Colleagues Please find below a note from John Klensin which I received this morning. He has asked me to forward it to the list. I will be speaking with John and Steve later today if their schedules permit. Liz ..................................................... Liz Williams Senior Policy Counselor ICANN - Brussels +32 2 234 7874 tel +32 2 234 7848 fax +32 497 07 4243 mob Begin forwarded message:

From: John C Klensin <klensin@jck.com> Date: Thu 18 Jan 2007 19:26:34 GMT+01:00 To: liz.williams@icann.org Cc: steve@shinkuro.com Subject: Single-letter second level domains

Liz,

Your recent note to the GNSO Council about single-letter domains (http://gnso.icann.org/mailing-lists/archives/council/msg03148.html) and the attached report was just called to my attention. I'm copying Steve Crocker on this note since the topic is very much a stability issue and not a provision for expansion or infrastructure one.

The premise of the report, that the main reason for reserving single-letter names was to permit future expansion, is not correct. That explanation is, instead, the consequence of a long-term, and oft-repeated, misunderstanding. I've tried explaining this several time to a number of people and groups within ICANN including various senior staff, both of the previous IANA managers, and several of the members of the community who have been pushing for single-character registrations.

The notion that single-character names should be reserved for expansion of the DNS derives from an almost offhand comment Jon Postel made many years ago. The essence of the comment was that, given all of the confusion and problems that had been created by trying to associate TLDs with specific semantics, we would have been better off with TLDs named "b ... y" (reserving "a" and "z" for future expansion and because people might think they had special value). When someone asked for a domain name at the second level, they would then be randomly assigned to one of those single-character TLDs. A somewhat fanciful set of notes circulated for a while that elaborated on this idea. That document never made it into formal publication although part of it inspired an alternative option for ENUM that also was never published. It should be stressed that these ideas were more of the character of whimsical musings than serious proposals. They were never considered as serious proposals even by their originators.

In any event, that particular idea about DNS expansion would never have produced "Example.a.com". It might have produced "example.com.b" (as mentioned above, "a" and "z" were, in that idea, permanently reserved) or, more likely, "example.d" or "example.cc.b".

There was apparently an entirely separate and unrelated suggestion about reserving one-character labels at some level of the DNS for infrastructure use, much as subdomains of .ARPA are used today. While I remember hearing about that idea, I think it was just a suggestion made during a meeting or conversation. As far as I know, the suggestion was never written down or explained, much less turned into a proposal that anyone considered or approved.

The reason for the prohibition on single-character registrations was strictly a matter of identifier integrity and DNS stability. Specifically, it was intended to reduce the odds of false positive errors if a one-character typing error was made. The prohibition on the use of underscore ("_") in domain names, given that hyphen ("-") was going to be permitted, was largely driven by very similar considerations. I believe that, had we realized that we would end up with millions of names in some TLDs and almost complete saturation of the two-character and three-character spaces in those TLDs, registration of two-character SLDs probably would have been prohibited as well.

That reason has not changed. If one permits (and encourages, which, in today's market, is much the same thing), single-letter registrations, it is safe to assume that all 26 labels will swiftly be populated (single-digit labels raise some additional issues because they are very easily used in certain types of tricky-syntax phishing attacks). Anyone trying to use one of these labels and making a single-character mistake will almost certainly reach an unintended host. In a world in which, for most users, simply opening a web page associated with an unknown site can be sufficient for virus infection, it is simply unwise, and IMO, not in the best interests of the Internet, for ICANN to consider relaxing the current rule. But the reason has nothing to do with DNS expansion, infrastructure, or any other narrowly technical reason.

Just as we try to learn and extrapolate from our experience with ASCII domain name labels to IDNs, we should also take advantage of our experience with IDNs to inform our decisions about possible changes to rules about ASCII labels. When the example of the "paypal" domain (with Cyrillic "a"s) was widely publicized, one of the primary reactions in the user and observer communities was outrage that the various actors in the domain name environment (and the certificate-issuing environment) had permitted a registration whose obvious purpose was to make it easy for users to make a potentially nasty and identity-compromising mistake. I don't believe we need that lesson again about single-character SLDs.

Please forward this message as appropriate -- I don't believe that I can post to the Council list.

regards, john