From: John C Klensin <klensin@xxxxxxx>
Date: Thu 18 Jan 2007 19:26:34 GMT+01:00
To: liz.williams@xxxxxxxxx
Cc: steve@xxxxxxxxxxxx
Subject: Single-letter second level domains
Liz,
Your recent note to the GNSO Council about single-letter domains
(http://gnso.icann.org/mailing-lists/archives/council/msg03148.html)
and the attached report was just called to my attention. I'm
copying Steve Crocker on this note since the topic is very much
a stability issue and not a provision for expansion or
infrastructure one.
The premise of the report, that the main reason for reserving
single-letter names was to permit future expansion, is not
correct. That explanation is, instead, the consequence of a
long-term, and oft-repeated, misunderstanding. I've tried
explaining this several time to a number of people and groups
within ICANN including various senior staff, both of the
previous IANA managers, and several of the members of the
community who have been pushing for single-character
registrations.
The notion that single-character names should be reserved for
expansion of the DNS derives from an almost offhand comment Jon
Postel made many years ago. The essence of the comment was
that, given all of the confusion and problems that had been
created by trying to associate TLDs with specific semantics, we
would have been better off with TLDs named "b ... y" (reserving
"a" and "z" for future expansion and because people might think
they had special value). When someone asked for a domain name
at the second level, they would then be randomly assigned to one
of those single-character TLDs. A somewhat fanciful set of
notes circulated for a while that elaborated on this idea. That
document never made it into formal publication although part of
it inspired an alternative option for ENUM that also was never
published. It should be stressed that these ideas were more of
the character of whimsical musings than serious proposals. They
were never considered as serious proposals even by their
originators.
In any event, that particular idea about DNS expansion would
never have produced "Example.a.com". It might have produced
"example.com.b" (as mentioned above, "a" and "z" were, in that
idea, permanently reserved) or, more likely, "example.d" or
"example.cc.b".
There was apparently an entirely separate and unrelated
suggestion about reserving one-character labels at some level of
the DNS for infrastructure use, much as subdomains of .ARPA are
used today. While I remember hearing about that idea, I think
it was just a suggestion made during a meeting or conversation.
As far as I know, the suggestion was never written down or
explained, much less turned into a proposal that anyone
considered or approved.
The reason for the prohibition on single-character registrations
was strictly a matter of identifier integrity and DNS stability.
Specifically, it was intended to reduce the odds of false
positive errors if a one-character typing error was made. The
prohibition on the use of underscore ("_") in domain names,
given that hyphen ("-") was going to be permitted, was largely
driven by very similar considerations. I believe that, had we
realized that we would end up with millions of names in some
TLDs and almost complete saturation of the two-character and
three-character spaces in those TLDs, registration of
two-character SLDs probably would have been prohibited as well.
That reason has not changed. If one permits (and encourages,
which, in today's market, is much the same thing), single-letter
registrations, it is safe to assume that all 26 labels will
swiftly be populated (single-digit labels raise some additional
issues because they are very easily used in certain types of
tricky-syntax phishing attacks). Anyone trying to use one of
these labels and making a single-character mistake will almost
certainly reach an unintended host. In a world in which, for
most users, simply opening a web page associated with an unknown
site can be sufficient for virus infection, it is simply unwise,
and IMO, not in the best interests of the Internet, for ICANN to
consider relaxing the current rule. But the reason has nothing
to do with DNS expansion, infrastructure, or any other narrowly
technical reason.
Just as we try to learn and extrapolate from our experience with
ASCII domain name labels to IDNs, we should also take advantage
of our experience with IDNs to inform our decisions about
possible changes to rules about ASCII labels. When the example
of the "paypal" domain (with Cyrillic "a"s) was widely
publicized, one of the primary reactions in the user and
observer communities was outrage that the various actors in the
domain name environment (and the certificate-issuing
environment) had permitted a registration whose obvious purpose
was to make it easy for users to make a potentially nasty and
identity-compromising mistake. I don't believe we need that
lesson again about single-character SLDs.
Please forward this message as appropriate -- I don't believe
that I can post to the Council list.
regards,
john