subject:".nyc \- here we go..."

 As of July 2, 2013, .nyc has been approved by ICANN as a 
 city-level top-level domain (TLD) for New York City

Do they have DNSSEC from inception? It would seem a sensible thing to do
for a virgin TLD.

Yes.  See the AGB, to which I sent a link a few messages back.

Re: .nyc - here we go...

On 7/4/13 8:00 AM, Ted Cooper wrote:
 Do they have DNSSEC from inception? It would seem a sensible thing to do
 for a virgin TLD.

In the evolution of the DAG I pointed out that both the DNSSEC and the
IPv6 requirements, as well as other SLA requirements, were
significantly in excess of those placed upon the legacy registries,
and assumed general value and availability with non-trivial cost to
entry operators, some of whom might not be capitalized by investors
with profit expectations similar to those that existed prior to the
catastrophic telecoms build-out and the millennial dotbomb collapse.

The v6-is-everywhere and the DNSSEC-greenfields advocates prevailed,
and of course, the SLA boggies remain elevated w.r.t. the legacy
registry operator obligations.

Sensible may be subject to cost-benefit analysis. I did .cat's
DNSSEC funnel request at the contracted party's insistence and I
thought it pure marketing. The .museum's DNSSEC funnel request must
have, under the it is necessary theory, produced demonstrable value
beyond the technical pleasure of its implementer.

Anyone care to advance evidence that either zone has been, not will
someday be, significantly improved by the adoption of DS records?
Evidence, not rhetoric, please.

#insert usual junk from *nog v6 evangelicals that .africa and .eos
(Basque Autonomous Region) must drive v6 adoption from their
ever-so-deep-pockets, or the net will die.

Eric

Re: .nyc - here we go...

Anyone care to advance evidence that either zone has been, not will
someday be, significantly improved by the adoption of DS records?
Evidence, not rhetoric, please.

I dunno.  Can you point to parts of your house that have been
significantly improved by fire insurance?

Re: .nyc - here we go...

2013-07-04 Thread Valdis . Kletnieks

On Thu, 04 Jul 2013 10:34:41 -0700, Eric Brunner-Williams said:

 #insert usual junk from *nog v6 evangelicals that .africa and .eos
 (Basque Autonomous Region) must drive v6 adoption from their
 ever-so-deep-pockets, or the net will die.

I'll bite.  What's the *actual* additional cost for dnssec and ipv6
support for a greenfield rollout?  It's greenfield, so there's no
our older gear/software/admins need upgrading issues.


pgp1CZRNcIaQM.pgp
Description: PGP signature

Re: .nyc - here we go...

On 7/4/13 10:48 AM, John Levine wrote:
 I dunno.  Can you point to parts of your house that have been
 significantly improved by fire insurance?

Cute John. Let me know when you've run out of neat things other people
should do.

Eric

Re: .nyc - here we go...

On 7/4/13 11:11 AM, valdis.kletni...@vt.edu wrote:
 I'll bite.  What's the *actual* additional cost for dnssec and ipv6
 support for a greenfield rollout?  It's greenfield, so there's no
 our older gear/software/admins need upgrading issues.

You'll let me know there is no place where v6 is not available, and
while you're at it, why .frogans (I've met the guy, has to be the
least obvious value proposition I've come across) needs to accessible
to v6ers before, well, er, that .com thingie.

DNSSEC No clue necessary ... so all those guys and gals out there
selling training are ... adding no necessary value at some measurable
cost?

Eric

Re: .nyc - here we go...

2013-07-04 Thread Matthew Kaufman

Well, for starters there's whole truckloads of surplus gear that you can't  get 
for pennies and use successfully.

Matthew Kaufman

(Sent from my iPhone)

On Jul 4, 2013, at 11:11 AM, valdis.kletni...@vt.edu wrote:

 On Thu, 04 Jul 2013 10:34:41 -0700, Eric Brunner-Williams said:
 
 #insert usual junk from *nog v6 evangelicals that .africa and .eos
 (Basque Autonomous Region) must drive v6 adoption from their
 ever-so-deep-pockets, or the net will die.
 
 I'll bite.  What's the *actual* additional cost for dnssec and ipv6
 support for a greenfield rollout?  It's greenfield, so there's no
 our older gear/software/admins need upgrading issues.

Re: .nyc - here we go...

2013-07-04 Thread Mark Andrews


In message 51d5c750.4090...@nic-naa.net, Eric Brunner-Williams writes:
 On 7/4/13 11:11 AM, valdis.kletni...@vt.edu wrote:
  I'll bite.  What's the *actual* additional cost for dnssec and ipv6
  support for a greenfield rollout?  It's greenfield, so there's no
  our older gear/software/admins need upgrading issues.
 
 You'll let me know there is no place where v6 is not available, and
 while you're at it, why .frogans (I've met the guy, has to be the
 least obvious value proposition I've come across) needs to accessible
 to v6ers before, well, er, that .com thingie.

Well give that .com thingie is IPv6 accessable and has DNSSEC there
is nothing we need to let you know.  And yes you can get IPv6
everywhere if you want it.  Native IPv6 is a little bit harder but
definitely not impossible nor more expensive.

;  DiG 9.10.0pre-alpha  ns com @a.gtld-servers.net -6 +dnssec
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 18176
;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 16
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;com.   IN  NS

;; ANSWER SECTION:
com.172800  IN  NS  a.gtld-servers.net.
com.172800  IN  NS  f.gtld-servers.net.
com.172800  IN  NS  h.gtld-servers.net.
com.172800  IN  NS  k.gtld-servers.net.
com.172800  IN  NS  b.gtld-servers.net.
com.172800  IN  NS  m.gtld-servers.net.
com.172800  IN  NS  c.gtld-servers.net.
com.172800  IN  NS  d.gtld-servers.net.
com.172800  IN  NS  g.gtld-servers.net.
com.172800  IN  NS  i.gtld-servers.net.
com.172800  IN  NS  l.gtld-servers.net.
com.172800  IN  NS  j.gtld-servers.net.
com.172800  IN  NS  e.gtld-servers.net.
com.172800  IN  RRSIG   NS 8 1 172800 20130709042103 
20130702031103 35519 com. 
G9bZIBIFL0MacyGQ9rgx+eFSnp/j11x/OoXJ30ADzYqffm/if68R1DYs 
v0fA4vqf3NQsUoonSO7t6tCh4Fl5OV/oju0BYXukXOn7bvpiA7Ij+B7H 
UoSyybVZRsRk4Q4d6t7EJ/gohL/p9B4BFOIiQ1gDIa8dAUzCUOXXo59j Oks=

;; ADDITIONAL SECTION:
a.gtld-servers.net. 172800  IN  A   192.5.6.30
a.gtld-servers.net. 172800  IN  2001:503:a83e::2:30
f.gtld-servers.net. 172800  IN  A   192.35.51.30
h.gtld-servers.net. 172800  IN  A   192.54.112.30
k.gtld-servers.net. 172800  IN  A   192.52.178.30
b.gtld-servers.net. 172800  IN  A   192.33.14.30
b.gtld-servers.net. 172800  IN  2001:503:231d::2:30
m.gtld-servers.net. 172800  IN  A   192.55.83.30
c.gtld-servers.net. 172800  IN  A   192.26.92.30
d.gtld-servers.net. 172800  IN  A   192.31.80.30
g.gtld-servers.net. 172800  IN  A   192.42.93.30
i.gtld-servers.net. 172800  IN  A   192.43.172.30
l.gtld-servers.net. 172800  IN  A   192.41.162.30
j.gtld-servers.net. 172800  IN  A   192.48.79.30
e.gtld-servers.net. 172800  IN  A   192.12.94.30

;; Query time: 173 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Fri Jul 05 09:38:20 EST 2013
;; MSG SIZE  rcvd: 683

 
 DNSSEC No clue necessary ... so all those guys and gals out there
 selling training are ... adding no necessary value at some measurable
 cost?
 
 Eric
 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: .nyc - here we go...

2013-07-04 Thread Mark Andrews


In message 9ff40d24-169e-4568-9f25-ee00beeed...@matthew.at, Matthew Kaufman 
writes:
 Well, for starters there's whole truckloads of surplus gear that you
 can't  get for pennies and use successfully.

Surplus IPv6 capable gear has been around for a long while now.
Remember most gear has had IPv6 for over a decade now.  A lot of
gear that ISC got given for IPv6 development was on it 2nd or 3rd
repurposing before we got it nearly a decade ago.

 Matthew Kaufman

 (Sent from my iPhone)

 On Jul 4, 2013, at 11:11 AM, valdis.kletni...@vt.edu wrote:

  On Thu, 04 Jul 2013 10:34:41 -0700, Eric Brunner-Williams said:
 
  #insert usual junk from *nog v6 evangelicals that .africa and .eos
  (Basque Autonomous Region) must drive v6 adoption from their
  ever-so-deep-pockets, or the net will die.
 
  I'll bite.  What's the *actual* additional cost for dnssec and ipv6
  support for a greenfield rollout?  It's greenfield, so there's no
  our older gear/software/admins need upgrading issues.


-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: .nyc - here we go...

Someone who should know better wrote:

 Well give that .com thingie is IPv6 accessable and has DNSSEC there
 is nothing we need to let you know.  And yes you can get IPv6
 everywhere if you want it.  Native IPv6 is a little bit harder but
 definitely not impossible nor more expensive.

And this was true when the v6 and DEC requirements entered the DAG?

Try again, and while you're inventing a better past, explain how
everyone knew that it would take 6 revisions of the DAG and take until
3Q2012 before an applicant could predict when capabilities could be
scheduled.

The one thing you've got going for you is that in 2009 no one knew
that almost all of the nearly 2,000 applicants would be forced by
higher technical and financial requirements to pick one of a universe
of fewer than 50 service providers, or that nearly all of the
developing economies would be excluded, or self-exclude, from
attempting to apply. So the basic diversity assumption was wrong.

Why are the people who don't follow the shitty process so full of
confidence they have all the clue necessary?

Eric

Re: .nyc - here we go...

2013-07-04 Thread Larry Sheldon


On 7/4/2013 8:02 PM, Eric Brunner-Williams wrote:


And this was true when the v6 and DEC requirements entered the DAG?


OK, I 'fess to terminal stupidity--in this contest:  DEC?  the DAG?


Why are the people who don't follow the shitty process so full of
confidence they have all the clue necessary?


A job requirement?  Genetic links to DESIRABLE characteristics?  Comes 
with the territory?


--
Requiescas in pace o email   Two identifying characteristics
of System Administrators:
Ex turpi causa non oritur actio  Infallibility, and the ability to
learn from their mistakes.
  (Adapted from Stephen Pinker)

Re: .nyc - here we go...


 OK, I 'fess to terminal stupidity--in this contest:  DEC?  the DAG? 

Draft Applicant's Guidebook.

Re: .nyc - here we go...

On 7/4/13 6:23 PM, Larry Sheldon wrote:
 
 OK, I 'fess to terminal stupidity--in this contest:  DEC?  the DAG?

Sigh. DNSSEC and Draft Applicant Guidebook.

Re: .nyc - here we go...

2013-07-04 Thread Valdis . Kletnieks

On Thu, 04 Jul 2013 18:02:35 -0700, Eric Brunner-Williams said:
 higher technical and financial requirements to pick one of a universe
 of fewer than 50 service providers,

I'm reasonably sure that there are more than 50 service providers
who are able to privide you with a connection that will do IPv6.

 or that nearly all of the
 developing economies would be excluded, or self-exclude, from
 attempting to apply.

% dig so. any
...
;; ADDITIONAL SECTION:
a.nic.so.   43165   IN  A   72.52.71.4
a.nic.so.   43165   IN  2001:470:1a::4
b.nic.so.   43165   IN  A   38.103.2.4
c.nic.so.   43165   IN  A   63.243.194.4
c.nic.so.   43165   IN  2001:5a0:10::4
d.nic.so.   43165   IN  A   196.216.168.54
d.nic.so.   43165   IN  2001:43f8:120::54

If Somalia, the failed nation state and  near-undisputed champion hell-hole of
the world, can manage to get quad-A's for its ccTLD, the bar can't be *too*
high.

(Yes, i see exactly how they did it.  And there's nothing prohibiting any
of the applicants in developing countries from doing exactly the same
thing)



pgpDLmmpL9hXC.pgp
Description: PGP signature

Re: .nyc - here we go...


 I'm reasonably sure that there are more than 50 service providers
 who are able to privide you with a connection that will do IPv6.

In this context the universe of 50 providers are registry service
providers, existing and entrant. Verisign, NeuStar, Afilias, CORE,
AusReg, ISC, ...

Your side won if you predicted in 2009, or even as late as 2011, that
there would be many many applicants, using very very few providers,
and none in awkward places. If you predicted that, you won on all
counts, v6 availability, density of available technical clue for
DNSSEC as the cheap box checks -- the real win was access to
investment capital and financial instruments, access to American or
equivalent legal and ancillary services, shared fate (still being
dickered) on insurance bundling and business continuity set-aside, the
business advantages offered by Verisign, NeuStar, Afilias, CORE,
AusReg, ISC, ...

Absent that it really doesn't matter if a light in the sky told you
that v6 was everywhere and free, or that DNSSEC was vital to
everything, and free too, or not.

I didn't predict it, so I lobbied under the assumption that very low
capitalizations would attempt to provide some locally needed name to
existing address mapping, and that signing the zone had little but
cosmetic effect unless there were resources within the zone offering a
greater return on attacker investment than any large, and unsigned
zone (and there still are some of those). I also tried to get ICANN's
attempt to provide Applicant Support to defer these non-essentials
for registry start-up, but that whole thing went south and the one
qualified application was disallowed because ... .ummah upset someone
who didn't care to admit it (the Support Program reviewers are
anonymous).

.museum started on a desktop. There has to be a good reason why this
can never happen again.

Eric

Re: .nyc - here we go...

I'll bite.  What's the *actual* additional cost for dnssec and ipv6
support for a greenfield rollout?  It's greenfield, so there's no
our older gear/software/admins need upgrading issues.

I've read the IPv6 and DNSSEC parts of a lot of the applications,
including the ones that aren't backed by the familiar large
registries, and nobody had any great trouble doing DNSSEC or IPv6.

There are a couple of adequate DNSSEC toolkits for anyone who doesn't
want to buy a prefab system, and even though there are plenty of
places where IPv6 isn't available, the sensible thing to do (even for
large applicants) is to put the servers where the networks are.

R's,
John

Re: .nyc - here we go...

Why are the people who don't follow the shitty process so full of
confidence they have all the clue necessary?

Probably because they don't think that new TLDs are particularly
useful or valuable.

R's,
John

Re: .nyc - here we go...

2013-07-04 Thread Mark Andrews


In message 51d61b2b.8020...@abenaki.wabanaki.net, Eric Brunner-Williams write
s:
 Someone who should know better wrote:
 
  Well give that .com thingie is IPv6 accessable and has DNSSEC there
  is nothing we need to let you know.  And yes you can get IPv6
  everywhere if you want it.  Native IPv6 is a little bit harder but
  definitely not impossible nor more expensive.
 
 And this was true when the v6 and DEC requirements entered the DAG?

DS for COM was added added to the root zone in Feb 2011.  The process
of getting COM signed started a lot earlier well before the root
zone was signed and included ensuring the protocol worked for COM
sized zones.  But hey if you just look a when records are added to
zones you wouldn't see that.

Requiring new zones start at the standard you expect existing zones to
obtain is neither unexpected nor unreasonable. 

 Try again, and while you're inventing a better past, explain how
 everyone knew that it would take 6 revisions of the DAG and take until
 3Q2012 before an applicant could predict when capabilities could be
 scheduled.
 
 The one thing you've got going for you is that in 2009 no one knew
 that almost all of the nearly 2,000 applicants would be forced by
 higher technical and financial requirements to pick one of a universe
 of fewer than 50 service providers, or that nearly all of the
 developing economies would be excluded, or self-exclude, from
 attempting to apply. So the basic diversity assumption was wrong.
 
 Why are the people who don't follow the shitty process so full of
 confidence they have all the clue necessary?
 
 Eric
 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: .nyc - here we go...

2013-07-04 Thread Barry Shein


  Why are the people who don't follow the shitty process so full of
  confidence they have all the clue necessary?
  
  Probably because they don't think that new TLDs are particularly
  useful or valuable.

Oops, just a minute, gotta grab the popcorn and cooler for this
one...ok, proceed.

-- 
-Barry Shein

The World  | b...@theworld.com   | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada
Software Tool  Die| Public Access Internet | SINCE 1989 *oo*

Re: .nyc - here we go...

2013-07-03 Thread Scott Weeks



--- rube...@gmail.com wrote:
From: Rubens Kuhl rube...@gmail.com

 Thank you for explaining this.  Again, probably.

snip
Summary: there are residual risks, but the checks and balances of the
process are likely to stop bad actors, at the cost of also stopping some
good actors. Error in the side of caution preferred.
---


Thanks for the explanation.  I will begin to learn more
about this. 

scott

Re: .nyc - here we go...

2013-07-03 Thread Kyle Creyts

+10


On Tue, Jul 2, 2013 at 10:04 PM, Paul Ferguson fergdawgs...@gmail.comwrote:

 Why does this discussion have to always be one or the other?

 We have multiple problems here, friends.

 Focus.

 - ferg


 On Tue, Jul 2, 2013 at 9:39 PM, Andrew Sullivan asulli...@dyn.com wrote:

  On Wed, Jul 3, 2013 at 12:15 AM, Larry Sheldon larryshel...@cox.net
 wrote:
 
  Makes me wonder if concern for routing table size is worrying about the
  right thing.
 
 
  Because obviously, the problems of scaling router memory and scaling DNS
  servers are the same kind?
 
  Yes, having many many new TLDs introduces new problems.  (If you're not
  scared enough, I encourage you to go read the output of the Variant
 Issues
  Project.  Full disclosure: I had a hand in.)  Why are we talking about
 this
  non-news now?  We all knew about three years ago, at the latest, that
 ICANN
  was planning to do this.  If we didn't, shame on us.
 
  A



 --
 Fergie, a.k.a. Paul Ferguson
  fergdawgster(at)gmail.com




-- 
Kyle Creyts

Information Assurance Professional
BSidesDetroit Organizer

.nyc - here we go...

2013-07-02 Thread Scott Weeks



 careful there may be a troll in here... :) 

https://en.wikipedia.org/wiki/.nyc

As of July 2, 2013, .nyc has been approved by ICANN as a 
city-level top-level domain (TLD) for New York City

As places like that see $186,000 as small change, I wonder
what other countries (much less the cities within them)
like .nu, .sb or .vu will do?  For them this is an 
astronomical number.  Someone's about to hit a financial
home run reminiscient of the tech-stock bubble...

I haven't read enough, but what's to stop speculators
paying the $186,000 then charging the tiny countries
mors when they are able to make the purchase?  Please
don't suggest arbitration because that only increases
the cost to those countries.

Who's going to buy .nanog?
Who's going to buy .ietf?
etc.
Did icann have any financial requirements to get .icann?

scott

Re: .nyc - here we go...

On Tue, Jul 2, 2013 at 10:12 PM, Scott Weeks sur...@mauigateway.com wrote:

careful there may be a troll in here... :)

https://en.wikipedia.org/wiki/.nyc

As of July 2, 2013, .nyc has been approved by ICANN as a
city-level top-level domain (TLD) for New York City

.nyc has been approved by ICANN May 24. The city made its announcement only
today. Link to evaluation report:
http://newgtlds.icann.org/sites/default/files/ier/f3T5ufeSpeThAJezaxezuDtE/ie-1-1715-21938-en.pdf

Link to all status information:
https://gtldresult.icann.org/application-result/applicationstatus/viewstatus

As places like that see $186,000 as small change, I wonder
what other countries (much less the cities within them)
like .nu, .sb or .vu will do? For them this is an
astronomical number. Someone's about to hit a financial
home run reminiscient of the tech-stock bubble...

No countries were obliged to apply. Both country codes and country names
were excluded from the new gTLD process. Actually, they couldn't even
apply, as they are considered ccTLDs.

I haven't read enough, but what's to stop speculators
paying the $186,000 then charging the tiny countries
mors when they are able to make the purchase? Please
don't suggest arbitration because that only increases
the cost to those countries.

Who's going to buy .nanog?

No one in this round. May be in the next one.

Who's going to buy .ietf?

No one, excluded from the process by ICANN.

etc.
Did icann have any financial requirements to get .icann?

.icann also wasn't available for application.

Rubens

Re: .nyc - here we go...

2013-07-02 Thread Eric Brunner-Williams

Thank you Rubens, you saved me the effort.

Eric

Re: .nyc - here we go...

2013-07-02 Thread Scott Weeks

--- rube...@gmail.com wrote:
From: Rubens Kuhl rube...@gmail.com

 As places like that see $186,000 as small change, I wonder
 what other countries (much less the cities within them)
 like .nu, .sb or .vu will do?  For them this is an
 astronomical number.  Someone's about to hit a financial
 home run reminiscient of the tech-stock bubble...


No countries were obliged to apply. Both country codes and country names
were excluded from the new gTLD process. Actually, they couldn't even
apply, as they are considered ccTLDs.


 I haven't read enough, but what's to stop speculators
 paying the $186,000 then charging the tiny countries
 mors when they are able to make the purchase?  Please
 don't suggest arbitration because that only increases
 the cost to those countries.
-


Thank you for explaining this.  Again, probably.  

So the cities in those countries could buy them (if they could
afford them) but not the countries?  So .portvila is available,
but not .vanuatu?

What about places like Singapore?  The city name is the same as 
the country name.

I haven't read enough, but what's to stop speculators paying 
the $186,000 then charging the tiny countries mors when they 
are able to make the purchase?

s/tiny countries/cities in tiny countries/

Does the speculator issue have to go to arbitration?

scott

Re: .nyc - here we go...

2013-07-02 Thread John Levine

I haven't read enough, but what's to stop speculators
paying the $186,000 then ...

Rather than asking random strangers, you can read the applicant
guidebook and find out what the actual rules are:

http://newgtlds.icann.org/en/applicants/agb

Re: .nyc - here we go...

2013-07-02 Thread Scott Weeks



--- jo...@iecc.com wrote:
From: John Levine jo...@iecc.com

I haven't read enough, but what's to stop speculators
paying the $186,000 then ...

Rather than asking random strangers, you can read the applicant
guidebook and find out what the actual rules are:

http://newgtlds.icann.org/en/applicants/agb



Ok, you're correct. I need to add that to my list of reading.  
I am just thinking about the digital divide getting larger
(not smaller) as these places are writing about on their 
various technical mailing lists.  That kind of money is not
insignificant to them.

scott

Re: .nyc - here we go...

On Tue, Jul 2, 2013 at 7:17 PM, Scott Weeks sur...@mauigateway.com wrote:

 Ok, you're correct. I need to add that to my list of reading.
 I am just thinking about the digital divide getting larger
 (not smaller) as these places are writing about on their
 various technical mailing lists.  That kind of money is not
 insignificant to them.


The expansion of the gTLD space is about much more than costs -- it is
also about the expansion in efforts that it will take to monitor for
abuse. That is something that a lot of people have been concerned
about for a long time now.

$.03,

- ferg



--
Fergie, a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com

Re: .nyc - here we go...

2013-07-02 Thread Eric Brunner-Williams

On 7/2/13 7:06 PM, John Levine wrote:
 Rather than asking random strangers, you can read the applicant
 guidebook and find out what the actual rules are:

There really should be a kinder introduction to those who lack basic
clue than to attempt to read the last version of the DAG, even for the
American Legally Literate.

Someone who has more than just ICANNatitude (in either of the usual
senses) should do a standup at the next {$NETTECH} meet and 'splain
policy and business, can the bits and vod them out on the *OG lists.

Then we could discuss the merits, such as they are.

Eric

Re: .nyc - here we go...


 Thank you for explaining this.  Again, probably.

 So the cities in those countries could buy them (if they could
 afford them) but not the countries?  So .portvila is available,
 but not .vanuatu?


Yes. Country names will be part of the expansion of the ccTLD space, where
usually countries are not asked to pay evaluation fees, just annual fees
much like current country codes.


What about places like Singapore?  The city name is the same as
 the country name.


Excluded by being a country name.



 I haven't read enough, but what's to stop speculators paying
 the $186,000 then charging the tiny countries mors when they
 are able to make the purchase?

 s/tiny countries/cities in tiny countries/

 Does the speculator issue have to go to arbitration?


The $185k is an evaluation fee, not a buy now price. Part of the
evaluation process is to determine if the string has a geographic nature,
and if does, if there is proper government support. There could be issues
if a city name that is not in the ISO lists (nation capitals, state names)
that happens to be a plausible non-geographic name. Let's take Sao Paulo
(largest brazilian city) for example: it's the name of a catholic saint in
Portuguese, so an applicant claiming to a be a gTLD targeted at the saint
devotees could in theory apply (it's not the case as Sao Paulo is also a
state name listed in ISO 3166) and after getting the delegation repurpose
it to serve Sao Paulo individuals and businesses.

Besides many objection procedures, one of them a community rights objection
that could be used in a case such as the one I described, governments have
a veto power that even requiring consensus among representatives would
probably be used to stop the application. Both mechanisms (objections and
government veto) are in play at two TLDs facing opposition from
south-american countries: .amazon (from Amazon Inc., opposed by countries
of the Amazon region like Brazil and Peru ) and .patagonia (opposed by the
region of same name encompassing Argentina and Chile). The outcomes of both
will likely be known this month at ICANN's meeting in Durban.

Summary: there are residual risks, but the checks and balances of the
process are likely to stop bad actors, at the cost of also stopping some
good actors. Error in the side of caution preferred.


Rubens

Re: .nyc - here we go...

On Tue, Jul 2, 2013 at 8:12 PM, Rubens Kuhl rube...@gmail.com wrote:

 Summary: there are residual risks, but the checks and balances of the
 process are likely to stop bad actors, at the cost of also stopping some
 good actors. Error in the side of caution preferred.


You're missing the forest

If a new gTLD applicant decides to capitalize on their financial
investment once they have received approval, there is nothing stopping
them from opening the flood gates to anyone who wants to register
sub-domains/second-level domains for financial gain.

Of course, they should be allowed to do so. It's a free market.

Just look at .cc and the complete Charlie Foxtrot they caused by
allowing second-level domains to be used by anyone for any purpose
(e.g. *.co.cc, *.cu.cc, etc.) and .tk for instance.

We can expect a lot more of the same with the expansion of the TLD
space, so it *will* require a lot more diligence.

- ferg




--
Fergie, a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com

Re: .nyc - here we go...

2013-07-02 Thread John Levine

Rather than asking random strangers, you can read the applicant
guidebook and find out what the actual rules are:

http://newgtlds.icann.org/en/applicants/agb

Ok, you're correct. I need to add that to my list of reading.  
I am just thinking about the digital divide getting larger
(not smaller) as these places are writing about on their 
various technical mailing lists.  That kind of money is not
insignificant to them.

The largest set of applications are for single registrant vanity
domains, like .ibm and .mormon from IBM and the LDS church.  I don't
see them causing much damage to anyone other than the organizations
who are paying for them.

There are some from geographic areas like .nyc, and a bunch from
people who imagine that they can get rich with people who want
to register in .hockey or .art.

The one that sort of is like what you were worried about is the
application for .patagonia, which is from the outdoors equipment
company, and is causing great consternation in southern Argentina.
It remains to be seen what ICANN will do about that.

Also, considering what a bust all the existing special interest
domains such as .aero, .travel, .museum, and .asia are, I wouldn't
hold my breath waiting for vast action in any of the new ones.

R's,
John

Re: .nyc - here we go...

On Wed, Jul 3, 2013 at 12:21 AM, Paul Ferguson fergdawgs...@gmail.com
wrote:

On Tue, Jul 2, 2013 at 8:12 PM, Rubens Kuhl rube...@gmail.com wrote:

Summary: there are residual risks, but the checks and balances of the
process are likely to stop bad actors, at the cost of also stopping some
good actors. Error in the side of caution preferred.

You're missing the forest

If a new gTLD applicant decides to capitalize on their financial
investment once they have received approval, there is nothing stopping
them from opening the flood gates to anyone who wants to register
sub-domains/second-level domains for financial gain.

Of course, they should be allowed to do so. It's a free market.

Just look at .cc and the complete Charlie Foxtrot they caused by
allowing second-level domains to be used by anyone for any purpose
(e.g. *.co.cc, *.cu.cc, etc.) and .tk for instance.

New gTLDs aren't allowed to register 2-letter country-codes like co.TLD
without clearance from government of that country. Considering gTLDs pay
ICANN fees by domain if they go higher than 50k domains, it's unlikely that
a registry business model will go in the same direction as the repurposed
ccTLDs

We can expect a lot more of the same with the expansion of the TLD
space, so it *will* require a lot more diligence.

Current working version of the Registry Agreement, following advice from
governments, established requirements for security monitoring for ICANN,
registries and registrars, so you should probably wait until ICANN board
publishes it to assess whether such diligence is already being provisioned
into the system or not.

From
http://www.icann.org/en/groups/board/documents/resolutions-new-gtld-annex-ii-agenda-2b-25jun13-en.pdf
Registry Operator will periodically conduct a technical analysis to assess
whether domains in the TLD are being used to perpetrate security threats,
such as pharming, phishing, malware, and botnets. Registry Operator will
maintain statistical reports on the number of security threats identified
and the actions taken as a result of the periodic security checks. Registry
Operator will maintain these reports for the term of the Agreement unless a
shorter period is required by law or approved by ICANN, and will provide
them to ICANN upon request.

Rubens

Re: .nyc - here we go...

On Tue, Jul 2, 2013 at 8:41 PM, Rubens Kuhl rube...@gmail.com wrote:


 From
 http://www.icann.org/en/groups/board/documents/resolutions-new-gtld-annex-ii-agenda-2b-25jun13-en.pdf
 Registry Operator will periodically conduct a technical analysis to assess
 whether domains in the TLD are being used to perpetrate security threats,
 such as pharming, phishing, malware, and botnets. Registry Operator will
 maintain statistical reports on the number of security threats identified
 and the actions taken as a result of the periodic security checks. Registry
 Operator will maintain these reports for the term of the Agreement unless a
 shorter period is required by law or approved by ICANN, and will provide
 them to ICANN upon request.



Great, Let's see what happens.

If history is any teacher...

- ferg




--
Fergie, a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com

Re: .nyc - here we go...

2013-07-02 Thread Larry Sheldon

Makes me wonder if concern for routing table size is worrying about the 
right thing.



--
Requiescas in pace o email   Two identifying characteristics
of System Administrators:
Ex turpi causa non oritur actio  Infallibility, and the ability to
learn from their mistakes.
  (Adapted from Stephen Pinker)

Re: .nyc - here we go...

 Great, Let's see what happens.

 If history is any teacher...


There is not much history here to look at... .cc and .tk are ccTLDs, based
out of sovereign states. They are delegated into the root by ICANN (more
precisely by IANA, which is currently a contract also granted to ICANN) and
that's it. What they do with 2LDs/3LDs are not under community scrutiny,
unless the ccTLD operator is also operated on a multi-stakeholder basis.

gTLDs operate under ICANN compliance regime and are required to abide by
community policies. Will this be enough ? We don't know yet, but people
have given some thought trying to find a way it is enough, and can require
further mechanisms if the initial ones fail.


Rubens

Re: .nyc - here we go...

Now you are thinking. :-)

- ferg


On Tue, Jul 2, 2013 at 9:15 PM, Larry Sheldon larryshel...@cox.net wrote:

 Makes me wonder if concern for routing table size is worrying about the
 right thing.



--
Fergie, a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com

Re: .nyc - here we go...

On Tue, Jul 2, 2013 at 9:23 PM, Rubens Kuhl rube...@gmail.com wrote:

 gTLDs operate under ICANN compliance regime and are required to abide by
 community policies. Will this be enough ? We don't know yet, but people have
 given some thought trying to find a way it is enough, and can require
 further mechanisms if the initial ones fail.


Of course, we all know that makes a huge difference.

Cheers,

- ferg




--
Fergie, a.k.a. Paul Ferguson
 fergdawgster(at)gmail.com

Re: .nyc - here we go...

2013-07-02 Thread Andrew Sullivan

On Wed, Jul 3, 2013 at 12:15 AM, Larry Sheldon larryshel...@cox.net wrote:

 Makes me wonder if concern for routing table size is worrying about the
 right thing.


Because obviously, the problems of scaling router memory and scaling DNS
servers are the same kind?

Yes, having many many new TLDs introduces new problems.  (If you're not
scared enough, I encourage you to go read the output of the Variant Issues
Project.  Full disclosure: I had a hand in.)  Why are we talking about this
non-news now?  We all knew about three years ago, at the latest, that ICANN
was planning to do this.  If we didn't, shame on us.

A

Re: .nyc - here we go...

2013-07-02 Thread Larry Sheldon


On 7/2/2013 11:39 PM, Andrew Sullivan wrote:

On Wed, Jul 3, 2013 at 12:15 AM, Larry Sheldon larryshel...@cox.net
wrote:


Makes me wonder if concern for routing table size is worrying about
the right thing.


Because obviously, the problems of scaling router memory and scaling
DNS servers are the same kind?


I would not say same but I would say similar and related when you
think about things like how big the cache will be and how much of the
traffic the peerages worry about will be pure overhead, and stuff like that.


Yes, having many many new TLDs introduces new problems.  (If you're
not scared enough, I encourage you to go read the output of the
Variant Issues Project.  Full disclosure: I had a hand in.)  Why are
we talking about this non-news now?  We all knew about three years
ago, at the latest, that ICANN was planning to do this.  If we
didn't, shame on us.


What is going to happen tomorrow is sometimes less interesting that what 
is happening a while ago.


--
Requiescas in pace o email   Two identifying characteristics
of System Administrators:
Ex turpi causa non oritur actio  Infallibility, and the ability to
learn from their mistakes.
  (Adapted from Stephen Pinker)

Re: .nyc - here we go...