No matter what kind of domain name policy has been chosen for a top-level domain, it will need to be updated and adjusted from time to time. This document gives a description of the process for developing and changing the domain name policy for .no.
The purpose of the domain name policy for the .no domain is to ensure that the administration and allocation of domain names are conducted in a way that serves the interests of the Norwegian Internet community. As the use of the Internet in Norway has grown, this community de facto encompasses the entire Norwegian society.
To ensure that the domain name policy serves the interests of the society, a Norwegian Domain Regulation have been adopted in pursuance of the Electronic Communications Act. The Regulation stipulate certain basic requirements that the domain name policy must comply with: It must be publicly available, ensure cost efficiency and high technical quality, be non-discriminatory, promote transparency and predictability, protect the interests of the Internet users, protect national interests, and take into account international development in the Internet area.
The actual details of the domain name policy, for example how many domain names a single domain name holder can have, is left for the Norwegian Internet community to decide, as long as the final results do not breach the basic principles set forth in the Domain Regulation. Since the Norwegian Internet community is not a legal entity as such, the task of defining a domain name policy that balances the different requirements in the Regulation is formally placed with Norid, the registry for .no. Norid is legally responsible for the domain name policy and will have to answer to the authorities should the Regulation not be complied with.
Procedure for changing the domain name policy for .no
The domain name policy can be changed by any process that the registry and the Norwegian Internet community finds appropriate, as long as the process meets the requirement set forth in the Regulation that “before approval of and significant changes to the domain name domain name policy, input must be gathered from the users’ representatives and the government”. The Norwegian Communications Authority (Nkom) supervises that the change process is in compliance with the requirements of the Domain Regulation.
The current process for changing the domain name policy is described below.
1. Identifying a need for change
The first step is to identify whether or not ther is a need for a change in the domain name policy. There are many different domain name policy models, and all of them have their advantages and disadvantages. Which model is chosen for a top-level domain depends on what the local Internet community judges to be most important criteria at any given time. As the needs of the local Internet community changes, the domain name policy needs to be changed as well. In addition, the domain name policy may need to be adjusted to accommodate new opportunities made possible by emerging technologies.
Norid has several different ways of trying to identify whether there is a need for changing the domain name policy:
General requests for change
These can come via Norid’s ordinary contact points (e-mail address or postal address).
Requests for change may be submitted by anyone who is interested in the domain name policy. Some stakeholders are more involved with the domain name policy and will therefore have more opportunities for identifying a need for change. Among these are the Dispute Resolution Body, which uses the domain name policy in its work, the PT, which supervises the registry and the domain name policy, and the Ministry of Transport and Communications, which is responsible for the Domain Regulation.
Requests from Norpol, the domain name policy advisory council for .no
Norpol has representatives from the private sector, the government, the Internet industry, consumer authorities and other relevant stakeholders.
We use surveys to measure to what extent society is in agreement with certain rules in the domain name policy.
Monitoring of practice
As the registry, Norid is in a unique position when it comes to experiencing how the domain name policy works in practice. As a result, Norid might find that a rule needs to be changed because it has proven to be very difficult to implement, difficult to enforce afterwards, worded in a way that leads to misunderstandings, contradicts other rules in the domain name policy, etc.
If the signals via one or more of these channels are strong enough for Norid to assume that there is a real need for a change, the process will enter Phase 2. What will be considered to be sufficient signals depends on the scope of the proposed change.
There is one exception to this rule, and that is if the proposed change already has been subjected to a change process. If this is the case, Norid will study the conclusion from the previous process to determine whether this issue will be re-evaluated. In order for a new process to be initiated, the signals should indicate that the needs of the society have changed since the last time this issue was analysed. For example, a party repeating its arguments because it did not agree with the conclusion reached in a former process, will not in and of itself mean that the process should be restarted. In addition, the question of whether or not the issue will be reconsidered depends to a certain degree on the scope of the former process. If a full formal public consultation was held, the conclusion resulting from that carries greater weight than a conclusion resulting from limited input.
If Norid finds that the situation seems to have changed since the last time the issue was raised and there are sufficient signals to indicate that a change is needed, the process will enter Phase 2. If not, the conclusion from the earlier domain name policy change process is kept.
2. Analysing the proposed change and proposing solutions
Assuming a need for change has been indicated, the next step is to analyse the issue and draft one or more proposals for solutions. Norid acts as a secretariat during this process. First we attempt to identify the underlying need or problem that the change is supposed to address or resolve. Relevant background material is collected before the issue is analysed and possible solutions examined. Some domain name policy changes are irreversible. For example, it is much easier to liberalise a strict domain name policy than to make a liberalised domain name policy stricter again. The consequences of the various solutions must therefore be carefully mapped out.
Depending on the scope of the proposed changes, the drafted proposal can vary from an informal discussion document to a formal analysis constituting the basis for a public consultation process.
3. Gathering input from the Norwegian Internet community
The Domain Regulation state that before significant changes to the domain name domain name policy are implemented, input must be gathered from the users representatives and the government.
If the proposed change is small enough to not be considered significant, this step is skipped and the process goes directly to the next phase. Examples of such changes are the re-writing of a paragraph to make the content easier to understand, minor changes to the domain registration or renewal fees, etc.
In the case of a significant change, the proposal is put forward for input from the Norwegian Internet community (which both the users’ representatives and government are a part of). As some changes are irreversible, it is very important to confirm that there is a real need for a change and that the Internet community understands and accepts the consequences of whatever change is chosen.
The actual method of gathering input from the Norwegian Internet community will vary depending on the scope and type of change. The more significant the change or the more people who are touched by it, the more extensive the process of obtaining input must be. As a minimum, the proposal is presented to Norpol for advice and input. At the other end of the scale is a formal public consultation where any interested party may respond. The examples below are indicative of the processes used for obtaining input regarding different types of changes.
Change proposals where input was only sought from Norpol:
- All changes concerning whether to add or remove domain names from the list of prohibited and reserved domain names (Appendix A to the Domain Name Policy). A typical example is when two municipalities are merged or a municipality is renamed. The process for these changes follows the principles described in this document (see “Guidelines for amendments to Appendix A” for more details).
- Changes that allow new organisations to register domain names under .no (Appendix E to the Domain Name Policy). An example is when an exception was made for embassies, allowing them to register domain names even if they formally are registered as a type of organisation that usually is not allowed to apply.
Change proposals where input was mainly sought from Norpol, but additional input was collected from other parties:
- Introduction of domain names with national characters. This issue was so technically complex that it was difficult for the public to comment on the details. Even though we opened up for general input from the general public, there were very few comments, and Norpol’s advice was therefore used as a bases for determining what society wanted.
- Evaluation of registrar model. Norpol’s advice was used as the basis for some minor adjustments of the registrar model. The revised registrar contracts were then discussed with a selection of registrars before the revision was implemented.
- Evaluation of the decision to have a domain name policy regulated by quota under .no. Input was first sought from the public via two surveys and then Norid sought Norpol’s advice based on the information emerging from the surveys.
Change proposals where input was first sought from Norpol, and then from society at large:
- Liberalisation of the domain name policy in 2001. After Norpol had provided advice, the issue was subjected to a public consultation process, in addition Norid contacted several groups of stakeholders directly, inviting them to provide input.
- The issue of whether geographical domain names should be administered by Norid or instead should be administered by the individual municipality. After Norpol had provided advice, the issue was subjected to a public consultation process and the individual municipalities specifically invited to provide input.
- Introducing and evaluating the domain name policy and procedures for the Dispute Resolution Body. After Norpol had provided advice, these issues were subjected to a public consultation process run by the Norwegian Post and Telecommunications Authority. Direct requests for comments were also sent to several groups of stakeholders.
4. Deciding on a proposal
After Norid has received all input, it must be summarised and analysed. In case of minor issues, this work is handled by Norid itself, but external consultants are often used when a public consultation process is involved.
Finally Norid, as the organisation legally responsible for the domain name policy, makes the decision on what (if any) changes will be made. When making this decision, Norid does its utmost to balance the interests of the various groups to ensure the domain name policy takes into account all parties to the extent possible while also complying with the requirements of the Domain Regulation.
When a solution has been selected, an amended domain name policy will be prepared.
5. Informing about the change
When a change has been decided upon, Norid must inform about it and implement it.
Information about the planned change must be made public before the change is implemented. An exception to this is when a change has to be implemented immediately, for example because of an emergency, or when informing about a change beforehand would lead to it being exploited before it could be implemented. For example, informing beforehand that a domain name is going to be added to the list of prohibited domain names, could lead to it being registered by someone before the prohibition takes effect. In these cases, information about the change is made public at the same time the change is implemented.
The time period from the information is made public to the change is implemented varies depending on the scope of the change. The more significant the change and the more people it affects, the more time is given for society to prepare before the implementation. The time period for different changes has so far varied from one week up to a couple of months.
How much resources are used to inform about the change, also depends on how significant it is. As a minimum, Norid’s registrars and Norpol are notified of the change, and information is published on Norid’s web site. For major changes, notice of the changes is also sent to the open discussion list for domain name policy issues, press releases are sent out and advertisements are placed in the major newspapers in Norway informing about the changes.
It is explicitly required by the Domain Regulation that the Norwegian Communications Authority (Nkom) always be informed of all changes to the domain name policy. The Nkom supervises that the changes are in compliance with the Domain Regulation. It is the responsibility of the Nkom to keep the Ministry of Transport and Communications informed.
6. Implementing the change
First, Norid has to decide on how the domain name policy change shall be implemented in the registration system. The introduction of the change into the domain name policy is then handled via a transition process. This process can be very simple or fairly complicated depending on what kind of change is being made. If the proposed change is of a nature that necessitates a more complex transition process, the question of which process to choose has often been subjected to a consultation process along with the proposed change.
Examples of regular transition processes:
This entails defining a period where applicants can document rights to a name in order to register the corresponding domain name before other applicants are given the opportunity to register it. At the end of the sunrise period, there is a general transition to the new domain name policy, either through a first come, first served mechanism or by drawing of lots.
One of the problems with this method is that while there can be many entities that have rights to a certain name, for example by having trademarks in different categories that resolve to the same word, only one can register the corresponding domain name. Norid as a registry neither has the mandate nor competence to judge which applicant has the strongest rights to a domain name, which means that implementing a sunrise period will require a neutral third party to make such judgements.
If one looks at the cost to society as a whole, evaluating claims connected to all applications beforehand would be time-consuming and result in significant costs for all applicants. The alternative is to handle the conflicts resulting from parties believing their rights have been infringed upon after the name has been registered, either via the Dispute Resolution Body or via the Norwegian courts. As the number of conflicts is relatively small compared to the number of domain name registrations, the Norwegian Internet community has so far preferred to have no sunrise period for all the major changes of the domain name policy that have been implemented.
First come, first served
A date and time for the transition to the new domain name policy is set. When the new domain name policy takes effect, applications are submitted and processed according to the new domain name policy. The applications are processed in the order they arrive at the registry.
This is the method often used when implementing changes that allow for new groups of applicants. It was used, for example, when embassies were allowed to register domain names. It has also been used to open up for registration of domain names that were previously not allowed. When the registration of generic domain names was allowed in 2000, it was handled using the first come, first served method.
When a restriction is added to the domain name policy, some of the principles of the first come, first served method are often used – a date and time for the introduction of the restriction is set, and the new domain name policy takes effect from the specified time.
Drawing of lots
This type of transition opens for applications under the new domain name policy for a limited period of time. These are stored without registration taking place. At the end of the period, no more applications will be accepted and duplicates are discarded. Then lots are drawn to randomly decide the sequence for processing applications for the same name. When the drawing of lots has been completed and all applications have been processed, the system is opened to receive applications under the new domain name policy.
This is the method that was used to implement both of the major changes in the domain name policy. It has several advantages:
- The transition period gives Norid time to check the applications for formal errors and provide feedback to the registrar if an application is rejected. This provides the registrar with a chance of submitting a corrected application before the transition period ends, resulting in fewer applications rejected because of trivial errors.
- Discarding duplicate applications means that applicants cannot improve their chances by submitting several applications for the same name. Thus, it will be of no use for an applicant to burden several registrars with the same application.
- The time of submission of the application is of no significance, as long as it is within the transition period. Hence, temporary technical problems (e.g. the registrar’s e-mail server going down) do not place the applicant in a critical situation.
- There is no advantage for registrars being physically close to Norid’s servers, and no distinction is made between registrars maintaining their own e-mail server and registrars renting such services.
- There is a more uniform strain on Norid’s systems as opposed to the pressure resulting from a pure “first come, first served” transition. This decreases the chance of the system being overloaded.
The disadvantage of the mechanism is that the implementation will take somewhat longer than for a “first come, first served” transition. For this reason, only major changes are implemented by drawing of lots. Both drawing of lots and first come, first served will result in some disputes. These are currently handled by the Dispute Resolution Body after the domain name has been registered.
Domain Name Policy changes exempted from this process
There are some factors that might lead to a change in the domain name policy for .no without this process being used in its entirety. These are typically external factors where input from society will not make any difference for the result. Examples include:
Acts and regulations
First of all there is the Domain Regulation. This Regulation acts as an overall framework for the whole registration regime, and the change procedure described in this document only applies to changes that fulfil the requirements set by this framework. If there is a need for changing the domain name policy in a manner that would result in a lack of compliance with the Regulation, this must be discussed with the Ministry of Transport and Communications or the Norwegian Communications Authority as the supervisory body. The Ministry is responsible for the Domain Regulation, and it must therefore decide whether or not the Regulation should be changed. In addition to the Domain Regulation, general Norwegian law, implemented EU directives and any applicable international standards with which Norway has undertaken to comply may also affect the domain name policy.
The administration of the .no domain is a technically demanding task. Both the operation and further development of the registration service, and especially maintenance of the technical infrastructure (DNS and registry database), must be performed in a technically appropriate manner. There are certain technical standards that must be followed in order for the Internet to function. These technical standards – with IETF as the most important standardisation body – may have an impact on the domain name policy.
There might be situations where Norid will have to make an emergency change in the domain name policy to safeguard the stability and security of the whole system.
Even though these changes are exempt from the general change process for the domain name policy, most of the procedure will still be used. The major exception is the gathering of input from the Norwegian Internet community (Phase 3), which may in some instances not be done at all as it would not change the outcome. Norid and the domain name policy for .no must comply with Norwegian law, for example, no matter whether the Internet community agrees with the law or not. In other instances input may be gathered after the change has been implemented. In a force majeure situation, for example, Norid will implement the emergency change first, and then gather input and possibly adjust the change to ensure that it has the support of the Internet community.
It is also important to be aware that the procedure described in this document only applies to the domain name policy for .no with the corresponding appendices (A – J). The practical implementation of the domain name policy in Norid’s systems and the upkeep of other relevant documents, such as contracts with registrars, applicants and service providers, application forms, guidelines, etc., are a part of Norid’s daily operations as a registry and are governed by Norid’s internal procedures.