From:           Ewen McNeill
Received:   10 March 2014

Below are my comments on the third DNC consultation paper on ".nz Registrations at the Second Level", as published at:

http://dnc.org.nz/content/Second_Level_Consultation_Paper_3.html

The comments are in order of the policy/changes presented in the paper, and presented as a series of notes on items potentially needing more thought or revision.  They are all based on a single reading through the consultation paper as presented, so some items may be resolved simply by bringing later items further forward to clarify issues for the reader earlier on.

I've "lettered" all the paragraphs for convenience of reference; all section numbers refer to the proposed updated draft of the "REGISTERING, MANAGING, AND CANCELLING DOMAIN NAMES" policy presented in the consultation paper 3.

A.  3.2 "as long as the domain name is kept current" should say "as long as the domain name _registration_ is kept current".

B.  Ideally examples would follow RFC2606 and use "example.nz" and "example.org.nz" rather than "anyname.nz" and "anyname.org.nz"; if "anyname" is to be used it _must_ be a reserved name that cannot be registered by anyone.

C.  At 4.4.4 I believe the maximum length is 63 octets (not characters; there is a difference when IDN is used to encode characters outside the original ASCII alphanumeric set, as it takes several ASCII characters to punnycode one IDN character); possibly the wording should be clarified here

D.  At 5.1 it is implied that the DNC will maintain a list of all available second level domains?!  Surely this is "all possible combinations of up to 63 octets which aren't already reserved"?  Some different wording is needed for "second level domains where NZRS accepts third level registrations"; perhaps "A list of second level domains open for registration at the third level is maintained on the DNC website at..."

E.  5.4 seems out of context, particularly in relation to the 5 heading.
Perhaps the "5" heading should say "Hierachical Second Level Domains"
or "Legacy Second Level Domains" or similar?  And 5.4 should say "may register at the third level in one of the second level domains discussed in 5.1 ... " or some other similar wording to indicate that it applies only to the legacy 2lds.

F.  5.5 similarly seems out of context.  Possibly it is intended to say "third level domains in the legacy second level domains remain available for registration..."

G.  6.1 does not need the sentence "It has been agreed that .nz domain names should also be able to be registered at the second level."  The current second sentence could just say ".... to the new domain name structure, including direct registration at the second level, ...".
(Alternatively that first sentence could be rewritten in active voice as something like "direct registrations at the second level will be accepted from $DATE").

H.  At 6.4, excluded names should include common service names, especially:

"www"
"wpad"
"autodiscover"
"localhost"

   that might be entered as isolated names or tried automatically by software walking up the DNS resolution hierachy (eg, OS X still does this by default).  "wpad" in particular represents a traffic interception security issue (see WPAD description on Wikipedia:
http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol), and "autodiscover" and variations are used by various Autodiscovery processes (eg,
http://www.computerhouse.com/support/knowledgebase.php?action=displayarticle&id=10)
that could result in intercepting email, etc, connections.  I'm certain there are more "magic" names like that.

I.  excluded names should include "example" and "anyname", so that they are reserved for use in examples, and "test" and "localdomain" to avoid unexpected surprise in lab setups

J.  compare reserved list with BCP 32 (RFC2606):

https://tools.ietf.org/html/rfc2606

and preferably adopt all the reserved names there, as well as others listed in any other Internet Best Practice documents.

K.  At 6.5 I think "Conflicted Name" should probably have a qualifier to the effect "where an agreement has not been reached between the registrants of conflicting equivalent third level domains"

L.  In 8.1 (qualified for preferential registration") the use of "Or"
between the clauses is confusion (it appears as if the idea is that one of these will be chosen as the policy, but I think the idea is that all of them are different ways to qualify).  Perhaps an introduction statement to the effect: "registrants holding a third level domain that meet the criteria of 8.1(a), 8.1(b) or 8.1(c) will have preferential registration status for the Equivalent Name"; and then remove the "or"
conjunction between 8.1(a), etc the intention

M.  at 8.2, one would typically write "8.1(a)" and "8.1(b)", rather than "8.1a)" (note additional opening parathesis); there are other later instances of this too.

N.  8.3 should probably say "will be automatically released to open registration by any eligible Registrant on a first come, first served".

O.  The interaction with 8.4 is... confusing.  AFAICT the intention is that it only applies to 8.1(c) (it is excluded from the other two).
Perhaps it could be moved to a qualification of 8.1(c), which it seems simply needs to state that 8.1(c) is not open to that class of people?
If something else is intended (ie, the earlier date applies to all qualification processes, with an earlier date, then more substantial redrafting is required.)

P.  8.5 appears not to need a separate clause -- it appears to be an explanatory note.  Maybe it could be a parenthetical statement on wherever 8.4 ends up?

Q.  At 8.6 "will" is almost meaningless -- it's an expression of optimism about a party other than the DNC.  Perhaps the intention is that the "the DNC will instruct all registrars that they must contact all registrants"?  (In any event more active voice would be better; similar 8.7 would also be better in an active voice, eg the "DNC will instruct NZRS...")

R.  9.2 "provide the UDAI for their existing domain name to allow verification of qualification for the second level name reservation".
(Although there doesn't seem to be much security risk there is in allowing anyone to reserved the names on behalf of the registrant -- the failure case is that the more names end up reserved than intended, which is a fairly low risk.  So I'd also be open to allowing _reservations_ without the UDAI; but obviously _registrations_ of the equivalent name should require the UDAI.)

S.  9.3 should perhaps say "no charge to reserve ... for the first two years after .nz is opened to second level registrations" (to allow for holding longer reservations later at a lower cost).

T.  9.7 would be best in active voice, eg "two years after .nz is opened to second level registrations all reserved names that have not been registered will be released onto the general pool and available to any registrant on a first come, first served basis"

U.  The policy appears not to address what happens when a name is reserved, registered, then the registration lapses; does it go back into the reserved pool until 2 years is up?  Or is it released into the general pool?  (I think it should be released into the general pool, following the normal "expired domain names" process.)

V.  10.2(d) (and 10.8) appears not to make sense in the context of the "current Second Level Domains (2LD) Policy" being retired (as proposed on 2014-04-30!).  Other than that problem I'm generally in favour of "registrants can elect it should be a second level domain" managed by the DNC/NZRS (because even without that they can always reach their own external agreement to include third level entries themselves).

W.  10.3 should perhaps say "once the conflict is resolved" rather than "if".

X.  It's not clear why a non-conflicted domain can be reserved for 2 years, but a conflicted domain where the conflict is resolved must be registered in 2 months.  It also appears unstated what happens if they do not register it in 2 months?  Goes back to conflict status?  Goes into the general pool?  There should be some statement as to what happens in the event the "winner" of the conflict process doesn't follow through with a registration (in time).

Y.  10.3 and 10.4 seem to say functionally the same thing; possibly they can be merged into one clause (or possibly one of them needs to be rewritten to be more obviously different).

Z.  10.5 (requiring proof of acceptance of other registrants) seems odd if the context (eg, 10.4) is that the conflict resolution done through a DNC nominated site, and the DNC has advised the registrant that they are now free to register the name...  (perhaps the policy should simply funnel everyone through the DNC conflict site for administrive simplicity?)

AA.  12.1 needs amending to indicate that when _registering_ a Reserved Name or an Equivalant name at the second level, the UDAI of the qualifying third level name must be supplied.

AB.  It's not obvious to me why "anyname.shop.nz" needs more DNC conflict resolution process than, eg, "anyname.shop.co.nz"; perhaps it should apply to both or to neither?  (It also seems to me that one of the reasons people want direct second level registrations is in order to be able to claim generic terms for themselves, without competition from others; otherwise a DNC-run second level domain with third level registrations would be appropriate.)

AC.  Is it intended that this conflict resolutino process apply to wildcard DNS entries, eg, "*.shop.nz"?  That would inherently match _any_ valid name, without deliberately intending to match any of specific ones.

AD.  I'm leaning towards thinking that the conflict registration of "below the NZRS registration level" entries should be left to, eg, trademark law and outside the DNC conflict resolution process (except perhaps if the DNC is going to handle conflict resolution of next-level entries on all "generic term" names at all levels (ie third level in second level names; fourth level in third level names).

Ewen