Application number: 1-1105-16488 for Nominet UK

Nominet UK

Minerva House
Edmund Halley Road
Oxford Oxfordshire OX4 4DQ
GB

+44 1865 332211

+44 1865 332299

http:⁄⁄www.nominet.org.uk

Mr. William Alexander Blowers

Director of Legal & Policy

+44 1865 332211

tas1-cathie.taylor@nominet.org.uk

Mr. Glenn Eric Hayward

Director of Finance

+44 1865 332211

tas2-cathie.taylor@nominet.org.uk

Not-for-profit, private company limited by guarantee

England & Wales

Not Available

Clive Lester Grace
Senior Independent Director
Glenn Eric Hayward
Director of Finance
Irene Tordoff Fritchie
Chair of the Board
Lesley Ruth Cowley
Chief Executive
Nora Nanayakkara
Non executive director
Piers Adam White
Non executive director
Richard Ian Amour
Non executive director
Thomas Sebastien Antero Lahtinen
Non executive director
Thomas Vollrath
Non executive director

Eleanor Hester Bradley
Director of Operations
Gillian Frances Crowther
Director of Human Resources
Nicholas Boyd Wenban-Smith
Senior Legal Council
Phillip Leslie Kingsland
Marketing & Communications Director
Simon James McCalla
Technical Director
William Alexander Blowers
Director of Legal & Policy

cymru

Not Available

The applied for gTLD string will not cause any operational or rendering problems. The applied for string is in ASCII and uses alphabetic characters only. The string, and its use in application will not be syntactically different than any existing Top Level Domains. The intended-use applications are alphabetical-string agnostic and is not a reserved top level domain string (from RFC2606).

Summary

“Cymru” is the Welsh language name for the country of Wales. The mission and purpose of dot CYMRU will be to provide an innovative, relevant and trusted internet top level domain (TLD) for the use and benefit of the citizens and businesses of Wales. For Welsh businesses, organisations and individuals, a dot CYMRU domain will contribute to a sense of community and ‘togetherness’, reflecting community pride and unity, and offering scope to celebrate Wales’s unique culture. 

In a study carried out as background to this application (attachment Q46_Economic_Study.pdf) 70% of consumers and 59% of businesses believe Wales should have its own domain space. 72% of consumers also said they would prefer a dot CYMRU TLD to a dot COM extension. 42% of businesses surveyed said that a dot CYMRU domain name could help promote their business in Wales itself. 

We expect significant business take-up for the promotion of key economic sectors in Wales, such as leisure, tourism, agriculture and the creative industries, to reinforce local preference purchasing, and for the purpose of branding and awareness-raising of Wales to the world at large. More detail on this is provided in our answer to question 18(b).

We also expect dot CYMRU to contribute positively to the development of the Wales brand and to wider recognition of that brand overseas. In this way it will support the Welsh Government’s work in raising the profile of Wales internationally to attract inward investment, to promote exports and to grow the Welsh economy. 

Nominet UK is bringing forward this bid. Nominet is a not-for–profit company which has been successfully running .uk, the fourth largest registry in the world, for over fifteen years. Nominet’s systems and processes are at the leading edge within the registry community and it takes a responsible approach to policy development resulting in greater levels of protection to registrants and other stakeholders. ICANN can be confident that it will comfortably meet or exceed all the relevant technical and operational criteria set out in the application process. 

Nominet will operate the dot CYMRU TLD on a not for profit basis with any surplus being reinvested in community projects in Wales. 

Nominet has received the necessary statements of non-objection from the Welsh Government and from the UK Government. We have also received strong statements of endorsement from the Welsh Assembly and from a wide range of business and community organisations in Wales. 

Nominet is bringing forward in parallel an application for dot WALES. Although ICANN’s rules require that these two TLDs are submitted as separate applications, it is our intention to provide them as part of a single, bilingual registry operation which serves the needs of all the constituent communities in Wales.


Operating model

The operating model for dot CYMRU will be an open gTLD, primarily operating on a first come, first served basis, which is price-competitive with existing mass market gTLDs. We will adopt an approach that effectively balances eligibility criteria with commercial sustainability which is most appropriate given Wales’s economic and cultural profile in the world. 

Applicants for a dot CYMRU domain will be required to meet one of two registration criteria either (a) a validated postal address from a predefined list of postcodes associated with Wales; or, (b) complete an EPP extension field during their application setting out their affiliation with Wales. This affiliation need not be based on location of the applicant but instead their connection with Wales. 

The geographical association (a) will be checked on application as part of a standard check for valid contact details for the domain applicant (see answer to Q28 for further details). 

The registration policy ensures dot CYMRU is accessible to Wales-based businesses, organisations and individuals as well as those who have a connection with Wales, whether the Welsh diaspora or a company based outside Wales with a strong affinity to and customer base within Wales.


Policy development and implementation

We are committed to developing dot CYMRU policy through a multi-stakeholder model of engagement and consultation, in line with accepted internet industry best practice. The community of dot CYMRU stakeholders is broad, comprising Wales-specific communities who will be the key users and registrants of the domain space, as well as to sector or issue specific communities who represent particular concerns. In addition to addressing communities of interest such as those concerned with rights protection, law enforcement and so on, policy development for dot CYMRU will need to address legitimate community aspirations in relation to the promotion of Welsh language and culture. 

We recognise that consideration and implementation of the processes and mechanisms for facilitating community engagement is central to effective policy making. These are integral to ensuring that legitimate concerns have an opportunity to be heard, consultation processes are perceived as open and transparent, and to enable the registry to manage the various competing interests of stakeholders. We have already started informal discussions of the concept and objectives of the dot CYMRU space amongst stakeholders. 

We have tracked the evolution of the new gTLD programme and we believe that this gTLD opportunity fits very closely with ICANN’s stated aims. Dot CYMRU increases competition and choice, promotes innovation and addresses new market needs, whilst at the same time it ensures that any potential harms to consumers and businesses are minimised. 

We draw your attention in particular to the extensive measures, over and above those required by the application process that we are proposing to put in place to secure businesses’ existing rights and to protect consumers from harm. For example, we are proposing extended sunrise phases for registered rights holders and unregistered rights holders, approaches that will minimise abusive registrations and policies that will address such registrations if they do occur. These are set out in more detail in the remainder of this question and in the answers to the relevant questions, 28 and 29 in this application.

Goal of dot WALES

The goal of the dot WALES domain is to provide an innovative, relevant and trusted TLD for the use and benefit of the citizens and businesses of the country of Wales.

A successful dot WALES domain will deliver high levels of service and a trusted reputation for users. It will enjoy significant local market penetration and relevant local content, used by businesses, organisations and individuals to promote their association with Wales. There will be high levels of domain use, rather than speculative or defensive registrations and registrations will therefore be sustainable and successful in the long term, with high levels of domain renewals. 


What dot WALES will add to the current space

In developing the business case for the dot WALES TLD, Nominet has been informed substantially by existing research which shows that internet users have a strong preference for domain names which they perceive as being local to them. We believe that this is because the perception of localness leads to a feeling of trust, which is particularly important when the user is entering into an e-commerce or other online financial transactions.

We believe that establishment of a dot WALES TLD will bring the consumer benefit of trust to the 3 million strong Welsh community, which is not currently served by a Wales-specific geographic TLD.

The dot WALES TLD is being designed to provide a low-cost and open registry which is highly competitive with existing gTLDs and ccTLDs. We expect that the dot WALES TLD will be actively used by the Welsh people and businesses active in Wales, and will take a material share of the market for new domain name registrations (across all TLDs) in Wales. This is entirely in line with our mission to serve the needs of the people and businesses of Wales.

An economic study was commissioned in 2011 from consultancy firm LE Wales to examine the costs and benefits of introducing dot WALES under the new gTLD programme. A copy of the study is provided attached to Question 46 in attachment Q46_Economic_Study.pdf. 

The study indicates that:

- The majority of Welsh consumers and businesses that expressed an opinion think that Wales should have its own domain space. 70% of internet users believe that Wales should have its own domain space and 70% of consumers prefer a dot WALES domain name to a dot COM domain name. 

- Around 40% of business respondents thought that a domain name for Wales could help promote their business in Wales and 30% considered that a dot WALES domain name could promote their business outside Wales. 
 
- Up to £2bn of household expenditure could be influenced by the use of a dot WALES domain name (that is to say, it could be diverted from providers making use of other domain names);

A dot WALES domain, reflecting well-established consumer preference for locally branded goods and services, could lead to additional e-commerce activity and offline transactions for businesses registering under the new domain. If a separate domain for Wales were to increase e-commerce sales by just 1%, for example, then this would be equivalent to an annual sales increase of £195 million.

The study noted that the potential benefits to business would vary by economic sector. Particular benefits could be expected to accrue in strategically important sectors to the Welsh economy such as leisure and tourism, agriculture and the creative industries. 

User experience

As well as benefits flowing directly to businesses adopting the new domains through increased sales, and to consumers through increased choice of domain and recognition of ‘local preference’ in purchasing, the new TLD will generate significant indirect benefits for Wales. The marketing and branding opportunities arising from the use of dot WALES would also potentially dovetail with known aims of the Welsh Government to promote worldwide recognition of and inward investment to Wales.

The dot WALES TLD will work as a positive force in Wales, and through strong and effective policies it will establish a high quality and trusted space that delivers social and economic benefits to Wales. The high standards of the new TLD will act as a best practice benchmark, encouraging competition and thus benefiting registrants and users at an international level.

The dot WALES domain will employ robust and effective abuse prevention and mitigation policies that minimise the prospect of abusive registration in the first instance, supported by effective measures to respond to malicious and harmful activities in the domain. These policies will define the types of behaviours that would be considered unacceptable in the dot WALES TLD and the process by which such domains might be suspended. In addition, through the responsible management of the TLD in line with ICANN consensus policies, we will ensure high levels of service for registrants of dot WALES domains.


Registration policies

Dot WALES will be an open registry and we will operate a ‘first come, first served’ policy to allocate domains. This will be underpinned by validation procedures enforced by both the registrar and the registry to minimise abuse. These will be proportionate in scope to minimise undue costs on registrants, but to promote swift identification and suspension of domains associated with rights infringement and malicious use.

To keep costs in terms of registrants’ time to a minimum, we intend to make the registration process as simple, efficient and easy to use as possible. We will deploy several ICANN compliant registration tools in conjunction with the registrar and resale channels to enable this. 

Registrants will also be asked to either:

(a) supply a verifiable postal address from a predefined list of postcodes associated within Wales; or, 
(b) provide a statement (in an EPP extension field) briefly explaining their connection with Wales and reasons for wanting to make use of a dot WALES domain name. The information supplied in this field will be published on the WHOIS.

There will be two exceptions to our ‘first come, first served’ approach. The first relates to measures allowing protection for existing rights (please refer to our responses to Questions 18c and 29 for further details). The second concerns the potential to auction a specified number of “premium” domain names. Our business model currently envisages the publication of a premium names list for auction in line with an approach which has been successful and uncontroversial in previous domain launches. 

All applicants for a dot WALES domain name will be contractually required to provide complete and accurate WHOIS data. Verification will be undertaken by the registrar in the first instance and enforced through the registry⁄registrar agreement. The registrar shall be contractually responsible for verifying the quality of the registrant data. Nominet will also conduct proactive validation checks on the name and address of all registrants. 

We believe this will deter criminals from registering under the new domain and will ensure a high accuracy of WHOIS data from the outset, thus helping law enforcement and rights holders to take action against abuses if these occur. Registrars will also conduct regular post registration checks on WHOIS data quality as required by the WHOIS Data Reminder Policy. 


Registrant personal information

We are committed to host data in the UK with off-shore back-up (within the European Union) and to be answerable and operate the business in jurisdiction.

We will ensure that data supplied by registrants is protected in accordance with all applicable laws (specifically the UK Data Protection Act 1998 and the EU Data Protection Directive which informed it), including through an appropriately designed WHOIS implementation. 


Outreach

We will ensure that there is broad market awareness of the dot WALES domain via online and more traditional media to ensure stakeholders know about and understand the benefits of using the TLD. 

A marketing and communications programme to inform stakeholders and rights-owners will be deployed in advance of the launch of the dot WALES TLD in partnership with community organisations to inform and promote the rules and mechanisms by which registrants will be permitted to register rights and acquire dot WALES domains. This will encourage engagement from rights owners to either take up their rights at low cost by registering a domain or to ensure that their trademark is registered in the clearing house. 

Nominet has considerable experience of stakeholder engagement and management, which ensures that we understand the respective needs, concerns and priorities of stakeholders. These include government, business, registrants, registrars, law enforcement, internet community, regulators. Nominet has developed proven multi-stakeholder processes for consulting and engaging with stakeholders, using them to inform the way in which policies and rules are developed and reviewed in order that costs are minimised and benefits maximised. 

Additionally, the dot WALES TLD will utilise mechanisms to raise awareness through proactive contact with business and industry stakeholders who are registered companies through the UK’s Companies House to advise and assist with their decision-making, limiting unintended consequences of a lack of awareness. 

Nominet is committed to ensuring that dot CYMRU will be a high quality, safe and secure space which maximises benefits and minimises consumer harm. We will adopt a range of rules relating to registration, registrar management, expiry, intellectual property protection, prevention of abuse and malicious behaviour to ensure that the dot CYMRU TLD meets its objective as a trusted, safe, and credible space. We will ensure registration procedures are simple and quick to use, operating on a first-come, first-served basis subject to the registration policy previously outlined, while at the same time mitigating potential harms, such as:

- Excessively high end-user prices which impose unnecessary cost on users wishing to purchase domains and⁄or deter take-up and use of the new domain;
- Use of the TLD for illegal purposes such as phishing, pharming, distribution of malware, online fraud and identity theft; 
- Harm caused to third parties through infringement of their intellectual property rights.

We will mitigate these potential harms through the following actions:

Pricing and route to market

It is not in registrants’ interests for dot CYMRU domains to be available at excessively high, uncompetitive prices. Indeed registrants are likely to be put off from registering if prices are too high. Consumers could also be negatively impacted if high domain prices feed through into higher price of (for example) e-commerce services. 

Nominet is committed to a pricing model in which wholesale charges for dot CYMRU domains are set at a level which is competitive with comparable charges for existing mass market gTLDs. Given that this is crucial to the success of dot CYMRU we do not think it is necessary to make binding contractual commitments on future pricing but we will, as required by the Registry Agreement, offer registrants advance notice of price changes. 

Retail prices paid by registrants are, of course determined by the registrar market, to which the wholesale charges set by the registry are only an input. We are committed to ensuring the broadest and most competitive registrar channel for dot CYMRU. As well as working through all ICANN-accredited registrars who wish to sell the dot CYMRU product, Nominet also intends, via a subsidiary, to become an ICANN accredited registrar itself for the purpose of offering an alternative mechanism to purchase dot CYMRU domains for non-ICANN accredited registrars. (Nominet has around 3,000 registrars for the sale of .uk domains and these registrars will be able to choose whether to register through any of ICANN’s accredited registrars that wish to offer dot CYMRU domains including Nominet’s registrar subsidiary. This subsidiary will sell registrations on competitive terms only through resellers; Nominet does not intend to become active itself in the retail market.) 

We will offer 1-10 year variable registration periods in line with standard practice. In addition, we have set aside in our model appropriate funds to provide additional marketing effort to promote the new domain. This may take the form of assistance with the development and delivery of specific marketing campaigns by the channel, or it could take the form of a quantity discounting arrangement as an introductory incentive to registrants. 


Effective sunrise processes

The dot CYMRU registry will deploy a staged sunrise process before making the domain names available for general registration on a first-come, first-served basis. The trademark claims service mandated by ICANN to provide notice to potential registrants of existing trademark rights, as well as notice to rights holders of relevant names registered will operate throughout all phases and for the first 60 days of general registration. 

The sequential order of availability for dot CYMRU domains will be as follows:
(1) Sunrise period for both trademarks in the ICANN Trademark Clearinghouse and other registered trademarks enforceable in the UK;
(2) Sunrise period for unregistered rights (also known as “passing off” rights) enforceable in the UK; 
(3) Landrush for premium domain names open to all applicants; and 
(4) Landrush open to all other applicants.

Participation in each stage will be contingent on meeting the eligibility requirements for dot CYMRU.

Phase (1) will be open to those parties with registered trademark rights. Parties who wish to take part in this phase will have the option of either registering their rights at the ICANN Trademark Clearinghouse, or going through a dot CYMRU-specific trade mark validation process. Phase (2) will be open to parties with legally enforceable unregistered rights; we will require an affidavit from a qualified intellectual property lawyer confirming that they believe such unregistered rights exist. The landrush at phase (3) will be for previously identified “premium” domain names and will be open to anyone who can fulfil the registrant requirements for dot CYMRU explained earlier in this answer, regardless of whether they have any prior rights in a name. Phase (4) will be open only to parties based in Wales. The premium names will have been identified at an early point and reserved for registration until this stage.

In the event that more than one valid application for the same domain name is received in a given phase, an auction will be used to determine who will be entitled to the domain name. In order to prevent unnecessary delay in moving to subsequent phases, auctions for a given phase will be held in parallel with subsequent phases, given that there is no detriment in doing so. Surpluses generated by the auction will be returned to communities in Wales in line with our not-for-profit business model.

Once these four phases have been completed, dot CYMRU domains will be made available on a first come, first served basis (subject to eligibility requirements). 

Aside from the internal costs to the participants, and any costs charged by a supplier, for the first two phases, the registry will charge only an administrative fee to cover the verification of rights claims by independent experts. This fee will be calculated on a cost-recovery basis. For the landrush phase, participants will pay a minimal application fee, the purpose of which is to ensure that only genuine participants take part in any auction. 

A marketing and communications programme to inform stakeholders and rights-owners will be deployed in advance of the launch of the dot CYMRU registry. This programme will be conducted in partnership with relevant community organisations to inform and promote the rules and mechanisms by which registrants will be permitted to register rights and dot CYMRU domains. This will encourage engagement from rights owners to either take up their rights at low cost by registering a domain or to ensure that their trademark is registered in the Clearinghouse. We understand the needs, concerns and priorities of stakeholders due to our considerable experience of stakeholder engagement and management from our dot UK operations. These stakeholders include government, businesses, registrants, registrars, law enforcement authorities, the internet community, and regulatory bodies. Nominet has developed tried and tested multi-stakeholder processes for consulting and engaging with stakeholders, using those processes to inform the way in which policies and rules are developed and reviewed in order that costs are minimised and benefits maximised. 

Additionally, the dot CYMRU registry will use mechanisms to raise awareness through proactive contact with business and industry stakeholders who are registered companies through the UK’s Companies House to advise and assist with their decision-making, limiting the unintended consequences of a lack of awareness. 

We will implement an effective policy for the protection of geographic names as required by the Governmental Advisory Committee. The registry will reserve all country names set out in Specification 5 to the draft Registry Agreement with ICANN (the “Reserved Names”). The Reserved Names will not be available for general registration at any point, whether before or after the launch of the dot CYMRU registry, regardless of any claimed trade mark or other rights. See our response to Q22 for further details.


Registration

Once in the general availability phase, as noted, we will operate on a first-come, first-served basis. Where two applications are received for the same domain name and both meet the registration policy and data quality requirements the application received first will succeed. 

All applicants for dot CYMRU domain names will be contractually required to provide complete and accurate WHOIS data. Verification will be undertaken by the registrar in the first instance and enforced through the registry⁄registrar agreement. The Registry Operator will also conduct proactive validation checks on the name and address of all registrants.

We believe this will deter criminals from registering under the new domain and will ensure a high accuracy of WHOIS data from the outset, thus helping law enforcement and rights holders to take action against abuses if these occur. 

Registrars will be obliged to ensure that registrant data is verified and correct, and regularly reviewed at appropriate times. We will have the option to incentivise registrars and will also have the option to impose financial and technical restrictions on poorly performing registrars.


Abuse: Detection and policy approach

Strong abuse policies on domains associated with criminal or malicious activity will ensure dot CYMRU is a safer and more secure internet space. We will seek to minimise any harm to consumers resulting from the use of dot CYMRU for criminal purposes. 

While our registration policies will be designed to deter abusive registrations, this is unlikely to be 100% infallible, we will therefore adopt the following additional measures:

- A strong abuse policy which allows us to suspend domains where we are presented with information that they are being used for criminal purposes. This will be reinforced through contractual provisions with registrars and resellers. 
- Full operational roll-out of DNSSEC. 
- Co-operation with law enforcement authorities to develop ‘early warning’ and reporting systems. 
- Dispute resolution (mediation) to enable third parties to effectively deal with allegations of IP infringement. 

These measures are set out in more detail in our response to question 28. 


DNSSEC

Nominet recognises the importance of DNSSEC in order to run a secure and reliable TLD. As a result we will provide two services in relation to DNSSEC:

- A fully DNSSEC enabled TLD that supports all DNSSEC RFCs; and
- An RFC compliant DNSSEC signing service. This will allow all dot CYMRU registrars to take advantage of Nominet’s DNSSEC signing infrastructure if they do not already have provision themselves. We believe that this will significantly increase DNSSEC take up. 


IP rights protection

We are committed to providing a high level of protection for existing IP rights and this is a core objective of the registry. Our approach will go beyond the basic requirements laid out by ICANN in three key areas: 

- We will extend the sunrise window to two months to ensure the maximum possibility is afforded to rights-owners to secure existing rights.
- We will afford protection not just to trademarks, but to other enforceable brand protection rights linked to Wales and established in UK intellectual property law.
- We will keep the costs of securing rights to a reasonable minimum. Any fees payable to secure rights under this process will be set on a cost-recovery basis. We will also offer a low-cost mediation process as an optional pre-cursor to the obligatory UDRP.

The key to successful rights protection will be extensive outreach amongst rights holders to raise awareness and explain the processes. Nominet is committed to an extensive programme of engagement and consultation ahead of the commencement of the rights protection window. 

In addition to meeting our obligations to offer the UDRP, the registry will also provide registrants and complainants with a free mediation service administered by qualified mediators, giving users access to low-cost mechanisms to enforce their intellectual property rights.

Our proposals are set out in more detail in our response to question 29. 


Data protection and privacy

We will ensure that data supplied by registrants is protected in accordance with all applicable laws (specifically the UK Data Protection Act 1998 and the EU Data Protection Directive which informed it), including through an appropriately designed WHOIS implementation. 

No

Not Available

Yes

Nominet will reserve all country names set out in the lists specified in Specification 5 to the draft Registry Agreement with ICANN (the “Reserved Names”). The Reserved Names will not be available for general registration at any point, whether before or after the launch of the dot CYMRU registry, regardless of any claimed trade mark or other rights. 

This restriction on domain name registrations will be communicated to the public as part of the general pre- and post-launch marketing for the TLD in order to minimise any confusion or disappointment.

The Reserved Names will only be available for registration by the relevant governments, using the process set out below (modelled on the GAC-approved process adopted for .INFO). 

1. The government or public authority concerned informs Nominet of their request to register the name, and the designated registrant.
2. We will verify the request, from third parties (such as local embassies or government contacts) if necessary, and request any additional information required.
3. The availability of the domain name will be verified and an authorisation number transmitted to the designated registrant.
4. The designated registrant will then be able to register the domain name, via a registrar for the TLD, by submitting the authorisation number to confirm their authority.

This process will be open ended, and will be available at all times, but we will highlight its existence to local governmental representatives (such as embassies or high commissions) as part of the marketing push during the launch of the TLD.

Question 23 - Registry Services

Nominet will administer a comprehensive list of registry services all of which are developed, managed and maintained in house. The services we will provide are:

- Operation of authoritative nameservers for dot CYMRU;
- Dynamic updates to zone files;
- Extensible Provisioning Protocol (EPP);
- Dissemination of zone files;
- Whois service (port 43 and web-based);
- Searchable Whois;
- Domain Name System Security Extensions (DNSSEC);
- Billing;
- Customer support;
- Abuse prevention; and
- Internationalised Domain Names (IDNs).

All registry services will be supported and reachable over both Internet Protocol (IP) Version 4 (IPv4) and IP Version 6 (IPv6).


DNS operations

We will operate authoritative nameservers for dot CYMRU. The DNS constellation consists of a ʹhiddenʹ master nameserver, DNSSEC signer, one primary Unicast DNS node, six slave Unicast DNS nodes and four primary Anycast nodes.


Dynamic updates to zone files

All changes to nameservers for domain names result in an update to the dot CYMRU zone file. All zone file changes are applied dynamically for the most rapid publishing to the DNS. Propagation of updates through the nameserver network will be done using incremental zone transfer (IXFR).


EPP

An EPP system, compliant with Request for Comments (RFC) 5730 will be provided for registrars to register and administer domain names, contacts and nameservers. The EPP server is provided over TCP and is compliant with RFC 5734. EPP connectivity is protected using the Secure Sockets Layer (SSL) protocol. 

Registrars may register new domain names in dot CYMRU using the object definitions given in RFC 5731. Once a domain name is registered, the registrar of record will be able to update, renew, delete and query that domain name, using the respective operations as defined in RFC 5731. All registrars may issue domain check or domain transfer operations using the EPP system. If a domain transfer operation is requested, the correct authInfo value must be provided by the new registrar. The registrar of record will be notified and will have five days to prevent the transfer from occurring.

Registrars may also issue requests to create new contact and host objects, in compliance with RFC 5733 and 5732 respectively. Only the registrar of record may then issue requests to update, delete and query contact and host objects in line with those RFCs. A delete operation will only be successful if there are no domain names linked to the object. Host update operations will be successful only if all the domain names linked to the host are sponsored by that registrar.

All ICANN accredited registrars who have signed a dot CYMRU registrar agreement will be eligible to use the EPP system. The identity of registrars will be verified with SSL certificates. If a valid SSL certificate is not used, the server will close the connection and no operations will be possible.

Registrars may only transform or query domain names if they are the registrar of record. The exception will be for transfer operations, which may be requested by all registrars if they have access to the authInfo field for the domain name. The registrar of record may prevent transfer operations from completing.

The dot CYMRU EPP server will be fully standards compliant and all operations described by RFC 5730, RFC 5731, RFC 5732 and RFC 5733 will be accepted by the server. All inputs to the server will be checked for validity and action will be taken if an input will adversely affect the service provision. All data fields are sanitised to prevent Structured Query Language (SQL) Injection attacks. Bind variables are always used for database query statements. If a connection is open but unused for more than a given time, it will be closed. If a registrar opens more than a given number of connections then the oldest connection will be closed.

The EPP service will be hosted at a primary data centre and fully replicated at a secondary data centre to ensure stability. Failover procedures are well practiced and comply with BS 25999.

The dot UK service that we currently provide accepts RFC compliant commands and meets all of the SLAs within Specification 10 comfortably. In December 2011 we handled an average daily load of more than 1.3 million EPP operations with a read-write ratio of 12 to 1. EPP availability has averaged at 99.9% over the 12 months to December 2011.


Dissemination of zone file data

Daily zone files will be provided to ICANNʹs Zone File Dissemination Partner using the format specified in RFC 1034 section 3.6.1 and RFC 1035 section 5. Transportation will be via a method agreed with them.


Zone server status updates

We will update registrars on changes to zone server status using a variety of methods including:

- email updates;
- zone server status web page;
- RSS feeds; and 
- Twitter updates.


Whois Services

Nominet will provide a real time Whois service for domain names, nameserver data and for registrar data. The Whois may be accessed by any internet user either through a web-based portal or via the Port 43 service.

The Whois Service will accept Transmission Control Protocol (TCP) connections on port 43 at whois.nic.CYMRU. Queries, terminated as specified in RFC 3912 by a carriage return and line feed, will be accepted. If the domain name is registered in dot CYMRU then Whois information will be returned to the client. If it is not then an appropriate error message will be returned.

The web-based Whois will be available at whois.nic.CYMRU. The user may enter the domain name, nameserver or registrar into a web form and will receive a response.

For both interfaces, if the request cannot be parsed as a domain name, nameserver or registrar then an appropriate error message will be returned.

The Whois service that we currently provide for dot UK handles an average of between 800,000 and 1,000,000 lookups per day. Over the year to December 2011, the average monthly availability for this service was 99.99%. The server is designed to allow the limiting of requests from a single IP address to prevent denial of service. We also monitor usage and perform statistical analysis to detect distributed abuse of the Whois.


Searchable Whois

We will provide a searchable Whois service. This will be available on subscription to internet users. We have provided this service for the dot UK domain name registry since 2006. 

Our searchable Whois allows for wildcard searches to be made on the domain name and registrant name. Results can be then exported as a comma separated values (CSV) file. We also offer the facility to allow users to set up to 20 search terms to be monitored automatically. Notifications will be sent by daily email if domain names are registered matching these search terms.


DNSSEC

The dot CYMRU zones will be signed using DNSSEC. The EPP server will support the DNSSEC extensions defined in RFC 5910 to allow DS records to be set in the zone.


IDNs

The registry systems for dot CYMRU will support the registration of internationalized domain names (IDNs) to support the Welsh language. 


Customer services

Customer service for dot CYMRU registrars, registrants and other stakeholders will be provided by a team of five full time equivalents bi-lingual support advisors based in Wales. This team will be supplemented by our team of 24 customer service advisors based in Oxford to ensure resilience and 24-7-365 emergency cover. 


Billing system

We have developed a customised billing system for domain names. Whenever a chargeable event, such as a registration or renewal occurs in the registry, a record is made in the billing system. This feeds through to the monthly invoicing runs. 

The billing system has an automated and fully configurable credit management system. The available credit or funds are audited for all registrars with warnings sent using email if they run low. The system may be configured to set any credit limit for registrar, including a zero limit to allow no credit.

We also provide an online service for registrars to pay invoices and to put money on account. 


Abuse prevention

We have extensive abuse prevention policies and measures which include the following:
- technical solutions to enforce usage policies;
- sharing information with registrars about notifications from anti-phishing companies such as Netcraft; 
- registry⁄registrar agreement policies to enforce good practice; and
- checking the quality of Whois data.


Risk and business continuity planning

A comprehensive Risk Register, aligned to BS31100 is maintained by Nominet which anticipates and identifies the events which may produce uncertainty or negatively impact its operations and the achievement of its objectives. Risks are prioritised based on impact and likelihood, mitigating factors identified and remediation activities carried out. Risk owners and risk response owners are responsible for actively managing identified risks. The register is reviewed monthly by the Senior Management Team and bi-annually by the RSP’s Audit Committee.

We have achieved BS25999 Business Continuity certification recognising its best practice approach to business continuity. We operate a full business continuity management system including a routine rehearsals schedule to ensure we can continue to operate in the most challenging situations safeguarding the registry and those that rely on it.

Stability

A registry service has an adverse effect on internet stability if it is not compliant with relevant authoritative standards or adversely affects the throughput, response time, consistency or coherence of responses to servers or end systems which are themselves operating in accordance with relevant authoritative standards. 

Our registry services will be fully stable because:
- they will full comply with all RFCs listed in specification 6 to the Registry Agreement;
- all responses given will be consistent and coherent; and
- the registry systems will be responsive, comfortably meeting all SLAs given in specification 10 to the Registry Agreement.


Security

To prevent the unauthorised disclosure or access to information or to registry systems architecture and to prevent the unauthorised disclosure, alteration, insertion or destruction of registry data, we secure our registry systems in a number of ways including, but not restricted to:

- securing of networks using SSL;
- controlling access to different network segments (both internally and externally) through firewalls, and VPNs;
- using two factor authentication for VPN access;
- authenticating users on the bais of their role, providing the lowest level of access required to perform required functions;
- having a permanently manned reception and CCTV;
- using geographically diverse datacentres;
- using two factor authentication for physical entry to datacentres - one of which must be biometric;
- running regular penetration testing by an independent organisation; and
- undertaing regular vulnerability scanning by an independent organisation.


Availability and continuity

All components comprising the dot CYMRU Registry Services will be provided on duplicated load balanced servers. A minimum of two virtualised servers will be provisioned on separate server racks and configured to each handle an equal proportion of the traffic. In the event of a problem with one server, the load balancers will automatically direct traffic to the other server. The servers will be set up so that in the event of the loss of one server, the remaining servers will have enough capacity to handle the increased traffic.

The architecture making up the dot CYMRU Registry Services will be fully provisioned upon our primary datacentre and replicated in full on the secondary datacentre. The database on the secondary datacentre will be replicated to within a few seconds of the primary.

This architecture allows us to have standard operating procedures to enable transition between datacentres within minutes if necessary and this procedure will be practiced on a monthly basis with the secondary datacentre becoming the primary and vice versa. 

SRS overview

We will administer a Shared Registry System (SRS) consisting of an Extensible Provisioning Protocol (EPP) interface to the registry. The interface is compliant with Specification 6 (section 1.2), complying with Request for Comments (RFCs) 5910, 5730, 5731, 5732, 5733 and 5734. It also implements registry grace periods and is compliant with RFC 3915. 

The implementation of EPP for dot CYMRU is based upon our current EPP service for dot UK and will be deployed on the same architecture as the dot UK domain.

We have run the dot UK EPP for the last 8 years and the service is used by 900 registrars, representing over 6 million domains out of the total of 10 million on the register. The dot UK EPP service easily handles over 2 million transactions per day with an average availability for 2011 of 99.90%.


High Level SRS system description

The network infrastructure for Nominetʹs SRS consists of two firewalls, two EPP application servers, and two middleware servers. All are load balanced. This is shown in figure 24.1 of the attachment Q24_SRS_Figures.pdf. The server specifications are shown in table 24.1 of the attachment Q24_SRS_Tables.pdf. 

Our EPP architecture for dot CYMRU has been designed using a three-tier architecture. The two EPP application servers handle connection management and authentication along with confirming that requests are well-formed. The two middleware servers handle all business logic and manipulation of domain names and their associated objects. Finally, the registry data is stored in an Oracle database. 

All EPP application and middleware servers are load balanced using a pair of f5 Network Big-IP servers.

Like our dot UK implementation, the EPP network for dot CYMRU will be fully reachable over Internet Protocol Version 6 (IPv6).


Interconnectivity with other registry systems

All registry systems connect to one clustered Oracle database, which provides a single point of truth and prevents the occurrence of conflicting registration data updates.

When a domain is registered by a registrar using EPP, an entry is made in the database representing that domain name. Because the Whois reads directly from this database, the domain immediately becomes visible in the Whois with no delay.

Whenever changes are made to nameservers - when domains are registered or deleted or the nameservers are modified - a row is inserted into a database table that represents a list of updates to be made to the zone file. These updates are then pushed into the DNS using the IXFR protocol.

If a domain name is registered or renewed, then the SRS service programmatically triggers an update to the billing system. A chargeable event representing the registration or renewal is generated which feeds into the monthly invoicing system.


Availability and continuity

All components making up our Registry Services, including the EPP service, are provided on duplicated load balanced servers. A minimum of two virtualised servers will be provisioned on separate server racks and configured to each handle half of the traffic. In the event of a problem with one server, the load balancers will automatically direct traffic to the other server. The servers will be set up so that in the event of the loss of one server, the remaining servers will have enough capacity to handle the traffic.

The EPP architecture is shown in Figure 24.1 of the attachment Q24_SRS_Figures.pdf. We will provision the network in full on both our primary and secondary datacentres. In particular, the database will be replicated in both datacentres. The two datacentres will be connected by two 10GB dual path and geographically diverse links. Each link will have a latency of less than one millisecond. Replication between the two datacentres will be asynchronous but the replicated data will only be a few milliseconds behind that of the live data. Should connectivity to one datacentre fail, the other will automatically assume the role of being the primary datacentre. The two datacentres will be connected to our main office by 1GB links. This allows mechanisms to be put in place to avoid possible ʺsplit brainʺ scenarios where connectivity between the datacentres is lost but both believe the other is lost and assume the primary datacentre role. Each datacentre will have a multi-homed 100MB transit link to the outside world. This connectivity will be handled by six Tier-1 providers in order to ensure availability and redundancy. We will also maintain 100MB links to peering points with Internet Exchanges such as the London Internet Exchange (LINX https:⁄⁄www.linx.net⁄) and the London Access Point (LoNAP http:⁄⁄www.lonap.net⁄) from each datacentre.

This architecture will allow us to have standard operating procedures to enable transition within minutes if necessary and this procedure will be practiced on a monthly basis, with the secondary data centre becoming the primary and vice versa. The relational database in the secondary datacentre will be asynchronously updated from the primary using Oracleʹs Dataguard Maximum Performance architecture. 

In the very unlikely scenario that connectivity was lost to both datacentres (such that none of the six Tier-1 providers could connect to either datacentre), we will maintain a third datacentre in Geneva, Switzerland that will be able to provide essential registry services in such a catastrophe.

We have a comprehensive business continuity management system with a full set of business continuity plans in place and is certified to the British Standard for business continuity, BS25999-2:2007.


Scalability

Provisioning applications on load balanced virtual machines means that we can easily provision further servers should the load increase. However, our experience with operating the dot UK top level domain with its 10 million domain names, indicates that two application servers will easily meet the performance requirements in Specification 10 to the Registry Agreement.

The EPP service for dot CYMRU will be deployed on dedicated virtual servers in our datacentre. The servers making up the dot CYMRU EPP service will have their own dedicated resources as shown in Figure 24.1 of the attachment Q24_SRS_Figures.pdf.

Connectivity is shared with the other registry systems deployed at the datacentre for dot CYMRU, dot UK and up to five other gTLDs. The total available bandwith is 10 gigabits per second and traffic through each service will be throttled to and the available connectivity for each service will be throttled to an appropriate level to both provide sufficient connectivity for the EPP traffic levels and to mitigate against the impact of any traffic surges.


Performance

We measure the internal processing time of all commands submitted to the EPP server to ensure that the SLAs given in Specification 10 of the Registry Agreement are met. Recent performance and availability figures for this are given in table 24.2 of the attachment Q24_SRS_Tables.pdf.

Based on all projections we are more than confident that the capacity and redundancy of the SRS system for the dot CYMRU domain, with an expected 40,000 domain names after 2 years, will allow for similar performance figures to the dot UK domain 


Resource plan

Nominet have fully developed its SRS systems with pre-launch testing to be done in 2012. We have large development, infrastructure and customer support teams experienced in running all its dot UK services. We will dedicate the following resources and time from these existing teams, as well as additional resources where appropriate, to the pre-launch and post launch maintenance tasks:

Pre-launch

- Testbed deployment: 10 days by a system administrator
- Testing: 15 days by a developer
- Packaging: 2 days by a developer
- Production deployment: 10 days by a system administrator

Total pre-launch resource time: 37 days.

6 months immediately following launch

- Customer support: 8 hours per week
- Technical support: 4 hours per week

Total resource in the 6 months immediately following launch: 12 hours per week

Ongoing business as usual 

- Customer support: 4 hours per week
- Technical support: 4 hours per week

Total ongoing business as usual resource: 8 hours per week

Introduction

Registrars will use Extensible Provisioning Protocol (EPP) to register and administer domain names, nameservers and contact objects for dot CYMRU. Nominet will administer an EPP server which is fully compliant with Request for Comments (RFCs) 5730 to 5734. For dot CYMRU, grace periods and DNSSEC extensions compliant with the respective RFCs, 3915 and 5910, will be implemented.

Because it is our intention to build a safe and trusted domain around dot CYMRU, a custom extension to the contact mapping defined in RFC 5733 will be included to allow a registrantʹs connection to Wales to be declared. This extension has been defined following the guidelines given in RFC 3735 and documentation consistent with this RFC is given in attachment Q25_EPP_cymru_Nexus_Extension.pdf. Use of the extension will be optional for registrants with an address in the geographical area defined.


We will modify the EPP server as necessary to support and comply with any EPP extensions which may emerge from ICANNʹs policy making process.

The EPP interface fully supports the registration lifecycle given in the answer to question 27.


Technical Plan

Nominet is experienced in running a highly available EPP service and have provided such a service to dot UK registrars since February 2008. It is used by 900 registrars, representing over 6 million domain names out of the total of 10 million on the register. The EPP server is provided over TCP and is compliant with RFC 5734. EPP connectivity is protected using SSL. The dot UK EPP service easily handles over 2 million queries per day and the monthly percentage availability figures for the 12 months to December 2011 are shown in table 25.1 of attachment Q25_EPP_Tables.pdf. 

The EPP implementation for dot CYMRU has been designed and will be built to match the scope and size of the dot UK registry implementation outlined above.

The EPP system has been designed using a three-tier interface-middleware-database architecture. The backend registry database will be Oracle 11g R2 Enterprise Edition based. Duplicate nodes will be used to ensure stability. The middleware will handle all business logic and will be implemented using Java and the Spring Framework (www.springsource.org). The interface module will handle connectivity and authentication of commands, and will be implemented using Java and Netty (http:⁄⁄www.jboss.org⁄netty). 


Domain Name Mapping (RFC 5731)

The EPP server for dot CYMRU will implement the domain object mapping defined in RFC 5731 and the following commands for domain objects will be available to registrars, as specified in that RFC:

- Info command to query the attributes of a domain name, including its nameservers, contacts and status values.
- Check command to check if a domain name is registered and the likely success of a subsequent Create command.
- Transfer query to query the status of a previous transfer request.
- Create command to register a domain name.
- Delete command to cancel or ʺunregisterʺ a domain name.
- Renew command to renew a domain name and extend its expiry date.
- Transfer command to move a domain name to a new registrar. This command may also be used to accept or reject transfer requests made on domain names by other registrars.
- Update command to modify the attributes of a domain name.

The extensions defined in RFC 3915 to the following commands will also be available:
- Info command to query the grace period status values.
- Update command to restore a domain name when it is has the redemptionPeriod status set. 

Registrars can use the EPP update command to set status values on domain names to prevent operations as specified in RFC 5731:
- clientDeleteProhibited. If this is set, requests to delete the domain are rejected.
- clientRenewProhibited. If this is set, requests to renew the domain are rejected. Automatic renewal on expiry still occurs.
- clientTransferProhibited. If this is set, requests to transfer the domain are rejected.
- clientUpdateProhibited. If this is set, requests to update the attributes of the domain are prohibited
- clientHold. If this is set, the domain name is not published in the zone file.


Domain Name System Security Extensions (DNSSEC) extensions Mapping (RFC5910)

DS records may be added to domain names in dot CYMRU using the EPP extensions defined in RFC 5910.


Host Mapping (RFC 5732)

The EPP server will implement the host object mapping defined in RFC 5732 and the following commands for host objects will be available to registrars as specified in that RFC:

- Info command to query the attributes of the host object.
- Check command to find if a host object exists in the registry and the anticipated success of a subsequent create command.
- Create command to add a host object to the registry.
- Delete command to remove a host object from the registry, provided there are no domain names linked to it.
- Update command to modify the IP addresses or status values for the host object. IP addresses are only set if the superordinate domain name for the host is in the dot CYMRU registry.

Registrars will be able to use the EPP update command to set status values on host objects to prevent operations as specified in RFC 5732:

- clientDeleteProhibited. If this is set, requests to delete the host object will be rejected.
- clientUpdateProhibited. If this is set, requests to update the attributes of the host object - to add or remove IP addresses or status values - will be rejected.


Contact Mapping (RFC 5733)

The EPP server for dot CYMRU will implement the contact object mapping defined in RFC 5733 and the following commands for contact objects will be available as specified in that RFC:

- Info command to query the attributes of a contact object
- Check command to determine if a client identifier has been provisioned in the registry and the anticipated success of a subsequent create command.
- Transfer query command to query the status of a previously requested transfer operation.
- Create command to add a new contact object to the registry.
- Delete command to remove a contact object from the registry, provided no domain names are linked to it.
- Transfer command to request to move the object to a new registrar. This command may also be used to accept or reject transfer requests made on domain names by other registrars.

- Update command to modify the attributes of a contact object.

Registrars will be able to use the EPP update command to set status values on contact objects to prevent operations as specified in RFC 5733:

- clientTransferProhibited. If this status is set then requests to transfer the contact will be rejected.
- clientDeleteProhibited. If this status is set then requests to delete the contact will be rejected.
- clientUpdateProhibited. If this status is set then requests to update the contacts attributes will be rejected.

The customary extension to the contact mapping to allow a registrantʹs connection to Wales to be declared will not impact in anyway on the registration lifecycle described in the answer to Question 27. This is because the extension simply adds an additional information element to the mapping and does not change any lifecycle trigger points.


Resource Plan

The EPP server for dot CYMRU has been implemented, with pre-production load testing and customisation to be completed in 2012. We have a development team of 16 staff, an infrastructure team of 15 staff and a customer support team of 24 staff. All these staff are experienced in running the dot UK services. We will dedicate the following resources and time from these existing teams, as well as additional resources where appropriate, to the pre-launch and post launch maintenance tasks:

Pre-launch

- Implementation of extension for CYMRU connection statement: 10 days by a Java developer


Post launch

- Monitoring and involvement in EPP standards development: 1 hour per week by a research team member and development team member.

Resources for technical and customer support of EPP are set out below:

Pre-launch

- Testbed deployment: 10 days by a system administrator
- Testing: 15 days by a developer
- Packaging: 2 days by a developer
- Production deployment: 10 days by a system administrator

Total pre-launch resource time: 37 days.

6 months immediately following launch

- Customer support: 8 hours per week
- Technical support: 4 hours per week

Total resource in the 6 months immediately following launch: 12 hours per week

Ongoing business as usual 

- Customer support: 4 hours per week
- Technical support: 4 hours per week

Total ongoing business as usual resource: 8 hours per week

High-level System Description

Nominet will provide a real time Whois for domain names, nameserver data and for registrar data. The Whois may be accessed by any Internet user either through a web-based portal or via the port 43 service. A searchable Whois will also be provided.

The Whois services will interface with the rest of the registry via a shared database. This will ensure that data is correct and up-to-date, and a correct response can be generated at the instant that a query is received. The searchable Whois will maintain its own cache for efficiency, which is refreshed hourly, directly from the shared registry database.

The services will be implemented in a virtualised architecture (see Q32) and share a common infrastructure.


Standards compliance

The dot CYMRU Whois service will be compliant with Specification 4 of the Registry Agreement. It will be available on whois.nic.cymru. The Whois services (port 43 and web based) respond as described in Specification 4 of the Registry Agreement; an outline for this is presented in the paragraphs ʺData Objectsʺ below.

The web-based Whois will also be available at whois.nic.cymru as required by Specification 4. The user may enter the domain name, nameserver or registrar into a web form and will receive a response. If the request cannot be parsed as any of these three categories then an appropriate error message will be returned.

The Whois service will be compliant with Request for Comments (RFC) 3912. As specified by the RFC, the Whois service will listen on Transmission Control Protocol (TCP) port 43 for requests from clients. If a valid request, terminated as specified in RFC 3912 by an ascii carriage return and line feed, is received then a response will be returned.

Performance and availability of the Whois service exceeds the requirements given in Specification 10 of the registry agreement.


Data objects

The Whois services (port 43 and searchable) respond as described in Specification 4 of the Registry Agreement; an outline for this is presented in the paragraphs below.

Data objects: Domain names

If a request for a valid and registered dot CYMRU domain name is received by either Whois interface then a response will be returned displaying information about that domain name in the key-value pair format described in Specification 4 of the Registry Agreement. The following information will be returned:

- domain Name;
- Whois server;
- dates - creation, last update, expiry;
- registrar details;
- any status values;
- all contact details - Registrant, admin, tech and billing;
- registrants declaration of connection to Wales;
- nameserver information including Domain Name System Security Extensions (DNSSEC) status information; and
- time of last update of Whois database, which is the time at which the lookup was made.

If a valid request is received and parsed as a domain name, but the domain name is either not registered or out-of-registry then an appropriate error message will be returned. 

Data objects: Hosts

If a request for a nameserver held within the registry is received then a response will be returned displaying information about that nameserver. Nameserver information will be displayed in the key value pair format described in Specification 4 of the Registry Agreement. The following information will be returned:

- nameserver name;
- Internet Protocol (IP) addresses, both Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6);
- registrar information; and
- time of update of the Whois database, which is the time at which the lookup was made.

If a request is parsed as a nameserver but is not in the registry then an appropriate error message will be returned.

Data objects: Registrars

If a request for a dot CYMRU registrar is received then a response will be returned displaying information about that registrar in the key-value pair format described in Specification 4 of the Registry Agreement. The following information will be returned:

- name;
- address;
- contact name, phone numbers, fax numbers and email addresses; and
- website information.

If a valid registrar Whois request is received and the requested registrar is not in the registry then an appropriate error message will be returned.


Bulk access

We will provide ICANN with bulk access to Whois data as described in Specification 4 of the Registry Agreement:

- a weekly data file will be provided, using the Data Escrow format described in Specification 2, containing the thin Whois data described in Specification 4. The file will be made available to ICANN for download by SFTP. Other download methods can be provided to ICANN if requested in the future.

- In the case of registrar failure or other event that prompts the transfer of a registrars domain names to another registrar, we will provide ICANN with up-to-date data for the domain names affected. The data will be provided to ICANN in the Data Escrow Format described in Specification 2 within two business days. The file will be made available for download by SFTP or by any other method agreed with ICANN.


Data Protection

We will ensure that data supplied by registrants is protected in accordance with all applicable laws (specifically the UK Data Protection Act 1998 and the European Union (EU) Data Protection Directive which informed it), including through an appropriately designed Whois implementation. 
 

Abuse 

Potential forms of abuse of a Whois service include:

- harvesting data - querying all domain names to provide a catalogue of contact details;
- denial of service - making many connections to the Whois server, or flooding connections with data; and
- Structured Query Language (SQL) Injection - crafting queries to the service to attempt to modify the underlying database.

The Whois server has a number of measures built into it to prevent such abuse:

- if a clientʹs request is not terminated within a reasonable number of characters then the connection with the client is closed automatically;
- Whois lookups are checked and sanitised to prevent SQL injection attacks;
- Bind variables are always used in all our database queries to prevent SQL injection attacks; and
- the Whois server is implemented in a way that allows a limit to be placed on lookups from any single location.

Statistical analysis on lookups to detect distributed abuse is also performed.

Stability, availability and performance

We are experienced in providing a stable Whois system and have done so for dot UK for many years. The Whois server is provided on a primary datacentre and fully duplicated on a secondary datacentre. Failover procedures are well practiced. 

Percentage availability figures for the dot UK Whois are shown in table 26.1 of attachment Q26_Whois_Tables.pdf

Performance and availability will exceed the requirements given in Specification 10 of the Registry Agreement.


Searchable Whois

We will provide a searchable Whois service to Internet Users on a subscription basis. We have provided this service for the dot UK domain name registry since 2006 (known as the Public Register Search Service (PRSS)).
 
The Searchable Whois technology enables wildcard searches to be made on any fields, including:

- domain name;
- registrant name;
- postal address;
- contact names;
- registrar ids;
- nameservers; and
- IP addresses.

Searches on multiple fields may be combined using Boolean logic.

Results can be exported as a comma separated values (CSV) file. We also have the facility to allow users to set up to 20 search terms to be monitored automatically. Notifications are sent by daily email if domain names are registered matching the search terms.

The searchable Whois will use a separate database to the main Whois. This database will use the search and indexing technology provided by Apache Solr (http:⁄⁄lucene.apache.org⁄solr) to provide optimum search facility and speeds. The search database will be synchronised with the main registry database on an hourly basis.

The Searchable Whois will have measures to detect and deal with abuse, similar to those for the port 43 Whois (see above).


Whois Architecture

The Whois server will obtain its information directly from the main registry database so that its responses are real time. The Whois server will be developed in Java using the Spring Framework. Connection management will be implemented using Netty (www.jboss.org⁄netty).

The port 43 Whois infrastructure is shown in figure 26.1 of attachment Q26_Whois_Figures.pdf

The port 43 Whois server specifications shown in table 26.2 of attachment Q26_Whois_Tables.pdf

The Searchable Whois Architecture is as shown in figure 26.2 of attachment Q26_Whois_Figures.pdf
 
The Searchable Whois server specifications are shown in table 26.3 of attachment Q26_Whois_Tables.pdf

The Searchable Whois will be implemented as part of our interactive online services using the Spring Framework. The front end will handle the interface with the user, including authentication, taking details of the search required and presenting the results. The middleware will handle the mechanics of the search.

The front end and middleware servers will each be provisioned as a load balanced pair, using the same load balancer topology and technology as the main Whois architecture above, namely a pair of F5 Networks Big-IP servers.

The Whois service for dot CYMRU will be deployed on dedicated virtual servers in our datacentres. The servers making up the dot CYMRU Whois service will have their own dedicated resources as shown in Figure 26.1 of the attachment Q26_Whois_Figures.pdf.

Connectivity will be shared with the other registry systems deployed at the datacentre for dot CYMRU, dot UK and a small number of other gTLDs with a combined total of approximately 600,000 domain names. The total available bandwith is 10 gigabits per second and traffic through each server will be throttled to an appropriate level to both provide sufficient connectivity for the Whois traffic levels and to mitigate against the impact of any traffic surges.

It is estimated that there will be up to 10,000 Whois lookups per day for the dot CYMRU domain. The dot CYMRU Whois service is provisioned to handle more than 5,000,000 lookups per day.


IT and infrastructure resources

Our two datacentres will be connected by two 10GB dual path and geographically diverse links. Each link has a latency of less than one millisecond. Replication between the two datacentres will be asynchronous but the replicated data will be only a few milliseconds behind that of the live data. Should connectivity to one datacentre fail, the other will automatically assume the role of being the primary datacentre.

The two datacentres will be connected to our main office by 1GB links. This allows mechanisms to be put in place to avoid possible ʺsplit brainʺ scenarios where connectivity between the datacentres is lost and both believe the other is lost and assume the primary datacentre role. Each datacentre will have a multi-homed 100MB transit link to the outside world. This connectivity will be handled by six Tier-1 providers in order to ensure availability and redundancy. We will also maintain 100MB links to peering points with Internet Exchanges such as the London Internet Exchange (LINX https:⁄⁄www.linx.net⁄) and the London Access Point (LoNAP http:⁄⁄www.lonap.net⁄) from each datacentre.

The Whois infrastructure is described in the preceding paragraph ʺWhois Architectureʺ.


Service continuity

We will provide the Whois network architectures shown in figures 26.1 and 26.2 of attachment Q26_Whois_Figures.pdf in a primary datacentre and replicated in full in a secondary datacentre. The registry database is replicated from the primary datacentre to the secondary using Dataguardʹs Maximum Performance Replication. The SOLR index is generated on both datacentres for the searchable Whois. This architecture allows us to have standard operating procedures to enable transition within minutes if necessary and this procedure will be practiced on a monthly basis. The Whois servers maintain high availability via SAN and virtualisation replication technologies. Should connectivity to the primary datacentre be lost the service will instantly be available in the secondary datacentre. 

In the very unlikely scenario that connectivity was lost to both datacentres (such that none of the six Tier-1 providers could connect to either datacentre), we will maintain a third datacentre in Geneva, Switzerland that will be able to provide essential registry services in such a catastrophe.

We have a full set of business continuity plans and these have been accredited to the British Standards BS25999 business continuity standard.

Customisation of Whois service

We will customise the dot CYMRU Whois service as required to handle any change in Whois output that may be deemed necessary by ICANN.


Resource plan

The dot CYMRU main Whois service has been implemented, with pre-production testing and customisation to be completed in 2012. We have a development team of 16 staff, an infrastructure team of 15 staff and a customer support team of 24 staff. All these staff are experienced in running the dot UK services. We will dedicate the following resources and time from these existing teams, as well as additional resources where appropriate, to the pre-launch and post launch maintenance tasks:

Pre-launch

- Customisation of the Whois and searchable Whois to include the ʺaffiliation with Walesʺ declaration (as defined in Question 18a): 2 days by a Java developer
- Implementation of data protection changes: 1 day by a Java developer
- Test bed deployment: 5 days by a Systems administrator
- Pre-launch load testing: 5 days split between a systems administrator and a java developer
- Packaging for production: 2 days by a java developer
- Deployment to production: 5 days by a systems administrator

Total pre-launch resource time 20 days.

Post launch

- Customer support: 8 hours per week
- Technical support: 4 hours per week
- Monitoring of and involvement in Whois standards development: 2 hours per week by a research team member and member of development team

Total post launch resource 14 hours per week.

Nominet will implement a lifecycle for dot CYMRU domains which is based around Request for Comments (RFCs) 5730, 5731 and 3915. RFCs 5730 and 5731 define the Extensible Provisioning Protocol (EPP) interface for domain names including domain name registration, updates, transfers, renewals and deletes. RFC 3915 defines grace periods for each of these - allowing chargeable events such as registrations and renewals to be undone.
 
ICANN accredited registrars who have signed a dot CYMRU registry⁄registrar agreement will be able to register domain names that are not already registered for a period of one to ten years. Registrars will be able to renew their domain names to extend the registration period and may also delete domain names. If a domain name reaches the end of its registration period then it will be automatically renewed for one year.

The lifecycle for dot CYMRU domains is shown in the state diagram in Figure 27.1 of the attachment Q27_Registration_Lifecycle_Figures.pdf. Domain name states, which represent the stage that a domain name is at in the lifecycle, are shown in boxes. Trigger points, representing events that move a domain name onto a new stage in the lifecycle, are shown by arrows on the diagram. A domain name can also change state as the result of the passage of time. State changes defined in the Uniform Rapid Suspension System are considered exceptions to the state diagram, further details are set out in the penultimate section of this response. Domain name states are described below:

State: available for registration

A domain name in this state is not registered and may be registered on a first come first served basis by a registrar. The only EPP command that may be performed on the domain name is a create command to register the domain name.

State: registered

This is the default state for a registered domain name. The registrar of record may use EPP to perform update, renew, transfer or delete commands. 

State: addPeriod

A domain name in this state has been registered within the last 5 days. This state differs only from the ʺregisteredʺ state in that the registrar of record may cancel the domain name and receive a credit for the registration fee, subject to agreed limits. 

When a domain name has been in the ʺaddPeriodʺ state for 5 days, the ʺaddPeriodʺ state is removed and the ʺregisteredʺ state is added.

State: renewPeriod

A domain name in this state has been renewed by the registrar within the last 5 days. This state differs only from the ʺregisteredʺ state in that the registrar of record may cancel the domain name and receive a credit for the renewal fee, subject to agreed limits. 

When a domain name has been in the ʺrenewPeriodʺ state for 5 days, the ʺrenewPeriodʺ state is removed and the ʺregisteredʺ state is added.

State: autoRenewPeriod

A domain name in this state has been auto-renewed by the registry within the last 45 days. This state differs only from the ʺregisteredʺ state in that the registrar of record may cancel the domain name and receive a credit for the renewal fee, subject to agreed limits. 

When a domain name has been in the ʺautoRenewPeriodʺ state for 45 days, the ʺautoRenewPeriodʺ state is removed and the ʺregisteredʺ state is added.

State: redemptionPeriod

A domain name is placed in this state after a registrar cancels it using the delete EPP command. A domain name in this state has been removed from the zone file and remains in the state for 30 days. The registrar of record will be able to use EPP to perform a restore command to remove the ʺredemptionPeriodʺ state. No other EPP commands may be performed upon the domain name while it is in the ʺredemptionPeriodʺ state.

When a domain name has been in the ʺredemptionPeriodʺ state for 30 days, the ʺredemptionPeriodʺ state is removed and the ʺpendingDeleteʺ state is added.

State: pendingDelete

A domain name in this state has been removed from the zone file and will be made available for registration after 5 days. No EPP commands may be performed on the domain in this time.

When a domain name has been in the ʺpendingDeleteʺ state for 5 days, the ʺpendingDeleteʺ state is removed and the ʺavailable for registrationʺ state is added.


Trigger points represent the events that cause a domain name to change state - that is to move to a new stage in the lifecycle. The trigger points are described below:

Trigger point: Create

This trigger point represents the registration of new domain names. Any registrar will be able to use the EPP create command to register a new dot CYMRU domain name subject to the following pre-conditions:

 - the domain name is a sub-domain of dot CYMRU
 - the domain name is in the ʺavailable for registrationʺ state and so not already registered
 - the domain name is not reserved
 - the domain name does not have hyphens in the third and fourth characters
 - the domain name label does not begin or end with a hyphen.

If the above pre-conditions hold, a registration request will be successful and the domain name will be added to the registry database. The registration period and expiry date will be set according to the period specified in the EPP create command. Following this, if the domain name has nameservers, a dynamic update will be made to add the domain name to the zone file.

All registration requests will be performed immediately and there will be no pending state.

Following registration, the domain name will move into the ʺaddPeriodʺ state for 5 days.

Trigger point: renew

A dot CYMRU domain name will be renewable, at any time by the registrar of record using the EPP renew command, subject to the following pre-conditions:

- The resultant expiry date for the domain name is less than 10 years in the future.
- The domain name does not have either clientRenewProhibited or serverRenewProhibited locks set.
- The domain name does not have either the ʺredemptionPeriodʺ or ʺpendingDeleteʺ states set.

If these preconditions hold then the renewal will take place and the expiry date for the domain name will be extended by the period specified in the renewal request. The ʺrenewPeriodʺ state is added to the domain name for five days.

Trigger point: auto-renew

A dot CYMRU domain name will be automatically renewed by the registry if the following pre-conditions hold:

- The domain name has expired, i.e. the expiry date for the domain name has passed.
- The domain name does not have either clientRenewProhibited or serverRenewProhibited locks set.

The expiry date will be moved forward by one year and the domain name moves into the ʺautoRenewPeriodʺ state for 45 days.

Trigger point: delete

A registrar will be able to use the EPP delete command to cancel a domain name at any time, subject to the following pre-conditions:

- The registrar is the registrar of record for the domain name.
- The domain name does not have either serverDeleteProhibited or clientDeleteProhibited locks set.

If the domain name has an ʺaddPeriodʺ state then the registration fee will be credited to the registrar (subject to agreed limits on this). If the domain name has an ʺautoRenewPeriodʺ or ʺrenewPeriodʺ states set then the renewal fee will be credited to the registrar (subject to agreed limits).

Following cancellation, the domain name will be removed from the zone file. If the domain name had the ʺautoRenewPeriodʺ state prior to cancellation then it will enter the ʺredemptionPeriodʺ state for 30 days. For all other cancellations, the domain will hve the ʺpendingDeleteʺ state added to it for five days.

Trigger point: restore

The registrar of record will be able to request the restoration of a dot CYMRU domain name that is in the ʺredemptionPeriodʺ state. This will remove the ʺredemptionPeriodʺ state and will replace the domain name in the zone file. Any credited renewal fees will be recharged to the registrar.

The restore request from the registrar must be in two phases. Initially the registrar must make an EPP restore request. If this is successful then the registrar must submit a restore report to fully complete the restore. This must be received within 5 days or before the redemption Period is complete, whichever is soonest.


Domain Transfers

Domain transfers follow the process described in ICANN policy on transfer of registrations between registrars. 

When a domain name is in the ʺregisteredʺ state, any registrar will be able to issue a transfer request to move sponsorship of the domain to them. Transfer requests take up to 5 days to complete, during which time the registrar of record will be able to reject the transfer and prevent it from completing.

The transfer process state diagram is shown in Figure 27.2 of the attachment Q27_Registration_Lifecycle_Figures.pdf. Domain name states are shown in boxes with arrows depicting the events that trigger change of state. The states and trigger points are described below.

State: registered

Any currently registered domain name may be transferred.

State: transfer pending

A domain name in the ʺtransfer pendingʺ state has had a transfer request submitted within the last 5 days and the registrar of record has neither accepted nor rejected the request.

When a domain name has been in the ʺtransfer pendingʺ state for 5 days, the ʺtransfer pendingʺ state is removed and the ʺtransfer acceptedʺ state is added.

State: transfer accepted

A domain name in the ʺtransfer acceptedʺ state has had a transfer request accepted, either directly by the registrar of record positively accepting the request using EPP or indirectly by the domain spending 5 days in the ʺtransfer pendingʺ state.

Trigger point: transfer request

A registrar will be able to request a transfer of a domain name at any time, subject to the following pre-conditions:


- The registrar has signed a dot CYMRU registry-registrar agreement.
- The registrar can provide the correct authInfo value.
- The domain name does not have the ʺtransfer pendingʺ state set.
- The domain name does not have either the clientTransferProhibited or serverTransferProhibited locks set.
- The domain name does not have either the ʺredemptionPeriodʺ or ʺpendingDeleteʺ states set.

The ʺtransfer pendingʺ state will be added to the domain name for five days and the registrar of record is notified.

Trigger point: reject transfer

The registrar of record will be able to reject a transfer request when the domain name is in the ʺtransfer pendingʺ state. The ʺtransfer pendingʺ state will then be removed and the domain name returned to the ʺregisteredʺ state.

Trigger point: accept transfer

The registrar of record will be able to accept a transfer request when the domain name is in the ʺtransfer pendingʺ state. The ʺtransfer pendingʺ state will then be removed and the domain name set to the ʺtransfer acceptedʺ state set.

Trigger point: transfer

This trigger point will happen immediately after a domain name has the ʺtransfer acceptedʺ state set.

The domain name will be moved to the registrar that requested the transfer, the ʺtransfer acceptedʺ state will be removed and the domain name returned to the ʺregisteredʺ state.

If a registration period was specified in the request, and adding that period to the current expiry date will result in the expiry date being less than 10 years in the future, then the domain will be renewed for the period requested. The renew trigger point in the registration lifecycle described above will be triggered.


Domain name attribute updates

A registrar will be able to update the attributes of a dot CYMRU domain name at any time, subject to the following preconditions:

- The registrar is the registrar of record for the domain name.
- The domain name does not have either clientUpdateProhibited or serverUpdateProhibited locks set.
- The domain name does not have either ʺredemptionPeriodʺ or ʺpendingDeleteʺ states set.

The registrar will be able to change the nameservers, add or remove contacts, or add or remove a lock.

If the clientUpdateProhibited lock is set and the other preconditions above hold then the registrar of record will be able to remove the clientUpdateProhibited lock only.

As the registry, we will make updates to dot CYMRU domain names only in exceptional circumstances such as in the event of a court order. This may include a transfer or addition of one of the registry set domain name locks described below.


Domain name locks

The registry and registrar of record will be able to place locks upon the domain name to prevent EPP commands from succeeding. The registrar of record may place the following locks upon a domain name:

- clientUpdateProhibited to prevent update of the domain nameʹs attributes;
- clientDeleteProhibited to prevent cancellation of the domain name;
- clientTransferProhibited to prevent transfer of the domain name;
- clientRenewProhibited to prevent renewal of the domain name; and 
- clientHold to prevent publication of the domain name in the zone file.

The registry may place any of the following locks upon a domain name:

- serverUpdateProhibited to prevent update of the domain nameʹs attributes;
- serverDeleteProhibited to prevent cancellation of the domain name;
- serverTransferProhibited to prevent transfer of the domain name;
- serverRenewProhibited to prevent renewal of the domain name; and
- serverHold to prevent publication of the domain name in the zone file.

Uniform Rapid Suspension

Nominet will adhere to the URS procedure (currently in draft form). Within 24 hours of receipt of notification by email from the URS Provider we will lock the domain name. This lock will prevent all changes to the registration data, including transfer and deletion of the domain name. The domain name will continue to resolve.

In the event of a URS determination in favour of the Complainant, on notifcation of the determination Nominet will suspend the domain name for the balance of the registration period. The WHOIS output will reflect the requirements set out in the URS. The Complainant will be given the option to extend the registration period for a further year at commercial rates.



Resourcing plan

The registry systems supporting the lifecycle in this document have been fully developed. We have a development team of 16 staff, an infrastructure team of 15 staff and a customer support team of 24 staff. All these staff are experienced in running the dot UK services. We will dedicate the following resources and time from these existing teams, as well as additional resources where appropriate, to the following post launch maintenance tasks:

6 months immediately following launch

- Customer support: 8 hours per week
- Technical support: 1 hour per week

Total resource in the 6 months immediately following launch: 9 hours per week

Post launch business as usual

- Customer support: 4 hours per week
- Technical support: 1 hour per week

Total post launch business as usual resource: 5 hours per week

The dot CYMRU TLD will be operated in the public interest and for the benefit of Wales and the Welsh people. It will therefore employ robust and effective abuse prevention and mitigation strategies, some of which are operated at the registration stage relating to rights protection, further details of which we provide at Q29. 

The dot CYMRU registry will operate proportionate policies that minimise the prospect of abusive registration in the first instance, enhanced by effective measures to respond to malicious and harmful activities in the domain. These policies will define the types of behaviours that would be considered unacceptable in the dot CYMRU TLD and the process by which such domains might be suspended, whilst minimising any potential adverse impact on innocent parties, including the registrant and registrar. We will publish on our website, no less than three months prior to the launch of the dot CYMRU TLD, the policies and procedures by which registration abuse and domain usage complaints will be managed, including:

- notification procedures;
- scope of acceptable complaints;
- jurisdiction;
- appeals mechanisms;
- review procedures; and 
- relevant registrar and registrant responsibilities.

These policies will be developed through consultation with interested parties including registrars, rights-holders, UK public law enforcement agencies, regulators, government, and civil society. The registry will also mirror and implement any consensus policies relating to the Registrar Accreditation Agreement through its own registry⁄registrar agreement. The policy will include further details in relation to rapid suspension procedures over and above those outlined here. 


Abuse

For these purposes we define ʺabuseʺ as action in the registration or usage of a domain in the TLD that would cause actual and substantial harm, or which is illegal or illegitimate. Such abuse may occur at any stage of the domain name lifecycle and therefore we will establish policies and procedures to manage and mitigate such instances. 

In the context of domain name registration, abuse includes infringement of a third party right where the domain is used in a way that is unfairly detrimental to that third party (further details provided in our response to Q29). Abuse also includes phishing, pharming, botnets, malware, fraud and other harms or illegitimate uses that we may identify in the future or that are brought to our attention. 

Abusive activity includes that which gives rise to the registry’s reasonable belief that the dot CYMRU domain space is being brought into disrepute, or where the activity related to a dot CYMRU domain name risks placing the registry in breach of any applicable laws, government rules or requirements, requests of law enforcement, or where Nominet in its role as registry operator and its affiliates, subsidiaries, officers, directors, and employees, may incur a civil or criminal liability. 


Policies for handling complaints regarding abuse 

1. Process for standard abuse notifications
Nominet will provide a number of mechanisms for complainants to bring allegations of abuse to its attention. 

In advance of the launch of the dot CYMRU TLD we will publish a single abuse point of contact responsible for addressing matters requiring expedited attention, along the lines of abuse@nic.cymru. This will be clearly signposted as well as being explicitly brought to the attention of relevant stakeholders. 

We will require complaints to be submitted directly in writing to the registry’s abuse team for investigation using standard abuse report templates. Telephone notifications will not be accepted.

Nominet’s abuse team will acknowledge all complaints within 72 hours (note there is a separate rapid take down process). An investigation of the complaint will be conducted within a further 48 hours. The outcome of the investigation may lead to the registrant of the domain name being put on notice of the complaint and the need to rectify the alleged abuse. 

Where abuse is found this could result in transfer, cancelation or suspension of the domain name by the registrar or registry. The registrant will be contacted in advance to advise of the pending action where appropriate and will be informed of the appeal procedure. 

The complainant will be advised of the outcome of the investigation. 

We will require dot CYMRU registrars, via the registry⁄registrar agreement, to have a robust abuse policy and to promptly take steps to disable or remove abusive domains. The registry reserves the right to require a registrar (or its re-seller through the registrar) to transfer, delete or suspend a domain contravening this policy, and reserves the right to exercise the transfer, deletion or suspension of such a domain where the registrar is unable to act. 

Note: for large scale operations Nominet will work with LEAs to develop appropriate service level agreements recognising the need to act promptly whilst also ensuring thorough and appropriate investigations are carried out. 

2. Rapid take down or suspension
Complaints relating to illegal activities will only be accepted where they have come from a UK public law enforcement agency (LEA) with which the dot CYMRU registry has an existing working relationship, in order to ensure that the complaints are valid and that the agency has a proper understanding of the domain name system. Agencies that have not had previous dealings with the registry will be referred to an agency with whom Nominet has an existing relationship, so that they can work together to make a complaint. These complaints will have to follow the published policy and be authorised at a high level. 

We will require complaints to be submitted directly in writing to the registry’s abuse team for investigation using a rapid suspension request template. Telephone notifications will not be accepted.

Rapid suspension requests received by the registry will be acknowledged by the abuse team within 24 hours. A review will be conducted within a further 48 hours. The outcome of this review may include placing the registrant of the domain name on notice of the complaint and the need to rectify the alleged abuse. 

Where abuse is found this could result in transfer, cancelation or suspension of the domain name by the registrar or registry. The registrant will be contacted in advance to advise of the pending action where appropriate and will be informed of the appeal procedure. 
The complainant will be advised of the outcome of the investigation. 

Where abuse is alleged by any other third party (whether an LEA or not), the dot CYMRU registry will: 

- where appropriate, provide details to the complainant of the Uniform Rapid Suspension Process, the Uniform Dispute Resolution Procedure or to the registry’s own free mediation service; 
- invite the complainant to bring their allegation to the attention of a UK LEA which can assess whether it wishes to bring a complaint directly to the registry in order to start the rapid suspension process; and
- where a registrant alleges abusive activity by a registrar, the registry will investigate the complaint and take steps to enforce compliance with the registry-registrar agreement, including if necessary, amending data in the register.

Note: for large scale operations Nominet will work with LEAs to develop appropriate service level agreements recognising the need to act promptly whilst also ensuring thorough and appropriate investigations are carried out. 

Note: the scope of the application of the rapid suspension policy will be developed in consultation with the wider stakeholder community. 

Nominet will document complaints, investigations, and their outcomes and will conduct regular audits to identify issues and best practice. 


Measures to promote WHOIS accuracy

Registrants will have a positive obligation to ensure their contact details are up to date. 

All applicants for a dot CYMRU domain names will be contractually required to provide complete and accurate WHOIS data. Verification will be undertaken by the registrar in the first instance and enforced through the registry⁄registrar agreement. The registrar will conduct regular post registration checks on WHOIS data quality as required by the WHOIS Data Reminder Policy.

Nominet will also conduct proactive validation checks on the name and address of all registrants. Failure of the registrant to provide correct data will result in the process of suspension being initiated by the registrar. Where the registrar fails to act, Nominet will suspend the domain pending confirmation and verification of the registrant’s compliance. 

Nominet will conduct routine audits of WHOIS data provided by registrars for accuracy. Where data quality falls below acceptable thresholds we will have the option to impose financial and⁄or technical restrictions on those registrars. We will also consider financial incentives where registrars consistently meet high standards. 


Controls to ensure proper access to domain functions

Under the registry⁄registrar agreement, registrars may only make changes to registrant details with the specific authorisation of the registrant, including renewal requests, transfers, changes of contact details, and deletion requests. 

The registry will require registrars to provide a secure environment in which registrants can initiate updates to their domain names, for example, registrant transfers or registrant name changes. Registrars will be required to demonstrate their systems to us when they apply to contract with us as a registrar for dot CYMRU. Registrars must ensure that registrants provide an authorised administrative contact that has a secure and unique username (identity) and login credentials (comprising at least two-factor authentication) in order that they can initiate transactions on their domain. We will restrict domain name updates solely to authorised administrative contacts for a domain name. 

Registrars will be required to ensure that appropriate authentication of registrants is carried out to ensure that they have domain name before they act. This includes recovery of login credentials where the registrant requires them to be reset. Registrars will be under the same obligation to ensure the quality of registrant data as per the registration policy and to validate the authenticity of the request.

Registrars are required to confirm to the registrant’s primary administrative contact the details of any updates that are made to their domain name record. This confirmation can be sent electronically through a domain name control panel service or via email or other electronic means. 


Proposed measures for removal of orphan glue records

The default process for dot CYMRU will be to automatically detect and remove orphan glue records. However, where clear evidence in written form is presented that orphan glue records are present in the registry zone files, Nominet will take the following action:

- a change request will be presented to Nominet’s second line support team by the person handling the complaint. The orphan glue record will be manually removed from the register and, if necessary, locks will be put in place which will prevent any further changes being made to the domain name record in question;
- Nominet’s zone files update dynamically and so within 5 minutes of the change being made on the register, the zone files will reflect the changed name server record.


Information sharing and development of best practice

Nominet is well established in national and international industry networks covering registry-specific threats as well as threats to the broader internet landscape. We will continue this work, ensuring dot CYMRU is as resilient and secure as it can be. 

The registry will work with registrars to develop tools and promote best practice through training and the provision of solutions to address common sources of abuse, including: 

- identifying stolen credentials and verifying registrant identity;
- identifying and investigating common sources of abuse;
- identifying compromised⁄hacked domains versus domains registered by abusers;
- practices for suspending domain names; and 
- identifying or providing relevant security resources.

We will also provide an aggregated feed of information highlighting domain names used for phishing purposes to the relevant registrar. This feed will be collated from trusted sources allowing registrars to take prompt action against abusive domains. 


Resource plan

The implementation of the policy will be managed by Nominet through its dedicated abuse team. The four-person abuse team work 08:00 to 18:00 GMT, with 24⁄7 support available on call. The team is supported by the 24FTE strong Customer Support Team.

Pre-launch

- Policy development and stakeholder engagement: 15 days by Nominetʹs policy secretariat and legal team

Total pre-launch resource time: 15 days.

Ongoing business as usual: 

- Abuse team: 4 hours per week
- Legal, policy and stakeholder engagement: 1 full time equivalent (FTE) split equally across dot WALES adn dot CYMRU

Total ongoing business as usual resource: 1 FTE plus 4 hours

The dot CYMRU registry will provide a relevant and trusted internet top level domain (TLD) for the use and benefit of the citizens and businesses of Wales. We view rights protection as an essential pillar in the development of a trusted and economically sustainable TLD. We will therefore adopt a set of complimentary policies and practices that minimise abusive registrations and respect the rights of third parties. These involve: 

- Verification of compliant registrant data and registration eligibility by the registrar and monitoring supported by ongoing monitoring and checks by the registry. Registrants will be required to supply their Welsh address or a statement of their connection to the community represented by the dot CYMRU domain. 
- Managed sunrise processes and periods to preserve the rights of trademark owners and those with unregistered rights. 
- The Uniform Dispute Resolution Procedure (URDP) and the Uniform Rapid Suspension (URS) will be supported, and augmented by a free mediation service where disputes arise. 

These are outlined in greater detail below.

Nominet has extensive experience of providing reliable dispute resolution, rights protection and authentication processes in the operation of the dot UK TLD, and this local knowledge of the UK market and local expectations will help to guide the dot CYMRU registry implementation. Rights protection measures are a core objective for the design and operation of the dot CYMRU registry.



Safeguards to prevent unqualified registrations

Maintaining a high standard of WHOIS accuracy combined with validation of registrant eligibility is key to promoting the rights of third parties. 

Registration of a domain in the dot CYMRU registry will only be permitted by registrants who are able to demonstrate a connection to the Welsh community. Registrants will be asked to either:

(a) supply a verifiable postal address from a predefined list of postcodes associated with Wales; or 
(b) provide a statement (in an EPP extension field) briefly explaining their connection with Wales and reasons for wanting to make use of a dot CYMRU domain name. The information supplied in this field will be published in WHOIS results.

The registrar shall be contractually responsible for verifying the quality of the registrant data. As noted in greater details in our answer to Question 28, registrars will be obliged to comply with rules in the registry⁄registrar agreement to ensure that registrant data is verified and correct, and is regularly reviewed at appropriate times. Failure of the registrant to provide correct and eligible data will result in the process of suspension being initiated by the registrar. 

Where the registrar fails to act, Nominet will suspend the domain pending confirmation and verification of the registrant’s compliance. We will proactively monitor and audit WHOIS accuracy and enable third parties to bring complaints relating to abuse or ineligibility to our attention via standard abuse reporting processes outlined in our answer to Q28 and further below.

Further, the registry will require that registration contracts explicitly oblige the applicant to warrant that registration of the domain does not infringe any intellectual property rights to which they do not have a valid claim. 


Reducing opportunities for behaviours such as phishing or pharming

We note that mitigating and responding to malicious and criminal activities such as phishing or pharming rely on the ability to detect, investigate, and respond swiftly to information or complaints from third parties. In this connection we will provide a searchable WHOIS tool on a subscription basis to enable third parties including rights-holders and law enforcement agencies, to enable them to monitor and receive alerts where domains have been registered that may invoke a trademark right, using for example, searchable keywords. Further details on the searchable WHOIS are outlined in our answer to Question 26. 

Additionally, Nominet subscribes to security feeds and trusted networks that provide intelligence and notifications of domains associated with phishing or pharming. We will also provide a phishing feed to our registrars on a fee-free basis to enable them to be advised and act promptly where such activity is found. 

Complaints alleging abuse such as phishing or pharming will be dealt with swiftly according to the abuse policies and processes set out further below in addition to our answer to Question 28.


Protection of third party trademark rights: implementation of sunrise and landrush period

The dot CYMRU registry will exceed the minimum mandatory rights protection mechanisms set out in the draft registry agreement (i.e. a 30 day sunrise period for trademark holders in the Clearing House and a 60 day claims service during general availability). We will deploy a staged sunrise process before making domain names available for general registration on a first-come, first-served basis. The trademark claims service mandated by ICANN to provide notice to potential registrants of existing trademark rights, as well as notice to rights holders of relevant names registered, will operate throughout all phases and for the first 60 days of general registration. 

The sequential order of availability for dot CYMRU domains will be as follows:

(1) Sunrise period for both trademarks in the ICANN Trademark Clearinghouse and other registered trademarks enforceable in the UK;
(2) Sunrise period for unregistered rights (also known as ‘passing off’ rights) enforceable in the UK; 
(3) Landrush for premium domain names open to all eligible applicants; and
(4) Landrush open to all other applicants.

Phase (1) will be open to those parties with registered trademark rights. Parties who wish to take part in this phase will have the option of either registering their rights at the ICANN Trademark Clearinghouse, or going through a dot CYMRU-specific trade mark validation process. We intend to allow applications during the first phase to take place over a period of 2 months. Phase (2) will be open to parties with legally enforceable unregistered rights; we will require an affidavit from a qualified intellectual property lawyer confirming that they believe such unregistered rights exist. Phase (3) will be for previously identified ‘premium’ domain names and will be open to anyone who can fulfil the registrant requirements for dot CYMRU explained earlier in this answer, regardless of whether they have any prior rights in a name. The landrush at phase (4) will be open only to parties based in or with a connection to Wales. 

In the event that more than one valid application for the same domain name is received in a given phase, an auction will be used to determine who will be entitled to the domain name. In order to prevent unnecessary delay in moving to subsequent phases, auctions for a given phase will be held in parallel with subsequent phases, given that there is no detriment in doing so.

Once these four phases have been completed, dot CYMRU domains will be made available on a first come, first served basis (subject to eligibility requirements). 

The registry will charge only an administrative fee to cover the verification of rights claims by an independent expert. This fee will be calculated on a cost-recovery basis. For the landrush phases, participants will pay a nominal application fee, the purpose of which is to ensure that only genuine participants take part in any auction.

A stakeholder engagement and communications programme to inform stakeholders and rights-owners will be deployed in advance of the launch of the dot CYMRU registry. This programme will be conducted in partnership with relevant community organisations to inform and promote the rules and mechanisms by which registrants will be permitted to register rights and dot CYMRU domains including in the Sunrise stages. This will encourage engagement from rights owners to either take up their rights at low cost by registering a domain or to ensure that their trademark is registered in the Clearinghouse. We understand the needs, concerns and priorities of stakeholders due to our considerable experience of stakeholder engagement and management from our dot UK operations. These stakeholders include government, businesses, registrants, registrars, law enforcement authorities, the internet community, and regulatory bodies. Nominet has developed tried and tested multi-stakeholder processes for consulting and engaging with stakeholders, using those processes to inform the way in which policies and rules are developed and reviewed in order that costs are minimised and benefits maximised. Nominet has a full-time Secretariat and has committed additional senior resource to ensuring the process of community liaison with rights holders and other stakeholders is effectively managed. All information relating to the Sunrise will be clearly provided on the Nominet website at least 3 months in advance of the sunrise process commencing. 

The dot CYMRU registry will use mechanisms to raise awareness through proactive contact with business and industry stakeholders who are registered companies through the UK’s Companies House to advise and assist with their decision-making, limiting the unintended consequences of a lack of awareness. 


Protection of third party trademark rights: implementation of the trademark Post-delegation Dispute Resolution Policy (PDDRP)

We fully support third party trademark rights, and will follow the PDDRP process as required under the Registry Agreement. We believe that the approach to the operation of the dot CYMRU registry set out in this application demonstrates that we intend to operate the dot CYMRU registry in a way which will not harm the interests of trademark holders. 

We commit to entering into good faith negotiations with parties who have a valid concern regarding their trademark rights, and to participating in good faith in the PDDRP process. In the unlikely event that a PDDRP complaint is brought against the dot CYMRU registry, the complaint will be dealt with by Nominetʹs in-house legal team with assistance from external counsel if necessary.


Dispute resolution: implementation of the Uniform Dispute Resolution Policy (UDRP)

In line with standard practice (and the Registrar Accreditation Agreement) we would expect UDRP decisions to be implemented by the relevant ICANN-accredited registrar. 

In addition, we will offer free mediation to parties disputing dot CYMRU registrations, which they may make use of before entering the UDRP process. This should increase the chance of a successful settlement and increase the quality of submissions to the UDRP process by exposing weaknesses and omissions in parties’ positions. This mediation will be provided in-house by Nominetʹs two qualified mediators, who already have substantial experience of such disputes from their role in mediating dot UK disputes under the dot UK Dispute Resolution Service. 

Nominet will provide clear and accessible information on our website for complainants, registrants, and other stakeholders on how to invoke a UDRP process and on using the free mediation service. 


Dispute resolution: implementation of the Uniform Rapid Suspension (URS)

The dot CYMRU registry will fully implement the URS system to offer trademark owners a quick and low cost procedure to suspend infringing websites. Our four-person second-line support team will deal with any URS notifications relating to dot CYMRU domain names as soon as reasonably practicable, and in any event within 24 hours of receipt of the decision from the URS provider. The support team works 08:00 to 18:00 GMT, with one member on-call outside of those hours to address any urgent issues. The on-call support team member will implement all URS notifications received outside of core working hours.


Abusive use and takedown procedures

As outlined in greater detail in our answer to Question 28, where the dot CYMRU registry is made aware of and satisfied that there has been a breach of domain name registration rules, the domain may be transferred, cancelled or suspended by the registrar or registry. 

Nominet’s abuse team will acknowledge all complaints within 72 hours and an investigation of the complaint will be conducted within a further 48 hours. The outcome of the investigation may lead to the registrant of the domain name being put on notice of the complaint and the need to rectify the alleged abuse, or, advice that the complainant file a complaint under the URDP or mediation. Where there is any pending action, the registrant will be contacted in advance where appropriate and will be informed of the appeal procedure. 

The complainant will be advised of the outcome of the investigation. 

We will require dot CYMRU registrars, via the registry⁄registrar agreement, to have a robust abuse policy and to promptly take steps to disable or remove abusive domains. The registry reserves the right to require a registrar (or its re-seller through the registrar) to transfer, delete or suspend a domain contravening this policy, and reserves the right to exercise the transfer, deletion or suspension of such a domain where the registrar is unable to act. 

Suspensions related to abusive registrations, malicious or criminal activity will be handled by a dedicated support team that works closely with law enforcement agencies (LEAs) and will operate a rapid suspension process as outlined in our answer to Question 28. 

We recognise that registrars have a closer relationship with registrants and are usually in a better position to take steps where such activity is present.


Resource plan

Rights protection mechanisms and pre-UDRP mediation will be handled by Nominetʹs existing Dispute Management team incorporating two qualified lawyers and two experienced mediators. Abuse notification and URS requests would be handled by the Nominetʹs Abuse team made up of four staff. 


Pre-launch

- Policy development, stakeholder engagement, and communications: 8 days by Policy Secretariat and legal team.

Total pre-launch resource time: 8 days

Ongoing business as usual 

- Mediators: 3 hours per week

- Abuse team: 0.5 hours per week

Total ongoing business as usual resource: 3.5 hours per week

Nominet has been running the dot UK TLD for the past 15 years and we have an impeccable security record in protecting both the dot UK TLD and the information within the registry. We work at the forefront of information security and contribute to the development of both global and national security standards to further protect the security, stability and resilience of the Internet.

We have a Security Programme in place, the aim of which is to secure our business, its data, its people, and the services that we provide. We maintain policies, standards and procedures that are designed to protect the company assets according to their sensitivity, criticality and value.

The goals of our Security programme are:

- allocation of responsibility by management for development, implementation, monitoring and review of information security policies and standards;
- monitoring, evaluation and management of information security threats, vulnerabilities and risks;
- awareness of, and adherence to, all published information security policies, standards and processes applicable to management or use of information assets by personnel with access to such information assets;
- access controls and business continuity management of information processing facilities, information assets and business processes; 
- implementation of an information security incident management process; and 
- periodic review of the Information Security Programme to ensure its effectiveness.


Processes and Solutions

We employ security capabilities which are robust and appropriate for the high profile and large TLD registry that we operate. We are fully compliant and certified with the British Standard for Business Continuity Management BS25999. Any gTLD that we operate will benefit from this proven security approach.

Physical security includes a permanently-manned reception area with CCTV monitoring of all entrances including recording of video. All staff wear visible corporate photo ID cards and are encouraged to challenge unaccompanied strangers. Access to server areas requires biometric identification in addition to ID cards. In addition to these physical checks , our datacentre locations employ further physical security measures including a 24x7 manned reception, ballistic resistant glass mantrap, and air locks. Security staff ensure that access is only available to those specifically authorised. Our servers are housed in a secure caged area within the datacentre with a card access controlled door.

Server security starts with a minimal install of the operating system, with extra software only being installed if required. Access is restricted to those required to administer the server and its software, with audits carried out at regular intervals to ensure that access is still required.

Patching is carried out as part of a regular and ongoing patch management programme to ensure that critical servers and services are kept secure. We also maintain a very close relationship with DNS software providers and have reported bugs to them to help patch their software, following responsible disclosure guidelines.

All external connections to our systems are encrypted using Transport Layer Security (TLS), with internal connections being encrypted where possible. TLS ensures that, where appropriate, Transition Control Protocol (TCP), User Datagram Protocol (UDP) and Border Gateway Protocol) (BGP) connections are encrypted. All privileged access to servers is protected with two factor authentication. Hardware security modules (HSM) are used where appropriate to store private key information.

Networks are separated with firewalls (Juniper SRX3600) deployed between different network segments to help protect sensitive information. All external access to our services is through firewalls to servers located in a ʺdemilitarized zoneʺ (DMZ). Wireless access points in our offices are also located in a DMZ to prevent direct access to internal systems. Wireless access is encrypted following best practice guidelines. Only authorised devices are permitted to connect to the company network.

Access to all devices (desktop devices, servers, network devices etc) is via individual usernames and passwords controlled by a central directory service (Microsoft Active Directory). This allows easy control of all user access from a single location, helping simplify user access control. Access to systems is forbidden unless expressly permitted, and users are granted the minimal access required to perform their job function effectively. Users are assigned unique user ids, and these user ids are never re-issued to other users. Accounts are disabled for any user who no longer requires access or has left the company, and user access is reviewed on a regular basis. The following roles are not carried out by the same people: systems operation, systems development, and systems⁄network administration. 

The following controls are also applied to separate systems:

- development and production software are run in separate environments;
- development and test work are separated;
- development facilities are not loaded on production systems;
- development personnel use separate logon IDs for development and test systems to reduce the risk of error; and
- development staff do not have access to production systems.

Anti-virus software from a reputable supplier is used to scan computers and media on a routine basis. Anti-virus software is kept up to date on a centralised basis.

All access to services and servers is logged locally, and also to a central location. We also collect logs from firewalls, intrusion detection systems (IDS)⁄intrusion prevention systems (IPS), network devices, security devices, applications, databases etc. Event correlation is performed on all these logs to help identify any unusual activity. We use security information and event management software (Arcsight Express) to do this event correlation. 

In addition to the monitoring that is carried out by the devices listed above, we have developed a proprietary technology platform to capture and analyse traffic at name servers. With this technology we can discover trends, identify abuse patterns and research the behaviour of botnets etc. Using this we can identify security flaws and help us understand the effect we may have on global DNS infrastructure.


Security for in-house written applications is controlled in many ways:

- all application code is peer reviewed;
- security guidelines for software development have been written and are followed;
- all source code is held in a central repository, access to which is restricted by password;
- all changes to code are regression tested to ensure the application continues to function as expected; and
- all changes to code can be attributed to the developer who made them.

Secure disposal of equipment is tightly controlled, with all storage media removed from equipment prior to disposal and all media is then wiped in accordance with best practice guidelines.

Change control is a tightly controlled process, with significant changes identified and recorded, including all changes to security configuration. Approval must be gained at every stage, with all changes tested before being put into the live environment. System owners are always involved in these changes to ensure that no registry system is affected without the business being made aware of upcoming changes. Assessment of the potential impact of any changes is made, and there is an approval procedure for proposed changes. We try to ensure that implementation of change causes minimal disruption to normal operations, bundling up changes into a formal release where applicable. All changes must have an approved rollback plan for recovering from unsuccessful changes.

Staff are encouraged to report security incidents, and all such incidents are investigated by the system administration team, who have access to the research team if required. Action is taken to reduce the impact of the problem initially, and the root cause of the problem is determined. Action is then taken to deal with problem, making changes as required. Any affected users are notified along with any recommended action (such as changing passwords).


Independent Assessment Reports

We currently undergo specific security testing as part of an approach to maintain PCI-DSS (Payment Card Industry Data Security Standard) Compliance. Monthly scans are carried out by a third party provider (Trustkeeper), monthly scans are carried out against a section of our internet facing systems to test for vulnerabilities. These scans are designed to detect more than 5,000 known network, operating system and application vulnerabilities including the SANS Institute Top 20 list and are executed without any impact on our systems. The most recent scan was carried out on 17th January 2012 and the result was a pass.

We are also undergoing a three year programme of security testing using an ISO27001 certified third party assessor (First Base Technologies). The scope of the testing that First Base is carrying out includes (but is not limited to):

- Public IP Address Scan;
- External Infrastructure Penetration Test;
- Authenticated Remote Access Test;
- Web Application Penetration Test;
- Internal Infrastructure Penetration Test;
- Server and Network technical Audit;
- Wireless network Discovery;
- Wireless Client Device Discovery and Analysis;
- Building Access Test;
- Email Spear Phishing;
- USB Spear Phishing;
- Telephone Social Engineering; and
- Technical Workshop participation.

In addition to the above, First Base have also carried out training programmes for staff on information security vulnerability, and social engineering compliance. We are fully committed to passing the programme of work being carried out by First Base, and where applicable, putting suitable remediation plans in place.


Other Security Measures

We are fully engaged with national and international security agencies to fully understand the ever-changing global risk register for security vulnerabilities. Agencies include the US NTIA, UK Cabinet Office, UK GCHQ (Government Communications Head Quarters), UK EC-RRG (Electronic Communications Resilience and Response Group) and many other formal and informal security groups.

We work closely within the internet community to develop, support and publicise security standards and best practice across the global internet. Staff at Nominet helped develop the global DNSSEC security standard and authored a number of the key RFCs (Requests for Comments) that make up this standard. We are currently at the forefront of DNS research, attempting to understand patterns of misuse and criminal behaviour with the global DNS. Our Director of IT was selected as one of 12 global experts to analyse and audit ICANNʹs security, stability and resilience work and report back to both the ICANN board and the NTIA on areas for improvement. Our Head of Research is a member of the DSSAWG (Domain Stability and Security Working Group) looking into how best to coordinate global DNS security incidents.


Commitments to registrants

We will commit to dot CYMRU registrants that:

- All data will be secured and protected in line with ISO 27001 guidelines
- We will not take any action in relation to a domain name registration unless we are satisfied that it has been received from the right person;
- We will require registrars to prove their identity, including by the use of unique identifiers and multi-factorial authentication where appropriate, when they submit transactions to our systems;
- Our registrars will be contractually obliged to maintain the security of their system identifiers and passwords and prevent the unauthorised disclosure of the same; and
- The registry will be operated in accordance with the Data Protection Act 1998 which, amongst other things, requires us to implement appropriate technical and organisational measures to prevent unauthorised or unlawful processing of personal data, and against accidental loss or destruction of, or damage to, personal data.



Resourcing plan

We employ a dedicated Head of Information and Technology Security to help develop best-practice security policy and to liaise with national and international security agencies, organisations and groups in order to ensure that both Nominet and the TLDs that we operate are as secure as possible.

The implementation of our security policy is already in place. We have a dedicated security team and an infrastructure team of 15 staff from which we will dedicate the following resources to post launch maintenance tasks related to the security policies that will be used by the dot CYMRU registry.

- Maintenance, review and improvement of the security policy and arrangements: 5 hours a week by the Head of IT Security
- Technical support: 3 hours per week

Total post launch resource: 8 hours per week.