23 Provide name and full description of all the Registry Services to be provided

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.SHOPGMO Registry, Inc.gmoregistry.comView

1. Overview

The registry operator plays a central role in a TLD’s ecosystem. As such, it is imperative that the registry operator provides a secure and robust set of services that serves the best interests of the community.

The following sections describe the complete set of registry services that shall be provided in the context of .shop. GMO Registry (the registry) expects that the registry services will pose no security or stability concern.


2. Provisioning and Management of Domain Names and Associated Objects (SRS)

GMO Registry provides two interfaces to registrars for registering and managing domain names, contacts and name servers in the SRS.


2.1 EPP Service

The Extensible Provisioning Protocol (EPP) interface is the industry standard communication protocol between registrar systems and the registry SRS. It allows registrars to integrate and automate domain provisioning operations into their online store front and internal systems.

GMO Registry provides a standards-compliant EPP service. In the interests of interoperability, it reuses as much as possible existing published extensions to achieve functionalities not specified in the core EPP standards. It is fully compliant with the following RFCs:

* RFC 5730: EPP Core Framework
* RFC 5731: EPP Domain Name Mapping
* RFC 5732: EPP Host Mapping
* RFC 5733: EPP Contact Mapping
* EPP 5734: EPP Transport over TCP⁄TLS
* RFC 5910: DNSSEC Mapping for EPP
* RFC 3915: Grace Period Mapping for EPP

In addition, GMO Registry adopts a modern EPP extension developed by Cloud Registry for dealing with launch processes typically seen in modern gTLD start up. The extension, named “EPP Launch Phase Mapping”〈http:⁄⁄tools.ietf.org⁄html⁄draft-tan-epp-launchphase-00〉, was developed in accordance with RFC 3735 (Guidelines for Extending EPP) and contributed to the IETF for community discussions with a view towards publication as an RFC.


2.2 Web Management Interface

While EPP covers the use cases involving computer-to-computer interactions, it is more convenient for human operators at a registrar to use a web-based application for ad hoc support and processes.

As such, GMO Registry provides a web-based management interface for registrars. It contains a subset of functionalities offered in EPP along with convenience features that facilitate human interaction.

2.2.1 Functions

Domain management
EPP commands: check, info, create, update, renew, restore, transfer, delete
Whois query - integrated screen for convenience
DNS query - integrated screen for convenience
Contact management
EPP commands: check, info, create, update, transfer, delete
Whois query - integrated screen for convenience
Host management
EPP commands: check, info, create, update, delete
Whois query - integrated screen for convenience
DNS query - integrated screen for convenience
Registrar account self-service management
view and update registrar contact information
password change


3. Dissemination of TLD Zone Files

3.1 DNS

DNS is a primary function of the registry operator, and is a public-facing service with a high risk profile due to abusive behaviors such as DDoS attacks, yet demands a rigorous SLA. As such, GMO Registry is committed to providing a secure, efficient and highly efficient DNS service to serve the Internet community.

GMO Registry publishes updates to the master unsigned DNS zone file asynchronously using TSIG (Transaction SIGnature, as defined by RFC 2845) based dynamic update (RFC 2136). DNSSEC signing of the zone file is done using a bump-in-the-wire methodology - i.e. a decoupled DNSSEC signing subsystem is responsible for turning the unsigned zone file into a signed one, managing keys and signatures. A FIPS 140-2 Level 3 validated hardware security module (HSM) will be used for safekeeping of keys. The GMO Registry DNSSEC solution shall be operated in accordance with best practices published in draft-ietf-dnsop-rfc4641bis and elsewhere.

GMO Registry shall provide a geographically diverse network of authoritative name servers for resolution of the TLD zone contents. GMO Registry engages the Internet Systems Consortium (ISC) for the use of their proven and already-deployed SNS@ISC service to provide a high performance, resilient and standards compliant worldwide IPv4+IPv6-anycast DNS resolution network.

The .shop zone will contain only contents as specified in Section 2.2.3.3 of the applicant guidebook, namely:
Apex SOA record
Apex NS records
In-bailiwick A and AAAA glue records for DNS servers of the TLD itself, as well as those of registered domains
DS records for registered names
DNSSEC-related records such as DNSKEY, RRSIG, NSEC3 and NSECPARAM

At least two of the .shop name server records registered at the root are dual-stacked, offering IPv6 anycast access globally.


4. Registration Data Publication Services

GMO Registry shall provide all registration data publication services in compliance with Specification 4 of the gTLD Agreement.

4.1 Registration Data Directory Services (Whois)

GMO Registry shall provide an RFC 3912-compliant Whois service on TCP port 43, served over IPv4 and IPv6. It supports domain, contact, host and registrar lookups.

A thin web-based front-end will also be provided over IPv4 and IPv6.

In order to curb abuse, both the port 43 and web-based channels will be rate-limited by IP address. In addition, the web-based channels will also require the use of visual and audio captcha.

A white-list of clients is maintained by the registry to provide a mean for bypassing the above protection mechanisms. Entities with legitimate reasons to access the Whois service in an unrestricted manner may request for inclusion in the white-list. In general, law enforcement agencies, security researchers and internal registry staff or systems are the categories of entities that are eligible to be white-listed.

4.2 Zone File Access

GMO Registry will provide access to zone files adhering to the format specified in Section 2.1.4, Specification 4 of the gTLD Agreement. Provisioning of account credentials used for accessing the zone files will be done in cooperation with the Centralized Zone Data Access Provider (“CDZA Provider”). Bulk access to the zone files will also be provided to ICANN and its designee including emergency operators designated by ICANN, on a continuous basis.

The Zone File Access service will be provided through a secure HTTPS (HTTP over SSL⁄TLS) interface. Access control is enforced by the use of IP-based access control list and HTTP Basic Authentication (RFC 2617). All access attempts are logged along the client source IP address and requested resources. All failure attempts are alerted. Failure attempts that correspond to an existing account will be recorded, and will result in an automatic account lock-out if the number of failure attempts exceed a configurable threshold. Locked accounts must be manually reset by registry staff upon verified out-of-band request by the account holder.

4.3 Bulk Registration Data Access by ICANN

GMO Registry will provide ICANN periodic access to thin registration data, and exceptional access to thick registration data, as specified in Section 3, Specification 4 of the gTLD Agreement. The registration data files are available for download by ICANN using the SFTP protocol using public key authentication, or any other protocols as required by ICANN. The service will be firewalled to only allow ICANN-nominated IP addresses.


5. Registry Data Escrow

Whilst not a service offered to the general public, GMO Registry recognizes that registry data escrow is a mandatory registry data publication function that must be implemented by all gTLD registries. GMO Registry shall comply with all requirements set forth in Specification 2 of the gTLD Agreement. Details on GMO Registry’s implementation of data escrow are supplied in the answers to Question 38.


6. DNSSEC
The .shop zone will be signed and fully validatable and operational at the time of launch. In particular, GMO Registry will arrange to have the DS records corresponding to the zone KSK published at the root beforehand, and all procedures in place for the ongoing operations of the signed zone thereafter.

DNSSEC will be fully supported in the provisioning interfaces (EPP and Web Management Interface) allowing registrars to manage DS records. Provisioning of DNSSEC-related data over EPP is fully compliant with RFC 5910.


7. Internationalized Domain Name (IDN)

GMO Registry plans to offer registration of second level IDN labels at launch, making the following language(s) available:

- Japanese (tag: ja)

The GMO Registry IDN implementation is fully compliant with the IDNA 2008 suite of standards (RFC 5890, 5891, 5892 and 5893) as well as the ICANN Guidelines for the Implementation of IDN Version 3.0 〈http:⁄⁄www.icann.org⁄en⁄resources⁄idn⁄implementation-guidelines〉. To ensure stability and security, GMO Registry has adopted a conservative approach in its IDN registration policies as well as technical implementation.

All IDN registrations must be requested using the A-label form, and accompanied by an RFC 5646 language tag identifying the corresponding language table published by the registry. The candidate A-label is processed according to the registration protocol as specified in Section 4 of RFC 5891, with full U-label validation. Specifically, the “Registry Restrictions” steps specified in Section 4.3 of RFC 5891 are implemented by validating the U-label against the identified language table to ensure that the set of characters in the U-label is a proper subset of the character repertoire listed in the language table.


8. Policies

8.1 Grace periods

GMO Registry implements the following customary grace periods and associated policies commonly provided in gTLDs:

Add Grace Period (AGP)
Renew⁄Extend Grace Period (REGP)
Auto-Renew Grace Period (ARGP)
Transfer Grace Period (TGP)
Redemption Grace Period (RGP)

Details are described in Question 27 “Registration Lifecycle”.

8.2 Consensus Policies
GMO Registry recognizes that an ICANN accredited registry operator must comply with all of the consensus policies listed at 〈http:⁄⁄www.icann.org⁄en⁄general⁄consensus-policies.htm〉 and any temporary policies that may be ratified by the community from time to time.

GMO Registry will fully support the following consensus policies that relate to ongoing registry operations:
Inter Registrar Transfer Policy
AGP Limits
Registry Services Evaluation Policy

GMO Registry supports the name registration policies that are principal responsibilities of ICANN accredited registrars. These include:
Uniform Domain Name Dispute Resolution Policy
Whois Marketing Restriction Policy
Restored Names Accuracy Policy
Expired Domain Deletion Policy
Whois Data Reminder Policy


9. Rights Protection Services

GMO Registry will support all mandatory rights protection mechanisms required by Article 2, Section 2.8 of the ICANN New gTLD Agreement and implement policies and process for initial and ongoing protection of the legal rights of third parties. The registry will employ the services of the ICANN-appointed Trademark Clearinghouse to support its rights protection mechanisms (RPMs). The registry will offer a sunrise service during pre-launch, as well as Trademark Claims service in conjunction with the general availability phase. In addition, the registry will fully support the Uniform Suspension System (URS), including the implementation of determinations issued by URS examiners.

Similar gTLD applications: (26)

gTLDFull Legal NameE-mail suffixzDetail
.SHOPGMO Registry, Inc.gmoregistry.com-2.24Compare
.MAILGMO Registry, Inc.gmoregistry.com-2.18Compare
.TOKYOGMO Registry, Inc.gmoregistry.com-2.18Compare
.nagoyaGMO Registry, Inc.gmoregistry.com-2.18Compare
.yokohamaGMO Registry, Inc.gmoregistry.com-2.18Compare
.INCGMO Registry, Inc.gmoregistry.com-2.18Compare
.osakaGMO Registry, Inc.gmoregistry.com-2.18Compare
.otsukaOtsuka Holdings Co., Ltd.otsuka.jp-2.17Compare
.GGEEGMO Internet, Inc.gmoregistry.com-2.17Compare
.nhkJapan Broadcasting Corporation (NHK)internet.nhk.or.jp-2.17Compare
.konamiKONAMI CORPORATIONkonami.com-2.17Compare
.toshibaTOSHIBA Corporationgmoregistry.com-2.17Compare
.suzukiSUZUKI MOTOR CORPORATIONgmoregistry.com-2.17Compare
.hitachiHitachi, Ltd.hitachi.com-2.17Compare
.datsunNISSAN MOTOR CO., LTD.thomsonbrandy.jp-2.17Compare
.greeGREE, Inc.gmoregistry.com-2.17Compare
.infinitiNISSAN MOTOR CO., LTD.thomsonbrandy.jp-2.17Compare
.nissanNISSAN MOTOR CO., LTD.thomsonbrandy.jp-2.17Compare
.mtpcMitsubishi Tanabe Pharma Corporationgmoregistry.com-2.17Compare
.GMOGMO Internet, Inc.gmoregistry.com-2.17Compare
.kddiKDDI CORPORATIONgmoregistry.com-2.17Compare
.DNPDai Nippon Printing Co., Ltd.mail.dnp.co.jp-2.17Compare
.sharpSharp Corporationgmoregistry.com-2.17Compare
.canonCanon Inc.web.canon.co.jp-2.16Compare
.ryukyuBusinessRalliart inc.gmoregistry.com-2.09Compare
.okinawaBusinessRalliart inc.gmoregistry.com-2.09Compare