other options. Ass. Secy. is very strict. New way of looking at ICANN. Different US administration like the one when the first MoU was signed. You guys have to get together. Everyone is complaining. Nii: Involvement by just one govt may be part of the problem. International organizations? No level playing field at present. May be better to have network of networks instead of individual participation.

Roger Cochetti: Clarify perspective. VSGN has had an interest in at-large elections. Why? For Verisign, issue has much to do with accountability. Benefit to elections is less democracy by itself than that openly elected directors are forced to openly explain what they did and why. Elections are a powerful tool to enforce accountability. Some percentage of the board should be elected. Forces a lot of accountability. Have financially supported at-large efforts. Statement to ERC a few days ago indicated that one of the committee's mistakes was removal of elected board members in favor of closed-circuit nominating committee approach. Current approach reduces accountability of board members. ALAC doesn't do too much harm, but irrelevant to VSGN's objective.

(Notetaker absent for some minutes.)

Issues: ALAC participation in policy-development. This must happen as early as possible. Funding for the committee. Transition process.

Role of governments; governance without governments? Esther: Representation? Maybe rather get different perspectives.

If you want to have a chat with the ALOC people, go to the IRC server irc.derecho.org.arg, channel #icann at 20:00 Shanghai time. (That's when most participants in the meeting will be meeting at a social event.)

Kim Davies from CENTR has made his presentation given at today's GA panel on zone file access available.

The feed is available here.

Marilyn Cade gives a brief report about the latest discussions in the transfers task force. Points to public discussion in the late morning. Doesn't repeat the full presentation given at that session. Transfers Task Force has had draft set of recommendation reviewed, taken it further, undertaken further comment, and posted it as part of the interim report. The report is a very robust set of procedures and recommendations. Determination who has the authority to authorize a transfer and recommends a standard set of processes. Relies on authorization code given to registrant by registrar. If environment does not support auth code, then TF identifies who should be recognized as the authorized individual. Registrars have originally contributed to the drafting and took a vote. Strongly supported the use of auth codes. Automatically ACK transfer if this particular form of identification is used. Describes conditions under which a registrar legitimately can (or can't) deny. Appeals process: Possibly involve the registry. Possibly a third-party appeals process; in either case, need cost-recovery mechanism. Recently, some registrars have submitted a letter to the task force calling attention to their concerns; support auto-nack. Contradiction to interim recommendation of TF. Useful discussion on Sunday. Registrars seem to be interested in close interaction with the task force. Interact further with registrars who have signed letter. Critical that support or rejection is documented. Be specific about concerns. In-line changes or other recommendations welcome. Reasoned opposition in policy definition! At forum, also support from several registrars in the audience which would like to have further conversation with TF in Shanghai.

Discussion. Cochetti: gTLDs have commented earlier. Reiterate earlier, but important, comments. Most important commodity of the council is credibility. When council acts arbitrarily or oversteps competences, credibility is undermined. Credibility most important thing NC can offer. gTLDs have pointed out that, whereas NC is to coordinate policy and has to operate at policy level, TF has addressed a large number of questions whcih go beyond the policy level. Touton has been helping in documenting 20 specific recommendations that task force has put forward in latest draft. Fairly detailed recommendations from transfers task force. Impossible to conclude that these are all policy. This is irrelevant to whether the recommendations are good or bad. Issue is competency of names council. Task Force working outside its proper scope by putting forward recommendations which are beyond NC's mandate and policy authority. Reiterating previous comments. Bruce Tonkin asks for examples of policy recommendations and things which shouldn't be policy recommendations. Cochetti: Detailed timelines are details, not policiess (3 days vs. 5 days vs. 1 day). Would be happy to ask constituency to identify recommendations which sink below policy level and are about administrative detail. Tonkin: Problem in current agreements is vagueness of implementation or limits. Should ICANN staff work on detail? Details must be somewhere. Cochetti: Yes, detail is matgter of negotiation between registry or registrar involved and icann management. Tonkin: So policy is that there needs to be a time limit, and details are to be done by negotiation. Cochetti: Principle is correct. Address policy, not administrative details. This report provides very specific details. Touton note says as much as that this requires massive renegotiation of contracts. Tonkin: Separate policy recommendations from just advice (also applies to whois). J. Scott Evans: These are just possible recommendations to spur additional discussion. General Counsel does not make indication that renegotiations are required. Registries and registrars said that, Touton reacted to this. One of the challenges for the task force: Find a solution, whether broad principle or minutia. Problems are there because therea re those that are participating in the system, that are gaming the system to the disadvantage of those players that wish to play by the business practices that we would all endorse openly. Frustrating the user because they feel like they're being taken advantage of. Sometimes, level of detail is because when you have vague policies, gaming continues to occur. Broad set of principles don't solve solution. [...] Philip Sheppard: Process should be that comments should be made in writing to the Task Force. Process going on for some time. [...] Where should detail which are the essence of solving the problem be sorted out? Negotiate with every registrar or sort out centrally? Practicality: Centralize. Chun: Urgency of this kind of policy is clear to all. ... Specific concern about languages. Point has already been raised by Michael Palage in earlier session. Very significant for users in asia-pacific region. Confirmation process of registrar for transfer is being only done in English. Confuse non-English speakers. Don't know how to reflect this concern. Not just a notification issue, but also relevant to appeal and dispute resolution process. [Missing some minutes; Jordyn Buchanan speaking.] Authinfo has already changed significantly where it's implemented: Registrants were supposed to select it themselves. Today, registrars generate it. Think about this as guidelines as opposed to requirements. Adopting guidelines provide registries with possibility to enforcde contracts with registrars, as opposed to vague language that exists now. Good starting point. [Grand Forsythe on the phone, hardly understandable; missing some other discussion.] Cochetti on uniform administrative practices: Not the competence of the Names Council. NC can't wish the competence to do anything else than policy. Highest level of things. Policy would not be determined in negotiation between ICANN mgmt and registrars/registries; that's administrative practice. Forsythe: Have suggested consistency where it's beneficial, have let open other things. Doing this because transfers is a real problem, with relations to consumer protection etc. Quite agrees that there are many administrative practices that are not appropriate at policy level. [...] Marilyn Cade: [...] Benefit of contribution of two members of registry constituency. Terrific asset to TF. Document has been published for some time and has gone through 50 iterations. Killed a lot of trees. Sunday: Heared detailed expressions of significant rconcern about delay and that failing to address the problem is causing damage to businesses and customers. Registrants angry. Indicative of need to take this seriously. [...] Please submit written comments. Make this a priority. Roger indicated that he speaks for gTLD registry constituency. Jordyn gave slightly different perspective. TF welcomes knowing whether someone talks on behalf of constituency or just as an individual, with perspective from constituency. J. Scott Evans: Incumbent to note in the public record that simply because there are representatives from certain constituencies on task forces that look at issues, that should in no way inhibit or discourage members of constituencies or constituencies as a whole coming forward with critiques or criticisms or disagreements with any task force report, because wehen you serve, you are doing your best to craft a document that you're not sure whether, despite your group's disagreement, would still be accepted. Marilyn: Need comments in writing. Ellen Shankman joins via phone. Jordyn: registry constituency has taken position that contributors do their best. No specific instruction. Work result must be sent to constituency as a whole. Cochetti: Language may be confusing; illustrations instead of mandatory policies. Useful. The fact that NC is limited to coordinating policy doesn't mean practice is important. But can't change responsibility or mandate by wishful thinkinking. Policy level. J. Scott Evans: Don't agree that having time period set for action within a policy is an administrative detail. Example: Redemption Grace Period. False distinction in order to not have to adhere to requirements of policy. Registrants want clearly-defined solution with teeth that clearly tells participants what their responsibilities are. Bruce: From policy perspective, transfers task force document is overly descriptive. Need sort of get the balance. Marilyn: Asked Louis to clarify for the task force's use what it would take to implement consensus policy. Louis' document took longer to produce than hoped. Included specific examples. But: Interim report. Out for comment. Be optimistic and take comments into account. Could have different set of recommendations based on feed-back. Suggest to invest time task forces invested: Ask Louis about the details in his memo. Task Forces need to separate what's part of contractual procedure and what may be recommendations.

Budget: Reserves still not on the level they should be. Ended up where budget was supposed to. Contributions to reserves not being what hoped in an ideal circumstance, but that's because of budgeting for ccTLD contributions. Board will consider special appropriation for cost of recuriting replacement for Stuart Lynn; retiring "March or earlier should that work out". Staffing: 20 staff on board, budget approval 21 end last year, approval for 27 this year. Personal announcements: Andy McLaughlin now half time, given up post of vice president; half-time consulting role. Vitzthum (ccTLD liaison) will be leaving ICANN in the end of this year for personal reasons. Anne-Rachel Inné will join staff playing role in ccTLD liaison work and policy analysis. Recently played consulting role on outreach issues in Africa. Steve Conte has joined ICANN technical staff. Denise Michel joined consulting staff. Administrative staff turnover. Other postions open: Registry liaison, webmaster. More recruiting to come.

Audit report is late; auditor fell of a horse doing field work. Unaudited figures given earlier will track precisely the audited figures; no reason to assume otherwise.

DoC has signed MoU extension. Improvement over earlier MoUs. Earlier MoUs had broad areas ICANN needs to accomplish, without time frame. New MoU has specific tasks to be accomplished in the shorter term. Accomplishing these tasks is a challenge for ICANN. Also a challenge to the community, in terms of what community wants to see happen (or doesn't want to see happen).

ccTLD relationships: Several agreements will be signed in the next few weeks. Complete some by this meeting; consolidation over the next few weeks. Difficulties in relationship between IANA function and some ccTLDs; differences of view over interpretation of policy. Legitimate differences of view. AXFR requirements for name server changes. Trying to channel those differences into more constructive framework. Security and stability committee has undertaken the task to think about how to improve DNS stability. Staff tied some things together which should better be considered separately. More constructive direction now. ... Hard to find one policy which fits all kinds of name server changes. Hopes that CCNSO will be a way to work together to do hard thinking on what is the rigvht framework for this. IANA is a function and not a policy part of ICANN. Responds to what it believes the policy framework is. Work out that framework.

Dot-org: Awareded to ISOC/PIR. Eleven very serious and very thoughtful proposals. Proposed agreement with PIR has been posted. Board members can raise policy questions until Friday. If no objections, Stuart signs next week. If objections, there'll be a special meeting to discuss this. Constructive collaboration between Verisign and Afilias. Transition going to happen on December 31.

New gTLDs: Presented NTEPPTF report in August. Proposed three-part action plan which will be presented later today. No action on it at this meeting; action plan has not been posted. Post next week; possible board action in Amsterdam December 14/15. Location: Sheraton at Schiphol airport in Amsterdam.

2003 spring meeting will be in Rio de Janeiro; sandwiched between carnival and grand prix. First meeting in North America outside Marina del Rey will be in Montreal, June 23rd through 26th. 2003 fall meeting will be in Africa, probably November. Details still to be decided.

Closing comments: Reform will be main topic of the day. Put together document last february which got universal acclaim and agreement (laughter in the audience). Community, board and staff have worked hard in putting forward reform proposals. Appreciate effort. Three primary problems: Funding, process, stakeholder relationships. Addressing the first two of those, but have much work to do in terms of relationships with certain communities. Lot of work to be done. Constructive thinking is going on. Looking forward to some dialogues. Third area clearly needs to be done. Transition planning still to be done.

Paul Twomey presents communiqué from GAC meeting held here. Representatives from 32 governments etc. Focused on evolution and reform. IPv6, recent WIPO and IETF deliberations, ccTLD management, GAC reform.

Affirming Bucharest resolutions, GAC maintains strong interest in the deliberations of the ERC. GAC discussed the ERC's proposed new bylaws. Recommendations for further amendment. GAC requests that ERC and board take recommendations into account. Walk through proposed bylaw changes. GAC will consider and comment on further bylaw text by ERC on ccNSO. Internet is global resource. Supports worldwide economic and social interaction. GAC notes that issues arising from coordination are entrusted to one entity whose activities should appropriately reflect the global interdependency of the resource. GAC calls on all parties concerned, including ICANN, RIRs and ccTLD fconstituency to cooperate in good faith in order to ensure a relationship conductive to efficiency and mutual confidence. Dialogue with ccTLD constituency. Notes comments that simplification of contractual positions and processes might facilitate improvement in interactions between ICANN and ccTLD constituency. IANA should perform updates in a more timely and efficient manner in order to ensure accuracy. GAC prefers its representative on the nominating committee should be non-voting liaison. Strongly support efforts on IPv6. Presentation was made on WIPO decision on issues addressed by 2nd WIPO internet domain name process. GAC will put this issue onto work program. GAC received presentation from Harald Alvestrand on ICANN and the IETF. Appreciated; further dialogue in the future. Internal organization and work plan: Priority areas for future work. Elections for office bearers beginning on November 1. GAC will have a new team of chair and vice chair in place by Mid-January. EU commission takes over secreatariat. Transition from Australia to new secretariat should be done by November 30. Considering diversitiy of the GAC, members agree to continue with outreach efforts. Ensure that GAC's work reflects interests of all members. Introduce mechanisms through which local internet communities benefit from having their governmental or public administration representatives at GAC. Appreciate briefing on IDN. Would like to recall earlier advice. Exercise great care in introduction of IDNs; consult with all parties affected. GAC continues to monitor and facilitate registration of dot info country names as per board decision of Montevideo meeting. Next face-to-face meeting in Rio de Janeiro.

Suggested bylaw changes: Cerf requests to move this to reform session later. Asks about "interim secretariat" function of EU. Twomey: "Interim" in the sense of being reviewed.

Jun Murai reports. Basic introduction to root servers; locations and global distribution of the servers. Had 13 meetings so far. Mostly meet at IETF meetings. Security and stability issue: Root name servers are a distributed system. Carefully designed robustness. 7 different hardware platforms, 8 different operating systems (Unix variants), from 5 different vendors (?). There are contingency plans for server outages. Kept in professional facilities with strong physical security. Strong social network. Established encrypted network. Number of out-of-band ways to coordinate. Technical guidelines: RFC 2870 for root server operators.

Incident report on DDoS in october. Presents bits per seconds diagram; presentation disturberd by a number of Nimda virus warnings coming up on the presentation screen. Back to presentation: Attack on Monday 21, 2200 UTC. Coordinated distributed DOS attack. No degradation on three servers. Network congestion caused by this attack made several of the servers effectively unreachable. Enough servers remained reachable and continued the service. No reports about user-visible service errors. Health monitoring worked. In 90 minutes some recovered, in 120 minutes all did. Robust and diverse enough to sustain this particular attack. More capacity should be added to the system in order to resist predicted future attacks. Improve communication channels.

DNSsec, IPv6: Skipping some slides. Carefully studied all this. IDN: No impact on root servers expected. Need test period to deploy technology.

Question from Karl about recovery from attack: Recovery due to active measures or because attack stopped happening? Murai: Both. (Other explanations remain extremely unclear.) Cerf follows up: Can we assume that mechanisms used in defending against denial of service attack against any host would ber useful in defending attack. (Norton Antivirus comes up again; Murai: "I don't know how to stop that, but I think I know how to stop the root server attack, I hope.") Primititve way: Identify traffic, remove or filter traffic. Andy MM: Can data be distributed from something else than the A root? Murai: Design new structure of distributing original root zone file to the server. Has been tested in non real-life server basis.

Steve Crocker reports: Quick overview of pieces of committee; generally what they are doing; some recent events. Strengths of SAC group: Operational experience. Not a policy or politically-oriented group. Originally try to do a fairly comprehensive look at security issues along multiple dimensions. Protocol, system design, registration process, identification, countering threats. Try to quantify, where possible, progress measures and measures of goodness and safety and stability and secfurity so can separate out emotional measures if things are good and bad. Have not finished near term schedule. Need shift to mode of activities. Focus on individual recommendations, put them together. Events of past few weeks have taken focus. DDoS attack to name server system substantial and serious, but minimal damage to end users. Structure of root system is good. Operational staff responded quickly and vigorously. Attack subsided by itself. Response by operators diminished effectg of attack well before it subsided. If attack had proceeded at the same level, world would not have seen much of a change. Academic issue as to how long can sustain under that attack. But answer to the question is "indefinitively". But unlikely that future attacks will be the same as this one. Servers suffered under load. Some stopped responding, but none actually broke. Improvements: Strengthen communication among operators and with law enforcement and government and oversight committees which want to be informed immediately. Denial of service attacks are not necessarily specific. In this case, root and TLD servers. There are things to be done on the network: Secure the edge. Reduce number of easily captured hosts. Beyond narrow purview of DNS since this affects the entire network. Should lend a hand here. From committee's point of view, don't want to put out redundant extra report, but will work with others. Lesson to engage in more operational issues. Open dialogue on generic denial of service attacks.

Asked for comment on zone transfer. It didn't take long to come to a conclusion on a number of core things: Authenticate requestor to avoid hijacking of zone. Consistency between parent and child. Desirable: Accuracy of glue records; up-to-date software; redundancy, diversity, disaster recovery preparations.

ccTLDs, IANA, SAC have formed a small, sort term working group to resolve procedures. Doesn't want to make this the entire focus of the committee's activity.

Have been asked about WHOIS. Last verified date should be added; privacy is needed; standardize format. Make WHOIS servers known publicly.

Question from Vint: Assume small number of sources, but with spoofed sources. Track them down? Traffic was generated by a small number of machines with high bandwidth. Need to trace them back. Crocker: Comments on securing the edges. Would be helpful to eliminate or reduce bogus addresses. One layer of defense. Won't stop these kinds of attacks, because if you get thousands of machines, you still have a problem. But takes away a layer of protection from bad guys. Karl Auerbach concerned about getting into a bind where things interdepend too strongly.

Marilyn Cade appreciates comments on WHOIS in the name of the task force, would like conference call. Participant at the microphone: Finds position taken by SAC and Touton in public overly complacent. Metaphore: In 1993 WTC was attacked. This was our 1993. In 2001, after 09/11, there was special meeting. Single point of failure pointed out then: IANA. Need to have way to change name servers urgently when TLD comes under attack in this way. Can't even reach IANA outside business hours. [...]

Katoh-san, trying to be brief. Members of the committee, time line, Created in March 2001 by board. Permissible code point issue. Try to limit the number of character sets. Current Unicode over inclusive for purpose of domain names. Carefully study symbols, icons etc. which aren't necessary for domain names, but may create confusion. On October 24, IETF came out with standard. Client-side approach. Client translates non-ascii to ascii. Punycode, nameprep, ... Issues remain: Chinese-Japanses-Korean registration and administrative guidelines. More than 68000 characters in Unicode. Just use all of them is a problem: Similar characters, read the same way, mean the same thing, but are expressed at different code points. Potential for much confusion. When implementing IDN, need administration and registration guidelines. More limited character set instead of entire Unicode. Some companies already operade 2nd level IDNs. [...] Discussed about non-ASCII top level domain names. Adopt then? When? Need dialogue and coordination among registries. Actual use is not coming yet. Need user interfaces. Suggestions and recommendations from committee: Not much time before IDN is going to be implemented by businesses. Need awareness and education. IDN committee has limited life. Asks board to consider continuation of committee for undefinite time period.

Barbara Roseman, chair of address council. Progress with LACNIC and AFRINIC. Establish BoD selection processes; publish by Januaery 2003. Ongoing discussion to review RFC 2050 and replace it by something outside the domain of the IETF. Mailing list. AC working closely with RIRs on ICANN reform process discussions.

Richard Hill from ITU-T; presentation technology courtesy of W3C. Brief report, see slides for details.

Bruce Tonkin: Walking through resolutions. Resolutions re ERC process. Structure of new GNSO. Want three representatives per constituency; review 12 months after the formation of GNSO council. Second resolution: NC underlines principle of equal stakeholder representation. Third and fourth: updating of name servers at the root level and DNS data quality issues. NC recommends that ccTLD managers and ICANN committee for security and stability with input from IANA staff develop procedures at interface between IANA and ccTLDs. Fourth resolution re Lynn and Cerf letter on security and stability: Look at data quality; also concerns WHOIS data. Chairs of task forces no longer need to be members of NC. Terms of reference and procedure for deletes task force. Discussions around WHOIS and Transfers: How to actually implement conclusions and recommendations from Task Forces? ICANN is about contracts, not laws which can just be imposed. Even after looking at improvement at policy level, need to figure out how to practically implement these. Complex with multiple registries and hundreds of registrars. Difference between policy decision and detailed implementation information? Need to review output of task force from that point of view; permit for registry and registrar flexibility in implementing. Transfers: What's the most effective way to assure that registrant has actually authorized transfer? WHOIS: Accuracy is a concern, but can only be accomplished when privacy is properly addressed. WHOIS is very complex. Process will be to prioritize. Like to report that ccTLD constituency has ended involvement in the DNSO as of yesterdaqy. Would like to thank for the contribution of the ccTLDs to DNSO. Cerf: Thoughtful, timely.

Lynn: Budget schedule for 2003/2004 is delayed; need to integrate with reform and how to integrate. Schedule will be proposed and posted shortly. Preliminary posting of 20003/2004 budget in february time frame. Future of budget advisory committee should be factored into reform planning. Invitge people from other than the funding constituencies to participate in budgeting process. Process will start at December meeting. Break till 10:45.

Paul Twomey is now presenting the GAC's wishes as far as the new bylaws are concern. GAC wants one month instead of 14 days for policy review. GAC should take care of its own review. Non-voting liaisons shall be entitled to use possibly confidential material in the constituency they are representing. The GAC board liaison can't be removed by the board. GAC prefers Advisory Committees to be called Advisory Bodies in the bylaws. GAC membership should be open to determination by the GAC, but not to determination by the board. GAC can adopt its own charter. GAC wants timely information on anything from ICANN, SOs, or advisory bodies seek public comment. GAC may put issues to the board directly; either comment or advice; recommend action, policy development. ICANN has to inform GAC on how to take into account GAC advice. If ICANN can't follow GAC advice, it must give reasons, try to work out things, and may ultimately override. General public policy rhetorics. Cerf concerned about this rethorics, since it may pose potential for massive mission creep. Karl Auerbach concerned about the end of ICANN as a private body. Twomey: No intention to take away final decision-making power of the board. If you don't follow advice, just put down in writing why. Transparency point. Twomey continues with specific wording in XI-A; it's not clear at the moment what the actual changes to that text are, since there is no redline.

Peter Dengate Thrush speaking up at the public forum, presenting ccTLD comments: 144 representatives of 65 ccTLDs met in Shanghai. Completion of withdrawal from the DNSO; took effect with the close of the NC meeting yesterday. 2. Reconfirm the detailed response to the ERC blueprint which had been produced and delivered in Bucharest in June 2002. Noted with dismay that the ERC has not yet taken into account what was produced. First work product of assistance group is a useful tool. In view of continuing failures by ICANN in conducting its stewardship of the IANA function, particularly in relation to ccTLD database updates, managers agreed to set up a working group to develop a plan to set up an independent system to manage the relevant root zone entries. Will be worked out in parallel with the setup of an acceptable ccNSO and used if that work is unsuccessful. No ccTLD meeting in Amsterdam. Wholeharted support of the blueprint. Hope that ICANN will be the trusted partner expected from the white paper, but better to have an alternative ready.

Peter Dengate Thrush at the microphone again, warning the board: If there is no agreement on an SO, ccTLDs may prefer to "attend ITU meetings instead of ICANN meetings". He also warns that the ccTLDs may be leaving ICANN faster than they left DNSO. .ca, .be, .se representatives at the microphone. .ca: Leaving ICANN is plan B. Not complete consensus behind every point of the communiqué. Also, Elisabeth Porteneuve has posted two communiqués to the Names Council: ccTLD constituency; ccNSO assistance group.

The GAC finally moves at "Internet speed": Their communiqué is available.

The notetaker having arrived slightly late, it seems like the board accepted much of the input from the GAC, and from some DNSO constituencies who yesterday asked for a constituency concept where one entity can simultaneously be a member of several constituencies.

Moderately good news for the ALAC: Subject to the transition article of the bylaws, the At Large Advisory Committee is going to have a non-voting liaison on the GNSO Names Council. If I got it correctly, ALAC is not going to be explicitly included with the policy-development process. The Board is now going into resolution mode. The plan seems to be to adopt the bylaws, but only make them effective once the transition article has been accepted. Blokzijl is concerned that the board is going to put some instrument in place which does not exist. worried about future coordination of crucial internet technical functions. Supposes that this is only one stop on the road to the final set of bylaws. Wonders how many times the board is going through process again, adopting bylaws that are known to be subject to fundamental change in the close future. Too early to adopt them. Blokzijl is particularly concerned about the relationship with the RIRs and the ccTLDs. Cohen and Katoh-san vehemently disagree with him. Schink also suggests to vote on the changes now, but wants caveat language on ccTLDs and RIRs in the resolution. Also wants to stick closer to GAC suggestion with respect to expert advisory panels/bodies, as far as international treaty organizations are concerned. Abril i Abril doesn't really like the proposed structure, but seems to find it better than the one we have now. Andy wants to add "free flow of information" behind "innovation" in core value 2. Both Auerbach and Abril i Abril second. Friendly amendment from Kraaijenbrink to delete "free". Accepted unanimously. Further suggests to not just disclose financial contributors, but also amount of contributions. Accepted with two abstentions.

Article 4 section 2, point 16, procedures of the reconsideration committee. Suggests to end the first sentence of this point behind "abusive", and remove the clause on parties unwilling to participate in the public comment period. Rationale: You can't prove that you didn't know. Cohen: Common to have publication in an acceptable way. Lynn agrees with Andy's intent, but would like to see different language. Extensive discussion. Lynn proposes to accept amendment with the understanding that precise wording be voted on in December. Cerf proposes not to have any complex language about future changes. Kraaijenbrink doesn't want to remove it, but suggests to revisit it later; so does Schink. Vote: 7 in favor, 8 against, 3 abstain.

Article XI, section 2.1, GAC principles; point c. Andy wants publication of GAC charter and operating principles and procdedures on the web. Accepted.

Article XI, section 2.4, ALAC. Have a liaison clause in there. Funding? Does not have proposed wording. Would like to raise the question how to deal with this. Lynn believes that funding hard-coded in the bylaw would be a mistake. Vint: Nothing prohibits funding. Karl: There is something which prohibits ICANN funding for regular GNSO Council members. GNSO article forbids funding for GNSO participants. Liaison considered as a GNSO participant? Louis not sure. Cohen could argue both ways. Important and well-taken point. Sympathy on the board for possibility of trying to provide assistance to ALAC as it starts going. Refer to the counsel. Have this on the December agenda. Vint: Take this into general discussion about ALAC. Rather than specifically put this onto agenda as bylaw discussion, put this into general ALAC topic.

Lyman Chapin suggests change to Ssection 2 of article XI: "f) Subject to the provisions of the Transition Article of these bylaws, the At-Large Advisory Committee may designate a non-voting liaison to each of the Supporting Organizations and Advisory Committees to the extent that the at-large advisory committee deems it appropriate and useful to do so." Language taken from GAC description. Procedural confusion: Andy thought Lyman was addressing funding. Withdraws and re-introduces at a later time. No proposed text on Andy's funding question; defer.

Andy again: Article XIII, section 9; new paragraph about conflicts of interests. Wants public statements on conflicts of interest. Serious concern. Alejandro afraid about privacy implications. Must make sure that information is available to committee. Unduly hasty to write this into the bylaws. Lynn asks about director statements. Louis: Currently information is made available confidentially to conflicts of interest committee. Rationale: People may be unwilling to disclose all investments. Lynn: Deal with this in the policy. Don't do it in the bylaws. There may be a chilling effect on future directors or officers. Karl does believe in public disclosure, even when there is chilling effect. Improve confidence. Andy asks for vote. Lynn: Would have to vote against even if he would support substance, since directors not covered by suggested change. Either both or none. Linda Wilson: Disclosure of material interests is common. Prefers to have this discussed by the CoI committee, in order to not take it to extreme. Lynn: Take off the table, consider again. Vote: Not accepted, three in favor, one abstention.

Finally: Andy quotes publication safeguards about policy changes, and suggests to apply this. Vint: Provisional, not final adoption of bylaws.

Break until 11:15.

Significant discussion on the bylaw provisions on the ASO. Blokzijl wants to remove these until agreement has been found; others want to keep them, so the ASO continues to exist when (1) the new bylaws are adopted, but (2) there is no MoU with the RIRs. Linda Wilson asks about changes between currently effective language (2000 bylaws) and draft text. Lyman Chapin explains the changes, some as being relatively cosmetical ("organization to be created" vs. current ASO), and one being about a GAC representative. Blokzijl: New text, and impossible to return to old text in the context. If there is no MoU with the RIRs in December, then ICANN has a larger problem than just bylaw language. Vote: Cerf confused about numbers, but ASO language remains in bylaws.

The independent review proposal by Bret Fausett was just moved by Karl Auerbach and seconded by Andy Müller-Maguhn. Some board members find it appealing, but are skeptical. Friendly amendment from Linda Wilson: Replace bearing the cost by sharing in it. Cerf suggests to postpone this along with ALAC funding.

Lyman Chapin moves to revert the ASO bylaw provisions to the status quo ante, with exception: Art. VIII, S. 1, item 2 refers to anticipated MoU, which now exists. Apart of that, new text could be identical to old one. No GAC liaison for the moment. Blokzijl: Surrealistic. New situation relative RIRs, any text there is as good or bad as any other. Just put in "[to be supplied]". Cohen doesn't understand why Lyman makes suggestion. Lynn: Lyman's suggestion is reasonable. Intent is to go back to status quo ante, not to sneak something in. Calls for vote. (Linda seconds.) Accepted.

15 in favor. Karl, Andy, Rob against. Amadeu votes in favor, but asks for his fundamental reservations to be added to the minutes.

Andy has proposed that the board sets up a privacy committee. Some fear of mission creep. Karl Auerbach argues that a privacy committee is the flip side of mandating the release of information. Board will investigate this. Resolution accepted.

Linda Wilson just suggests, after the thank you resolutions, to set up a corporate governance committee. The committee is supposed to review the work of the board and its relationship to the CEO and the staff lead by the CEO, including review of the existing committees. Committee could work on the selection of members of other committees; chairman, etc... The committee should relate to the ombudsperson, the public participation manager, and the CEO and the chairman of the board. Would look into complaints, so board doesn't have to rely on anecdotal information. Suggests to adopt language similar to the privacy committee, consider the topic, and decide in December. Amadeu: One of his beloved topics. If one part of ICANN underperforms, it's the board. Not a problem of the individual. Structural constraints. Too many people trying to do too many things on teleconferences. The way in which ICANN board populates committees is extremely strange. Mailing list not used as a tool. Not talking as seriously about the board as about the councils. Cerf: Amadeu excellent candidate. Alejandro: Received requests for changes in corporate governance. Not within scope of ERC. Felicitous way of acting. Put decisions into hands of a group that can actually produce some action. Will also be necessary not to overreact to the demands. Don't do everything at once, but put up work program. Andy: Amadeu gave good description of the task. Very good idea. Exactly that part the ERC missed to address. Unanimously accepted.

Amadeu Abril i Abril on name server changes: Name server change when it cdomes for a reliable external source like company disappearing, the goal of stability should be the first and only consideration in doing the IANA functions. Vint adjourns since captioning folks leave.