| gTLD | Full Legal Name | E-mail suffix | Detail | | .tci | Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. | nsline.com | View |
Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. has contracted CoCCA Registry Services (NZ) Limited (ʺCoCCAʺ) to provide hosted Registry Services for the .tci TLD. The .tci TLD will be added to CoCCAʹs existing production Shared Registry System (ʺSRSʺ). CoCCA will ensure redundant geographically diverse DNS resolution through propagation of the .tci zones on the Internet Software Consortium (ʺISCʺ), Packet Clearing House (ʺPCHʺ) anycast networks - and on CoCCA unicast servers.
CoCCA authors the internetʹs most widely used SRS registry system ( which has been branded ʺpamojaʺ for gTLD name spaces). ISC authors BIND and pioneered anycast technology, PCH has one of the internetʹs largest and longest running anycast networks. DNSSEC key storage and and signature will take place on the PCH DNSSEC platform, a platform developed for cccTLDʹs that mirrors the security and processes used by ICANN to secure the root.
The .tci TLD SRS data will be escrowed with both NCC Group and CoCCA subsidiary CoCCA Data Escrow Services (NZ) Limited.
23.1 About CoCCA
CoCCA has over nine years experience authoring open source registry software systems and providing TLD registry support services. CoCCA was originally incorporated in Australia in 2003 as CoCCA Registry Services Limited, in January 2009 CoCCA re-located to New Zealand and trades as CoCCA Registry Services (NZ) Limited. CoCCA is a privately held NZ company.
CoCCAʹs existing clients are governments and other managers of county code top level domains (ccTLDs). As of 31 March 2012, 33 national ccTLDs have selected CoCCAʹs SRS technology and⁄or services to help them manage their critical infrastructure. Several additional ccTLDs have committed to migrate to CoCCAʹs ʺpamojaʺ SRS in 2012 (pending the outcome of re-delegations). As many as 40 ccTLDs are thought to be using the pamoja SRS application, while CoCCA has formal relationships and support contracts with 33 TLDs, the exact number of users is hard to determine as the pamoja software is freely available for download from the internet. CoCCAʹs offers ccTLDs a perpetual royalty-free license to use and deploy the SRS software.
CoCCAʹs commercial model is based on delivering significant economies of scale to TLD managers, CoCCAʹs dominant market position in the ccTLD ecosystem - where the TLD string is generally considered critical infrastructure, ensures CoCCAʹs commercial viability and ongoing funding of R&D regardless of the success of a particular gTLD string (or group of gTLD strings) that select CoCCA as the Registry Services provider. CoCCAʹs technology is mature, field tested and their commercial model is solid and not dependent on new gTLDʹs.
The pamoja SRS can be used several ways, the application can be downloaded and installed locally by a TLD Sponsoring Organization (ʺSOʺ), or the SO can contract CoCCA to host either the primary or failover SRS at the CoCCA Network Operations Centre (ʺNOCʺ).
CoCCAʹs pamoja SRS is a freely available gTLD-compliant TLD database application based on the ʺCoCCA Toolsʺ open source ccTLD EPP registry system. The SRS licensing simplifies failover and transition planning as the source, data, and daily virtual machine images are to be placed into escrow enabling them to be migrated or re-deployed by a different entity without any SRS licensing issues. CoCCAʹs SRS is a ʹshrink-wrappedʺ application that can be installed on a single server in minutes or deployed in a High Availability (HA) configuration.
CoCCAʹs pamoja SRS is the most widely deployed, field-tested SRS in use today. CoCCAʹs SRS is a mature product that has grown organically over the past decade as new standards have been developed and published. It is doubtful any other Registry Services provider has accumulated CoCCAʹs level of experience operating multiple small to medium sized TLDs efficiently and securely.
CoCCAʹs pamoja SRS is currently used to run three (3) Arabic (IDN) TLDs and was selected by the Telecommunications Regulatory Authority in Egypt to launch the Internetʹs first IDN TLD (.masr) in 2010. The flexible package supports ASCII and IDN - including variants and folding where required.
23.2 Current pamoja SRS deployments
Key - | [P] CoCCA Operated Primary SRS |[F] CoCCA Failover SRS | [E] Escrow | [S] Software Only
.af | Afghanistan | Ministry of Communications and IT | [P] [F] [E]
.bi | Burundi | Centre National de lʹInformatique | [F] [E] [S]
.bw | Botswana | Botswana Telecoms Authority | [S] [F] [E]
.cm | Cameroon | Cameroon Telecommunications (CAMTEL)| [S]
.cx | Christmas Is. | Christmas Island Internet Administration Limited | [P] [F] [E]
.ec | Ecuador | NIC.EC (NICEC) S.A. | [S]
.eg | Egypt | Egyptian Universities Network (EUN) | [S]
xn--wgbh1c | Egypt IDN | National Telecommunication Regulatory Authority | [S]
.ge | Guernsey | Island Networks Ltd. | [S]
.gl | Greenland | TELE Greenland A⁄S | [S]
.gs | S. Georgia | Government of South Georgia | [P] [F] [E]
.gy | Guyana | University of Guyana | [P] [F] [E]
.ht | Haiti | Consortium FDS⁄RDDH | [P] [F] [E]
.hn | Honduras | Red de Desarrollo Sostenible Honduras* | [P] [F] [E]
.iq | Iraq | Communications Media Commission* | [S] [F] [E]
.je | Jersey | Island Networks (Jersey) Ltd. | [S]
.ki | Kiribati | Ministry of Communications | [P] [F] [E]
.ke | Kenya | Kenya Network Information Center (KeNIC) | [S]
.mg | Madagascar | NIC-MG (Network Information Center Madagascar) | [F] [E] [S]
.mu | Mauritius | Internet Direct Ltd | [P] [F] [E]
.ms | Montserrat | MNI Networks Ltd | [F] [E] [S]
.mz | Mozambique | Centro de Informatica de Universidade | [F] [E] [S]
.na | Namibia | Namibian Network Information Center | [F] [S]
.ng | Nigeria |Nigeria Internet Registration Association | [F] [E] [S]
.nf | Norfolk Is. | Norfolk Island Data Services | [P] [F] [E]
.pe | Peru | Red Cientifica Peruana | [S]
.sb | Solomon Is. | Solomon Telekom Company Limited | [P] [F] [E]
.sy | Syria | National Agency for Network Services | [S]
xn--ogbpf8fl ⁄ xn--mgbtf8fl | Syria IDN | National Agency for Network Services | [S]
.tl | Timor-Leste | Ministry of Infrastructure | [P] [F] [E]
.ps | Palestine | Ministry Of Telecommunications | [S]
xn--ygbi2ammx | Palestine IDN | Ministry Of Telecommunications
[S] .zm | Zambia | ZAMNET Communication Systems Ltd. | [F] [E] [S]
* Currently in the process of migrating away from Neustar (.iq) and Afflias (.hn)
23.3 CoCCAʹs Hosted SRS
Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. has confirmed with CoCCA their production experience and the availability of the Registry Services described briefly in sections 23.4-23.18 below - and in greater detail in the responses to questions 24-43. Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. and CoCCA understand elements of ICANNʹs TLD requirements will most likely be modified in the future. CoCCAʹs Registry Services will comply with future ICANN requirements or mandates.
23.4 Receipt of Data via the SRS EPP interface
Data from Registrars concerning the insertion and maintenance of records in the SRS may be processed either via the CoCCA EPP interface (XML over SSL on port 700) or manually via CoCCAʹs port 443 SSL web interface. CoCCA was an early adopter of the EPP standard and has operated an EPP based SRS for almost seven years.
The .tci TLD will be added to CoCCAʹs existing production SRS, which currently has 203 registrars connected. CoCCAʹs SRS has a single EPP interface for all hosted TLDs allowing registrars to share the same contact and host objects across multiple TLDS. The .tci TLD will only be made accessible to ICANN accredited registrars, many of which are currently connected to CoCCA for ccTLDs and using the EPP and GUI interface that the .tci TLD will be accessed via when launched.
CoCCAʹs pamoja EPP interface currently complies the IETF RFCʹs required by ICANN (5730-5734 and 3735) and is explained in more detail in the response to Question 25.
23.5 Receipt of Data via the SRS Graphical User Interface (ʺGUIʺ)
Registrars may insert and manage domain, contact and host records as well as the SRS accounting functions via a port 443 GUI. Registrars do not have to use the EPP interface on port 700. Records managed via the GUI connect to the SRS EPP engine on port 700 via background processes; this ensures rigorous conformity with the RFCʹs and consistency in auditing and maintenance of historical records.
23.6 Registrar Data Restrictions (Reserved Names)
Restrictions on what domains may be inserted and maintained by registrars is to be controlled by configuration of java regular expressions. In order to comply with the requirements set out in Specification 5 and any Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. policy. the .tci TLD will use three of pamojaʹs features as described below.
23.6.1 Prohibited Patterns. Domains that match patterns will be rejected with an EPP 2306 - Parameter Value Policy error, letting the registrar know that these domain names do not fit in with the registry policy for this zone.
23.6.2 Syntax Patterns. Certain strings, such as all-numeric names or single character names may be restricted. An EPP 2005 error - ʺParameter Value Syntax errorʺ will be returned to the EPP client, indicating that the name is invalid.
23.6.3 Approval Patterns. Names that match these patterns will not be rejected, but will be registered pending approval. Until they are approved, the name will not appear in the .tci zone files, and will not be able to be transferred, renewed or modified in any way by the registrar.
23.6.4 Both ASCII and non-ASCII contact details can stored and displayed via web-based WHOIS and command line WHOIS.
23.7 SRS GUI, Role-Based Access
The pamoja SRS GUI has numerous role-based logins described below. Several of these have been recently developed by CoCCA in response to ICANNʹs proposed gTLD requirements and are currently being used numerous ccTLD production environments.
Administrative Roles
* SRS Systems Administrator - Able to administer and configure the entire SRS system
* CERT ⁄ Law Enforcement - Able to view and query the SRS, but not alter records.
* TLD Administrator - Able to administer a TLD or group of TLDs
* TLD Viewer - Able to view but not alter records for a TLD or group of TLDs
* Zone Administrator - Able to administer a Stub Zone, or group of Stub Zones
* Zone Viewer - Able to view but not alter a Stub Zone, or group of Stub Zones
* Customer Service - Can perform tasks on behalf of a number of registrars
* Name Approver - Can approve names matching the Zone Approval Patterns
* CHIP Approver - Can approve domains registered with CHIP codes or other Trademarks.
Registrar Roles
* Registrar Master Account - Able to perform all registrar functions and create subordinate logins
* Registrar Technical - Able to modify domain details
* Registrar Helpdesk - Able to view domains and make various minor changes
* Registrar Finance - Able to view domains financial transactions and also edit financial data
* Registrar Finance - (Read Only) Same as above but view only.
Other Access Roles
* Premium WHOIS - Able to perform various queries in a SRS GUI and extract and save data to a CSV, also able to connect via the SRS EPP API for read-only query.
* Zone File Only - Able to login and request Zone Files
23.8 Zone File Dissemination ⁄ Resolution
The .tci will resolved by propagation of zone file data periodically extracted from the SRS, sent to PCH DNSSEC signing servers for signature, returned to CoCCA and then distributed by CoCCAʹs hidden master server to two redundant and independent anycast networks operated by Internet Software Consortium (ʺISCʺ | http:⁄⁄isc.org) and Packet Clearing House (ʺPCHʺ | http:⁄⁄pch.net) - as well as two (2) public unicast TLD servers operated by CoCCA.
The .tci will be resolved by a minimum of 80 geographically distributed resolvers, all of which run ISCʹs BIND and are configured such that they comply with relevant RFCʹs including 1034,1035, 1982, 2181, 2182, 2671, 3266, 3596, 3597, 3901, 4343 and 4472.
The PCH and ISC name servers employ IP-anycast technology for scalable geographic redundancy, strong defense from Denial of Service attacks, high quality of service, and give excellent (fast ) responses to geographically diverse Internet users. DNSSEC and IPv6 are already fully integrated into the PCH and ISC networks.
Registrars will able to continuously inspect the availability and status of each TLD server instance via the SRS GUI and other CoCCA WEB Sites. Should a TLD server be unreachable registrars are to be automatically notified (via email) and EPP polling messages. More detailed information is available in the responses to Questions 24-43.
23.9 Dissemination of Domain Related Information
The SRS public WHOIS server will answer for the .tci TLD on port 43 in accordance with RFC 3912 and the requirements set out Specification Four (4), 1.1-1.7 and Specification Ten (10), Section 4.
The CoCCA SRS features a public port 443, web-based RDDS interface that enables internet users to query and extract information which is at a minimum identical to that which is provided via the port 43 server but using technology that may be more convenient or accessible to many internet users than a port 43 command line query.
The CoCCA SRS also allows any Internet user (or any user with a login to the SRS) to order a complete Historical Abstract delivered in an easy to understand pdf format.
Individuals may optionally subscribe to CoCCAʹs Premium WHOIS service, which provides them with:
* secure access to the SRS (via both a web-based port 443 GUI and read only EPP on port 700).
* the ability to perform a variety of boolean queries online in real-time and save the output to a CSV
* the ability to create ʺinterest listsʺ using java regular expressions where they receive EPP polling messages and emails if a domain is registered that contains a string of interest to them.
Established CERTʹs and law enforcement agencies may request, and will generally be granted, read only GUI and EPP access to the CoCCA SRS free of charge. Currently this access is granted to the Australian Government CERT, who under an MOU may share information with other CERTʹs and national and international law enforcement agencies.
23.10 DNS Security Extension (DNSSEC)
CoCCAʹs SRS DNSSEC implementation allows registrars to provision public key material via EPP and the GUI. Under an agreement between CoCCA and PCH, .tci TLD Keys are to be stored offline and signed using PCHʹs DNSSEC platform that replicates the security process, mechanisms and standards employed by ICANN in securing the ROOT of the DNS.
The CoCCA-PCH key storage implementation deviates from the ICANN model only by diversifying the locations of the secure sites such that two (2) of the three (3) sites are outside the United States. The Singapore facility is hosted by the National University of Singapore, on behalf of the Singaporean Infocomm Development Agency (IDA). The Swiss facility is hosted in Zurich by SWITCH, the Swiss national research and education network. The U.S. facility is hosted by PCH Equinix in San Jose.
The CoCCA SRS DNSSEC implementation complies with RFCʹs 4033, 4034, 4035, 5910, 4509, 4641 and 5155. Additional information on the DNSSEC implementation is available in the response to question 43.
23.11 Escrow Deposits
CoCCAʹs Registry Services include deposit of escrow data in the format and following the protocols set out in Specification Two. CoCCA currently deposits ccTLD data daily (in both the native CoCCA format and the draft arias-noguchi format) with both NCC group and CoCCA Data Escrow (NZ) Limited. CoCCA Data Escrow (NZ) Limited is a subsidiary and was established in 2009 to provide Failover Registry and escrow services to users of the CoCCA SRS who run the software locally on their own infrastructure.
As part of CoCCAʹs Registry Services and to ensure continuity of operations, CoCCA deposits all updates to the pamoja SRS source code with NCC, and daily VMware images of the production SRS with CoCCA Data Escrow Services (NZ) Limited. These same practices will be adopted for the .tci TLD when launched.
.tci SRS data will be deposited with NCC Group, CoCCA Data Escrow and ICANN. Additional information on Escrow is available the response to question 38.
23.12 Document Management
CoCCAʹs Registry Services include maintenance of documents related to intellectual property rights, complaints, identification of contacts, court orders etc. These documents are maintained in the SRS and become part of a domainʹs ( or contacts ) permanent history.
23.13 Support for Various Zone States
CoCCAʹs Registry Services support Sunrise, Rolling Sunrise, Land-rush and Open Registrations for a given zone. Each ʺStateʺ can be configured to match common policy options.
23.14 Accounting
CoCCAʹs Registry Serviceʹs includes a variety of standardized and add-hoc reports accessible to TLD administrators via the GUI. Standardized reports include one that complies with the requirements set out in Specification Three ʺFormat and Content for Registry Operator Monthly Reportingʺ.
23.15 Audit Trail
All SRS activity is logged and permanently archived, it can be easily retrieved via the GUI for law enforcement or complaint resolution. A ʺtime-machineʺ feature allows a user with appropriate rights to view the domain information as it existed on any given date and time. Information is never purged from the SRS, information on deleted domains, hosts, contacts can be easily extracted.
23.16 Monitoring
CoCCAʹs Registry Serviceʹs include statistics on and real-time monitoring of the primary NOC, CoCCAʹs DNS Servers, Escrow NOC (NZ) and failover NOC in Palo Alto California. Additional information is available in the answers to questions 24-42. Monitoring of the ISC and PCH anycast networks is done internally by those entities, with statistics and notices made available to CoCCA in near-real time. Where applicable and relevant monitoring information is made available to registrars by CoCCA via the SRS.
23.17 Maintenance of Failover Facilities
CoCCA Registry Services include maintenance of their geographically dispersed Escrow and Failover SRS facilities ( Auckland and Palo Alto, a third is planned for Paris in early 2013).
23.18 Complaint Resolution Service (CRS)
CoCCAʹs Registry Services include operating a ʺsingle deskʺ CRS to help resolve complaints, trigger Critical Issue Suspensions (ʺCISʺ) and enforce a Uniform Rapid Suspension (ʺURSʺ) request. Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. will bind all registrants in the .tci to the CoCCA CRS, Acceptable Use Policy and Privacy and RDDS Policy via the .tci Registrant Agreement (ʺRAʺ). CoCCAʹs front-line CRS services are a ʺroleʺ performed by CoCCAʹs 24⁄7⁄365 NOC Support.
23.19 Registrar Support
CoCCA Registry Services provides registrars with 24⁄7⁄365 support via email and their virtual manned Network Operations Center (NOC). The CoCCA NOC Support has staff Auckland, Sydney, Jonestown (Guyana) and Paris for around the clock coverage. CoCCA NOC Support all have access to the same cloud hosted monitoring and customer service applications as well as the SRS.
23.20 Security and Stability Audit
The pamoja SRS application is used to mange critical TLD infrastructure, each release is tested prior to release or deployment by CoCCA developers, developers and systems administrators at registries that deploy the application locally. Each major release is tested and audited by Yonita (http:⁄⁄yonita.com⁄).
CoCCA constantly reviews its SRS software and sites to ensure they meet or exceed best practices in the industry, regular external audits of the security policy and CoCCA NOC are planned commencing 2013. The CoCCA NOC and failover facilities will be independently tested twice a year to ensure compliance with the CoCCA security policy, where applicable recommendations included in a security audit will be swiftly implemented.
23.21 Operational Testing and Evaluation (OT&E) Environment
CoCCAʹs Registry Serviceʹs include the operation of an OT&E SRS that enables registrars to evaluate new versions and features of the SRS software before they are deployed by CoCCA in production. Any ICANN accredited registrar will be granted access to OT&E. Registrars not currently connected to the CoCCA SRS will be required by CoCCA to demonstrate competency in EPP and the .tci policies before being granted EPP or GUI access to CoCCAʹs production SRS.
23.22 Authorization Key Retrieval
CoCCAʹs Registry Serviceʹs include automated public retrieval of domain AuthCodes by the administrative contact via a port 443 web page. The Authorization Key facilitates expedited transfers from one registrar to another.
23.23 Public Drop - List
CoCCAʹs Registry Services include publication of drop-lists of domains that are pending purge via a port 443 web page and email reports to registrars.
23.24 Wildcard Brand Registrations
A mechanism thought to be unique to the CoCCA SRS that allows blocking registration of a domainʹs ʺvariantsʺ using java regular expressions. This requires approval and manual intervention on the part of CoCCA.
23.25 Co-operation with Law Enforcement and CERTs
CoCCA works with Law Enforcement, CERTs and researchers and will generally grant registry continuous access free of charge to facilitate two-way data exchanges aimed at preventing and mitigating abuse in the DNS.
There are no known security or stability issues with the CoCCAʹs SRS, PCHʹs DNSSEC platform or ISCʹs and PCHʹs anycast networks at this time. Should any be identified resources are available internally at CoCCA, PCH and ISC to swiftly address and resolve security or stability issues as they arise.
| gTLD | Full Legal Name | E-mail suffix | Detail | | .shia | Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. | gmail.com | View |
Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. has contracted CoCCA Registry Services (NZ) Limited (ʺCoCCAʺ) to provide hosted Registry Services for the .shia TLD. The .shia TLD will be added to CoCCAʹs existing production Shared Registry System (ʺSRSʺ). CoCCA will ensure redundant geographically diverse DNS resolution through propagation of the .shia zones on the Internet Software Consortium (ʺISCʺ), Packet Clearing House (ʺPCHʺ) anycast networks - and on CoCCA unicast servers.
CoCCA authors the internetʹs most widely used SRS registry system ( which has been branded ʺpamojaʺ for gTLD name spaces). ISC authors BIND and pioneered anycast technology, PCH has one of the internetʹs largest and longest running anycast networks. DNSSEC key storage and and signature will take place on the PCH DNSSEC platform, a platform developed for cccTLDʹs that mirrors the security and processes used by ICANN to secure the root.
The .shia TLD SRS data will be escrowed with both NCC Group and CoCCA subsidiary CoCCA Data Escrow Services (NZ) Limited.
23.1 About CoCCA
CoCCA has over nine years experience authoring open source registry software systems and providing TLD registry support services. CoCCA was originally incorporated in Australia in 2003 as CoCCA Registry Services Limited, in January 2009 CoCCA re-located to New Zealand and trades as CoCCA Registry Services (NZ) Limited. CoCCA is a privately held NZ company.
CoCCAʹs existing clients are governments and other managers of county code top level domains (ccTLDs). As of 31 March 2012, 33 national ccTLDs have selected CoCCAʹs SRS technology and⁄or services to help them manage their critical infrastructure. Several additional ccTLDs have committed to migrate to CoCCAʹs ʺpamojaʺ SRS in 2012 (pending the outcome of re-delegations). As many as 40 ccTLDs are thought to be using the pamoja SRS application, while CoCCA has formal relationships and support contracts with 33 TLDs, the exact number of users is hard to determine as the pamoja software is freely available for download from the internet. CoCCAʹs offers ccTLDs a perpetual royalty-free license to use and deploy the SRS software.
CoCCAʹs commercial model is based on delivering significant economies of scale to TLD managers, CoCCAʹs dominant market position in the ccTLD ecosystem - where the TLD string is generally considered critical infrastructure, ensures CoCCAʹs commercial viability and ongoing funding of R&D regardless of the success of a particular gTLD string (or group of gTLD strings) that select CoCCA as the Registry Services provider. CoCCAʹs technology is mature, field tested and their commercial model is solid and not dependent on new gTLDʹs.
The pamoja SRS can be used several ways, the application can be downloaded and installed locally by a TLD Sponsoring Organization (ʺSOʺ), or the SO can contract CoCCA to host either the primary or failover SRS at the CoCCA Network Operations Centre (ʺNOCʺ).
CoCCAʹs pamoja SRS is a freely available gTLD-compliant TLD database application based on the ʺCoCCA Toolsʺ open source ccTLD EPP registry system. The SRS licensing simplifies failover and transition planning as the source, data, and daily virtual machine images are to be placed into escrow enabling them to be migrated or re-deployed by a different entity without any SRS licensing issues. CoCCAʹs SRS is a ʹshrink-wrappedʺ application that can be installed on a single server in minutes or deployed in a High Availability (HA) configuration.
CoCCAʹs pamoja SRS is the most widely deployed, field-tested SRS in use today. CoCCAʹs SRS is a mature product that has grown organically over the past decade as new standards have been developed and published. It is doubtful any other Registry Services provider has accumulated CoCCAʹs level of experience operating multiple small to medium sized TLDs efficiently and securely.
CoCCAʹs pamoja SRS is currently used to run three (3) Arabic (IDN) TLDs and was selected by the Telecommunications Regulatory Authority in Egypt to launch the Internetʹs first IDN TLD (.masr) in 2010. The flexible package supports ASCII and IDN - including variants and folding where required.
23.2 Current pamoja SRS deployments
Key - | [P] CoCCA Operated Primary SRS |[F] CoCCA Failover SRS | [E] Escrow | [S] Software Only
.af | Afghanistan | Ministry of Communications and IT | [P] [F] [E]
.bi | Burundi | Centre National de lʹInformatique | [F] [E] [S]
.bw | Botswana | Botswana Telecoms Authority | [S] [F] [E]
.cm | Cameroon | Cameroon Telecommunications (CAMTEL)| [S]
.cx | Christmas Is. | Christmas Island Internet Administration Limited | [P] [F] [E]
.ec | Ecuador | NIC.EC (NICEC) S.A. | [S]
.eg | Egypt | Egyptian Universities Network (EUN) | [S]
xn--wgbh1c | Egypt IDN | National Telecommunication Regulatory Authority | [S]
.ge | Guernsey | Island Networks Ltd. | [S]
.gl | Greenland | TELE Greenland A⁄S | [S]
.gs | S. Georgia | Government of South Georgia | [P] [F] [E]
.gy | Guyana | University of Guyana | [P] [F] [E]
.ht | Haiti | Consortium FDS⁄RDDH | [P] [F] [E]
.hn | Honduras | Red de Desarrollo Sostenible Honduras* | [P] [F] [E]
.iq | Iraq | Communications Media Commission* | [S] [F] [E]
.je | Jersey | Island Networks (Jersey) Ltd. | [S]
.ki | Kiribati | Ministry of Communications | [P] [F] [E]
.ke | Kenya | Kenya Network Information Center (KeNIC) | [S]
.mg | Madagascar | NIC-MG (Network Information Center Madagascar) | [F] [E] [S]
.mu | Mauritius | Internet Direct Ltd | [P] [F] [E]
.ms | Montserrat | MNI Networks Ltd | [F] [E] [S]
.mz | Mozambique | Centro de Informatica de Universidade | [F] [E] [S]
.na | Namibia | Namibian Network Information Center | [F] [S]
.ng | Nigeria |Nigeria Internet Registration Association | [F] [E] [S]
.nf | Norfolk Is. | Norfolk Island Data Services | [P] [F] [E]
.pe | Peru | Red Cientifica Peruana | [S]
.sb | Solomon Is. | Solomon Telekom Company Limited | [P] [F] [E]
.sy | Syria | National Agency for Network Services | [S]
xn--ogbpf8fl ⁄ xn--mgbtf8fl | Syria IDN | National Agency for Network Services | [S]
.tl | Timor-Leste | Ministry of Infrastructure | [P] [F] [E]
.ps | Palestine | Ministry Of Telecommunications | [S]
xn--ygbi2ammx | Palestine IDN | Ministry Of Telecommunications
[S] .zm | Zambia | ZAMNET Communication Systems Ltd. | [F] [E] [S]
* Currently in the process of migrating away from Neustar (.iq) and Afflias (.hn)
23.3 CoCCAʹs Hosted SRS
Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. has confirmed with CoCCA their production experience and the availability of the Registry Services described briefly in sections 23.4-23.18 below - and in greater detail in the responses to questions 24-43. Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. and CoCCA understand elements of ICANNʹs TLD requirements will most likely be modified in the future. CoCCAʹs Registry Services will comply with future ICANN requirements or mandates.
23.4 Receipt of Data via the SRS EPP interface
Data from Registrars concerning the insertion and maintenance of records in the SRS may be processed either via the CoCCA EPP interface (XML over SSL on port 700) or manually via CoCCAʹs port 443 SSL web interface. CoCCA was an early adopter of the EPP standard and has operated an EPP based SRS for almost seven years.
The .shia TLD will be added to CoCCAʹs existing production SRS, which currently has 203 registrars connected. CoCCAʹs SRS has a single EPP interface for all hosted TLDs allowing registrars to share the same contact and host objects across multiple TLDS. The .shia TLD will only be made accessible to ICANN accredited registrars, many of which are currently connected to CoCCA for ccTLDs and using the EPP and GUI interface that the .shia TLD will be accessed via when launched.
CoCCAʹs pamoja EPP interface currently complies the IETF RFCʹs required by ICANN (5730-5734 and 3735) and is explained in more detail in the response to Question 25.
23.5 Receipt of Data via the SRS Graphical User Interface (ʺGUIʺ)
Registrars may insert and manage domain, contact and host records as well as the SRS accounting functions via a port 443 GUI. Registrars do not have to use the EPP interface on port 700. Records managed via the GUI connect to the SRS EPP engine on port 700 via background processes; this ensures rigorous conformity with the RFCʹs and consistency in auditing and maintenance of historical records.
23.6 Registrar Data Restrictions (Reserved Names)
Restrictions on what domains may be inserted and maintained by registrars is to be controlled by configuration of java regular expressions. In order to comply with the requirements set out in Specification 5 and any Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. policy. the .shia TLD will use three of pamojaʹs features as described below.
23.6.1 Prohibited Patterns. Domains that match patterns will be rejected with an EPP 2306 - Parameter Value Policy error, letting the registrar know that these domain names do not fit in with the registry policy for this zone.
23.6.2 Syntax Patterns. Certain strings, such as all-numeric names or single character names may be restricted. An EPP 2005 error - ʺParameter Value Syntax errorʺ will be returned to the EPP client, indicating that the name is invalid.
23.6.3 Approval Patterns. Names that match these patterns will not be rejected, but will be registered pending approval. Until they are approved, the name will not appear in the .shia zone files, and will not be able to be transferred, renewed or modified in any way by the registrar.
23.6.4 Both ASCII and non-ASCII contact details can stored and displayed via web-based WHOIS and command line WHOIS.
23.7 SRS GUI, Role-Based Access
The pamoja SRS GUI has numerous role-based logins described below. Several of these have been recently developed by CoCCA in response to ICANNʹs proposed gTLD requirements and are currently being used numerous ccTLD production environments.
Administrative Roles
* SRS Systems Administrator - Able to administer and configure the entire SRS system
* CERT ⁄ Law Enforcement - Able to view and query the SRS, but not alter records.
* TLD Administrator - Able to administer a TLD or group of TLDs
* TLD Viewer - Able to view but not alter records for a TLD or group of TLDs
* Zone Administrator - Able to administer a Stub Zone, or group of Stub Zones
* Zone Viewer - Able to view but not alter a Stub Zone, or group of Stub Zones
* Customer Service - Can perform tasks on behalf of a number of registrars
* Name Approver - Can approve names matching the Zone Approval Patterns
* CHIP Approver - Can approve domains registered with CHIP codes or other Trademarks.
Registrar Roles
* Registrar Master Account - Able to perform all registrar functions and create subordinate logins
* Registrar Technical - Able to modify domain details
* Registrar Helpdesk - Able to view domains and make various minor changes
* Registrar Finance - Able to view domains financial transactions and also edit financial data
* Registrar Finance - (Read Only) Same as above but view only.
Other Access Roles
* Premium WHOIS - Able to perform various queries in a SRS GUI and extract and save data to a CSV, also able to connect via the SRS EPP API for read-only query.
* Zone File Only - Able to login and request Zone Files
23.8 Zone File Dissemination ⁄ Resolution
The .shia will resolved by propagation of zone file data periodically extracted from the SRS, sent to PCH DNSSEC signing servers for signature, returned to CoCCA and then distributed by CoCCAʹs hidden master server to two redundant and independent anycast networks operated by Internet Software Consortium (ʺISCʺ | http:⁄⁄isc.org) and Packet Clearing House (ʺPCHʺ | http:⁄⁄pch.net) - as well as two (2) public unicast TLD servers operated by CoCCA.
The .shia will be resolved by a minimum of 80 geographically distributed resolvers, all of which run ISCʹs BIND and are configured such that they comply with relevant RFCʹs including 1034,1035, 1982, 2181, 2182, 2671, 3266, 3596, 3597, 3901, 4343 and 4472.
The PCH and ISC name servers employ IP-anycast technology for scalable geographic redundancy, strong defense from Denial of Service attacks, high quality of service, and give excellent (fast ) responses to geographically diverse Internet users. DNSSEC and IPv6 are already fully integrated into the PCH and ISC networks.
Registrars will able to continuously inspect the availability and status of each TLD server instance via the SRS GUI and other CoCCA WEB Sites. Should a TLD server be unreachable registrars are to be automatically notified (via email) and EPP polling messages. More detailed information is available in the responses to Questions 24-43.
23.9 Dissemination of Domain Related Information
The SRS public WHOIS server will answer for the .shia TLD on port 43 in accordance with RFC 3912 and the requirements set out Specification Four (4), 1.1-1.7 and Specification Ten (10), Section 4.
The CoCCA SRS features a public port 443, web-based RDDS interface that enables internet users to query and extract information which is at a minimum identical to that which is provided via the port 43 server but using technology that may be more convenient or accessible to many internet users than a port 43 command line query.
The CoCCA SRS also allows any Internet user (or any user with a login to the SRS) to order a complete Historical Abstract delivered in an easy to understand pdf format.
Individuals may optionally subscribe to CoCCAʹs Premium WHOIS service, which provides them with:
* secure access to the SRS (via both a web-based port 443 GUI and read only EPP on port 700).
* the ability to perform a variety of boolean queries online in real-time and save the output to a CSV
* the ability to create ʺinterest listsʺ using java regular expressions where they receive EPP polling messages and emails if a domain is registered that contains a string of interest to them.
Established CERTʹs and law enforcement agencies may request, and will generally be granted, read only GUI and EPP access to the CoCCA SRS free of charge. Currently this access is granted to the Australian Government CERT, who under an MOU may share information with other CERTʹs and national and international law enforcement agencies.
23.10 DNS Security Extension (DNSSEC)
CoCCAʹs SRS DNSSEC implementation allows registrars to provision public key material via EPP and the GUI. Under an agreement between CoCCA and PCH, .shia TLD Keys are to be stored offline and signed using PCHʹs DNSSEC platform that replicates the security process, mechanisms and standards employed by ICANN in securing the ROOT of the DNS.
The CoCCA-PCH key storage implementation deviates from the ICANN model only by diversifying the locations of the secure sites such that two (2) of the three (3) sites are outside the United States. The Singapore facility is hosted by the National University of Singapore, on behalf of the Singaporean Infocomm Development Agency (IDA). The Swiss facility is hosted in Zurich by SWITCH, the Swiss national research and education network. The U.S. facility is hosted by PCH Equinix in San Jose.
The CoCCA SRS DNSSEC implementation complies with RFCʹs 4033, 4034, 4035, 5910, 4509, 4641 and 5155. Additional information on the DNSSEC implementation is available in the response to question 43.
23.11 Escrow Deposits
CoCCAʹs Registry Services include deposit of escrow data in the format and following the protocols set out in Specification Two. CoCCA currently deposits ccTLD data daily (in both the native CoCCA format and the draft arias-noguchi format) with both NCC group and CoCCA Data Escrow (NZ) Limited. CoCCA Data Escrow (NZ) Limited is a subsidiary and was established in 2009 to provide Failover Registry and escrow services to users of the CoCCA SRS who run the software locally on their own infrastructure.
As part of CoCCAʹs Registry Services and to ensure continuity of operations, CoCCA deposits all updates to the pamoja SRS source code with NCC, and daily VMware images of the production SRS with CoCCA Data Escrow Services (NZ) Limited. These same practices will be adopted for the .shia TLD when launched.
.shia SRS data will be deposited with NCC Group, CoCCA Data Escrow and ICANN. Additional information on Escrow is available the response to question 38.
23.12 Document Management
CoCCAʹs Registry Services include maintenance of documents related to intellectual property rights, complaints, identification of contacts, court orders etc. These documents are maintained in the SRS and become part of a domainʹs ( or contacts ) permanent history.
23.13 Support for Various Zone States
CoCCAʹs Registry Services support Sunrise, Rolling Sunrise, Land-rush and Open Registrations for a given zone. Each ʺStateʺ can be configured to match common policy options.
23.14 Accounting
CoCCAʹs Registry Serviceʹs includes a variety of standardized and add-hoc reports accessible to TLD administrators via the GUI. Standardized reports include one that complies with the requirements set out in Specification Three ʺFormat and Content for Registry Operator Monthly Reportingʺ.
23.15 Audit Trail
All SRS activity is logged and permanently archived, it can be easily retrieved via the GUI for law enforcement or complaint resolution. A ʺtime-machineʺ feature allows a user with appropriate rights to view the domain information as it existed on any given date and time. Information is never purged from the SRS, information on deleted domains, hosts, contacts can be easily extracted.
23.16 Monitoring
CoCCAʹs Registry Serviceʹs include statistics on and real-time monitoring of the primary NOC, CoCCAʹs DNS Servers, Escrow NOC (NZ) and failover NOC in Palo Alto California. Additional information is available in the answers to questions 24-42. Monitoring of the ISC and PCH anycast networks is done internally by those entities, with statistics and notices made available to CoCCA in near-real time. Where applicable and relevant monitoring information is made available to registrars by CoCCA via the SRS.
23.17 Maintenance of Failover Facilities
CoCCA Registry Services include maintenance of their geographically dispersed Escrow and Failover SRS facilities ( Auckland and Palo Alto, a third is planned for Paris in early 2013).
23.18 Complaint Resolution Service (CRS)
CoCCAʹs Registry Services include operating a ʺsingle deskʺ CRS to help resolve complaints, trigger Critical Issue Suspensions (ʺCISʺ) and enforce a Uniform Rapid Suspension (ʺURSʺ) request. Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. will bind all registrants in the .shia to the CoCCA CRS, Acceptable Use Policy and Privacy and RDDS Policy via the .shia Registrant Agreement (ʺRAʺ). CoCCAʹs front-line CRS services are a ʺroleʺ performed by CoCCAʹs 24⁄7⁄365 NOC Support.
23.19 Registrar Support
CoCCA Registry Services provides registrars with 24⁄7⁄365 support via email and their virtual manned Network Operations Center (NOC). The CoCCA NOC Support has staff Auckland, Sydney, Jonestown (Guyana) and Paris for around the clock coverage. CoCCA NOC Support all have access to the same cloud hosted monitoring and customer service applications as well as the SRS.
23.20 Security and Stability Audit
The pamoja SRS application is used to mange critical TLD infrastructure, each release is tested prior to release or deployment by CoCCA developers, developers and systems administrators at registries that deploy the application locally. Each major release is tested and audited by Yonita (http:⁄⁄yonita.com⁄).
CoCCA constantly reviews its SRS software and sites to ensure they meet or exceed best practices in the industry, regular external audits of the security policy and CoCCA NOC are planned commencing 2013. The CoCCA NOC and failover facilities will be independently tested twice a year to ensure compliance with the CoCCA security policy, where applicable recommendations included in a security audit will be swiftly implemented.
23.21 Operational Testing and Evaluation (OT&E) Environment
CoCCAʹs Registry Serviceʹs include the operation of an OT&E SRS that enables registrars to evaluate new versions and features of the SRS software before they are deployed by CoCCA in production. Any ICANN accredited registrar will be granted access to OT&E. Registrars not currently connected to the CoCCA SRS will be required by CoCCA to demonstrate competency in EPP and the .shia policies before being granted EPP or GUI access to CoCCAʹs production SRS.
23.22 Authorization Key Retrieval
CoCCAʹs Registry Serviceʹs include automated public retrieval of domain AuthCodes by the administrative contact via a port 443 web page. The Authorization Key facilitates expedited transfers from one registrar to another.
23.23 Public Drop - List
CoCCAʹs Registry Services include publication of drop-lists of domains that are pending purge via a port 443 web page and email reports to registrars.
23.24 Wildcard Brand Registrations
A mechanism thought to be unique to the CoCCA SRS that allows blocking registration of a domainʹs ʺvariantsʺ using java regular expressions. This requires approval and manual intervention on the part of CoCCA.
23.25 Co-operation with Law Enforcement and CERTs
CoCCA works with Law Enforcement, CERTs and researchers and will generally grant registry continuous access free of charge to facilitate two-way data exchanges aimed at preventing and mitigating abuse in the DNS.
There are no known security or stability issues with the CoCCAʹs SRS, PCHʹs DNSSEC platform or ISCʹs and PCHʹs anycast networks at this time. Should any be identified resources are available internally at CoCCA, PCH and ISC to swiftly address and resolve security or stability issues as they arise.