My Cart
Toll Free
888.398.4703
International
++1.760.736.3700

Application Preview

Application number: 1-1830-1672 for Commercial Connect LLC

Generated on 11 06 2012


Applicant Information


1. Full legal name

Commercial Connect LLC

2. Address of the principal place of business


3. Phone number

+01 502 636 3091

4. Fax number

+01 502 634 1484

5. If applicable, website or URL

http:⁄⁄www.dotShop.com

Primary Contact


6(a). Name

Mr. Jeffrey S Smith

6(b). Title

CEO

6(c). Address


6(d). Phone Number

+01 502 636 3091

6(e). Fax Number

+01 502 634 1484

6(f). Email Address

JSmith@dotShop.com

Secondary Contact


7(a). Name

Ms. Dawn M Yankeelov

7(b). Title

CMO

7(c). Address


7(d). Phone Number

+01 502 548 1304

7(e). Fax Number

+01 502 634 1484

7(f). Email Address

DYankeelov@dotShop.com

Proof of Legal Establishment


8(a). Legal form of the Applicant

Delaware Corporation

8(b). State the specific national or other jursidiction that defines the type of entity identified in 8(a).

Delaware USA

8(c). Attach evidence of the applicant's establishment.

Not Available

9(a). If applying company is publicly traded, provide the exchange and symbol.


9(b). If the applying entity is a subsidiary, provide the parent company.


9(c). If the applying entity is a joint venture, list all joint venture partners.


Applicant Background


11(a). Name(s) and position(s) of all directors

Alan PearcyBoardmember
Jeffrey SmithBoardmember
Kenneth DickenBoardmember
Kevin WilsonBoardmember
Richard LastBoardmember

11(b). Name(s) and position(s) of all officers and partners

Dawn YankeelovCMO
J. Bradley Guarino-SandersCLO
Jeffrey SmithCEO
Kevin WilsonCFO

11(c). Name(s) and position(s) of all shareholders holding at least 15% of shares

Alan PearcyBoardmember
Jeffrey SmithCEO

11(d). For an applying entity that does not have directors, officers, partners, or shareholders: Name(s) and position(s) of all individuals having legal or executive responsibility

Commercial Connect LLCNot Applicable

Applied-for gTLD string


13. Provide the applied-for gTLD string. If an IDN, provide the U-label.

SHOP

14(a). If an IDN, provide the A-label (beginning with "xn--").


14(b). If an IDN, provide the meaning or restatement of the string in English, that is, a description of the literal meaning of the string in the opinion of the applicant.


14(c). If an IDN, provide the language of the label (in English).


14(c). If an IDN, provide the language of the label (as referenced by ISO-639-1).


14(d). If an IDN, provide the script of the label (in English).


14(d). If an IDN, provide the script of the label (as referenced by ISO 15924).


14(e). If an IDN, list all code points contained in the U-label according to Unicode form.


15(a). If an IDN, Attach IDN Tables for the proposed registry.

Not Available

15(b). Describe the process used for development of the IDN tables submitted, including consultations and sources used.


15(c). List any variant strings to the applied-for gTLD string according to the relevant IDN tables.


16. Describe the applicant's efforts to ensure that there are no known operational or rendering problems concerning the applied-for gTLD string. If such issues are known, describe steps that will be taken to mitigate these issues in software and other applications.

.Shop is globally recognized and exists in excess of twenty different languages all with the same meaning: ʺa building or room stocked with merchandise for sale: a store.ʺ This is not the case for other closely related words, like store and buy, which are not applied for here. We believe there are no known operational or rendering problems concerning the applied-for gTLD string. We have contingency planning as a part of this application. Shareholders have indicated, in our audit phase, that they are sufficiently collateralized to provide additional resources in the event that contingency plans need implementation.
.Shop translates into many languages and has the same meaning. In addition, our anticipated use for .shop, a secured eCommerce site with extended verification of the owner, it also circumvents he issue with privacy as this will be used for commercial purposes and therefore will not have issue with individual privacy acts that are in effects in certain parts of the world.
There are also no apparent rendering issues as mentioned in article http:⁄⁄stupid.domain.name⁄node⁄683.

17. (OPTIONAL) Provide a representation of the label according to the International Phonetic Alphabet (http://www.langsci.ucl.ac.uk/ipa/).


Mission/Purpose


18(a). Describe the mission/purpose of your proposed gTLD.

Commercial Connect, LLC. is committed to being an asset to its stakeholders and the e-commerce community, better defining and representing this community, helping to establish standards, providing enhanced security and verification, and making the internet more safe, secure, and intuitive while giving back to its community and the world.

Commerical Connectʹs .SHOP represents the world e-commerce family of brands, products and services dedicated to benchmarking the superior standard of excellence for the safest, fastest, and most secure shopping experience online today. Commercial Connect, LLC, based in Louisville Kentucky, will be the home of the worldʹs only central registry for the .SHOP top-level domain (TLD) name for global e-commerce. We currently represent a significant portion of the world e-commerce industry through our letters of support and presentations in global forums in the last 12 years. Our goal is to ensure that online shopping is cheaper, faster, and safer for retailers and their customers. Commercial Connect is supported by tens of thousands of online retailers representing billions of dollars of retail transactions – all wanting online shopping to improve. In the last 12 years, letters of support on behalf of Commercial Connect LLC and its management team and valued partnerships, have been gathered from trade shows, presentations and expert speaking opportunities regarding the changing face of the Internet. This support indicates that retailers and other interested parties in the financial community, government, and technology sectors are interested in this community and the .SHOP domain.


18(b). How proposed gTLD will benefit registrants, Internet users, and others

The goal of the proposed gTLD, .SHOP, is to provide worldwide excellence standards for best practices in the areas of consumer trust and privacy and security for registrants, internet users, and others. This will be addressed through the online shopping mechanisms included in the URL registration process through .SHOP. .SHOP will offer an exclusive extended verification process, and a new process patent is in the works to ensure accuracy in domain name ownership. Shoppers will know ownership of online retail stores in the .SHOP registry, and .SHOP will ensure e-commerce compliance with data security standards (e.g., PCI, ISO17799). A portion of every registration payment received will go to a charitable foundation, allowing for social entrepreneurship. Commercial Connect LLC has presented and made known the mission of .SHOP to key trade organizations that represent the global ecosystem of e-commerce. Our mission is to foster and encourage solid policy-making and open standards of excellence tied to e-commerce participants, including corporate, small business, and other supporting organizations. ICANN will be identified as a concerned stakeholder and solution provider for global e-commerce, as well as a player in the new foundation to be created to benefit world charities that make a difference in global economies of scale for the underprivileged through education, and fighting world hunger. We anticipate this could exceed in excess of $1 million each year annually and invite ICANN to participate in giving back to the world with agreed upon charities and causes.

.SHOP adds significant intuitive organization to the existing internet we know today. It will provide a direct conduit to eCommerce users. In other words, anyone wishing to purchase something on the internet would use the .SHOP TLD and an intuitive choice to take them directly to products.

If our marketing efforts are realized (please see marketing plan attached to application) even the most casual users of the internet will recognize the .SHOP TLD and use it in everyday shopping online. In addition they will understand why using .SHOP is safer due to the verification process and required use of SSL connectivity.

Government Relations
A secure and stable Internet is our number one priority, so we engage policymakers on all levels regarding legislation that affects it.

.SHOP Domain Names Registration Policies
Commercial Connect manages the authoritative registry (“Registry”) for all domain name registrations that end in “.SHOP”. The below registry policies govern the registration of domain names. Commercial Connect reserves the right to modify or amend these policies and any other policies regarding .SHOP at any time. Registrars should review the policies from time to time and any modifications made thereto. Modifications to these policies are effective as of the date and time they are posted on the Commercial Connect site.

Since Commercial Connect represents the e-commerce community, its purpose is to have a top-level domain namespace that encourages and supports -commerce.

The primary audience for this namespace is “business-to-consumer ecommerce.” The applicant information will be fully published as this is a business based TLD and not that of a private individual.

There are multiple reasons why a website operator (the ʺBusinessʺ) would want to use a new .SHOP top-level domain name. The first reason is that it will become more intuitive to the end user (the ʺConsumerʺ). If they want to purchase products and⁄or services, then they should instinctively use the .SHOP extension. If a multitude of new gTLD strings emerge onto the market, .SHOP will especially become a more apparent choice. That, coupled with our extensive marketing efforts will help to convince the Consumer that .SHOP is the domain namespace to use for purchasing products and⁄or services online.

Process Patent Pending Verification for .SHOP
Because Commercial Connect will be performing process patent pending verification on .SHOP applicants, there will be a more reliable and trustworthy indication that the registrant (the ʺBusinessʺ) is who they claim to be. While this will not prevent the registrant from engaging in negative business practices, it will help to ensure that their identity is known should legal action become necessary in the future. As a result, this identification will reduce fraud and make less favorable business practices exist only in namespaces other than ones that are stringently verified.

In order for an applicant to be considered “qualified” to purchase a .SHOP top-level domain name, they must go through a strict verification process where Commercial Connect researches the identity of that applicant and his business using semi-automated process patent pending processes. Once the registrant is “verified,” they are assigned a contact ID which will, then, allow them to register a .SHOP domain name.

Availability
The registration of a domain name is available to businesses. A domain name that is available at the time a Registrar runs the CHECK command does not guarantee that the domain name will be available at the time of registration.

Requirements for the applicant initially will be an agreement that the website will be offering goods and⁄or services under a secured socket layer (SSL) trusted connection. This site must be functional within six months of registration or the registrant could forfeit his rights to said domain name. There may be additional circumstances whereby it will not be required that the registrant of a .SHOP domain name have a functioning e-commerce site. These cases exist for trademark holders and users that forward their trade names to existing websites utilizing other TLDs. Generic .SHOP domain names should be e-commerce site-enabled and not forwarded to other sites.

Term
A domain name is registered in one-year increments, with a minimum registration term of one year and a maximum registration term of 10 years.
Verified applicants will agree to the understanding that if they are operating a business and utilizing a .SHOP domain name that holds them accountable for all transactions performed on this website. This is essential so that one party or registrar does not register themselves in an attempt to thwart our verification process. In addition, a clause in the registrar agreement will require that registrants not attempt to hide, mask, or alter the identity of any .SHOP registrant.

Naming Restrictions
The minimum character length for a domain name is one character, excluding the .SHOP extension. The maximum character length for a domain name is 254 characters excluding the extension. A domain name must not begin with a dash ʺ-ʺ or dot “.” and must also not begin with the following sequence: “alphanumeric_alphanumeric_dash (“-“)_dash (“-”)”.

Each character in the domain name, excluding the dots (“.”)s must be a letter or digit or dash (“-”). The last character must be a digit or a letter. It cannot be a dash (“-”).

.SHOP Premium Domain Names
Certain .SHOP domain names that are generic or common words, and one- to three- character combinations have been designated as ʺPremium Names.ʺ Premium Names have the same business rules and grace periods as all domain names with the following exceptions:
• Premium Names may have higher pricing than standard domain names.
• Notwithstanding anything herein to the contrary, Registrar transfers for Premium Names are prohibited.
• Notwithstanding anything herein to the contrary, the Sync operation for Premium Names is prohibited.

Name Servers
A domain name cannot have more than 13 hosts at the registry level.

Registrar Transfer Rules
A created domain name must be 61 days old or older to be available for transfer between Registrars. A domain name can be transferred in one-year increments from one to 10 years. A one-year renewal is the default setting. If the difference between the current date and the new registration date is more than 10 years but less than 11 years, then the transfer will be clipped to 10 years. If the difference between the current date and the new registration date is greater than 11 years, the transfer will be rejected. The pending-transfer period is five (5) days. If the transfer request is neither approved nor rejected by the losing Registrar within the five-day pending-transfer period, Commercial Connect will automatically approve the request. As stated above, Registrar transfers of Premium Names are prohibited.

Bulk Transfers
Subject to Commercial Connect’s discretion and approval, and any transfer fees or charges that may be assessed by Commercial Connect, Registrars may request bulk transfers of .SHOP domain names by submitting a bulk transfer request in writing accompanied by a complete list of the domain names to be transferred. The request must be signed by both the gaining and losing Registrars.

18(c). Describe operating rules to eliminate or minimize social costs or financial resource costs, various types of consumer vulnerabilities.

We will have a four part process for the registration of .SHOP domain names.
1. We will have a set of reserved ʺPremiumʺ generic .SHOP domain names that will be reserved for an auction after the other stages are completed.
2. We will have the standard Trademark Clearinghouse process along with a trademark period of registration first.
3. We, then, will have a premium registration where applicants can pay a premium to purchase .SHOP domain names.
4. Open registration, first-come⁄first-served, round robin polling.

By conducting the registration this way, it lessens that load on the system and helps to ensure that the appropriate trademarks are considered. At step four, registration will become first-come⁄first-served.

Cost benefits such as advantageous pricing, introductory discounts and bulk registration discounts will not be offered on the wholesale side; registrars are encouraged to offer these as they see appropriate. Since this TLD will be a premium domain name, there is an opportunity for registrars to define their own mark-up thus increasing their profit per .SHOP domain name.

While domain name registration periods will be offered as required, there are processes that must be verified annually, such as owner verification and usage that may have an impact on the registration process. All processes, including price increases, will be written as required by the Registry Agreement. Any registrations that have been prepaid will not be impacted by the price increases.

We will protect vulnerabilities through SSL. We are dealing with businesses and this information will be made public. We do not accept credit card data. Registrars must wire money as in most Registrar⁄Registry operations.

Transparency in all transactions will be the norm. We will be verifying all owners.

Since our end-price is comparable to other verification process, there should be no negative impact on the end user. We will reserve specific premium names to be sold at auction in the second year of operations. (Antique.SHOP, Toy.SHOP etc.) We are planning on multi-stage application periods. First stage will be for trademark owners. The second stage will be for a premium open registration period. A higher fee will be charged for this round of open registrations. The final stage is open registration whereby domain names will be awarded on a first-come⁄first-served based usinga round robin polling mechanism to allow each registrar equal access to the new .SHOP TLD. See above.

Due to the verification process costs of this domain name, we will not be offering discounts. The verification process will be the highest fee structure in the process, but equivalent to existing structures on the Internet today in costs. The actual domain name registration will be less expensive than the verification process.

$1 per domain name is allocated to a worldwide foundation benefitting e-commerce, education, world health, and feeding the poor initiatives. This amount may be reduced if our projections are significant higher than actual registrations. In this case a proportionate amount pertaining to net profit will be allocated.


Community-based Designation


19. Is the application for a community-based TLD?

Yes

20(a). Provide the name and full description of the community that the applicant is committing to serve.

The community for the .SHOP will be for eCommerce Operators - For the purpose of this application we are defining our community as eCommerce operators that directly sell to the general public on the internet.
This community is basically a B2C site that utilizes credit card processing requiring them to abide by PCI DSS (Payment Card Industry Data Security Standards) to operate.
We chose this community because fraud is a serious issue to both credit card processors as well as the community all the way down to the end customer. We all pay for fraud, and if our TLD can help minimize this fraud while at the same time be intuitive and instill more confidence in eCommerce, then everyone wins.
For nearly 12 years we have engaged with (and continue to represent) this community because we believe our gTLD string and its corresponding patent-pending verification process for transactions will significantly impact standards of excellence and offer real world solutions to reduce fraud online. We also believe that the gTLD string, .SHOP, offers a new “findability” factor for online shoppers. They will know and understand how to complete on their purchases with speed, security, and successful search resolution. Fraud remains one of the most serious issues to both credit card processors as well as the eCommerce community, affecting all levels of e-commerce, down to the shopper. All online shoppers pay for fraud and we believe that our TLD can minimize this fraud while, at the same time, instill more confidence in eCommerce practices.
This community is easily identified as websites that have shopping cart programs that utilize SSL (Secured Socket Layer) certificates (required under PCI DSS) to process their transactions. Studies have been performed to help identify these website operators and we have a 95% confidence that we have a clear and defined subset of the internet. We have received over 1,100 personal recommendations and support of Commercial Connect’s application for .SHOP from these e-commerce operators, representing in excess of $667 Trillion USD in annual sales last year alone.
As the multi-channel approach to retail and e-tailing evolves, we realize that the definition of eCommerce will continue to expand and involve more participants. Our main goal here is to define our core community, as well as provide proof that we educate, engage, and represent this community. We will continue to be transparent in our communications and exercise outreach on the value proposition of eCommerce to online businesses and brands today. We also guide best practices and policies leading to a better shopping experience and will directly give back, through our revenue generation, to institutions involved in social entrepreneurship and worldwide concerns in the areas of health, and feeding and educating the poor; we expect that our giving could exceed $1 million annually. By association, ICANN will be identified as a concerned stakeholder and solution provider for global eCommerce.
While we can state with confidence that we represent eCommerce in general with a much broader number of members, our main goal here is to define a community, provide proof of involvement and representation, and clearly show how we will be of benefit to that community.
Over the past twelve (12) years we feel confident that we have been engaged and have acquired the support required to represent this community. With an excess 1000+ physical contact affirmations and letters of support from companies that represent in excess of $667 trillion USD in sales annually.
For Question
1A - Delineation - .SHOP has a clearly delineated organized and pre-existing community.
1B - Extension - .SHOP has a community of considerable size and longevity.
2A - Nexus - .SHOP matches the name of the community and is well known in many languages.
2B - Uniqeness - .SHOP has no other significant meaning than eCommerce.
3A - Eligability - .SHOP will be restricted to eCommerce Users.
3B - Name Selection - .SHOPʹs policies include name selection rules consistent with the articulated community-based purpose of eCommerce.
3C - Content and Use - .SHOPʹs policies include rules for content and use consistent with the articulated community-based purpose of eCommerce.
3D - Enforcement - .SHOPʹs policies include specific enforcement measures constituting a coherent set with appropriate appeal mechanisms.
4A - Support - .SHOP has documented support from the community and can provide aditional upon request.
4B - Opposition - .SHOP has not received any formal opposition in the 12 years we have been working on this TLD application from any eCommerce entity.
Commercial Connect LLC has been present for the entire process of community definitions and while we have not influenced the selection and criteria, we do qualify with a strong score of 16 in these areas.

20(b). Explain the applicant's relationship to the community identified in 20(a).

We are the original applicant for .SHOP from the 2000 round. While there were other applicants in the initial rounds, Commercial Connect was the only one that made it through the entire qualification process. When delegation of .SHOP was put off until the ʺnextʺ round, CC has been working with the above community to establish its relationship and representation in that community.
Initially, since there was no clear community representation, we worked on establishing some form of a member trade association. The result was the creation of ECWR.net (eCommerce World Retailers). This was formed in March, 2004 and clearly predates the 2007 requirement in the Applicant Guidebook. We currently have in excess of 1,000 members representing a substantial amount of eCommerce (these members represent an equilivant in excess of $866 trillion in annual sales). However, Commercial Connectʹs being a trade union is not our mission. We merely want to aid in the organization and education of our community. For the first time in history, KPMG and the US National Retail Federation reported in Feb. 2012 in their annual worldwide survey that retailers’ websites or online channels eclipsed physical stores as the top channel for marketers (81% for brick-and-mortar vs. 86% online). As such, retail executives have spoken that they will invest in programs, like .SHOP, that directly resonate with today’s shopper. We have for you more than 1,500 letters from CEOs, politicians, and trade organizations that support Commercial Connect’s application for .SHOP, written over the last decade, as a step to a better online shopping experience that is safer, stable, and secure. According to the KPMG survey, 85 percent of all retail corporations worldwide will emphasize increasing online sales, up from 83 percent in 2011, and 38 percent will have a greater focus on increasing eCommerce sales over the next year, up from 29 percent in 2011.
Commercial Connect has communicated to key retail trade organizations across the world in the last decade through trade shows, private meetings, and email correspondence, its desire to operate the registry for eCommerce on the Internet and become a representative entity for this community. Commercial Connect will continue to work as this representative entity by educating and assisting in the growth and development of eCommerce worldwide.

20(c). Provide a description of the community-based purpose of the applied-for gTLD.

The community-based purpose is to aid in the the development of a safer, cheaper, and more secure platform for eCommerce, providing for a better online shopping experience. This mission adds to the Internet domains already available, so as to allow for URLs that can be defined as eCommerce from the first click. The addition of dotshop allows for increased options in domain selection and improved security. Commercial Connect, LLC has a process patent pending that will form the basis of a new security mechanism to verify registrants and publish this information for full transparency in the eCommerce shopping experience.
ICANN will be responsible for the enhancement of the Internet by providing a segmented eCommerce Top-Level Domain. Lastly, ICANN, through the social entrepreneurship of Commercial Connect’s financial commitment to a give-back model, will also be responsible for creating a worldwide charity that will benefit eCommerce provider sub-communities in the areas of enabling eCommerce, health, feeding the poor, and general education.

20(d). Explain the relationship between the applied-for gTLD string and the community identified in 20(a).

.SHOP and eCommerce retailers are integrated in their objectives, as retailers are increasingly looking for a way to differentiate their shopping experience for the end consumer, by tying together a muliti-channel philosophy. Issues of findability, quick search, and backend analysis of buying decisions become easier with the advent of .SHOP and its community of interest. All information resides in one place for both the shopper and the marketer for brands, and other retail establishments.
Fraud online is a large discussion in the world today and additional mechanisms that secure existing vulnerabilities will be determined and implemented through patents. According to the Internet Crime Complaint Center’s 2010 Internet Crime Report, non-delivery of payments or merchandise totaling hundreds of millions of dollars accounted for 14.4 percent of the complaints, followed by scams involving people posing as U.S. FBI agents, at 13.2 percent.
Identity theft was the third most common crime (9.8 percent), followed by computer crimes (9.1 percent), miscellaneous fraud (8.6 percent), advance fee fraud (7.6 percent), spam (6.9 percent), auction fraud (5.9 percent), credit card fraud (5.3 percent) and overpayment fraud (5.3 percent).
Why a dotShop domain?
Easier – It will be easy to remember for end users looking to purchase goods.
Safer – It will validate registrants and publish owners of .SHOP domains.
Cheaper – It will cost less than current offerings.
Commercial Connect is committed to adequately addressing consumer protection, security, stability and resiliency, malicious abuse issues, sovereignty concerns, and rights protection for those that use .SHOP upon delegation.

20(e). Provide a description of the applicant's intended registration policies in support of the community-based purpose of the applied-for gTLD.

The .SHOP domain name is intended for eCommerce purposes. This means that a website using .SHOP must have eCommerce-enabled ability to provide a direct conduit to making transaction on the web. In other words, it is expected that a .SHOP website will have items or services available for sale on that site and that there is an easy path to purchasing these items. These transaction must also use secure communications when processing said transactions.
In addition, we must ensure that trademark holders also are protected and allow these companies to own a .SHOP domain name without the enforcement of eCommerce as long as this is not the find resolution site for such domain name. In other words, if a trademark holder registers ʺtrademark.shopʺ but it is not eCommerce-enabled (secured site with products immediately ready for purchase), then it must either be inactive or forwarded to a non-.shop website.
Government Relations
A secure and stable Internet is our number one priority, so we engage policymakers on all levels regarding legislation that affects it.
.SHOP Domain Names Registration Policies
Commercial Connect manages the authoritative registry (“Registry”) for all domain name registrations that end in “.shop”. The, below, registry policies govern the registration of domain names. Commercial Connect reserves the right to modify or amend these policies and any other policies regarding .SHOP at any time. Registrars should review the policies from time to time and any modifications made thereto. Modifications to these policies are effective as of the date and time they are posted on the Commercial Connect site.
Since Commercial Connect represents the eCommerce community, its purpose is to have a top-level domain namespace that encourages and supports eCommerce.
The primary audience for this namespace is “business-to-consumer eCommerce.”
There are multiple reasons why a website operator (the ʺBusinessʺ) would want to use a new .SHOP top-level domain name. The first reason is that it will become more intuitive to the end user (the ʺConsumerʺ). If they want to purchase products and⁄or services, then they should instinctively use the .SHOP extension. If a multitude of new gTLD strings emerges onto the market, .SHOP will especially become a more apparent choice. That, coupled with our extensive marketing efforts, will help to convince the Consumer that dotShop is the domain namespace to use.
Process Patent Pending Verification for .SHOP
Because Commercial Connect will be performing process patent pending verification on .SHOP applicants, there will be a more reliable and trustworthy indication that the registrant (the ʺBusinessʺ) is who they claim to be. While this will not prevent the registrant from engaging in negative business practices, it will help to ensure that their identity is known should legal action become necessary in the future. As a result, this identification will reduce fraud and make less favorable business practices exist in namespaces other than ones that are stringently verified.
In order for an applicant to be considered “qualified” to purchase a .SHOP top-level domain name, they must go through a strict verification process where Commercial Connect researches the identity of that applicant and his business using semi-automated process patent pending processes. Once the registrant is “verified,” they are assigned a contact ID which will, then, allow them to register a .SHOP domain name.
Availability
The registration of a domain name is available to businesses. A domain name that is available at the time a Registrar runs the CHECK command does not guarantee that the domain name will be available at the time of registration.
Requirements for the applicant initially will be an agreement that the website will be offering goods and⁄or services under a secured socket layer (SSL) trusted connection. This site must be functional within six months of registration or the registrant could forfeit his rights to said domain name. There may be additional circumstances whereby it will not be required for the registrant of a .SHOP domain name have a functioning eCommerce site. These cases exist for trademark holders and users that forward their trade names to existing websites utilizing other TLDs. Generic .SHOP domain names should be eCommerce site-enabled and not forwarded to other sites.
Term
A domain name is registered in one-year increments, with a minimum registration term of one year and a maximum registration term of 10 years.
Verified applicants will agree to the understanding that if they are operating a business and utilizing a .SHOP domain name that holds them accountable for all transactions performed on this website. This is essential so that one party or registrar does not register themselves in an attempt to thwart our verification process. In addition, a clause in the registrar agreement will require that registrants not attempt to hide, mask, or alter the identity of any .SHOP registrant.
Naming Restrictions
The minimum character length for a domain name is one character, excluding the .SHOP extension. The maximum character length for a domain name is 63 characters excluding the extension. A domain name must not begin with a dash ʺ-ʺ or dot “.” and must not begin with the following sequence: “alphanumeric_alphanumeric_dash (“-“)_dash (“-”)”.
Each character in the domain name, excluding the dots (“.”)s must be a letter, digit, or dash (“-”). The last character must be a digit or letter. It cannot be a dash (“-”).
.SHOP Premium Domain Names
Certain .SHOP domain names that are generic or common words, and one- to three- character combinations have been designated as ʺPremium Names.ʺ Premium Names have the same business rules and grace periods as all domain names with the following exceptions:
• Premium Names may have higher pricing than standard domain names.
• Notwithstanding anything herein to the contrary, Registrar transfers for Premium Names are prohibited.
• Notwithstanding anything herein to the contrary, the ʺSyncʺ operation for Premium Names is prohibited.
Nameservers
A domain name cannot have more than 13 hosts at the registry level.
Registrar Transfer Rules
A created domain name must be 61 days old or older to be available for transfer between registrars. A domain name can be transferred in one-year increments from one to 10 years. A one-year renewal is the default setting. If the difference between the current date and the new registration date is more than 10 years but less than 11 years, then the transfer will be clipped to 10 years. If the difference between the current date and the new registration date is greater than 11 years, the transfer will be rejected. The pending-transfer period is five (5) days. If the transfer request is neither approved nor rejected by the losing Registrar within the five-day pending-transfer period, Commercial Connect will automatically approve the request. As stated above, Registrar transfers of Premium Names are prohibited.
Bulk Transfers
Subject to Commercial Connect’s discretion and approval, and any transfer fees or charges that may be assessed by CCLLC, Registrars may request bulk transfers of .SHOP domain names by submitting a bulk transfer request in writing accompanied by a complete list of the domain names to be transferred. The request must be signed by both the gaining and losing Registrars.
(See the Registration policy in its entirety as an Attachment R in Technical Section).

20(f). Attach any written endorsements from institutions/groups representative of the community identified in 20(a).

Not Available

Geographic Names


21(a). Is the application for a geographic name?

No

Protection of Geographic Names


22. Describe proposed measures for protection of geographic names at the second and other levels in the applied-for gTLD.

As part of our reserved and un-regisisterable names, we will include country names, geographic names, and any names as suggested and⁄or required by the trademark clearinghouse.

Registry Services


23. Provide name and full description of all the Registry Services to be provided.

In our original application in 2000, we provided a full technical plan complete with systems, operating system specification, and software solutions. We now have a fully functional registry in-house ready to accept EPP requests for the new .SHOP gTLD.

Commercial Connect, LLC established its own internal registry in 2011. We designed our registry system to closely mimic other significant registries so that continuity provisions are designed to become seamless.

In addition, we continue to show our commitment to the e-commerce community by focusing on only one application.

Services offered include:

(1) Operation of the Shared Registration System

SRS Transactions - Registrar Connections - EPP

A registrarʹs access to the SRS can be impacted by two issues; the number of connections and the available bandwidth. Registrar transactions traffic behavior can be divided into two categories; normal transactions and add-storm transactions. Normal transactions can be defined as the transactions generated by normal daily behavior of registrants, e.g., registering new names, modifying existing names, renewing names, etc. Add-storm transactions are those that are generated by attempts by the registrars to register a name that is expiring at a specific date and time. CCLLC has decided that the best solution would be to provide each registrar the same number of connections and to provide a separate connection for dropped domain names as to not impact normal operations.

SRS Transactions - Demand

The Capacity Planning Team estimated peak SRS transactions per second (TPS) based on data collected on existing TLDs.

By extrapolating data from other TLDs, the transaction growth rate can be estimated. An average peak day for SRS transactions is 5% of the total monthʹs transactions.

A peak 5 minutes is 5% of the peak day. The peak 5 minutes is such a large percent of the day because it includes add storm activity. The Capacity Planning Team has concluded that the overall CCLLC SRS must support the following capacities over the first 2 years.

It should be noted that these are very conservative estimates, and assumes that all TLDs will experience the same peak transaction levels experienced by larger, open TLDs. In fact, many of the TLDs, such as brand and community TLDs, will not experience the peak transactions that occur during add storms. However, following a philosophy of estimating conservatively, these plans are based on a high case scenario.

SRS Transactions - SRS Capacity

CCLLC uses this data to analyze the capacity of CCLLCʹs systems, including the EPP and application servers, and the database. In CCLLC’s SRS architecture, the database is the most limiting item. The architecture of the SRS utilizes server clusters for the application servers (EPP and Business policy engines) and the database.

Increasing capacity to those servers is a matter of adding more servers to the cluster. Their current deployed architecture supports 17k TPS. If necessary, we can increase this to 30k TPS in 2013 to maintain 2 times peak demand.

SRS Transactions - Bandwidth Capacity

Using historical registry data, an average SRS transaction size has been determined to be 1.3kb. Since CCLLC staggers the drop times of domains the peak TPS demand is spread out over many hours and over separate connections. As a result of the staggering process only 10% of the overall peak TPS will occur at any given time and will not impact the primary registration connections. This means the registry will need to support 39mbps of bandwidth during an add storm (3,750 x 10,400 bits = 39mbps).

The registryʹs primary and secondary SRS sites both have 200MBps of bandwidth. This is nearly 5 times the estimated demand.

(2) A Unique .SHOP Registry Service—Process Patent-Pending Verification Process for Transactions

As part of a registration for .SHOP the inclusion of a patent-pending verification process for transactions will be performed. In this process we use bank information already collected on an applicant to match against the registration data. If we verify that the information submitted to us matches the registrants bank account information whereby they had to provide photo identifications locally to their bank along with appropriate corporation and⁄or business articles, then we can feel more confident that the applicant is who they claim to be. We will make no claims to guarantee the identity of anyone but will explain that this is a much more confident means of verification than previously existed.

We can provide more information on this technique and process at ICANN’s request.

“Registry Services” are, for purposes of the Registry Agreement, defined as the following: (a) those services that are operations of the registry critical to the following tasks: the receipt of data from registrars concerning registrations of domain names and name servers; provision to registrars of status information relating to the zone servers for the TLD; dissemination of TLD zone files; operation of the registry DNS servers; and dissemination of contact and other information concerning domain name server registrations in the TLD as required by this Agreement; (b) other products or services that the registry operator is required to provide because of the establishment of a Consensus Policy as defined in Specification 1; (c) any other products or services that only a registry operator is capable of providing, by reason of its designation as the registry operator; and (d) material changes to any Registry Service within the scope of (a), (b) or (c) above.

(3) Provision of WHOIS service

CCLLC operates two active WHOIS sites, each consisting of 3 servers behind a load balancer. CCLLC has tested this configuration in CCLLCʹs lab. Each WHOIS site will be able to support 2875 QPS. This is 5X the estimated 2013 capacity need.

(4) DNS resolution for registered domain names

DNS for Commercial Connect includes 16 name server sites located throughout the world. Each site will contain at least two resolving servers. The domain name servers will support 50K queries per second.

Based on the peak queries per second the estimated bandwidth needed will be 105 Mbps. This is based off of .0014 Mbps X 75,000 queries per sec = 105Mbps for estimated bandwidth [bits per second X queries per second = total bandwidth needed (in bits per second)] .

Each name server will have a minimum of two 100 MBps connection, which is 2x the peak capacity load required.

High Capacity Systems

As described above, each element of the registry has been designed for high capacity. The DNS has over 10 times the estimated query capacity required for all TLDs combined; the SRS over 3 times the estimated domain capacity, and WHOIS over five times the estimated query capacity.


Registry Operator Code of Conduct

1. In connection with the operation of the registry for the TLD, Registry Operator will not, and will not allow any parent, subsidiary, Affiliate, subcontractor or other related entity, to the extent such party is engaged in the provision of Registry Services with respect to the TLD (each, a “Registry Related Party”), to: a. directly or indirectly show any preference or provide any special consideration to any registrar with respect to operational access to registry systems and related registry services, unless comparable opportunities to qualify for such preferences or considerations are made available to all registrars on substantially similar terms and subject to substantially similar conditions; b. register domain names in its own right, except for names registered through an ICANN accredited registrar that are reasonably necessary for the management, operations and purpose of the TLD, provided, that Registry Operator may reserve names from registration pursuant to Section 2.6 of the Registry Agreement;
c. register names in the TLD or sub-domains of the TLD based upon proprietary access to information about searches or resolution requests by consumers for domain names not yet registered (commonly known as, ʺfront-runningʺ); d. allow any Affiliated registrar to disclose user data to Registry Operator or any Registry Related Party, except as necessary for the management and operations of the TLD, unless all unrelated third parties (including other registry operators) are given equivalent access to such user data on substantially similar terms and subject to substantially similar conditions; or e. disclose confidential registry data or confidential information about its Registry Services or operations to any employee of any DNS services provider, except as necessary for the management and operations of the TLD, unless all unrelated third parties (including other registry operators) are given equivalent access to such confidential registry data or confidential information on substantially similar terms and subject to substantially similar conditions.

2. If Registry Operator or a Registry Related Party also operates as a provider of registrar or registrar-reseller services, Registry Operator will, or will cause such
Registry Related Party to, ensure that such services are offered through a legal entity separate from Registry Operator, and maintain separate books of accounts with respect to its registrar or registrar-reseller operations.

3. Registry Operator will conduct internal reviews at least once per calendar year to ensure compliance with this Code of Conduct. Within twenty (20) calendar days following the end of each calendar year, Registry Operator will provide the results of the internal review, along with a certification executed by an executive officer of Registry Operator certifying as to Registry Operator’s compliance with this Code of Conduct, via email to an address to be provided by ICANN. (ICANN may specify in the future the form and contents of such reports or that the reports be delivered by other reasonable means.) Registry Operator agrees that ICANN may publicly post such results and certification.

4. Nothing set forth herein shall: (i) limit ICANN from conducting investigations of claims of Registry Operator’s non-compliance with this Code of Conduct; or (ii) provide grounds for Registry Operator to refuse to cooperate with ICANN investigations of claims of Registry Operator’s non-compliance with this Code of Conduct.

5. Nothing set forth herein shall limit the ability of Registry Operator or any Registry Related Party, to enter into arms-length transactions in the ordinary course of business with a registrar or reseller with respect to products and services unrelated in all respects to the TLD.

6. Registry Operator may request an exemption to this Code of Conduct, and such exemption may be granted by ICANN in ICANN’s reasonable discretion, if Registry Operator demonstrates to ICANN’s reasonable satisfaction that (i) all domain name registrations in the TLD are registered to, and maintained by, Registry Operator for its own exclusive use, (ii) Registry Operator does not sell, distribute or transfer control or use of any registrations in the TLD to any third party that is not an Affiliate of Registry Operator, and (iii) application of this Code of Conduct to the TLD is not necessary to protect the public interest.

Demonstration of Technical & Operational Capability


24. Shared Registration System (SRS) Performance

The plan for a robust Shared Registration System (SRS) performance has its foundation in the custom registry design. The Commercial Connect registry system is a live, custom registry design built off of the ISC open registry software version 1.0.2. The registry is capable of providing EPP requests, WHOIS lookups, and also offers a web interface for access. The registry was built to enable support for these various methods of access while still offering an advanced level of security on the system ensuring availability without the risk of unauthorized access.

Commercial Connect’s registry system uses 14 servers for the services provided. Two servers are the EPP (Extensible Provisioning Protocol), which will provide EPP functionality for the registry. The third server is used as a web server to provide a web interface for the registry. Another server is used as the WHOIS server for the registry. A fifth and sixth server are utilized as two DNS servers. The seventh is used as the master database for the entire registry. The other seven servers are used as hot standby servers, or servers that have mirrored the exact data as the main servers and are ready to take over in case of a main server failure.

The servers will utilize the hot standby synchronization scheme, meaning that the live (main) server information will be mirrored to a backup (standby server) directly as soon as any information changes on the live server. This allows the standby server to take over almost instantaneously if a critical failure occurs on the live server and, therefore, no break occurs in the registry’s service.

There will be two more identical systems put in place at remote locations.

The EPP server will process any request made by the user of the registry system. The registry set-up allows for the user to either connect directly with the EPP server or through a web portal on the internet. Both options will provide the necessary functions expected of the EPP server which will then translate and execute the request. It will, then, send a reply back to the user based on success or failure of the request. Both EPP servers will have a backup EPP server ready to go with data constantly updating, allowing transition between the two servers to be as seamless as possible. Upon going live, both EPP servers will be utilized to handle the initial traffic of registries for the .SHOP domain. After the initial registration period, one EPP server, including its backup server, will, then, be used for the registry’s Drop Pool services.

The webserver will be responsible for the website that acts as a front-end to the EPP server and registry. This will be a user-friendly interface allowing for the user to register multiple requests at a time and to also allow the user the convenience of not having to write software to communicate with the registry. The webserver will use EPP protocol underneath and send the requests to the EPP server which will then execute the EPP commands and send a response back to the webserver on the success or failure of the command.

The WHOIS server will be responsible for providing contact information, domain expiration date, and the status for any domain name registered with the .SHOP gTLD. The information the WHOIS server shows will be pulled directly from the master database in the .SHOP registry. Interconnectivity with other registry systems will include the whitelisting of Registrars⁄Registries for querying, etc.

The DNS servers will perform SOA requests, resolve domain names into IP addresses as well as other DNS requests and are capable of supporting DNSSEC.

Commercial Connect’s Registry system will be capable of meeting the requirements stated in Specification 10 (SLQ) based on the given projections in both answers 31 and 46.

To meet the DNS requirements of having 100% availability, 99% uptime, update time of 60 min or less, TCP RTT of 1500ms or less, and UDP RTT of 500ms or less Commercial Connects DNS infrastructure will allow for a maximum of up to 50,000qps. In the Supplemental Notes for Questions 31 it states that the average expected DNS queries per month is 2,901,801,215 billion queries which when broken down even further equals about 1,083 Queries per Second (QPS). This means we are only using 1⁄50 of our capabilities which also allow Commercial Connect to make sure that all DNS requirements are met now and for future expansion. Commercial Connect also plans on using DNSSEC for its DNS not only for security but also for reliability assuring that our DNS servers really are our DNS servers.

For WHOIS requirements it states that we must have 98% availability, a RTT of 2000ms or less, and an update time of 60 min or less. To meet and exceed these requirements Commercial Connect has been working on several different ways to access our Whois service to decrease the RTT and availability.

The first access type for our Whois server is to query our server directly on the Whois port. Our Whois server has been tested to receive a maximum of 2875 QPS. According to Question 31 Supplemental notes as well Commercial Connects expected monthly Whois queries will average 69,643,229 queries per month. That is about .9% of our maximum queries per month Commercial Connect is able to handle for the Whois system.

To further reduce the traffic load and increase availability for our Whois service Commercial Connect is working on using RESTful Whois. This service will be available via a webpage on one of Commercial Connects webservers. This will allow Whois information to be transmitted using XML or HTML and will also allow a decrease in bandwidth and queries on the Whois server furthering our Whois service uptime and availability.

The EPP requirements in Specification 10 for the EPP service is to have 98% uptime, EPP command RTT of 4000ms or less, EPP query-command RTT of 2000ms or less, and EPP transform-command RTT of 4000ms or less.

As discussed in more detail in Question 31 the current EPP max transactions per second is 17K per second. This already is an improvement of 15K transactions per second posted by other already functioning registries by the ICANN Benchmark in February 2010. With Commercial Connect designing its EPP systems to be able to allow more transactions per second it also assures that Commercial Connect is more than capable of handling the response times to be under the maximum response time as well as making sure the EPP service is available at least 98% of the time.

Commercial Connect agrees that the definitions agreed upon and adopted as part of the ICANN parameters and measures for SRS Performance will be observed.

25. Extensible Provisioning Protocol (EPP)

EPP (Extensible Provisioning Protocol) is an XML-based protocol created by VeriSign, with support from ICANN, which has been introduced as an industry standard protocol between registries and registrars.

Our registry works by having EPP software based on a Linux-based Ubuntu Server v.11.10. This allows us to maintain complete control over the system by only opening the needed ports for the EPP protocols. The EPP software on the server has been set up to run as a service so that the server is always listening for EPP requests from registrars; 24 hours a day and 7 days a week.

The EPP software was designed to specifically handle EPP requests, and then, based upon the request, allocate the necessary resources for the request according to the RFC 5730, RFC 5731, RFC 5732, RFC 5733, RFC 5734, and RFC 3735. At present, we have no intention to extend the EPP protocol in RFC 3735, and will remain compliant. The documents mentioned outline the EPP.

There will be two ways registrars are allowed to communicate with our registry. The first is through direct EPP communication with our servers. The second is using a website front-end to our EPP servers.

The first option is direct EPP communication with our servers. This will require the registrar to create a connection with our server using the EPP protocol. We will provide the registrar with the needed information to make such a connection. This includes providing IP addresses for our servers, the port on which our servers are listening for EPP requests and any account information needed to verify that the registrar is, in fact, the registrar connecting, and not another business or person. This option allows for the quickest and most direct way of making requests and commands on our registry with the downside that it requires the registrar to make changes to their software, so that the connection can be made.

The second option allows registrars to connect to our registry system through a website. For the registrar to have access to the site, Commercial Connect will ensure, through various validation processes, that the registrar is, in fact, the registrar it says it is, before giving an account to access the website. The website itself will have available all the commands that comply with the RFC’s 5730, 5731, 5732, 5733, and 5734. The interface will auto generate a template based on the command selected, and then allow for the registrar to fill in the necessary fields for the domain name(s).

After the required fields have been filled, the webserver sends the commands in EPP protocol to our EPP servers, which then execute the commands accordingly. The webserver then receives the output in html form for the user based on the success⁄failure of the command sent. This option is available for the registrars who do not wish to directly connect with our EPP servers and allows for a more user-friendly method of registering domain names with our registry.

Key personnel at Commercial Connect involved in this EPP plan will report to the VP of Technology, and the VP of Operations. Staff directly involved will include the following: Network Administrator, Programmer-Senior, Programmer-Junior, Network Security Officers (2), Customer Service⁄Technical Support (2), Data Integrity Supervisor, and the Applicant Verification⁄Audit Staff of 2.

26. Whois

Since Commercial Connect (CC) represents the e-commerce community, it is our intention to make dotShop as open and transparent as possible. That being said, we will have a full thick-registry with all information about the applicant available online for all to review. This gives the shopper confidence in that they know who they are dealing with, where the entity is located, and, in essence, where their money is going.

The WHOIS servers will be hot-standby, with backup WHOIS servers that are constantly (real-time) being updated with identical information form the live WHOIS server. This provides a failsafe for the live WHOIS server system. In case of a critical failure to the live WHOIS server, the backup WHOIS server on standby will instantaneously take the place of the malfunctioning server, and become the new live WHOIS server.

Commercial Connect’s WHOIS servers will work with other registries and registrars by whitelisting their DNS and WHOIS servers, as appropriate. This will provide smooth connectivity between the CCLLC registry and registrars. This will allow for registries and registrars to access our WHOIS and DNS servers as necessary, without suspicion of data mining and abuse.

To do this, we will take the registries and registrars network addresses and allow them preferred access to these required services.
Key personnel involved in the WHOIS plan will include direct reporting to the VP of Technology, and the VP of Operations. Staff directly involved will include the following: Network Administrator, Programmer-Senior, Programmer-Junior, Network Security Officers (2), Customer Service⁄Technical Support (2), Data Integrity Supervisor, and the Applicant Verification⁄Audit Staff of 2.

RESTful WHOIS
We are currently working toward RESTful WHOIS compliance. We anticipate this to be completed by the end of the 3rd Quarter, 2012. The RESTful WHOIS will provide a searchable WHOIS service through key web technology (xml, html) that assists the WHOis data exchange.


We have attached out WHOIS Policy below which will fit into this answer section but is much more readable as an attachment.

27. Registration Life Cycle

Commercial Connect, LLC. expects to reserve certain premium domain names to be made available for auction sometime in the second year of operations. In addition, there will be a sunrise period and trademark period. The trademark registration period will come first, then it will be followed by a premium domain name registration period where the cost for the .SHOP TLD will be significantly higher. This is done to reduce the impact of the open registration. After the premium registration and open period of registration will begin.


Add Contact
In order to register a .SHOP domain name, one must first be verified as a verified .SHOP domain name owner. In order to become a “verified owner,” the owner’s information must be supplied to Commercial Connect, LLC with a verification fee. Verified Owners must agree that they are not acting as agents to other entities as all .SHOP domain names must be owned by the person operating the e-commerce site. The verification process can take as long as two business days to complete. Once a contact is verified, a flag is placed on that contact, so that it will be allowed to be used as an owner for a .SHOP domain name.

Applied Status
During verification process, if a domain name is requested it is placed under and Applied for status until the owner can be verified. The Applied status can lock the domain for up to seven (7) days while he verification process is completed.

New Registration
Once an owner is “verified” they can continue the process of registering one or more .SHOP domain names.


Registrar Transfer Rules
A created domain name must be 61 days old or older to be available for transfer between registrars. A domain name can be transferred in one-year increments from one to 10 years. A one-year renewal is the default setting. If the difference between the current date and the new registration date is more than 10 years abut less than 11 years, then the transfer will be clipped to 10 years. If the difference between the current date and the new registration date is greater than 11 years, the transfer will be rejected. The pending-transfer period is five (5) days. If the transfer request is neither approved nor rejected by the losing registrar within the five-day pending-transfer period, Commercial Connect will automatically approve the request. As stated above, registrar transfers of premium names are prohibited.

Bulk Transfers
Subject to Commercial Connect’s discretion and approval (and any transfer fees or charges that may be assessed by CCLLC), registrars may request bulk transfers of .SHOP domain names by submitting a bulk transfer request in writing accompanied by a complete list of the domain names to be transferred and signed by both the gaining and losing registrars.

Grace Periods
A grace period refers to a specified number of calendar days following a registry operation in which the domain name may be deleted and a credit may be issued to a registrar. Relevant registry operations in this context are:
• Registration of a new domain name (“add grace period”)
• Explicit renewal of an existing domain name (“explicit renew grace period”)
• Auto-renew of an existing domain name (“auto-renew grace period”), and;
• Registrar transfer of an existing domain name (“registrar transfer grace period”)

Add Grace Period
The “add grace period” is a specified number of calendar days following the initial registration of a domain name. The value of the add grace period is five (5) calendar days. If a delete, explicit renew, or transfer operation occurs within the five calendar days, the following rules apply:
• Delete: If a domain name is deleted within the add grace period, the sponsoring registrar is credited for the amount of the registration. The domain name is deleted from the registry database and is immediately available for registration by any registrar. If a domain name is deleted after the five-day grace period expires, it will be placed in “redemption period” status for 30 calendar days.
• Explicit Renew: If a domain name is explicitly renewed within the add grace period, there is no credit for the add. In addition to the initial registration charge, the registrar’s available credit will be debited for the number of years the registration is explicitly renewed. The expiration date of the domain name is extended by the number of years as specified by the registrar’s requested explicit renew operation up to a maximum resulting registration period of not more than 10 years.
• Registrar Transfer: A domain name may not be transferred within the add grace period.

Explicit Renew Grace Period
The “explicit renew grace period” is a specified number of calendar days following the explicit renewal of a domain name registration period. The value of the explicit renew grace period is five (5) calendar days. If a delete, explicit renew, or transfer operation occurs within the five calendar days, the following rules apply:
• Delete: If a domain name is deleted within the explicit renew grace period, the sponsoring registrar receives a credit of the explicit renew fee and the domain name is placed on “redemption period” status.
• Explicit Renew: A domain name can be extended within the explicit renew grace period for up to a maximum of 10 years. The domain name renewal request will be rejected if the totals years requested are greater than 10 years. The registrar’s available credit will be debited for each of the additional number of years the registration is explicitly renewed.
• Registrar Transfer: If a domain name is transferred within the explicit renew grace period, there is no explicit renew credit. The expiration date of the domain name is extended by one year for the transfer and the years added as a result of the explicit renew remain on the domain name up to a maximum of 10 years. The gaining registrar is charged for that additional year for the transfer, even in cases where a full year is not added because of the 10-year maximum limitation.

Auto-Renew Grace Period
The “auto-renew grace period” is a specified number of calendar days following an auto-renewal. An auto-renewal occurs if a domain name registration is not explicitly renewed or deleted by the expiration date; in this circumstance the registration will be automatically renewed by the system the first day after the expiration date and the registrar’s available credit will be debited. The value of the auto-renew grace period is 45 calendar days. If a delete, explicit renew, or transfer operation occurs within the auto-renew grace period, the following rules apply:
• Delete: If a domain name is deleted within the auto-renew grace period, the registrar receives a credit of the auto-renew fee at the time of the deletion. The domain name is then placed on Redemption Period status.
• Explicit Renew: A domain name can be explicitly renewed within the auto-renew grace period for up to a total of 10 years. The account of the sponsoring registrar at the time of the additional extension will be charged for the additional number of years the registration is explicitly renewed.
• Registrar Transfer: If a domain name is transferred within the auto-renew grace period, the losing registrar receives a credit of the auto-renew fee and the year added by the auto-renew operation is cancelled. The expiration date of the domain name is extended by one year up to a total maximum of 10 by virtue of the transfer and the gaining registrar is charged for that additional year, even in cases where a full year is not added because of the 10-year maximum limitation.

Registrar Transfer Grace Period
The “registrar transfer grace period” is a specified number of calendar days following the completion of a domain name transfer. The value of the registrar transfer grace period is five calendar days. If a delete, explicit renew, or transfer operation occurs within the five (5) calendar days, the following rules apply:
• Delete: If a domain name is deleted within the registrar transfer grace period, the sponsoring Registrar receives a credit for the transfer fee and the domain name is placed in Redemption Period status.
• Explicit Renew: If a domain name is explicitly renewed within the transfer grace period, there is no credit for the transfer. In addition to the transfer fee, the registrar’s available credit will be debited for the number of years the registration is explicitly renewed. The expiration date of the domain name is renewed by the number of years as specified by the registrar’s requested explicit renew operation up to a maximum resulting registration period of not more than 10 years.
• Registrar Transfer: If a domain name is transferred within the registrar transfer grace period, there is no credit. The expiration date of the domain name is extended by one year up to a maximum term of 10 years.

Redemption Period Status
When a domain name is deleted outside of the add grace period or within the registrar transfer, auto-renew, or explicit renew grace periods, it is placed on redemption period status for 30 days. The redemption period works as follows:
• Domain name deleted.
• Domain name is removed from the zone.
• Domain name placed on redemption period for 30 days.
• No modifications can be made to the domain name while in redemption period status.
• The redemption period status can only be removed by using the “restore” command.
• If the domain name is NOT restored during the 30 day window, the name is then placed on “pending delete” status for five days.
• While in “pending delete” status, the domain name cannot be restored.
• After the five day “pending delete” period expires, the domain name will be deleted.

Restore Command
The “restore command” allows a registrar to remove the redemption period status from a domain name. The restore command is a billable transaction and debits the registrar’s account each time it is issued. The restore command requires the registrar to complete two actions:
• Pass the restore command to CCLLC.
• Complete the restore report.
Details regarding the restore command:
• The restore command will remove the redemption period status.
• The restore command cannot be submitted for premium names.
• The restore operation will not change the registration expiration date even if the domain name has already expired. When an expired domain name is restored and the restore report is successfully received for the domain name, the auto-renew batch process will extend the expiration date to be one year from the current expiration date.
• NOTE: If a restore has been requested but the restore report has not been processed for that domain name, then it will not be included in the Auto-Renew Batch process.
• A successful restore command will place the name on “pending restore” status for seven (7) days.
• Domain names on “pending restore” status will be included in the zone files.

Details regarding the restore report:
The restore report is the second step in the restore command process. Once a registrar has successfully removed the redemption period status from a domain name using the restore command, they must submit an explanation to CCLLC. This is accomplished by completing the restore report.
• Once the registrar has successfully executed the restore command, the domain name will now be on “pending restore” status.
• The “pending restore” period is seven (7) calendar days.
• During this seven-day window, the registrar must submit a restore report to CCLLC.
• If CCLLC receives the restore report, the domain name will be placed in “active” status.
• If CCLLC does NOT receive the restore report within the seven-day window, then the domain name is returned to redemption period status.

As part of their restore report, a registrar will be required to submit the following details as part of their restore report:
A. A copy of registrarʹs WHOIS data for the deleted name as it appeared prior to the deletion. The WHOIS data must contain the following:
• Correct name of the registered domain name
• Non-blank nameserver name(s), or ʺnoneʺ
• Correctly formatted date in original creation date field
• Correctly formatted date in expiration date field
• Non-blank field for the name and address of the registrant
• Non-blank field for the name and address of the administrative contact
• Non-blank field for the email address of the administrative contact
• Non-blank field for the voice telephone number of the administrative contact
• Fax number of the administrative contact, if provided
• Non-blank field for the name and address of the technical contact
• Non-blank field for the email address of the technical contact
• Non-blank field for the voice telephone number of the technical contact
• Fax number of the technical contact if provided.
B. The date and time the registered domain name was deleted. (CCLLC requires properly formatted date and time.)
C. The date and time the restore operation was performed on this domain name. (CCLLC requires properly formatted date and time.)
D. A brief explanation of the reason why the domain name was restored.

CCLLC will process all restore report submissions in a one-time batch process. Once the restore report batch is processed, CCLLC will convert the domain names to “active” status.


SYNC Calculations
The SYNC operation can be used to move the expiration date of the domain name forward to a specific date (month and day) that is provided in the command.
• The year will not be provided in the command. This will reduce the amount of invalid data and the attempts to SYNC and RENEW in one transaction. If the registrant wishes to SYNC the dates and RENEW for one to 10 years, this will be handled as two separate transactions.
• If the month and date is later than the current expiration month and date, then the expiration date will be extended within the same calendar year as the current expiration date.
• If the month and date is earlier than the current expiration month and date, then the expiration date will be extended to that month and date in the calendar year following the current expiration date.
• If the month and date in the command is equal to the current expiration month and date, then an error will be returned. (This eliminates the possibility of executing a repeated SYNC command.)
• Registrars are charged for the SYNC operation for each domain, based on the number of calendar months the expiration date is extended. The minimum charge is for one month.
• The maximum charge is for 11 months. If a registrar issues a SYNC command on a domain name setting the expiration date less than one month, CCLLC will charge the registrar for one month.
• If a Registrar issues a SYNC command on a domain name setting the expiration date to N months and X days, we charge the registrar for N months.
• If the expiration is extended within the same month (whether it is one day or 30 days), the SYNC period will be defined as one month. (e.g., January 1 to January 15 is counted as one month)

NOTE: If the current expiration is January 15 and the SYNC operation is changing it to January 1, then this will be counted as 11 months because the registration is being extended to January 1 of the following year. If the expiration is extended to a different month, then the SYNC period will be defined based on the number of calendar months. (e.g., March 5 to October 27 is counted as seven months, October 27 to March 5 is counted as five months, June 1 to July 31 is counted as one month).

SYNC Grace Period
There is no SYNC Grace Period. If the SYNC is successfully executed during an add, renew, auto-renew, or transfer grace period, the following rules apply:
• Add: A domain name can be synchronized within the add grace period. The SYNC command will not extend the domain name registration beyond the 10-year registration limit. If the domain name is deleted during the add grace period, the sponsoring registrar is credited for the amount of the registration only and not the SYNC.
• Renew and Auto-Renew: A domain name can be synchronized within the renew and auto-renew grace period. The SYNC command will not extend the domain name registration beyond the 10-year registration limit. If the domain name is deleted during the renew or auto-renew grace period, then the sponsoring registrar is credited for only the renewal or auto-renewal and not the SYNC.
• Transfer: A domain name can be synchronized within the transfer grace period. The SYNC command will not extend the domain name registration beyond the 10-year registration limit. If the domain name is deleted during the transfer grace period, the sponsoring registrar is credited for the amount of the transfer only and not the SYNC.

28. Abuse Prevention and Mitigation

Our policies require that controls are in place (and will remain in place) that are in compliance with the RRA, including multi-factor authentication (See Security Audit Report), as well as requiring multiple points of contact for update, transfer, and deletion requests and notification of multiple, unique points of contact when a domain has been modified (updated, transferred, deleted, etc.)

Abuse Prevention Policy

Use of the Domain Name
For each domain name registered by Registrar (on behalf of itself or a registrant), Registrar shall:

A. Ensure that the domain name is not registered, used, displayed, or exploited in contravention or violation of these policies or any other policies regarding .shop, in contravention of the laws of any jurisdiction where the domain name is accessible, or for any unlawful purpose, including, but not limited to, child pornography, child entrapment or abuse, advocacy of hatred, bigotry, or violence towards persons or groups on the basis of their religion, race, ethnicity, sexual orientation, or other immutable characteristics, theft of email service, or as a source of unsolicited bulk email or as an address to use for replying to unsolicited bulk email;

B. Ensure that the registration, use, display, and exploit of any domain name is done in good faith, and in accordance with international, federal, and state laws and regulations;

C. Not publicly offer, advertise, or otherwise make available the delegation of subdomains from the domain name;

D. Recognize that the use of the domain name may be subject to applicable laws in all jurisdictions in which the domain name is used or accessible, including those concerning trademarks and other types of intellectual property.

1) Single Abuse Point of Contact
The single abuse point of contact will be the network security administrator. As the network security administrator it is his⁄her job to have intricate knowledge about the registry and the network at Commercial Connect. This includes the following:
• Knowledge of how systems interact with the Commercial Connect Registry
• Intricate knowledge of which application on the registry have access to outside the network (internet)
• Be able to provide knowledge of the firewalls in place on the registry system
• Provide reports of usage on the registry (reports and log files on traffic)
• Also have intricate knowledge of any possible security risks or threats to the network or registry and be able to provide appropriate solutions to when threats or risks are discovered.

The plan for reaching this person during a single abuse point of contact will be to call customer support who will then determine if the appropriate action is to notify the network security administrator. The network security or a network security analyst backup will be on-call 24⁄7 for emergency issues. The abuse can be replayed through telephone or website inquiry. The implementation plan will ensure that this link, along with UDRP and other key policies are located at the bottom of our website and can be distributed in our WHOIS replied. The Senior Network Security office will receive all emails and phone calls related to abuse. The Senior Network Security Office or a network security analyst backup will be on-call 24⁄7 for emergency issues.

2) Handling of Complaints of Abuse
The handling of complaints of abuse will be followed in the following fashion. The first person of contact will be customer support who will help with basic troubles like log in information and any other basic account or connectivity problems. From there it will go to a network engineer who will help if a network device or registry system seems to be the trouble. From the network engineer it will then go to the Network Security Officer if it is believed that any sensitive or private information was accidently given out or if a major registry system⁄network system is failing. If the Network Security Officer is unable to resolve the issue, he will confer with network engineers, legal staff and⁄or administration and take the steps appropriate to resolve the situation or see that it has the proper attention.

3) Policy for glued orphans
The policy for glued orphans will be to change their name servers to show as invalid. This issue most not likely will occur until such a time that it is reported as abusive. Whether casual observance or an abuse situation, the Data Integrity Supervisor will be responsible for verifying and⁄or changing that status of glued orphan records and notify, by email, the domain owner, admin, and tech about the orphaned domain.

The owner, admin, and tech will then be allowed to change to another domain name server through their sponsoring registrar.


WHOIS Accuracy

Our WHOIS accuracy is directly tied to our verification process. Applicants are required to be verified annually, and this stringent verification process is what is available in the WHOIS record. This virtually eliminates the possibility of inaccurate or false WHOIS data.

Number and description of personnel roles in Abuse Prevention and Mitigation

3 – Customer Support⁄technical staff : These employees will be specifically trained on the proper way to handle support emails and phone calls as well as being trained to the level of N+ certification.
1 – Senior Customer Support Manager: Manages and helps out support staff that may have trouble with certain support calls or emails. Also is in charge of deciding if the situation is important enough to pass on to the Senior Network Engineer.
2 – Senior Network Engineer (one is Data Integrity Supervisor ): Is responsible for day to day tasks on the network including maintenance. Accepts support emails and support calls if the Senior Customer Support Manager deems the issue in question necessary for the Senior Network Engineer. If the Senior Network Engineer sees that the issue is important enough will pass the issue up to the Network Administrator.
1 – Network Security Officer: Is responsible for the overall health and security for the entire network and registry. It is the Network Security Administrators job to know the intricate workings of the entire network and registry operations. The network security administrator is also the single point of contact for abuse.

The following is extracted from our abuse prevention policy:

1.1 Commercial Connect LLC and the .shop domain name must only be used for lawful purposes. The creation, transmission, distribution, storage of, or linking to any material in violation of applicable law or regulation is prohibited. This may include, but is not limited to, the following:

(1) Communication, publication or distribution of material (including through links or framing) that infringes upon the intellectual and⁄or industrial property rights of another person. Intellectual and⁄or industrial property rights include, but are not limited to: copyrights (including future copyright), design rights, patents, patent applications, trademarks, rights of personality, and trade secret information.

(2) Use of a .shop domain name in circumstances in which:
(a) The .shop domain name is identical or confusingly similar to a personal name, company, business or other legal or trading name as registered with the United States government or other international rights and channels, or a trade or service mark in which a third party complainant has uncontested rights, including without limitation in circumstances in which:
(i) The use deceives or confuses others in relation to goods or services for which a trademark is registered in the United States or other similar international rights and channels, or in respect of similar goods or closely related services, against the wishes of the registered proprietor of the trademark; or
(ii) The use deceives or confuses others in relation to goods or services in respect of which an unregistered trademark or service mark has become distinctive of the goods or services of a third party complainant, and in which the third party complainant has established a sufficient reputation under United States government guidelines or other similar international rights and channels, against the wishes of the third party complainant; or
(iii) The use trades on or passes-off a .shop domain name or a website or other content or services accessed through resolution of a .shop domain as being the same as or endorsed, authorized, associated or affiliated with the established business, name or reputation of another; or
(iv) The use constitutes intentionally misleading or deceptive conduct in breach of US trademark recommendations, or the laws of the United States government or related international rights; or
(b) The .shop domain name has been used in bad faith, including without limitation the following:
(i) The User has used the .shop domain name primarily for the purpose of unlawfully disrupting the business or activities of another person; or
(ii) By using the .shop domain name, the user has intentionally created a likelihood of confusion with respect to the third party complainant s intellectual or industrial property rights and the source, sponsorship, affiliation, or endorsement of website(s), email, or other online locations or services or of a product or service available on or through resolution of a .shop domain name;
(iii) For the purpose of unlawfully selling, renting or otherwise transferring the domain name to an entity or to a commercial competitor of an entity, for valuable consideration in excess of a user’s documented out-of-pocket costs directly associated with acquiring the domain name;
(iv) As a blocking registration against a name or mark in which a third party has superior intellectual or industrial property rights.

(3) A .shop domain name registration which is part of a pattern of registrations where the user has registered domain names which correspond to well-known names or trademarks in which the user has no apparent rights, and the .shop domain name is part of that pattern;

(4) The .shop domain name was registered arising out of a relationship between two parties, and it was mutually agreed, as evidenced by writing, that the registrant would be an entity other than that currently in the register.

(5) Unlawful communication, publication or distribution of registered and unregistered know-how, confidential information and trade secrets.

(6) Communication, publication or distribution, either directly or by way of embedded links, of images or materials (including, but not limited to blatantly deviant, abusive and unlawful pornographic material and images or materials as defined under the US justice system) where such communication, publication or distribution is prohibited by or constitutes an offense under the laws of the United States government, whether incorporated directly into or linked from a web site, email, posting to a news group, internet forum, instant messaging notice which makes use of domain name resolution services in the .shop TLD.
Material that is considered blatantly deviant, abusive and unlawfully pornographic, indecent, and⁄or obscene or which is otherwise prohibited includes, by way of example and without limitation, real or manipulated images depicting child pornography, bestiality, excessively violent or sexually violent material, and material containing detailed instructions regarding how to commit a crime, an act of violence, or how to prepare and⁄or use illegal drugs.

(7) Communication, publication or distribution of defamatory material or material that constitutes racial vilification.

(8) Communication, publication or distribution of material that constitutes an illegal threat or encourages conduct that may constitute a criminal offense.

(9) Communication, publication or distribution of material that is in contempt of the orders of a court or another authoritative government branch, within the United States government.

(10) Use, communication, publication or distribution of software, technical information or other data that violates export control laws.

(11) Use, communication, publication or distribution of confidential or personal information or data which violates any right of privacy including confidential or personal information about persons that is collected without their knowledge or consent.

2. ELECTRONIC MAIL

2.1 We have the option to suspend your domain name for the following
Activities:

(1) Communicating, transmitting or sending unsolicited bulk email messages or other electronic communications (“junk mail” or “Spam”) of any kind including, but not limited to, unsolicited commercial advertising, informational announcements, and political or religious tracts as outlined in the current provisions and requirements of the United States government.

(2) Communicating, transmitting or sending any material by email or otherwise that harasses, or has the effect of harassing, another person or that threatens or encourages bodily harm or destruction of property including, but not limited to, malicious email and flooding a user, site, or server with very large or numerous pieces of email or illegitimate service requests.

(3) Communicating, transmitting, sending, creating, or forwarding fraudulent offers to sell or buy products, messages about “make-money fast”, “pyramid” or “Ponzi” type schemes or similar schemes, and “chain letters” whether or not the recipient wishes to receive such messages.

(4) Adding, removing, modifying or forging network header information with the effect of misleading or deceiving another person or attempting to impersonate another person by using forged headers or other identifying information (“Spoofing”).

3. Disruption of Commercial Connect, LLC Network

3.1 No-one may use Commercial Connect, LLC or a .shop domain name for the purpose of:

(1) Restricting or inhibiting any person in their use or enjoyment of Commercial Connect, LLC or a .shop domain name or any service or product of Commercial Connect, LLC.

(2) Actually or purportedly reselling Commercial Connect, LLC services and products without the prior written consent of Commercial Connect LLC.

(3) Transmitting any communications or activity which may involve deceptive marketing practices such as the fraudulent offering of products, items, or services to any other party.

(4) Providing false or misleading information to Commercial Connect, LLC or to any other party through the Commercial Connect network.

(5) Facilitating or aiding the transmission of confidential information, private, or stolen data such as credit card information (without the owner s or cardholder’s consent).

4. CONSUMER PROTECTION, FAIR TRADING

4.1 A user using a .shop domain to sell goods or services over the Internet must provide clear links with sufficient and accurate contact details on such website so that consumers have the ability to contact the seller of such goods or services, and so that customers and prospective customers are clearly advised of any territorial limitations on the offer, sale or provision of any goods or services offered, sold or provided, and of any applicable laws, jurisdiction or US government recommendations. In the event that it is credibly alleged that a .shop domain name registrant has not followed such laws, Commercial Connect, LLC will furnish the contact details for the registrant in accordance with the Commercial Connect, LLC Privacy Policy.

5. NETWORK INTEGRITY AND SECURITY

5.1 Users are prohibited from circumventing or attempting to circumvent the security of any host, network or accounts (“cracking” or “hacking”) on, related to, or accessed through the Commercial Connect, LLC network. This includes, but is not limited to:

(1) Accessing data not intended for such user;

(2) Logging into a server or account which such user is not expressly authorized to access;

(3) Falsifying a username or password;

(4) Probing the security of other networks;

(5) Executing any form of network monitoring which will intercept data not intended for such user.

5.2 Users are prohibited from effecting any network security breach or disruption of any internet communications including, but not limited to:

(1) Accessing data of which such user is not an intended recipient; or

(2) Logging onto a server or account which such user is not expressly authorized to access.

For the purposes of this section 5.2, “disruption” includes, but is not limited to:
Port scans, ping floods, packet spoofing; forged routing information; deliberate attempts to overload a service, and attempts to “crash” host; using Commercial Connect, LLC in connection with the use of any program, script, command, or sending of messages to interfere with another user’s terminal session by any means, locally or by the Internet.

5.3 Users who compromise or disrupt the Commercial Connect network systems or security may incur criminal or civil liability. Commercial Connect will investigate any such incidents and will cooperate with law enforcement agencies if a crime is suspected to have taken place.

NON-EXCLUSIVE, NON-EXHAUSTIVE

This Abuse Prevention Policy is intended to provide guidance as to what constitutes acceptable use of Commercial Connect, LLC and of the .shop domain name. However, this policy is neither exhaustive nor exclusive.

COMPLAINTS

Persons who wish to notify Commercial Connect, LLC of abusive conduct in violation of this policy may report the same pursuant, which is instituted by submitting to Commercial Connect a completed Use Policy Violation Complaint Form.

ENFORCEMENT

Commercial Connect, LLC may, in its sole discretion, suspend or terminate a user’s service for violation of any of the requirements or provisions of the United States government on receipt of a complaint if Commercial Connect LLC believes suspension or termination is necessary to comply with the law, protect the public interest, prevent unlawful activity or protect the health, safety, or privacy of an individual.

If immediate action is not required, Commercial Connect, LLC will work with registrants and a complainant to remedy violations.

LIMITATION OF LIABILITY

In no event shall Commercial Connect, LLC be liable to any user of the network, any customer, nor any third party for any direct, indirect, special or consequential damages for actions taken pursuant to this policy, including, but not limited to, any lost profits, business interruption, loss of programs or other data, or otherwise, even if Commercial Connect, LLC was advised of the possibility of such damages. Commercial Connect’s liability for any breach of a condition or warranty implied by the registration Agreement or this policy shall be limited to the maximum extent possible to one of the following (as Commercial Connect may determine):

(I) Supplying the services again; or

(ii) Paying the cost of having the services supplied again.

REMOVAL OF CONTENT RESPONSIBILITY

At its sole discretion, Commercial Connect, LLC reserves the right to:

(i) Remove or alter content, zone file data or other material from its servers provided by any person that violates the provisions or requirements of this policy; or

(ii) Terminate access to Commercial Connect, LLC’s domain name by any person that is determined to have violated the provisions or requirements of this policy.

In any regard, Commercial Connect, LLC is not responsible for the content or message of any newsgroup posting, email message, or web site regardless of whether access to such content or message was facilitated by the Commercial Connect network. Commercial Connect, LLC does not have any duty to take any action with respect to such content or message by creating this abuse prevention user’s policy, and Users of Commercial Connect, LLC are obliged and required to ensure that their use of a .shop domain name or Commercial Connect, LLC is at all times in accordance with the requirements of this abuse prevention policy and any applicable laws and⁄or regulations.

Law Enforcement Response

Commercial Connect will respond to law enforcement requests within 24 hours in most cases, or whatever is applicable, dependent on the violation or request from the governmental agency.

This is extracted from our anticipated RRA Agreement:

Registry-Registrar Agreement

This Registry-Registrar Agreement (this ʺAgreementʺ) is between Commercial Connec,t LLC dba Commercial Connect, a Delaware corporation, with its principal place of business located in Louisville, KY, USA (ʺRegistry Operatorʺ), and [Registrarʹs name], a [jurisdiction and type of organization], with its principal place of business located at [Registrarʹs location] (ʺRegistrarʺ).

WHEREAS, Registry Operator has entered a Registry Agreement with the Internet Corporation for Assigned Names and Numbers to operate a shared registration system and related services, TLD nameservers, and other equipment for the .shop top-level domain and the .shop second-level domains (collectively the ʺ.shop TLDʺ);

WHEREAS, multiple registrars will provide Internet domain name registration services within the .shop TLD; and

WHEREAS, Registrar wishes to act as a registrar for domain names within the .shop TLD,

NOW, THEREFORE, for and in consideration of the mutual promises, benefits and covenants contained herein and for other good and valuable consideration, the receipt, adequacy and sufficiency of which are hereby acknowledged, Registry Operator and Registrar, intending to be legally bound, hereby agree as follows:
1.17. The ʺVerification Toolkitʺ may be used to verify the right of an applicant for a Registered Name to register in the .shop TLD.
1.18. “TOU” means the Terms of Use Agreement between Registrar and Registered Name Holder.
Other terms used in this Agreement as defined terms shall have the meanings ascribed to them in the context in which they are defined.

2. OBLIGATIONS OF REGISTRY OPERATOR
2.1. Access to Registry System. Throughout the Term, Registry Operator shall provide Registrar with access as a registrar to the Registry System that Registry Operator operates according to its arrangements with ICANN. Nothing in this Agreement entitles Registrar to enforce any agreement between Registry Operator and ICANN.
2.2. Maintenance of Registrations Sponsored by Registrar. Subject to the provisions of this Agreement, the Registry Agreement, ICANN requirements, and Registry Operator requirements authorized by ICANN, Registry Operator shall maintain the registrations of Registered Names sponsored by Registrar in the Registry System during the term for which Registrar has paid the fees required.
2.3. Provision of Toolkit; License.
2.3.1. After the Effective Date and at least seven days prior to the date on which Registrar will begin operations in the .shop TLD, Registry Operator shall provide to Registrar a copy of the Registrar Toolkit, which shall provide sufficient technical specifications to allow Registrar to interface with the Registry System and employ the features of the Registry System that are available to Registrars for purposes of offering Registry Services. Subject to the terms and conditions of this Agreement, Registry Operator hereby grants Registrar and Registrar accepts a non-exclusive, non-transferable, worldwide limited license to use for the Term and purposes of this Agreement all components owned by or licensed to Registry Operator in and to the RRP, APIs, any reference client software and any other intellectual property included in the Registrar Toolkit, as well as updates and redesigns thereof, to provide domain name registration services in the .shop TLD only and for no other purpose.
2.3.2. After the Effective Date, Registry Operator may offer additional Toolkits described herein. Subject to the terms and conditions of this Agreement, Registry Operator hereby grants Registrar and Registrar accepts a non-exclusive, non-transferable worldwide limited license to use for the Term and purposes of this Agreement all components owned by or licensed to Registry Operator in and to the software and any other intellectual property included in such Toolkits, as well as updates and redesigns thereof, for the following purposes only and for no other purpose.
a. Verification Toolkit: for purposes of verifying domain name registration in the .shop TLD only and for no other purpose.
b. Additional Toolkits that Registry Operator may offer from time to time, to be provided on a basis and subject to licensing provisions of this Agreement. Registry Operator shall promptly notify Registrar regarding the Toolkit as such Toolkit becomes available.
2.4. Changes to System. Registry Operator may from time to time make modifications to the RRP, APIs, or other software licensed hereunder that will modify, revise or augment the features of the Registry System. Registry Operator will provide Registrar with at least ninety days’ notice prior to the implementation of any material changes to the RRP, APIs or software licensed hereunder. This notice period shall not apply in the event Registry Operatorʹs system is subject to the imminent threat of failure or a material security threat, or there is the discovery of a major security vulnerability or a Denial of Service (DoS) attack where the Registry Operatorʹs systems are rendered inaccessible by being subject to (i) excessive levels of data traffic, (ii) unauthorized traffic, or (iii) data traffic not conforming to the protocols used by the Registry Operatorʹs system.
2.5. Engineering and Customer Service Support. Registry Operator shall provide Registrar with engineering and customer service support.
2.6. Handling of Personal Data. Registry Operator shall notify Registrar of the purposes for which Personal Data submitted to Registry Operator by Registrar is collected, the intended recipients (or categories of recipients) of such Personal Data, and the mechanism for access to and correction of such Personal Data. Registrar shall provide all such information to holders of Registered Names it sponsors in the .shop TLD promptly upon receipt from Registry Operator. Registry Operator shall take reasonable steps to protect Personal Data from loss, misuse, unauthorized disclosure, alteration or destruction. Registry Operator shall not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars.
2.7. Service Level Agreement. Registry Operator shall issue credits to Registrar as described in, and shall otherwise comply with its known obligations.
2.8. ICANN Requirements. Registry Operatorʹs obligations hereunder are subject to modifications from time to time as the result of ICANN-mandated requirements and consensus policies. Notwithstanding anything in this Agreement to the contrary, Registrar shall comply with any such ICANN requirements and shall require any Registered Name Holder to comply with such requirements in accordance with implementation schedules and arrangements established by ICANN or the Registry Operator.
2.9. TOU. Registry Operator shall provide to Registrar a TOU. Registry Operator shall conduct random tests on samples of registered names to ensure compliance with the terms of The TOU.

3. OBLIGATIONS OF REGISTRAR
3.1. Accredited Registrar. During the Term of this Agreement, Registrar shall maintain in full force and effect its accreditation by ICANN as a registrar for the Registry TLD.
3.2. Registrar Responsibility for Customer Support. Registrar shall at a minimum provide (i) support to accept orders for Registered Names, including registrations, cancellations, deletions, and transfers, and (ii) customer service (including domain name record support) and billing and technical support to Registered Name Holders.
3.3. Registrarʹs Registration Agreement. At all times while it is sponsoring the registration of any Registered Name within the Registry System, Registrar shall have in effect an electronic or paper registration agreement with the Registered Name Holder. Registrar may from time to time amend those forms of registration agreement or add alternative forms of registration agreement, provided a copy of the amended or alternative registration agreement is furnished to the Registry Operator fourteen (14) calendar days in advance of the use of such amended registration agreement. Registrar shall include in its registration agreement with each Registered Name Holder those terms required by this Agreement and other terms that are consistent with Registrarʹs obligations to Registry Operator under this Agreement.
3.4. Indemnification Required of Registered Name Holders. In its registration agreement with each Registered Name Holder, Registrar shall require such Registered Name Holder to indemnify, defend and hold harmless Registry Operator, its subsidiaries, affiliates, divisions, shareholders, directors, officers, employees, accountants, attorneys, insurers, agents, predecessors, successors and assigns, from any and all claims, demands, losses, costs, expenses, causes of action or other liabilities of any kind, whether known or unknown, in any way arising out of, relating to, or otherwise in connection with the Registered Name Holderʹs domain name registration. The registration agreement shall further require that this indemnification obligation survive the termination or expiration of the registration agreement.
3.5. Data Submission Requirements. As part of its registration and sponsorship of Registered Names in the Registry TLD, Registrar shall submit complete data as required by technical and policy specifications of the Registry System that are made available to Registrar from time to time. Registrar shall be responsible for verifying the accuracy of the data submitted to the Registry Operator. Registrar hereby grants Registry Operator a non-exclusive, non-transferable, limited license to such data for propagation of and the provision of authorized access to the TLD zone files and as otherwise required in Registry Operatorʹs operation of the Registry TLD. This Subsection 3.5 does not limit the Registry Operatorʹs ability to directly receive data from Registered Name Holders.
3.6. Security. Registrar shall develop and employ in its domain name registration business all necessary technology and restrictions to ensure that its connection to the Registry System is secure and that all data exchanged between Registrarʹs system and the Registry System shall be protected to avoid unintended disclosure of information. Each RRP session shall be authenticated and encrypted using two-way secure socket layer protocol. Registrar agrees to authenticate every RRP client connection with the Registry System using both an X.509 server certificate issued by a commercial Certificate Authority identified by Registry Operator and its Registrar password, which it shall disclose only to its employees and contractors with a need to know and an obligation not to disclose. Registrar agrees to notify Registry Operator within four hours of learning that its Registrar password has been compromised in any way or if its server certificate has been revoked by the issuing Certificate Authority or compromised in any way. Registrar shall employ the necessary measures to prevent its access to the Registry System granted hereunder from being used to (i) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than its own existing customers; or (ii) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, any other registry operated under an agreement with ICANN, or any ICANN-accredited registrar, except as reasonably necessary to register domain names or modify existing registrations.
3.7. Resolution of Technical Problems. Registrar shall employ necessary employees, contractors, or agents with sufficient technical training and experience to respond to and fix all technical problems concerning the use of the RRP, the APIs and the systems of Registry Operator in conjunction with Registrarʹs systems. In the event of significant degradation of the Registry System or other emergency, Registry Operator may, in its sole discretion, temporarily suspend Registrarʹs access to the Registry System. Such temporary suspensions shall be applied in a non-arbitrary manner and shall apply fairly to any registrar similarly situated, including affiliates of Registry Operator.
3.8. Time. In the event of any dispute concerning the time of the entry of a domain name registration into the Registry database, the time shown in the Registry records shall control.
3.9. Change in Registrar Sponsoring Domain Name. Registrar may assume sponsorship of a Registered Name Holderʹs existing domain name registration from another registrar by following the policy. When transferring sponsorship of a Registered Name to or from another registrar, Registrar shall comply with the requirements.
3.10. Compliance with Terms and Conditions. Registrar shall comply with, and shall include in its registration agreement with each Registered Name Holder as appropriate, all of the following:
3.10.1. ICANN standards, policies, procedures, and practices for which Registry Operator has responsibility in accordance with the Registry Agreement or other arrangement with ICANN; and
3.10.2. operational standards, policies, procedures, and practices for the Registry TLD established from time to time by Registry Operator in a manner consistent with the Registry Agreement and its Appendices, and consistent with ICANNʹs standards, policies, procedures, and practices. Among Registry Operatorʹs operational standards, policies, procedures, and practices, Additional or revised Registry Operator operational standards, policies, procedures, and practices for the Registry TLD shall be effective upon thirty days’ notice by Registry Operator to Registrar; and
3.10.3. The TOU.
3.11. Restrictions on Registered Names. In addition to complying with ICANN and Registry Operator standards, policies, procedures, and practices limiting domain names that may be registered, Registrar agrees to comply with applicable statutes and regulations limiting the domain names that may be registered.
3.12. Service Level Agreement. Registrar shall comply with its obligations.
3.13. Compliance Monitoring and Enforcement. Registrar agrees to comply with and facilitate random tests on samples of registered names to ensure compliance with the TOU. In addition, Registrar agrees to enforce the terms of the TOU as they relate to the Registered Name Holder as directed by the Registry Operator. In the event of a dispute between the Registry Operator and the Registrar,
Registrar agrees to defer to the opinion of the Registry Operator.

4. FEES
4.1. Amount of Registry Operator Fees. Registrar agrees to pay Registry Operator the fees set for initial and renewal registrations and other Registry Services provided by Registry Operator to Registrar (collectively, ʺFeesʺ). Registry Operator reserves the right to revise the Fees prospectively upon thirty days’ notice to Registrar, provided that such adjustments are consistent with Registry Operatorʹs Registry Agreement with ICANN. In addition, Registrar agrees to pay Registry Operator the applicable variable fees assessed to Registry Operator by ICANN, as permitted by Subsection 7.2(c) of the Registry Agreement by no later ten (10) days after the date of an invoice from Registry Operator for such fees.
4.2. Payment of Registry Operator Fees. In advance of incurring Fees, Registrar shall establish a letter of credit, deposit account, or other credit terms accepted by Registry Operator, which acceptance will not be unreasonably withheld. Registry Operator will invoice Registrar monthly in arrears for the Fees incurred by Registrar in the month. All Fees are due immediately upon receipt of Registry Operatorʹs invoice pursuant to the letter of credit, deposit account, or other credit terms.
4.3. Non-Payment of Fees. Registrarʹs timely payment of Fees is a material condition of Registry Operatorʹs obligations under this Agreement. In the event that Registrar fails to pay its Fees within five days of the date when due, Registry Operator may do any or all of the following: (i) stop accepting new initial or renewal registrations from Registrar; (ii) delete the domain names associated with invoices not paid in full from the Registry database; (iii) give written notice of termination of this Agreement and (iv) pursue any other remedy under this Agreement.

5. CONFIDENTIALITY AND INTELLECTUAL PROPERTY
5.1. Use of Confidential Information. During the Term of this Agreement, each party (the ʺDisclosing Partyʺ) may disclose its Confidential Information to the other Party (the ʺReceiving Partyʺ). Each partyʹs use and disclosure of the Confidential Information of the other party shall be subject to the following terms and conditions:
5.1.1. The Receiving Party shall treat as strictly confidential, and use all reasonable efforts to preserve the secrecy and confidentiality of, all Confidential Information of the Disclosing Party, including implementing reasonable physical security measures and operating procedures.
5.1.2. The Receiving Party agrees that it will use any Confidential Information of the Disclosing Party solely for the purpose of exercising its right or performing its obligations under this Agreement and for no other purposes whatsoever.
5.1.3. The Receiving Party shall make no disclosures whatsoever of any Confidential Information of the Disclosing Party to others; provided, however, that if the Receiving Party is a corporation, partnership, or similar entity, disclosure is permitted to the Receiving Partyʹs officers, employees, contractors (including sub-contractors) and agents who have a demonstrable need to know such Confidential Information, provided the Receiving Party shall advise such personnel of the confidential nature of the Confidential Information and of the procedures required to maintain the confidentiality thereof, and shall require them to acknowledge in writing that they have read, understand, and agree to be individually bound by the confidentiality terms of this Agreement.
5.1.4. The Receiving Party shall not modify or remove any confidentiality legends and⁄or copyright notices appearing on any Confidential Information of the Disclosing Party.
5.1.5. The Receiving Party agrees not to prepare any derivative works based on the Confidential Information.
5.1.6. Notwithstanding the foregoing, this imposes no obligation upon the parties with respect to information that (i) is or was disclosed in the absence of a confidentiality agreement and such disclosure is or was with the Disclosing Partyʹs prior written approval; or (ii) is or has entered the public domain through no fault of the Receiving Party; or (iii) is known by the Receiving Party prior to the time of disclosure; or (iv) is independently developed by the Receiving Party without use of the Confidential Information; or (v) is made generally available by the Disclosing Party without restriction on disclosure; or (vi) is necessarily disclosed to verify compliance with the restrictions for registration within the .shop TLD or (vii) is required to be disclosed by order of a court of competent jurisdiction, to the extent required by the order.
5.1.7. The Receiving Partyʹs duties under this shall expire two (2) years after the information is received or earlier, upon written agreement of the Parties.
5.1.8. EXCEPT AS MAY OTHERWISE BE SET FORTH IN A SIGNED, WRITTEN AGREEMENT BETWEEN THE PARTIES, THE PARTIES MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESSED OR IMPLIED, AS TO THE ACCURACY, COMPLETENESS, CONDITION, SUITABILITY, PERFORMANCE, FITNESS FOR A PARTICULAR PURPOSE, OR MERCHANTABILITY OF ANY CONFIDENTIAL INFORMATION, AND THE PARTIES SHALL HAVE NO LIABILITY WHATSOEVER TO ONE ANOTHER RESULTING FROM RECEIPT OR USE OF THE CONFIDENTIAL INFORMATION.
5.2. Intellectual Property.
5.2.1. Each party will continue to independently own its intellectual property, including all patents, trademarks, trade names, service marks, copyrights, trade secrets, proprietary processes and all other forms of intellectual property.
5.2.2. Without limiting the generality of the foregoing, no commercial use rights or any licenses under any patent, patent application, copyright, trademark, know-how, trade secret, or any other intellectual proprietary rights are granted by the Disclosing Party to the Receiving Party by this Agreement, or by any disclosure of any Confidential Information to the Receiving Party under this Agreement.

6. INDEMNITIES AND LIMITATION OF LIABILITY
6.1. Indemnification. Registrar, at its own expense and within thirty days after presentation of a demand by Registry Operator under this Section, will indemnify, defend and hold harmless Registry Operator and its subsidiaries, affiliates, divisions, shareholders, directors, officers, employees, accountants, attorneys, insurers, agents, predecessors, successors and assigns, from any and all claims, demands, losses, costs, expenses, causes of action or other liabilities of any kind, arising out of, relating to, or otherwise in connection with any claim, suit, action, or other proceeding brought against Registry Operator or any subsidiary, affiliate, division, shareholder, director, officer, employee, accountant, attorney, insurer, agent, predecessor, successor or assignee of Registry Operator: (i) relating to any product or service of Registrar; (ii) relating to any agreement, including Registrarʹs dispute policy, with any Registered Name Holder or Registrar; (iii) relating to Registrarʹs failure to comply with its obligations, or breach of representations and warranties under this Agreement; (iv) relating to Registrarʹs access or use of the Registry System in a manner that is inconsistent with the terms of this Agreement; or (v) relating to Registrarʹs domain name registration business, including, but not limited to, Registrarʹs advertising, domain name application process, systems and other processes, fees charged, billing practices and customer service. Registry Operator shall provide Registrar with prompt notice of any such claim, and upon Registrarʹs written request, Registry Operator will provide to Registrar all available information and assistance reasonably necessary for Registrar to defend such claim, provided that Registrar reimburses Registry Operator for Registry Operatorʹs actual and reasonable costs incurred in connection with providing such information and assistance. Registrar will not enter into any settlement or compromise of any such indemnifiable claim without Registry Operatorʹs prior written consent, which consent shall not be unreasonably withheld. Registrar will pay any and all costs, damages, and expenses, including, but not limited to, reasonable attorneysʹ fees awarded against or otherwise incurred by Registry Operator in connection with or arising from any such indemnifiable claim, suit, action or proceeding.
6.2. Representation and Warranty. Registrar represents and warrants that: (i) it is a corporation, limited liability company, partnership or other form of entity, as applicable, duly incorporated, organized or formed, and validly existing and in good standing under the laws of its jurisdiction of incorporation, organization or formation, (ii) it has all requisite corporate power and authority to execute, deliver and perform its obligations under this Agreement, (iii) the execution, performance and delivery of this Agreement has been duly authorized by Registrar, and (iv) no further approval, authorization or consent of any governmental or regulatory authority is required to be obtained or made by Registrar in order for it to enter into and perform its obligations under this Agreement.
6.3. Limitation of Liability. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOST PROFITS) REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL A PARTYʹS MAXIMUM AGGREGATE LIABILITY EXCEED THE TOTAL AMOUNT PAID TO REGISTRY OPERATOR UNDER THE TERMS OF THIS AGREEMENT. BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, IN SUCH JURISDICTIONS, THE PARTIESʹ LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES IS LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.
6.4. Disclaimer of Warranties.
6.4.1. EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT, REGISTRY OPERATOR MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, IN CONNECTION WITH THIS AGREEMENT OR THE REGISTRAR TOOL KIT OR OTHER TOOL KITS, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OF THIRD-PARTY RIGHTS UNLESS SUCH REPRESENTATIONS AND WARRANTIES ARE NOT LEGALLY EXCLUDABLE. WITHOUT ANY LIMITATION TO THE FOREGOING, REGISTRY OPERATOR MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER THAT THE FUNCTIONS CONTAINED IN THE REGISTRAR TOOL KIT OR OTHER TOOL KITS WILL MEET REGISTRARʹS REQUIREMENTS, OR THAT THE OPERATION OF THE REGISTRAR TOOL KIT OR OTHER TOOL KITS WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS IN THE REGISTRAR TOOL KIT OR OTHER TOOL KITS WILL BE CORRECTED. FURTHERMORE, REGISTRY OPERATOR DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OR THE RESULTS OF THE REGISTRAR TOOL KIT OR OTHER TOOL KITS OR RELATED DOCUMENTATION IN TERMS OF THEIR CORRECTNESS, ACCURACY, RELIABILITY, OR OTHERWISE. SHOULD THE REGISTRAR TOOL KIT, OTHER TOOL KITS, OR CERTIFICATE AND VERIFICATION SERVICES PROVE DEFECTIVE, REGISTRAR ASSUMES THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION OF REGISTRARʹS OWN SYSTEMS AND SOFTWARE.
6.4.2. Notwithstanding anything contained herein to the contrary, the Registrar Tool Kit and other toolkits are provided ʺas-isʺ and without any warranty of any kind.

7. INSURANCE
Registrar shall acquire, prior to the Effective Date, at least US$2,000,000 in comprehensive general liability insurance from a reputable insurance provider with an A.M. best rating of ʺAʺ or better and shall maintain insurance meeting these requirements throughout the Term of this Agreement. If Registrar is providing verification and digital security services through means independent of the toolkits provided by the Registry Operator or a Competitive Toolkit Provider (see Appendix L), the amount of the insurance required shall increase to US$5,000,000. Registrar shall name Registry Operator as an additional insured and shall maintain insurance meeting these requirements throughout the Term of this Agreement. Registrar shall on Registry Operatorʹs written request provide a copy of the insurance policy to Registry Operator.

8. DISPUTE RESOLUTION
Disputes arising under or in connection with this Agreement, including requests for specific performance shall be resolved through binding arbitration conducted as provided in this Section pursuant to the rules of the International Court of Arbitration of the International Chamber of Commerce (ʺICCʺ). The arbitration shall be conducted in the English language and shall occur in KY, USA. There shall be three arbitrators: each party shall choose one arbitrator and, if the two arbitrators are not able to agree on a third arbitrator, the third shall be chosen by the ICC. The parties shall bear the costs of the arbitration in equal shares, subject to the right of the arbitrators to reallocate the costs in their award as provided in the ICC rules. The parties shall bear their own attorneysʹ fees in connection with the arbitration, and the arbitrators may not reallocate the attorneysʹ fees in conjunction with their award. The arbitrators shall render their decision within ninety days of the initiation of arbitration. Any litigation brought to enforce an arbitration award shall be brought in a court located in Jefferson County, KY, USA; however, the parties shall also have the right to enforce a judgment of such a court in any court of competent jurisdiction. For the purpose of aiding the arbitration and⁄or preserving the rights of a Party during the pendency of arbitration, each Party shall have the right to seek temporary or preliminary injunctive relief from the arbitration panel or a court located in Jefferson County, KY, USA, which shall not be a waiver of this arbitration agreement.

9. TERM AND TERMINATION
9.1. Term of the Agreement; Revisions. The term of this Agreement shall commence on the Effective Date and, unless earlier terminated in accordance with the provisions of this Agreement, shall expire on the last day of the calendar month which is sixty months after the Effective Date (the ʺTermʺ). In the event that revisions to Registry Operatorʹs approved form of Registry-Registrar Agreement are approved or adopted by ICANN, Registrar will either execute an amendment substituting the revised agreement in place of this Agreement or, at its option exercised within fifteen days after receiving notice of such amendment, terminate this Agreement immediately by giving written notice to Registry Operator. In the event that Registry Operator does not receive such executed amendment or notice of termination of this Agreement from Registrar within such fifteen-day period, Registrar shall be deemed to have accepted such amendment.
9.2. Termination. This Agreement may be terminated as follows:
9.2.1. Termination for Cause. In the event that either party materially breaches any of its obligations under this Agreement and such breach is not substantially cured within thirty calendar days after written notice thereof is given by the other party, then the non-breaching party may, by giving written notice thereof to the other party, terminate this Agreement as of the date specified in such notice of termination.
9.2.2. Termination at Option of Registrar. Registrar may terminate this Agreement at any time by giving Registry Operator thirty days’ notice of termination.
9.2.3. Termination upon Loss of Registrarʹs Accreditation. This Agreement shall terminate in the event Registrarʹs accreditation by ICANN is terminated or expires without renewal. Notwithstanding the foregoing, Registrar may assign this Agreement.
9.2.4. Termination in the Event of Termination of Registry Agreement. This Agreement shall terminate in the event that Registry Operatorʹs Registry Agreement with ICANN is terminated or expires without entry of a subsequent Registry Agreement with ICANN and this Agreement is not assigned.
9.2.5. Termination in the Event of Insolvency or Bankruptcy. Either Party may terminate this Agreement if the other Party is adjudged insolvent or bankrupt, or if proceedings are instituted by or against a Party seeking relief, reorganization or arrangement under the laws of such insolvent or bankrupt Partyʹs jurisdiction relating to insolvency, or seeking any assignment for the benefit of creditors, or seeking the appointment of a receiver, liquidator or trustee of a Partyʹs property or assets or the liquidation, dissolution or winding up of a Partyʹs business.
9.3. Effect of Termination. Upon the expiration or termination of this Agreement for any reason:
9.3.1. Registry Operator will complete the registration of all domain names processed by Registrar prior to the effective date of such expiration or termination, provided that Registrarʹs payments to Registry Operator for Fees are current and timely.
9.3.2. Registrar shall immediately transfer its sponsorship of all Registered Names to another Authorized Registrar in compliance with any procedures established or approved by ICANN. The Authorized Registrar receiving sponsorship of the Registered Names shall be responsible for all unpaid fees, if any.
9.3.3. All Confidential Information of the Disclosing Party in the possession of the Receiving Party shall be immediately returned to the Disclosing Party.
9.3.4. All Fees owing to Registry Operator shall become immediately due and payable.
9.4. Survival. In the event of termination of this Agreement, the following shall survive: (i) Subsections 2.6, 3.5, 5.1, 5.2, 6.1, 6.3, 6.4, 8.1, 9.4, 10.2, 10.3, 10.4, 10.6, 10.7, 10.9 and 10.10, and (ii) the Registered Name Holderʹs indemnification obligation. Neither Party shall be liable to the other for damages of any sort resulting solely from terminating this Agreement in accordance with its terms.

10. MISCELLANEOUS
10.1. Assignments.
10.1.1. Assignment to Successor Registry Operator. In the event the Registry Operatorʹs Registry Agreement is terminated or expires without entry by Registry Operator and ICANN of a subsequent registry agreement, Registry Operatorʹs rights under this Agreement may be assigned to a company with a subsequent registry agreement covering the Registry TLD upon ICANNʹs giving Registrar written notice within sixty days of the termination or expiration, provided that the subsequent registry operator assumes the duties of Registry Operator under this Agreement.
10.1.2. Assignment in Connection with Assignment of Agreement with ICANN. In the event that Registry Operatorʹs Registry Agreement with ICANN for the Registry TLD is validly assigned, Registry Operatorʹs rights under this Agreement shall be automatically assigned to the assignee of the Registry Agreement, provided that the assignee assumes the duties of Registry Operator under this Agreement. In the event that Registrarʹs accreditation agreement with ICANN for the Registry TLD is validly assigned, Registry Operatorʹs rights under this Agreement shall be automatically assigned to the assignee of the accreditation agreement, provided that the subsequent registry operator assumes the duties of Registry Operator under this Agreement.
10.1.3. Other Assignments. Except as otherwise expressly provided in this Agreement, the provisions of this Agreement shall inure to the benefit of and be binding upon, the successors and permitted assigns of the parties. Registrar shall not assign or transfer its rights or obligations under this Agreement without the prior written consent of the Registry Operator, which shall not be unreasonably withheld.
10.2. Notices. Any notice or other communication required or permitted to be delivered to any Party under this Agreement shall be in writing and shall be deemed properly delivered, given and received when delivered (by hand, by registered mail, by courier or express delivery service, by e-mail, or by telecopy during business hours) to the address or telecopy number set forth beneath the name of such Party below, unless party has given a notice of a change of address in writing:

With copy to:
If to Registry Operator:
Registry Services Corporation dba Commercial Connect LLC, a Delaware corporation
1416 S. Third St.
Louisville, KY USA 40208-2117
Attention: CEO
Telephone: + 1 502 636-3091
Facsimile: + 1 502 634-1484
With a copy to:
Registry Services Corporation dba Commercial Connect, a Delaware corporation
1416 S. Third St.
Louisville, KY USA 40208-2117
Attention: Policy Director
Telephone: + 1 502 636-3091
Facsimile: + 1 502 634-1484

10.3. Third-Party Beneficiaries. The Parties expressly agree that ICANN is an intended third-party beneficiary of this Agreement. Otherwise, this Agreement shall not be construed to create any obligation by either party to any non-party to this Agreement, including any holder of a Registered Name. Registrar expressly acknowledges that it is not a third party beneficiary of the Registry Agreement and does not by reason of this Agreement obtain any rights thereunder in any respect.
10.4. Relationship of the Parties. Nothing in this Agreement shall be construed as creating an employer-employee or agency relationship, a partnership or a joint venture between the parties.
10.5. Force Majeure. Neither party shall be liable to the other for any loss or damage resulting from any cause beyond its reasonable control (a ʺForce Majeure Eventʺ) including, but not limited to, insurrection or civil disorder, war or military operations, national or local emergency, acts or omissions of government or other competent authority, compliance with any statutory obligation or executive order, industrial disputes of any kind (whether or not involving either partyʹs employees), fire, lightning, explosion, flood subsidence, weather of exceptional severity, and acts or omissions of persons for whom neither party is responsible. Upon occurrence of a Force Majeure Event and to the extent such occurrence interferes with either partyʹs performance of this Agreement, such party shall be excused from performance of its obligations (other than payment obligations) during the first six months of such interference, provided that such party uses best efforts to avoid or remove such causes of nonperformance as soon as possible.
10.6. Amendments. Except as otherwise expressly stated in this Agreement, no amendment, supplement, or modification of this Agreement or any provision hereof shall be binding unless executed in writing by both parties.
10.7. Waivers. No failure on the part of either party to exercise any power, right, privilege or remedy under this Agreement, and no delay on the part of either party in exercising any power, right, privilege or remedy under this Agreement, shall operate as a waiver of such power, right, privilege or remedy; and no single or partial exercise or waiver of any such power, right, privilege or remedy shall preclude any other or further exercise thereof or of any other power, right, privilege or remedy. Neither party shall be deemed to have waived any claim arising out of this Agreement, or any power, right, privilege or remedy under this Agreement, unless the waiver of such claim, power, right, privilege or remedy is expressly set forth in a written instrument duly executed and delivered on behalf of such party; and any such waiver shall not be applicable or have any effect except in the specific instance in which it is given.
10.8. Further Assurances. Each party hereto shall execute and⁄or cause to be delivered to each other Party hereto such instruments and other documents, and shall take such other actions, as such other Party may reasonably request for the purpose of carrying out or evidencing any of the transactions contemplated by this Agreement.
10.9. Entire Agreement. This Agreement (including its exhibits, which form a part of it) constitutes the entire agreement between the parties concerning the subject matter of this Agreement and supersedes any prior agreements, representations, statements, negotiations, understandings, proposals or undertakings, oral or written, with respect to the subject matter expressly set forth herein.
10.10. Governing Law. This Agreement is governed by the laws of the State of Kentucky, USA.
IN WITNESS WHEREOF, the Parties hereto have executed this Agreement as of the date set forth in the first paragraph hereof.

• Registry Services Corporation dba Commercial Connect, a Deleware corporation.

Exhibit A: Registrar Toolkit

The Registrar Toolkit (RTK) is a software development kit that will support the development of a registrar software system for registering domain names within the .shop registry using the registry-registrar protocol (RRP) used in the .shop TLD registry. The RTK will consist of software and documentation as described below.
The software will consist of a working Java sample that can be used to implement the EPP protocol that is used to communicate between the registry and Registrar. The samples will illustrate how XML requests (Registration Events) can be assembled and forwarded to the registry for processing. The software will provide the Registrar with the basis for a reference implementation that conforms to the RRP.

The documentation will provide the registrar with details of the RRP protocol specification. The documentation will also include a description of the API implemented within the RTK software.
The RTK will remain under continuous development and will provide support for additional features as they become available, as well as other platform and language support. Changes to the Registry System will be made in compliance with Subsection 2.4 of this Agreement.

Registry Toolkit shall be subject to the license set forth in Subsection 2.3 of this Agreement.
ADDITIONAL TOOLKITS
Verification Toolkit: Registry Operator may offer a toolkit service to Registrar, through which Registry Operator or a sub-contractor(s) will verify all the right of an applicant for a Registered Name to register in the .shop TLD.
Additional Toolkits: If Registry Operator offers additional Toolkits from time to time, they will be provided on a similar basis and subject to similar licensing provisions as Subsection 2.3.2 of this Agreement.
Additional Policies: The Registry Operator toolkits are provided in addition to, and separate from, Registry Operatorʹs policies and specifications for manual verifications that may be conducted by Registrar or competitive toolkits that may be used by Registrar to verify the qualifications of a .shop applicant.

________________________________________
Exhibit B: Engineering and Customer Service Support
Registry Operator will provide a wide range of customer service options to Registrars, including:
• Telephone and e-mail support for incidents requiring an interactive response from RegistryPro representatives.
• Web based tools allowing Registrars to obtain information about their accounts and diagnose problems they may be having with the Registry.
• Automatically generated reports.

These customer service options are intended to provide Registrars with responses to general inquiries relating to registry operations, technical support, account management, and billing and financial issues.

Each of these customer service options is described below.
Telephone and E-mail Support: Telephone and e-mail support will be provided to Registrars to allow them to inform the Registry of service-related issues and obtain information about the registryʹs operations or their accounts. Telephone and e-mail support services can be used to submit issues Registrars may have that cannot be addressed through other customer support avenues.
Registry Operator will provide telephone and e-mail support services for no less than eight hours per day, from 10:00 A.M. until 6:00 P.M. U.S. Eastern Time Monday through Friday, excluding holidays.
Web Based Tools. Registry Operator will provide a variety of web-based tools to provide Registrars information about their accounts and diagnose problems they may be having with the Registry.
Examples of the tools that will be provided include:
• Obtain information on account balances, payments received, and other billing-related information
• Generate reports in real-time, including:
• History of transactions performed on an object within the registry
• History of transactions performed within a specific date range
• History of billing-related transactions performed within a specific date range
• Identify all domain names sponsored by the requesting Registrar associated with a specified name server or contact
Automatically Generated Reports: Registry Operator will provide certain reports to all Registrars on a periodic basis. Examples of these reports include:
• All domains registered, renewed, or deleted within a specific time period by such Registrar
• All billable transactions performed within a specific time period by such Registrar
• All objects currently registered by such Registrar
Security of Customer Support: With the exception of certain simple questions that may be handled by telephone, all customer service requests will be authenticated prior to being acted upon. Each Registrar will designate certain individuals within its organization and specify the types of customer service operations it may authorize, according to Registry Operatorʹs security policies. Requestors will be identified and authenticated through mechanisms that may include the use of passwords and call back numbers for telephone communications, the use of digital signatures for e-mail communications, or the use of digital certificates, passwords, and IP address filters for web-based communications.

Average Call Back Times:

When Registrar emails or faxes a service request to the Customer Support Center, Registry Operator will contact Registrar based on the initial incident priority.
Priority Call Back Time
1 20 minutes
2 1-business hour
3 1-business day
4 2-business days

Average Resolution Time

Registry Operatorʹs goal is to provide Registrars with a rapid response and resolution to inquiries; however the following guidelines may be useful:
Priority Average Resolution Time
1 2-business hours
2 1-business day
3 3-business days
4 5-business days

Ticket Prioritization
All incoming tickets will receive prioritization based on the reported problem. Registry Operator reserves the right to adjust the severity of an issue.

Priority 1 A priority 1 ticket is the highest priority within the Support Center system. The Center will make every reasonable effort within its control to ensure that Registrar is operational as soon as possible. Registry Operator will be in regular contact with Registrar until the problem is resolved. Typical Priority 1 issues include:
• System inoperative

Priority 2 Typically a Priority 2 ticket is for a problem that prevents the Registrar from completing non-registration business but does not cause Registrarʹs use of the registry to become completely inoperable. Registry Operator will make every reasonable effort to resolve the reported problem as soon as possible. Typical Priority 2 issues include:
• Domain-name resolution impacted
• Registration activities impaired
• Registrar access to Registry Services is limited
• Serious installation or upgrade issues (installation and upgrade issues may be considered Priority 1 issues if they seriously impact progress towards completion and⁄or production dates)

Priority 3 A Priority 3 ticket is for a problem that causes a feature or system failure that can be avoided by the Registrar applying alternative methods. Typical Priority 3 issues include the following:
• Reports will not run
• Performance problems
• Functionality issues
• Receiving error messages in the reports
• Receiving console error messages
• Exporting⁄importing data files failing
• Upgrade or installation planning

Priority 4 A Priority 4 ticket is for a minor problem having only a minimal impact on the Registrarʹs business. Typical Priority 4 issues include:
• General product questions
• Product shipment questions

Escalation

The Customer Support Center is committed to resolving all Registrar issues in a timely and efficient manner. However, in the event that Registrar is not satisfied with the support that Registry Operator is providing, there is an escalation process that Registrar may exercise.
If Registrar has not received satisfactory service from the Customer Support Center, escalate concerns through the following resources
1. Account Manager
2. Customer Support Center Director
3. Vice-President of Customer Service

________________________________________
Exhibit C: Registrarʹs Registration Agreement
[To be supplied by Registrar]

________________________________________
Exhibit D: Policy on Transfer of Sponsorship of Registrations between Registrars

A. Holder-Authorized Transfers.

Registrar Requirements:
The registration agreement between Registrar and its Registered Name Holder shall include a provision explaining that a Registered Name Holder will be prohibited from changing its Registrar during the first 60 days after initial registration of the Registered Name with the Registrar, and in no event may such transfers occur until the Registry Live Start Date (as defined in Appendix J to the Registry Agreement). Beginning on the 61st day after the initial registration with Registrar, the procedures for change in sponsoring registrar set forth in this policy shall apply. Enforcement shall be the responsibility of the registrar sponsoring the domain name registration.

A Registered Name Holder may only change its sponsoring registrar to a registrar accredited by ICANN for the .shop TLD that has entered into, and has currently in effect, the Registry-Registrar Agreement with Registry Operator (ʺAuthorized Registrarʺ). For each instance where a Registered Name Holder wants to change its registrar for an existing Registered Name, the gaining Authorized
Registrar shall:

1) Obtain express authorization from an individual who has the apparent authority to legally bind the Registered Name Holder (as reflected in the database of the losing Authorized Registrar).
a) The form of the authorization is at the discretion of each gaining Authorized Registrar.
b) The gaining Authorized Registrar shall retain a record of reliable evidence of the authorization.

2) In those instances when the Authorized Registrar of record is being changed simultaneously with a transfer of a Registered Name from one party to another, the gaining Authorized Registrar shall also obtain appropriate authorization for the transfer. Such authorization shall include, but not be limited to, one of the following:
a) A bilateral agreement between the parties.
b) The final determination of a binding dispute resolution body.
c) A court order.

Before a Registered Name is transferred from one Registered Name Holder to another, the potential new Registered Name Holder must qualify for registration of the Registered Name according to the Registry Agreement (including its Appendices).

3) Request, by the transmission of a ʺtransferʺ command as specified in the RRP, that the registry database be changed to reflect the new Authorized Registrar.
a) Transmission of a ʺtransferʺ command constitutes a representation on the part of the gaining Authorized Registrar that:
(1) The requisite authorization has been obtained from the Registered Name Holder listed in the database of the losing registrar,
(2) The losing registrar will be provided with a copy of the authorization if and when requested, and
(3) The gaining new Registered Name Holder has been has issued a digital certificate or digital security products and verified as eligible to register in such PS-SLD.
In those instances when the Registrar of record denies the requested change of Registrar, the Registrar of record shall notify the prospective gaining Registrar that the request was denied and the reason for the denial.
Instances when the requested change of sponsoring Registrar may be denied include, but are not limited to:
1) Situations described in the Domain Name Dispute Resolution Policy
2) A pending bankruptcy of the Registered Name Holder
3) Dispute over the identity of the Registered Name Holder
4) Request to transfer sponsorship occurs within the first 60 days after the initial registration with the Registrar
In all cases, the losing Registrar shall respond to the e-mail notice regarding the ʺtransferʺ request within five (5) days. Failure to respond will result in a default ʺapprovalʺ of the ʺtransfer.ʺ
Registry Requirements:
Upon receipt of the ʺtransferʺ command from the gaining Registrar, Registry Operator will transmit an e-mail notification to both registrars.
If the object does not have any of the CLIENT-NO-TRANSFER, LOCK, CLIENT-LOCK, HOLD, PENDING-VERIFICATION, or DELETE-PENDING status properties associated with it, Registry Operator shall complete the ʺtransferʺ if either:
1) The losing Registrar expressly ʺapprovesʺ the request, or
2) Registry Operator does not receive a response from the losing Registrar within five (5) days.
When the Registryʹs database has been updated to reflect the change to the gaining Registrar, Registry Operator will transmit an email notification to both Registrars.
Records of Registration:
Each Registered Name Holder shall maintain its own records appropriate to document and prove the initial domain name registration date, regardless of the number of registrars with which the Registered Name Holder enters into a contract for registration services.
Effect on Term of Registration:
The completion by Registry Operator of a holder-authorized transfer under this Part A shall result in a one-year extension of the existing registration, provided that in no event shall the total unexpired Term of a registration exceed ten (10) years.
B. ICANN-Approved Transfers.
Transfer of the sponsorship of all the registrations sponsored by one Registrar as the result of acquisition of that Registrar or its assets by another Registrar may be made according to the following procedure:
(a) The gaining Registrar must be accredited by ICANN for the Registry TLD and must have in effect the Agreement with Registry Operator for the Registry TLD.
(b) ICANN must certify in writing to Registry Operator that the transfer would promote the community interest, such as the interest in stability that may be threatened by the actual or imminent business failure of a Registrar.
Upon satisfaction of these two conditions, Registry Operator will make the necessary one-time changes in the registry database for no charge, for transfers involving 50,000 name registrations or fewer. If the transfer involves registrations of more than 50,000 names, Registry Operator will charge the gaining Registrar a one-time flat fee of US$ 50,000.

________________________________________
Exhibit E: Registry Operatorʹs Operational Standards, Policies, Procedures, and Practices
Registry Operatorʹs Operational Standards, Policies, Procedures, and Practices set forth in this Exhibit E are subject to those set forth in the relevant Appendices to the Registry Agreement.
I. Cancellation of Registered Names. Registry Operator may transfer, modify, or cancel any Registered Name (i) for violations of this Agreement and its Exhibits or (ii) to correct mistakes made by Registry Operator or any Registrar in connection with a domain name registration.
II. Registrar Compliance with .shop TLD Requirements. Registrar will comply with the restrictions, requirements, and policies in Appendices J, L, and M of the Registry Agreement.
III. Additional Requirements for Registration Agreement. In addition to requiring a registration agreement with the provisions described in Subsection 3.4 of this Agreement, before the Registry Operator will accept applications for registration from Registrar, Registrarʹs registration agreement (see Subsection 3.3 of this Agreement) with each Registered Name Holder must include, at a minimum, the following representations, warranties, agreements, and certifications by the Registered Name Holder:
a) Represent and Warrant that the data provided in the domain name registration application is true, correct, up to date, and complete; The registrant will at all times during the term of its registration keep the information provided above up to date;
b) Represent and warrant that the registration satisfies the applicable .shop restrictions at the time of registration;
c) Represent and warrant that the registration satisfies the digital security requirements stated in Appendix L of the Registry Agreement;
d) Agree to be subject to the Qualification Challenge Policy and the Uniform Domain Name Dispute Resolution Policy (the ʺUDRPʺ);
e) Agree not to make any representation to any person or entity that expressly or impliedly convey that the registration of the Registered Name in any way signifies or indicates that the Registered Name Holder possesses any general or specific professional qualifications, including, but not limited to, professional qualifications in a particular field;
f) Certify that the Registered Name Holder has the authority to enter into the registration agreement;
g) For applications during the Sunrise Period, certify that the registration qualifies for a Sunrise Registration, as set forth in Appendix J of the Registry Agreement.
h) Agree to the use, copying, distribution, publication, modification and other processing of Registered Name Holderʹs Personal Data by Registry Operator and its designees and agents in a manner consistent with the purposes specified pursuant to Subsection 2.6 of this Agreement.
i) Acknowledge that Registry Operator will have no liability of any kind for any loss or liability resulting from the proceedings and processes relating to the Sunrise Period including, without limitation: (i) the ability or inability of any registrant to obtain a Registered Name during these periods, and (ii) the results of any dispute over a Sunrise Registration.
IV. Incorporation of .shop Restrictions and Challenge Processes.
In addition, Registrar agrees to incorporate the following text (or translation of such text into relevant language) into its registration agreement:
ʺThe Registered Name Holder acknowledges having read and understood and agrees to be bound by the terms and conditions of the following documents, as they may be amended from time to time, which are hereby incorporated and made an integral part of this Agreement
(i) The Uniform Domain Name Dispute Resolution Policy, available at http:⁄⁄www.icann.org⁄dndr⁄udrp⁄ policy.htm
(ii) (For registration agreements relating to Sunrise Registrations only) The Sunrise Period Rules and Sunrise Dispute Resolution Policy.

Mechanisms will be in place for the notificaton and eventual suspension of domain regsitrants that either do not qualify to operate a .SHOP TLD or are operating it inconsistently with its intended use. Two Warning will be sent and an appeal process will be available before action is taken to suspend a .SHOP TLD.

29. Rights Protection Mechanisms

We will work with the new Trademark Protection Clearinghouse as deemed appropriate through ICANN. We will reserve, or not make available to register, any domain names indicated as ʺprotected.ʺ

In addition, we will perform verification processes and require applicants to either be trademark holders or intended eCommerce operators.

We will have a trademark registration period that will register domain names for trademark holders and upon open registration will utilize the Universal Resolution Dispute Policy, as well as the Uniform Rapid Suspension system.

With the community requirements, we verify the applicant and have them obligated to use this domain names as an operating eCommerce site. Any deviation from this can be a cause for suspension.

Phising and⁄or pharming can be minimized by use of certificate and secure socket layer (SSL) which also is a requirement of a new dotShop domain name. In this secure environment, one can easily note a website operatorʹs certificate to ensure they are the entity they claim.

Dispute Policy
CC does not—and cannot—screen, review, evaluate, or investigate a Domain Name registrantʹs legal right to register or use a Domain Name in any top level. To that end, CC has adopted the Uniform Dispute Resolution Policy (UDRP) (www.icann.org⁄udrp) for all .shop Domain Name registrations. The registration of any Domain Name(s) shall be subject to suspension, cancellation, or transfer pursuant to any decision under the UDRP.

Reservation of Rights
Commercial Connect expressly reserves the right to deny, cancel, or transfer any Domain Name registration that it deems necessary in its discretion: (i) to protect the integrity and stability of the registry; (ii) to comply with any applicable laws, government rules or requirements, requests of law enforcement; (iii) in the event a Domain Name is used in violation of these policies and any other policies regarding .shop and; (iv) in compliance with any dispute resolution process, or to avoid any liability, civil or criminal, on the part of Commercial Connect and its affiliates, subsidiaries, officers, directors, and employees. Commercial Connect also reserves the right to lock a Domain Name during resolution of a dispute.

Abuse prevention policy extracts were included in Q28, as requested. See previous question.

Terms and Conditions of all Commercial Connect policies clarify takedown procedures, registrant pre-verification, or authentication procedures, and other convenants:
TERMS AND CONDITIONS:
1. By applying to register one or more .shop domain names (the “.shop Domain name(s)”) with an accredited registrar in the .shop TLD (hereinafter referred to as an “Application”) or by using one or more .shop Domain names, the Registrant acknowledges that it has read and agrees to be bound by all terms and conditions of this Agreement as well as the following documents, policies, and agreements which are incorporated into this Agreement by this reference and which shall hereinafter (together with this Agreement) be referred to as the “CC Policies”:
The registration rules
The .shop TLD Policies
The Privacy Policy
The CC Acceptable Use Policy (“AUP”)
The CC Complaint Resolution Service rules and policies
Other rules or policies that are now, or may in the future, be published.
The CC Policies apply to all domains and sub-level domains which end in the suffix .shop and explain the rights and obligations between CC and the Registrant. Those parts of the CC Policies which are not part of the text of this Agreement are incorporated into this Agreement by this reference. CC may accept the Application by facilitating registration and resolution of the .shop Domain names(s); such acceptance shall be deemed to have occurred at the CC’s principal place of business in the US.
CC may modify the CC Policies from time to time. CC shall post (publish on or link to) the CC Policies on CC’s web site. Revised CC Policies become effective thirty (30) calendar days after posting. CC may inform registrants of changes to CC Policies via email and Registrant agrees that such email shall not be considered spam; however, CC shall not be obligated to provide such notice via email. The Registrant’s use of .shop Domain name(s) following the effective date constitutes the Registrant’s acceptance of the revised CC Policies. In the event that the Registrant does not wish to be bound by the revised CC Policies, the Registrant’s sole remedy is to cancel the registration of the .shop Domain name, following the appropriate CC Policies regarding such cancellation.
2. Registration Fee. The Registrant shall pay to an accredited registrar the appropriate registration fee (“Registration Fee”) applicable at the time the Registrant submits its Application to such accredited registrar. Payment of Registration Fees shall be made in accordance with the requirements of the accredited registrars and CC Policies are effective at the time the Registrant submits such payment. All Registration Fees paid pursuant to this Agreement are non-refundable except as provided for herein. It shall be the responsibility of the accredited registrar to pay a separate registration fee owed to the CC by such registrar and no Application will be accepted until such separate registration fee is paid. It shall not be the duty of the CC to refund any Registration Fee or other fee to the Registrant in the event of non-performance by such registrar, since the disposition of such Registration Fee is being a matter of performance of a contract between the Registrant and such registrar.
3. Term and Renewal Term. The Registrant’s exclusive registration of the .shop Domain name shall continue for the term specified in an accepted Application (the “Term”). Registrant may have the right to renew a registration in accordance with the CC Policies in effect at the end of the Registrant’s then current Term.
4. Registrant Information. The Registrant shall ensure that: (i) the information submitted by or on behalf of the Registrant to the .shop TLD registry in connection with registration of the .shop Domain name(s) or otherwise (“Registrant Information”) will during the Term comply with the CC Policies and is and will remain true, current, complete, accurate, and reliable; and (ii) the Registrant shall maintain, update, and keep the Registrant Information true, current, complete, accurate, and reliable by notifying CC immediately of a change to any such information in accordance with the appropriate CC Policy relating to modifications to the Registrant Information. CC reserves and may exercise the right to terminate the Registrant’s registration of the .shop Domain name if (i) information provided by the Registrant to CC is false, inaccurate, incomplete, unreliable, misleading or otherwise secretive; or (ii) the Registrant fails to maintain, update, and keep the Registrant Information true, current, complete, accurate, and reliable. The Registrant acknowledges that a breach of this Section 4 will constitute a material breach of this Agreement which will entitle CC to terminate this Agreement immediately upon such breach without any refund of the Registration Fee and without notice to Registrant.
(i) The Registrant acknowledges that all personal information about the Registrant which is supplied to CC or an accredited registrar is held for the benefit of the United States and global internet communities and may be required to be publicly disclosed to third parties and used to maintain a public “Whois” service, provided that such disclosure is consistent with the CC Policies.
(ii) Registrants must provide the following information to CC or its accredited registrar:
- Legally recognized first and last name (surname) of the contact person for the Registrant (this contact person may be the Registrant itself).
- If the Registrant is an organization, association, Limited Liability Company, Proprietary Limited Company, or other legally recognized entity, the contact person must be a person authorized under the applicable law in the applicable territory to legally bind the entity.
- Valid postal address of the Registrant.
- Functioning email address of the Registrant.
- Working telephone number for the Registrant, including country code, area code, and proper extension, if applicable.
Providing true, current, complete, and accurate contact information is an absolute condition of registration of a .shop Domain name within the .shop TLD. If any Registrant Information provided during registration or subsequent modification to that information is false, inaccurate or misleading, or conceals or omits pertinent information, CC may instruct the registry to terminate, suspend or place on hold the .shop Domain name(s) of any Registrant without notification and without refund to the Registrant; and
(iii) The Registrant is responsible for keeping the Registrant Information up to date and responding in a timely fashion to communications regarding the .shop Domain name or other .shop domains registered by them.
(iv) The Registrant may be requested to submit content, material, web page(s) or URL(s) accessed through the CC network to the manufactures of internet content filters, and such request shall be a binding obligation.
5. Agents. The Registrant understands, acknowledges and agrees that by using the .shop Domain name, the Registrant ratifies and is bound by this Agreement (including the CC Policies incorporated into this Agreement) even if an agent (such as an Internet Service Provider, Domain name retailer, or employee) entered into this Agreement on the Registrant’s behalf, and even if the Registrant has not itself read this Agreement. Further, the Registrant is responsible for all information submitted by its agent. CC will not cancel this Agreement, or refund any fees, because of any errors or omissions by the agent in the registration process or thereafter (e.g. if such agent provides incorrect Registrant Information), as such apparent authority will suffice to bind the Registrant. By acting on the Registrant’s behalf, such agent represents and warrants to the Registrant and CC that the agent is authorized to bind the Registrant hereto and that it has fully and thoroughly advised the Registrant of the terms and conditions of this Agreement (including the CC Policies incorporated into this Agreement).
6. Scope of Registration. On payment of the Registration Fee to the registrar and after payment by the registrar to the CC of the separate registration fee and after acceptance of the Application, the Registrant will be entitled to a license for the exclusive use of the domain name resolution services relating to the .shop Domain name for the Term. However, the Registrant shall not use, display, exploit, or register a .shop Domain name in any manner which may constitute illegal activity or be in contravention or violation of CC Policies. The Registrant acknowledges that a breach of this Section 6 will constitute a material breach of this Agreement which will entitle CC to terminate this Agreement immediately upon such breach without any refund of the Registration Fee. The CC or an accredited registrar may, in such party’s sole discretion, refuse registration of or discontinue to provide services with respect to the Registrant’s desired .shop Domain name within thirty (30) calendar days from receipt of payment of the Registration Fee by the accredited registrar. In case of such refusal without cause (“cause” being defined as dishonoring any payment made to an accredited registrar and⁄or CC or any violation of the CC Policies), CC shall refund to the accredited registrar the separate registration fee received by the CC and the registrar shall refund to the Registrant the Registration Fee. Neither CC nor an accredited registrar shall be liable for any loss, damage, or other injury whatsoever resulting from CC or registrar’s refusal to register or to discontinue services in relation to the Registrant’s desired .shop Domain name.
7. Registrant Representations and Warranties. The Registrant represents, warrants, and guarantees that:
(i) the Registrant understands that registration entitles the Registrant only to a license for the use of the domain name resolution services relating to the .shop Domain name for the Term and that use of such services is subject to this Agreement (including the CC Policies) and other pertinent rules and laws, including those concerning trademarks and other types of intellectual property, as these may now exist or be revised from time to time;
(ii) to the best of the Registrant’s knowledge and belief, neither the registration of the .shop Domain name nor the manner in which it is to be directly or indirectly used infringes the legal rights or intellectual property rights of a third party;
(iii) the Registrant will use, display, or exploit the .shop Domain name in good faith, and in accordance with the laws of the US government, international law, and applicable state laws and regulations, and will not use the .shop Domain name in any way which may violate a subsisting right of CC or any third party;
(iv) the information provided by the Registrant is true and accurate, and the Registrant will update said information immediately if it changes;
(v) the Registrant is either (a) an identifiable human individual (over the age of 18 years); or (b) a legally recognized statutory entity (such as a Limited Liability Company, Partnership, Association, Society or Proprietary Limited Company);
(vi) the Registrant will promptly notify CC of any actual or threatened proceedings brought in respect of the words used as or incorporated in the .shop Domain name whether by or against the Registrant;
(vii) the Registrant will not, directly or indirectly, through registration or use of the .shop Domain name or otherwise:
(a) register a .shop Domain name for the purpose of diverting trade from another business or website;
(b) deliberately register as a .shop Domain name misspellings of another entity’s personal, company or brand name in order to pass-off or trade on the business, goodwill or reputation of another;
(c) grant or purport to grant a security interest or other encumbrance on or over the .shop Domain name unless such security interest or other encumbrance does not exceed the limited rights of the Registrant in the .shop Domain name, does not impair the Registrant’s ability to fulfill the Registrant’s obligations under this Agreement, and does not impose obligations on the CC beyond the obligations owed by the CC to a registrant in the absence of such a security interest or encumbrance;
(viii) the Registrant meets and will continue to meet for the whole of the Term any eligibility criteria prescribed in the CC Policies for registering and using the .shop Domain name;
(ix) that the Registrant will maintain the Registrant Information provided pursuant to Section 4 according to the requirements of Section 4;
(x) the Registrant has not previously submitted an application for registration of a domain name for the same character string with another registrar where:
(a) the Registrant is relying on the same eligibility criteria for both domain name applications; and
(b) the character string has previously been rejected by the other registrar;
(xi) any content, material or web page contained on any Uniform Resource Locator (“URL”), web site or web page accessing, utilizing or accessed by means of the .shop Domain name complies with the CC Acceptable Use Policy and the US govt. recommendations and does not constitute or contain any illegal or prohibited content, including, but not limited to indecent, obscene, or pornographic material (as described more fully in the CC Acceptable Use Policy), whether incorporated directly into or linked from a web site resolved via a .shop Domain name;
(xii) the use of the .shop Domain name and of any web page or URL accessed by or utilizing the .shop Domain name will comply with the requirements of the CC Acceptable Use Policy and Us govt. recommended policies including, without limitation, those policies relating to spam.
8. CC Representations and Warranties. CC represents, warrants, and guarantees that:
(i) CC manages the .shop top level domain name in trust for the United States Community;
(ii) CC has the full right, power, legal capacity, ability, and authority to enter into this Agreement, and to carry out the terms and conditions hereof notwithstanding the disclaimer below;
(iii) CC will process the Registrant’s Application and consider whether to accept or reject it in accordance with the criteria laid down in this Agreement (including the CC Policies);
(iv) CC will, if the Application is successful, use its reasonable endeavors to ensure that the details supplied by the Registrant are entered into and maintained in the .shop zone file; and
CC’s breach or misrepresentation of these warranties shall constitute a material breach of this Agreement. In the event of such material breach by CC, the Registrant’s only recourse against CC shall be to terminate its Agreement with CC. CC EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES OF ANY KIND OR NATURE, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE MAXIMUM EXTENT POSSIBLE, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND AGAINST INFRINGEMENT. CC DOES NOT GUARANTEE ANY INFORMATION PROVIDED TO THE REGISTRANT BY IT OR ITS AGENTS NOT INCORPORATED INTO THIS AGREEMENT AND, ACCORDINGLY, NO SUCH INFORMATION CREATES ANY EXPRESS OR IMPLIED WARRANTY. CC’S SERVICES ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS AND THE REGISTRANT AGREES THAT CC WILL REGISTER DOMAIN NAMES ON A FIRST COME, FIRST SERVED BASIS. CC DOES NOT GUARANTEE THAT ANY DOMAIN APPLIED FOR BY THE REGISTRANT WILL BE AVAILABLE OR WILL BE SUCCESSFULLY REGISTERED, AND THE REGISTRANT AGREES THAT IT DOES NOT HAVE ANY RIGHT OF OWNERSHIP IN A REGISTERED DOMAIN.
9. Breach. Failure of a Registrant to abide by any provision of this Agreement (including the CC Policies) may be considered a material breach. In the event of such material breach, CC may provide a written (including email) notice to the Registrant describing the breach. The Registrant in such event then has thirty (30) days to rectify or cure such breach or to provide evidence reasonably satisfactory to CC that there is no breach of this Agreement or CC Policies. In the event of a breach that is not rectified, cured or refuted by the Registrant to CC’s satisfaction, CC may cancel the Registrant’s registration of and license to use the .shop Domain name without refund and without further notice, and pursue any and all legal remedies it may have against the Registrant. Any such breach by the Registrant shall not be deemed excused in the event that CC did not act earlier in response to the breach by Registrant. In the event of a breach which, in the opinion of the CC or an accredited registrar, causes immediate harm to the public interest or the CC Network or which violates any applicable law or regulation, then an accredited registrar and⁄or the CC may modify, suspend, or terminate services to the Registrant without written notice, the modification, suspension, or termination of services constituting notice to Registrant that such a breach has occurred. See Section 12, below for important limitations on the liability of CC and accredited registrars with regard to good faith acts by such parties under this Section.
10. Disputes Involving Registrants. The Registrant acknowledges that CC cannot, and does not, screen or otherwise review any Application to verify that the Registrant has legal rights to use a particular character string as or in a .shop Domain name. In the event that any party disputes the Registrant’s legal right to use, display, exploit, or register the .shop Domain name in any fashion, including allegations that prohibited material (as defined in the CC Acceptable Use Policy) is displayed on or linked to from a website which is resolved via a .shop Domain name, CC and the Registrant shall act in accordance with and agree to be bound by CC’s Complaint Resolution Policy and Service. The Registrant is strongly encouraged to, prior to applying for registration of the .shop Domain name, perform a trademark search with respect to the acronyms, words and⁄or phrases comprising the .shop Domain name. The Registrant will be solely liable in the event that the Registrant’s use of a .shop Domain name constitutes an infringement or other violation of a third party’s rights.
11. Indemnity. The Registrant shall defend, indemnify, and hold harmless CC, the registry operator, accredited registrars and such parties’ officers, directors, shareholders, owners, managers, employees, agents, contractors, affiliates, lawyers and attorneys (“CC Related Parties”) from and against any and all claims of third parties or made by the Registrant, including, but not limited to all loss, liability, claims, demands, damages, cost or expense, causes of action, suits, proceedings, judgments, awards, executions and liens, including reasonable lawyers or attorneys’ fees (which lawyers or attorneys shall be hired at the sole discretion of the indemnified party) and costs (including claims without legal merit or brought in bad faith), relating to or arising under this Agreement, the registration or use of the indemnified party’s domain registration or other services, or to the .shop Domain name itself, including the Registrant’s use, display, exploitation, or registration of the .shop Domain name, as well as for any infringing or otherwise damaging content displayed or otherwise made available on or by means of the .shop Domain name. If an indemnified party is threatened by claims or suit of a third party, the indemnified party may seek written assurances from the Registrant concerning the Registrant’s indemnification obligations. Failure to provide such written assurances is a material breach of this Agreement. Failure of the Registrant to fully indemnify the indemnified party in a timely manner may result in termination, suspension, or modification of the domain name registration services and any such termination, suspension, or modification shall in no way prejudice or substitute for an indemnified party’s right to seek indemnification by way of litigation or otherwise.
12. DISCLAIMER AND LIMITATION OF LIABILITY. The Registrant acknowledges and agrees that, to the maximum extent possible, CC AND THE CC RELATED PARTIES SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF PROFITS, RELATING TO THE USE, OR THE INABILITY TO USE, THE DOMAIN, OR IN ANY OTHER WAY RELATED TO THE DOMAIN, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE. ADDITIONALLY, CC AND CC RELATED PARTIES SHALL NOT BE LIABLE WHATSOEVER FOR ANY LOSSES OR DAMAGES THAT THE REGISTRANT MAY INCUR AS A RESULT OF UNAUTHORIZED USE OF THE DOMAIN ARISING FROM “HACKING”, DENIAL OF SERVICE ATTACK, VIRUS, WORM OR OTHERWISE, OR FOR LACK OF FITNESS FOR A PARTICULAR PURPOSE OF THE DOMAIN OR SERVICES RELATED TO THE DOMAIN NAME.
IN THE EVENT THAT CC OR A CC RELATED PARTY TAKES ACTION WITH RESPECT TO A .shop DOMAIN NAME PURSUANT TO SECTION 9, WHICH ACTION IS REVERSED, MODIFIED, OR ACKNOWLEDGED TO HAVE BEEN INCORRECT BY CC, A CC RELATED PARTY, BY OR THROUGH THE CC COMPLAINT RESOLUTION SERVICE, OR BY A COURT, THEN REGISTRANT AGREES THAT, ABSENT BAD FAITH BY SUCH PARTY, THAT CC AND CC RELATED PARTIES SHALL NOT BE LIABLE WHATSOEVER FOR ANY DAMAGES THAT THE REGISTRANT MAY SUFFER THEREBY, EVEN IF CC OR CC RELATED PARTIES HAVE BEEN ADVISED OF THE POTENTIAL FOR SUCH DAMAGES, AND EVEN IF CC OR CC RELATED PARTIES MAY FORESEE SUCH POSSIBLE DAMAGES. THE REGISTRANT’S SOLE REMEDY UNDER SUCH CIRCUMSTANCES SHALL BE THE RESUPPLY OF THE SERVICES AGAIN, IF POSSIBLE, OR, IF NOT POSSIBLE, A REFUND OF THE REGISTRATION FEE OR RENEWAL FEE (IF THE CIRCUMSTANCE OCCURRED DURING A RENEWAL TERM), WHICH REMEDY THE REGISTRANT ACKNOWLEDGES CONSTITUTES THE ONLY POSSIBLE DIRECT DAMAGES FLOWING FROM THIS AGREEMENT.
IN ADDITION, CC AND CC RELATED PARTIES ARE NOT LIABLE WHATSOEVER FOR ANY DAMAGES THAT THE REGISTRANT MAY SUFFER BECAUSE OF SERVICE OR SYSTEM FAILURE, INCLUDING DOMAIN NAME SYSTEM FAILURE, ROOT SERVER FAILURE, INTERNET PROTOCOL ADDRESS FAILURE, ACCESS DELAYS OR INTERRUPTIONS, DATA NON-DELIVERY OR MIS-DELIVERY, ACTS OF GOD, UNAUTHORISED USE OF PASSWORDS, ERRORS, OMISSIONS OR MIS-STATEMENTS IN ANY INFORMATION OR OTHER SERVICES PROVIDED UNDER THIS AGREEMENT, DELAYS OR INTERRUPTIONS IN DEVELOPMENT OF WEB SITES, RE-DELEGATION OF THE .shop TOP LEVEL DOMAIN NAME, OR BREACH OF SECURITY, EVEN IF CC OR CC RELATED PARTIES HAVE BEEN ADVISED OF THE POTENTIAL FOR SUCH DAMAGES, AND EVEN IF CC OR CC RELATED PARTIES MAY FORESEE SUCH POSSIBLE DAMAGES. THE REGISTRANT’S SOLE REMEDY FOR CC OR CC RELATED PARTIES’ BREACH OF THIS AGREEMENT SHALL BE, AT THE SOLE DISCRETION OF CC OR CC RELATED PARTIES, THE RESUPPLY OF THE SERVICES AGAIN OR A REFUND OF THE REGISTRATION FEE OR RENEWAL FEE (IF THE BREACH OCCURS DURING A RENEWAL TERM), WHICH REMEDY THE REGISTRANT ACKNOWLEDGES CONSTITUTES THE ONLY POSSIBLE DIRECT DAMAGES FLOWING FROM THIS AGREEMENT. THE REGISTRANT’S SOLE REMEDY FOR AN ACTION NOT FLOWING FROM THIS AGREEMENT (IN TORT OR OTHERWISE) SHALL BE LIMITED TO THE AMOUNT OF MONEY PAID TO CC OR CC RELATED PARTIES BY THE REGISTRANT.
13. Notices. Notices to CC shall be delivered by registered or certified mail, postage prepaid, or reputable commercial courier service (e.g., Express Mail or Federal Express) in the manner of quickest delivery (i.e., overnight delivery, if possible) to:
Commercial Connect LLC. Notices mailed by registered or certified official mail of a country shall be deemed delivered on receipt.
Notices to Registrant shall be delivered by registered or certified mail, postage prepaid, or reputable commercial courier service (e.g., Express Mail or Federal Ex press) in the manner of quickest delivery (i.e., overnight delivery, if possible) or, in the sole discretion of the CC or a CC Related Party, by email or fax to the Registrant Information.
14. Governing Law ⁄ Forum Selection. For all disputes in which the CC may be or is a party to the dispute, this registration agreement shall be exclusively governed by the laws of the US government applicable to contracts made and performed in the US government, without regard to conflict of laws principles. The Registrant hereby consents to the exclusive personal jurisdiction of the courts of the US government, for any and all claims or disputes directed against the CC and which arise out of, purport to enforce, construe, or otherwise relate to the .shop Domain name, this Agreement, or CC Policies. The exclusive venue for such action shall be the Courts of the US government. The Registrant waives any right to object to venue or jurisdiction based on inconvenient forum or for any other reason, and the Registrant waives any statutory or other right pursuant to the laws of the jurisdiction in which Registrant resides to have a case relating to this Agreement adjudicated or resolved in that jurisdiction. By way of information and not as a term binding against the CC, disputes not involving the CC as a party may be governed by a governing law and⁄or forum selection clause contained in a separate agreement, if any, between the Registrant and such other disputant (for example, disputes between and accredited registrar and a Registrant may be governed by a separate agreement, if any, between the Registrant and the accredited registrar); provided, however, that no such separate agreement may modify or waive either CC’s or Registrant’s consent to exclusive choice of law, jurisdiction, and venue in the US government and the courts of the US government for disputes in which the CC is or may be a party, as described above.
15. OWNERSHIP OF INFORMATION AND DATA. Registrant agrees and acknowledges that CC and⁄or any CC delegee shall own all database, compilation, collective and similar rights, title and interests worldwide in any domain name database(s), and all information and derivative works generated from the domain name database(s) and that such domain name database may include, without limitation, (a) the original creation date of domain name registration(s), (b) the expiration date of domain name registration(s), (c) the name, postal address, email address, voice telephone number, and where available fax number of all contacts for domain name registration(s), (d) any remarks concerning registered domain name(s) that appear or should appear in the WHOIS or similar information repositories, and (e) any other information generated or obtained in connection with providing domain name registration services. CC and⁄or any CC delegee shall not have any ownership interest in a single Registrant’s specific Registration Information outside of CC and⁄or any CC delegee’s rights in one or more domain name database(s).
16. Severability. If any provision of this Agreement is held invalid, unenforceable, or void, the remainder of the Agreement shall not be affected thereby and shall continue in full force and effect as nearly as possible to reflect the original intention of CC and the Registrant in executing this Agreement.
17. No Waiver. The failure of either party at any time to enforce any right or remedy available to it under this Agreement with respect to any breach or failure by the other party shall not be a waiver of such right or remedy with respect to any other breach or failure by the other party.
18. Full Integration. This Agreement, together with the CC Policies expressly incorporated herein by reference, constitutes the entire agreement between the Registrant and CC relating to the .shop Domain name. No prior or contemporaneous written, oral, and electronic representation, negotiation, or agreement form a part of this Agreement, and this Agreement supersedes all prior written, oral, or electronic agreements between the Registrant and CC relating to the .shop Domain name. Additional agreements, if any, may be entered into between the Registrant and accredited registrars relating to domain name services in the .shop TLD provided by such accredited registrars, provided that no such additional agreement may waive, alter, or supersede any provision of this Agreement nor may such an additional agreement impose any obligation upon CC without CC’s express written consent. If there is any conflict between such additional agreements and this Agreement, this Agreement shall control.
19. Written Agreement. This Agreement constitutes a written agreement between Registrant and CC even though the Registrant’s Application may be dispatched electronically, and even though CC may accept the Application electronically. A printed version of this Agreement, and of any notice given in electronic form related to this Agreement, shall be admissible in judicial or administrative proceedings to the same extent, and subject to the same restrictions, as other business contracts, documents, or records originally generated and maintained in printed form.
20. Assignment. The parties agree that CC is able to assign this Agreement to a third party without prior written notice to the Registrant.




30(a). Security Policy: Summary of the security policy for the proposed registry

With e-commerce comes compliance regarding PCI⁄DSS Security standards. We will be in compliance with those provided by the PCI Security Standards Council. http:⁄⁄www.nessus.org⁄solutions⁄compliance-solutions⁄regulatory-compliance⁄pci 
We will use standards by the Center for Internet Security (CIS) to perform a wide variety of Unix, Windows and application audits based on best practice consensus benchmarks developed by CIS. CIS policies apply for the following technologies:
• Applications
• Routers
• Desktop Operating Systems
• Server Operating Systems
• SQL Databases
We will use SANS Consensus Audit guidelines: (CAG) The SANS Consensus Audit Guidelines (CAG) is a compliance standard that specifies 20 ʺcontrol pointsʺ that have been identified through a consensus of federal and private industry security professionals. (http:⁄⁄www.nessus.org⁄expert-resources⁄whitepapers⁄real-time-auditing-for-sans-consensus-audit-guidelines)
• Active scanning, patch auditing, passive network monitoring and process accounting help monitoring for authorized and unauthorized software and devices.
• Active, passive and credentialed vulnerability scanning provides continuous and accurate monitoring for new security issues.
• Configuration auditing and file integrity monitoring of applications, desktops, routers and operating systems can be performed against a wide variety of government and commercial standards.
• Network and intranet perimeters can be monitored and correlated by aggregating logs from NIDS, firewalls, DMZ servers and netflow.
• Custom web applications can be audited with web application tests and logs from the applications can be monitored for abuse. Custom applications can also undergo rigorous configuration audits of the OS, application and SQL database.
• All user accounts and user activity can be strictly audited and monitored for abuse and suspicious activity.
• All web browsing can be passively logged and searched which enables analysis of botnets, malware and user activity.
• Anti-virus software can be audited to ensure it is working correctly. Logs from desktop, email, NIDS, gateway devices and ʺblacklistedʺ sites can be correlated for a complete view of your malware exposure.
• Full log searches as well as complete configuration audits can be used to accelerate your incident response efforts.
• Unauthorized wireless access points as well as desktops with incorrect wireless SSIDs can be identified.

We are compliant with Domain Name System Security Extensions (DNSSEC) for the .shop top-level domain. DNSSEC is designed to protect Internet servers from domain name system attacks, such as DNS cache poisoning by malicious users. It is a set of DNS extensions which provide 3 basic functions:

1. Data Origin Authentication - assures that data is received from the authorized DNS server; can protect from impersonation attacks
2. Data Integrity - assures that data received matches data on the origin DNS server, and is not modified during transit; protects from man-in-the-middle type pollution attacks.
3. Authenticated Denial of Existence - assures that a ʺNon-existentʺ response is valid.

Our Security Policy contains the following and commitments to registrants and our registrars:
I. Provisions for Data: We may access, copy, preserve, disclose, remove, suspend or delete any Data in accordance with privacy and security.
II. Provision for Intellectual Property Rights:
III. Provisions for Confidentialty
IV. Our Server Monitoring Policy
V. Our Incident Response Policy
VI. Constant Review of Network Risks
VII. Personnel Background Checks of Security Personnel
VIII. Network Security Policy
IX. Vulnerability Scanning
X. Vulnerability Management
XI. Configuration Auditing
XII. Log Management
XIII. Acceptable Use Policy for Company Employees

These items are discussed further in Question 30b.

Continuous network monitoring has emerged as a critical best practice across governmental, commercial, and educational environments. Itʹs essential in combatting rapidly evolving security threats, improving our ability to manage new technology risks, and maintain compliance with ever-increasing regulatory and audit requirements. We will be using toolkits for correlation and reporting, and analytical solutions that meet these requirements.
We will perform network scanning, patch auditing and configuration testing. We will offer real-time network and passive vulnerability scanning. Our solution monitors network traffic to discover new hosts and vulnerabilities continuously. Network traffic contains a tremendous amount of information that can be used to identify new web servers, SQL injection, missing patches, vulnerable web browsers, out of date SSL certificates and much more. Our combination of active and passive vulnerability and network monitoring allows for scaleability.






© 2012 Internet Corporation For Assigned Names and Numbers.