ICANN New gTLD Application

18b.1 The goals of ʺ.信息ʺ in terms of areas of specialty, service levels and reputation are as following:

18b.1.1 Areas of specialty

ʺ.信息ʺ is a string commonly used by Chinese language users in the information age with multiple meanings such as news report, information, data, knowledge and learning. The ʺ.信息ʺ domain name can well serve enterprises, agencies, organizations and individuals that provide Chinese language information services, and make Chinese network information service interface accessible to global Chinese language users.

Beijing Tele-info Network Technology Co., Ltd. (ʺTele-info Ltd.ʺ) applies for the status of the registry of ʺ.信息ʺ under the full support of China Academy of Telecommunications Research (CATR) of MIIT, dedicating to the optimization of local information service and carrying forward the innovation of the information service industry. CATR has been continuously conducting highly effective work in such aspects as the study of national decision on information consultation services, the formulation of Information Communication Technology (ICT) standards and industry norms, the facilitation of the conversion of the achievements of information technology and the promotion of the applications thereof. In addition, as a key member of the Internet Society of China and Chinese language Internet community, CATR, with other stakeholders in the Community, has been vigorously promoting the spread and application of Internet in China, contributing to the development of Chinese domains and enhancing international cooperation in the positive way. CATR also have won unanimous affirmation from the Chinese language community as an independent observer within the Chinese Domain Name Consortium (CDNC).

Tele-infoʹs application for ʺ.信息ʺ has received recognition and support from many organizations in the Chinese language community, including CATR, the Internet Society of China, CNNIC (the registry of .CN), HiChina (the largest registrar in China), China Telecom, China Mobile, China Unicom(the Top three ISPs in China) and Baidu (Chinaʹs top Internet enterprise).

18b.1.2 Service levels
(1) Tele-info Ltd. will implement much stricter Service Level Agreements (SLAs) than requirement of ICANN in order to minimize unscheduled down time due to maintenance. More importantly, the back-end registry operator CNNIC will provide for redundancy of mechanisms to prevent outages and near real time updates to critical services, such as WHOIS and zone file generation for registrar transactions.
(2) Tele-info Ltd. will retain CNNIC to establish a 7*24H customer service and complaint center for registrars, registrants and the general Internet community with overall satisfaction rate exceeding 90% with respect to the survey of registrants and registrars conducted by the third party.

18b.1.3 Reputation
(1) ʺ.信息ʺ will be the first truly global Chinese gTLD in the DNS, satisfying the demand from global Chinese language information service entities for a Chinese string that is not constrained by limited geographic applicability;
(2) Tele-info Ltd. is expected to provide all registrars with a fair competition platform, and will also provide more transparency for registrars and the public at large, while at the same time protecting privacy interests;
(3) Tele-info Ltd. will continuously endeavor to maintain its image and reputation of being a secure and reliable domain by retaining CNNIC to employ such measures as registrant information authentication, comprehensive trademark protection mechanism and information security management.

18b.2 ʺ.信息ʺ will add to the current space, in terms of competition, differentiation, and innovation:

18b.2.1 Differentiation with Existing TLDs
(1)ʺ.信息ʺ will differentiate itself with existing ASCII TLDs. As most of the high value domain names in the incumbent TLDs which are short and easy to memorize have been registered, users have to pay high cost to obtain domain names that exactly match the names of their brands and products. In contrast, as a new gTLD with a larger space for innovation, ʺ.信息ʺ in full compliance with the naming convention of Chinese languages information services products, will help the registrants to expand their brand identity among Chinese consumers.
(2)ʺ.信息ʺ is also different from such IDN ccTLDs as ʺ.中国ʺ and ʺ.香港ʺ, for it is specialized in serving global ICT industry without obvious restriction by territory. ʺ.信息ʺ, is intended to cover all the Chinese language community, serve as a global identification for such category of organizations and products, and facilitate many of their innovative applications such as Chinese language portal websites of Internet service provider and Internet content provider, Chinese market information outlets for overseas organizations, Chinese information navigation and other Chinese language applications.

18b.2.2 Enhanced Competition in Domain Name Services
(1) The introduction of ʺ.信息ʺ will foster competition between ʺ.信息ʺ registry and the existing TLD registry operators. Such competition will benefit consumers as it will encourage all registries including other potential registries to offer better services and more favorable and competitive prices;
(2) In order to ensure that all contracted registrars participate in domain name competition in a fair manner, Tele-info Ltd. will stay neutral and not discriminate or bias against any domain name registrars as required by ICANN, maintain equality in the provision of information, policies, technical assistance and prices for all registrars.

18b.2.3 Support for Internet Innovation
(1) ʺ.信息ʺ will expand and diversify the global reach of the DNS, which will make it very convenient for entities within ICT industry to register Chinese domain names that exactly match their Chinese trademarks and brands, thus avoiding the problem of confusion caused by alphabetical names;
(2) Tele-info Ltd. attempt to establish technically feasible solutions thus assuring operational stability, while at the same time providing innovative improvement to the current system thus offering continuous enhancing registry services;
(3) Tele-info Ltd. will endeavor to promote products suitable for ICT industry registrants in support of Chinese domain name innovation application including Chinese Email services, Location Based Searching Engines, Social Network and Mobile Applications and actively encourage cooperation with software and mobile application vendors to drive the development of rising Chinese TLDs;

18b.3 The goals of ʺ.信息ʺ in terms of user experience are as following:

The goals of ʺ.信息ʺ in terms of user experience are:
(1) ʺ.信息ʺ will be made available to providers of Chinese information and applications throughout the world, help them protect Chinese trademarks and brand names in a more effective manner, and expand their business in the Chinese language community efficiently;
(2) ʺ.信息ʺ services will be provided in strict compliance with policies on domain name abuse prevention and right protection, and reasonable domain name monitoring will be conducted to control the percentage of abusive domain name registration under 3%;
(3) ʺ.信息ʺ services will guarantee the service levels of DNS, SRS and WHOIS and ensure business continuity by conducting active network improvement and taking effective operation monitoring measures;
(4) ʺ.信息ʺ services will be provided in a strictly neutral manner without discriminating or biasing against any domain name registrar or registrant, and timely customer services will be rendered by experienced working staff from CNNIC and effective complaint mechanism will be put in place to increase the level of satisfaction with services.

18b.4 Provide a complete description of the applicantʹs intended registration policies in support of the goals listed above.

18b.4.1 Naming Conventions for ʺ.信息ʺ Domain Names
(1) ʺ.信息ʺ will abide by full Internet standards regarding naming and reserved names, including RFC 1034, RFC 1123, RFC 2606, and RFC 2352, RFC3743 and RFC4713. Its URL form will be 〈registrant-defined prefix〉.〈domain name〉.〈gTLD〉.
(2) Applicant are allowed to register second-level ʺ.信息ʺ domain names comprised of simplified or traditional Chinese characters, ASCII letters a-z, digits 0-9 or hyphen ʺ-ʺ. A domain name may contain up to 20 Chinese characters.(Note: Our policy will mandate that when an internationalized domain label (IDL) is registered, all variant IDLs in the IDL package are unavailable to other name holders. In addition to the registered IDL, the registry will activate Simplified whole string and Traditional whole string IDLs to the same registrant⁄applicant for free.)
(3) Single character or two character ASCII domain names will be reserved for application initially;
(4) Hyphen ʺ-ʺ may not be placed at the beginning or end;
(5) Hyphen ʺ-ʺ may not be placed at the third or fourth place, with exception to valid a-label.
(6) Names that contain other contents prohibited by laws of P.R. China and ICANNʹs regulations will not be allowed to be registered.

18b4.2. Registrants

ʺ.信息ʺ registration applicants are divided into two categories: Organizational Registrant and Natural Person Registrant. Organizational registrants which represent an enterprise, shall be organizations registered under the laws of the country where the applicant is located and capable of undertaking civil liabilities. Natural Person registrant shall be all individual human-being.

ʺ.信息ʺ registrars shall strictly review the identity certificate submitted by registration applicants, and decline applications with incoherent information on the application form, so as to ensure the authenticity and accuracy of registration records in the WHOIS.

18b4.3 Registrars

Tele-info Ltd. will offer all registrars that are accredited by ICANN pursuant to the ICANN Registrar Accreditation Agreement (ʺRAAʺ) the opportunity to register domain names in the proposed gTLD. Tele-info Ltd. will not restrict the number of qualifying registrars that may register names in the proposed gTLD and will treat all qualifying registrars equally.

18b4.3.1 Registrar License Agreement

Any registrars seeking to register domain names in the proposed gTLD will be required to execute a Registry-Registrar Agreement (ʺRRAʺ), which will govern the relationship between the registrar and Tele-info Ltd..

The RRA will enable Tele-info Ltd. to reject registration requests from a registrar that is not in compliance with the RAA or any “.信息” registration policy (refer to Question 28). Tele-info Ltd. will continue to reject such requests until the registrar ceases its non-compliance.

18b 4.4 Rights Protection Mechanism of ʺ.信息ʺ Domain
Based on the rules of China and applicable provisions of ICANN, Tele-info Ltd. will, set rights protection mechanism to the following four aspects:
(1) Setting up a Sunrise Period 30 working days before the official launch of ʺ.信息ʺ.（See Question 29 for details）
(2) Providing Trademark Claims service for all trademarks included in the Trademark Clearing House within 60 days upon making available for general application（See Question 29 for details）.
(3) For the purpose of protecting the legitimate rights and interests of the general public and preventing domain name abuse, Tele-info Ltd. will attain CNNIC to provide registration pre-screening and determine whether the domain names applied and the registration information violate the provisions of ʺManagment Provisions on Internet Domain Name of Peopleʹs Republic of Chinaʺ (please refer to http:⁄⁄www1.cnnic.cn⁄html⁄Dir⁄2005⁄03⁄24⁄2861.htm).
(4) Precluding a registrar from registering additional domain names in the gTLD in the event that the registrar violates any of the provisions contained in this section regarding the protection of intellectual property.
(5)Including provisions in the RRA requiring registrars to abide by the decisions of the UDRP agents and any court of proper jurisdiction, but it shall not be responsible for making determinations regarding intellectual property rights. Tele-info Ltd. will also regulate itself in accordance with Registry Restrictions Dispute Resolution Procedure (RRDRP) and other applicable policies on dispute resolution in case of any dispute against Tele-info Ltd..

18b.4.5 Domain name transfer, update and cancellation
Registrars may only accept transfer requests from individuals with apparent authority to legally bind the registrant. Tele-info Ltd. intends to streamline this process by implementing a system under which only those with the necessary user name and password and personal identification will be able to request or authorize a transfer. By implementing a user name and password system, Tele-info Ltd. will ensure that the individual requesting the transfer is authorized to make the transfer.

In terms of domain name records update and cancellation, such operation is to be confirmed upon verification of the user name and password. Domain name registrars shall, within 3 working days upon receiving applications filed by domain name registrants for the domain name records update or cancellation, submit the applications to Tele-info Ltd. for further verification. Without domain name holdersʹ consent, domain name registrars may not conduct such operations as update or cancellation of domain name registration.

18b.4.6 Dispute resolution

Tele-info Ltd. will follow ICANNʹs policies with respect to dispute resolution, including adoption of the Uniform Dispute Resolution Policy, and cooperation with Uniform Rapid Suspension System as the same may be amended from time.

All registrars shall take necessary measures during the period of domain name dispute resolution to ensure that the domain name involved is not cancelled or transferred, and shall take further steps with respect to the domain name in a timely manner upon receiving the judgment on the dispute.

18b.4.7 Billing and Collection

In order to combat domain tasting, and in accordance with current ICANN policy including the RAA, the registrars shall charge the domain name holder for operation of the domain name. If a registrar does not receive payment for a domain name registration within forty five days after the payment becomes due, then the registrar will be obligated to cancel the registration and return the domain name to the general registry pool of available names.

18b.5 Protection for the Privacy or Confidential Information of Registrants or Users

Tele-info Ltd., must maintain the trust of the registrars and the consumers. Therefore, Tele-info Ltd. will not market, in any way, the registrant information obtained from registrars for purposes of running the registry, nor will it share that data with any unrelated third parties. Tele-info Ltd. and the back end registry provider CNNIC will only have access to such data as is necessary for operation of the registry itself and will use that data only for registry operation.

Tele-info Ltd. will provide registrars with a mechanism for accessing and correcting personal data and will take reasonable steps to protect personal data from loss, misuse, unauthorized disclosure, alteration or destruction. To further secure registrant data, each registrant will have a secure password for the registry records. Moreover all registrars will be required to abide by all applicable international, national, and local laws.

18b.5.1 WHOIS and Privacy Policy

Tele-info Ltd. will require registrars and registry to post privacy policies that provide clear and complete notice to registrants of the type of data that will be collected and maintained by the registry, the use of such data in operating the registry service, and the registrantʹs rights to access and correct data maintained by the registry. Clear consent to such data practices will be a prerequisite to the submission of a domain name registration request. Tele-info Ltd. itself will not use the WHOIS service to send unsolicited e-mail to registrants, to solicit registrants by telephone, or to otherwise engage in unauthorized uses of their data.

18b.5. 2 Bulk Access Provisions

ʺ.信息ʺ WHOIS system will also provide interested third parties with bulk access to the full WHOIS database on a subscription basis in a machine-readable format. Bulk access will provide intellectual property owners with the ability to more effectively police their marks while reducing the load on the core WHOIS system.

Tele-info Ltd., via the registrars, will require any bulk access customer to enter into an agreement prohibiting the customer from using the WHOIS database to send unsolicited e-mail to registrants, solicit them by telephone or use the database for other such commercial purposes.

18b.5.3 Database Security

ʺ.信息ʺ WHOIS database only allows query operations and does not allow such operations as writing-in, modification and deletion. Special network segment will be set for the database to isolate the WHOIS information query database from the network of the registration system, and strict systematic access control and employee supervision will also be conducted.

18b.6 Describe whether and in what ways outreach and communications will help to achieve your projected benefits.

18b.6.1 Overview

To achieve our projected benefits described in 18.a and 18.b, Tele-info Ltd. is obliged to conduct a series of outreach communication as following:

18b.6.2 Timing and Publicity Schedule
(1) Start-Up Period: During one year in advance of the actual launch of registration, Tele-info Ltd. will condition the marketplace and build brand awareness.
(2) Sunrise Period: Sunrise Period will be launched after the start-up period, which is 30 days before general availability period.
(3) Land Rush Period: Land Rush Period will follow the sunrise period and is estimated to last for 60 days;
(4) Follow-up Period: Follow-up period will be after initial launch of normal registration services.

18b.6.3 Communication Effectiveness

18b.6.3.1 Start-up period

Tele-info Ltd. expects that it will license over 40 ICANN accredited registrars covering major Chinese language user communities in Asia, North America, Europe, Oceania and Latin America. Followed up cooperation will be discussed in this period.

Meanwhile strategic alliance with other corporation including MIIT, Internet Society of China, CATR branches, 12321 Center, TMCH Provider and other ICANN designated parties will also be made in this period for further cooperation on the operation of ʺ.信息ʺ.

18b.6.3.2 Sunrise Period

Tele-info Ltd. will implement a Sunrise Period to permit owners of subsisting trademark registrations to register their trademark as a domain name, using both ASCII and Chinese characters. Tele-info Ltd. will make all policy decisions and process details transparent through published articles and speaking engagements in advance.

18b.6.3.3 Land Rush Period

Tele-info Ltd. will launch an advertising campaign to secure coverage in mass media and trade media to reach both the individual Internet user and the business community. Regional events will be staged to create maximum awareness and acceptance of ʺ.信息ʺ.

18b.6.3. 4 Follow-up periods

After ʺ.信息ʺ passes through the Land Rush Period and enters into normal operation, Tele-info Ltd. will, through feedback from the market, gradually consolidate the brand image of the ʺ.信息ʺ domain name in a subtle way and win trust and acknowledgment of users. Particularly, it is especially important in the follow-up period to cooperate with registrars to build long-term domain name sales and host promotion activities. Tele-info Ltd. stated goal is to achieve 100% participation from accredited registrars.

18c.1 Definition and category of social costs
 
ʺ.信息ʺ will mainly be used within the Chinese language community, where a majority of the registrants is predicted as emerging small and medium-sized information industry players in developing countries. Therefore, it would be difficult to achieve the targets of ʺ.信息ʺ  if the social costs are too high. To achieve the goals of ʺ.信息ʺ , Beijing Tele-info Network Technology Co., Ltd. (“Tele-info Ltd.”) will minimize the following time or financial resource costs of registrants, registrars and end-users via policies and measures on ʺ.信息ʺ  as far as possible. As predicted by Tele-info Ltd., the operation of ʺ.信息ʺ  will mainly produce the following costs:

18c.1.1For registrants:
	(1)costs for the registration of ʺ.信息ʺ  domain names 
	(2)costs for the renewal of ʺ.信息ʺ  domain names
	(3)costs for trademark infringement dispute or defensive registration 
	(4)additional advertising costs incurred from the promotion of ʺ.信息ʺ  domain names

18c.1.2For registrars:
	(1) payment to the registry
	(2)costs for the promotion and marketing of ʺ.信息ʺ  domain names
	(3)costs for the operation and maintenance of ʺ.信息ʺ  registration services

18c.1.3For end-users:
	(1)time costs for searching, inputting and memorizing the ʺ.信息ʺ  domain names
	(2)losses incurred to the consumer as a result of ʺ.信息ʺ  domain name abuse

18c.2 Policies on ʺ.信息ʺ to minimize social costs

18c.2.1 For registrants:

18c.2.1.1 Reasonable prices of registration will be provided
	(1)A reasonable uniform price for registration and renewal will be formulated in the contractual terms for ʺ.信息ʺ  based on its market demand and operating costs (see Question 46 for details), and the prices will be maintained stable to compete fairly with other TLDs, so as to ensure that registrants, especially those with relatively weak economic capability are able to register the ʺ.信息ʺ  domain names.
	(2)As the registration of ʺ.信息ʺ increases, the unit operating cost for every domain will keep decreasing, and Tele-info Ltd. will, based on the decrease in its operating costs, adjust the prices accordingly, and thereafter provide each ICANN accredited registrar that has executed registry-registrar agreement for ʺ.信息ʺ  advance notice of any price change;
	(3)During ordinary registration period, except sunrise and Land Rush period, Tele-info Ltd. will handle multiple applications for the same name on the basis of first-come⁄first serve to effectively reduce the bidding costs spent by registrants and enable more small and medium-sized enterprises to obtain high value domain names with relatively lower prices;
	(4)Tele-info Ltd. forbids registrars to register domain names with false information, occupy domain name resources in a disguised form or drive up domain name prices;
        (5) The Chinese internationalized domain label(IDL) and itʹs variants labels are mandated to be belong to the same registrant⁄applicant, and the Simplified and Traditional Chinese forms of the applied-for should be resolvable simultaneously or non-resolvable at all in ʺ.信息ʺ  domain. Tele-info Ltd.’s policy will mandate that when an IDL is registered, all variant IDLs in the IDL package are unavailable to other name holders. In addition to the registered IDL, the registry will activate Simplified and Traditional whole string IDLs to the same registrant⁄applicant for free.

18c.2.1.2 Costs for the renewal of domain names will be effectively reduced
	(1) Registrants, at their own discretion, can choose registration term from 1 year to 10 years (maximum 10 years) and renew their registration based on their own will, and will provide in its agreement with registrars that to buy or sell under coercion, sale with treats or selling bundled services on the part of registrars are prohibited;
	(2) At the initial operating period of ʺ.信息ʺ , incentive measures will be taken to encourage new registrants to register ʺ.信息ʺ  for a longer term of registration; Newly registrants will be provided certain term of registration period for free depending on the length of registration period, so as to expedite the popularization and lower the costs of domain names;
	(3) Tele-info Ltd. customer service group will conduct monitoring over consumersʹ renewal of domain names, investigate cases where renewal fails to take place, or fake renewal notice and make improvement in services to the point in cooperation with registrars to make it more convenient for consumers to renew their domain names or change registrar and reduce costs for registrants;

18c.2.1.3 Trademark rights will be fully guaranteed and costs for domain name dispute will be reduced
 	(1) A Sunrise Period of 30 days will be launched in accordance with relevant policies of ICANN on Trademark Clearing House(TMCH) to allow right holders who have registered trademarks in TMCH to register ʺ.信息ʺ domain names with priority; Trademark Claim Service will be provided 60 days as of the launch of the Sunrise Period for applications for the registration of domain names that match with corresponding trademarks, so as to allow trademark holders to protect their trademark rights through registration and reduce costs resulting from domain name disputes;
	(2) The UDRP, Post Delegation Dispute Resolution Procedure(PDDRP) and Registry Restriction Dispute Resolution Procedure (RRDRP) and relevant Uniform Rapid Suspension Policies will be abided by in respect of ʺ.信息ʺ . In addition, accessibility of 99% information in the Whois database will be assured so that domain name abuse and dispute under ʺ.信息ʺ  can be resolved in a timely manner and that losses incurred to domain name holders as a result of domain name abuse and trademark infringement can be reduced to the greatest extent possible;
	(3) Efforts will be made to introduce to registrants innovative applications of the Chinese ʺ.信息ʺ  domain name, enable consumers to get to know the use value of Chinese domain names, increase the level of activity of domain names, reduce investments in domain name registration purely for defensive purposes, and upgrade the practical value of domain names;
	(4)Tele-info Ltd. will undertake to treat all registrants equally, and except for domain names pre-reserved or restricted from registration as prescribed by national laws and relevant provisions of ICANN for they are in relation with geographical names or the names of international organizations involving public power, all holders of trademark rights will be entitled to the same registration right; 

18c.2.1.4 Costs for the promotion of domain names will be reduced
 	(1) ʺ.信息ʺ  supports various combinations of Chinese characters, and a ʺ.信息ʺ  domain name can be made exactly match the Chinese name of a corresponding organization, which makes it convenient for consumers to read and memorize, improves effectiveness in the publicity of the name of the organization, and makes it easy for itself to be accepted by most of the Chinese language end-users without too much costs;
 	(2) Tele-info Ltd. will reinforce in its publicity plans the promotion of typical cases of the application of ʺ.信息ʺ  domain names and boost publicity among registrants from sideways, and concurrently increase acceptance of Chinese domain names by consumers to save publicity costs;

18c.2.2 For registrars:

18c.2.2.1.Tele-info Ltd. will reduce the costs to be paid by registrars to registries to the greatest extent possible
	(1)Tele-info Ltd. will provide all registrars accredited by ICANN with uniform policies on prices, preferential treatments and discounts to ensure that registrars can engage in fair competition;
 	(2)the pricing of ʺ.信息ʺ  domain names in registrars is relatively low as compared to other IDNs of the same category, therefore there is a room with competitive advantage for surrendering part of the profits on the part of the registrars;

18c.2.2.2 costs for the promotion and marketing of ʺ.信息ʺ 
	(1)Tele-info Ltd. will be engaged in active cooperation with registrars in carrying out diversified marketing activities, including advertising and news release, and designate staffs to attend sales conferences organized by registrars and promote their sale;
	(2)Tele-info Ltd. will support registrars with a specifically allocated marketing fund for ʺ.信息ʺ  to develop markets especially in areas with a relatively low internet penetration rate and stimulate the practical use of the DNS system and Chinese domain names throughout the world;

18c.2.2.3 costs for the operation of ʺ.信息ʺ 
	(1)Registrars will not be charged with any certification cost, and any registrar that qualifies for the provision of ʺ.信息ʺ  registration services may apply to become a ʺ.信息ʺ  registrar;
	(2)The back end registry provider CNNIC will provide relatively mature registrar support staffs and secure and reliable registration service platform and client which are ready to help registrars to establish ʺ.信息ʺ  domain name registration services with the lowest costs;

18c.2.3.For end-users:

18c.2.3.1 costs for searching, inputting and memorizing the ʺ.信息ʺ  domain name will be reduced

     (1)With the efforts of Tele-info Ltd. and the Chinese language community, currently most of the browsers and application vendors support the input of Chinese domain names, which has reduced costs resulting from incompatibility;
     (2)Tele-info Ltd. is also actively cooperating with CNNIC to involve software vendors especially mobile software vendors including Chinese language search engines as Baidu to include Chinese domain names in the search results and make it convenient for consumers to accept Chinese domain names;
     (3) The form of the ʺ.信息ʺ  domain name also fit neatly with the reading and memory habits of Chinese language users and reduces additional time costs incurred from domain name confusion.

18c.2.3.2 Losses resulting domain name abuse will be reduced
 
     (1) The back end registry provider CNNICʹs experience will be utilized to impose punishment with respect to such acts of domain name abuse as phishing websites and virus transmission in a timely manner to reduce consumersʹ costs, and Tele-info Ltd. undertakes that the percentage of ʺ.信息ʺ  domain name abuse will not exceed 5%;
     (2) Registrars will be required to verify the accuracy of information in WHOIS, so as to ensure that law enforcement agencies can find the person who has committed act of domain name abuse and resolution of dispute can be obtained in time with respect to the rights of consumers and end users.
     (3) The Chinese internationalized domain label and itʹs variants labels will be mandated by Tele-info Ltd.ʹs policy following the rules as the Simplified and Traditional Chinese forms of the applied-for should be resolvable simultaneously for the same registrant⁄applicant or non-resolvable at all in ʺ.信息ʺ  domain. This will reduce the chance of string confusion caused by Chinese variant domain names.
     (4) Tele-info Ltd. will review the performance of CNNIC as back-end registry provider for its compliance of the contract and ICANN Registry Operator Code of Conduct in order to guarantee the service level of ʺ.信息ʺ 

18c.3 Specific measures to minimize social costs

18c.3.1 Multiple Application Resolution

Tele-info Ltd. will, based on the rights protection mechanism of ICANN, make Sunrise registration services available for holders of relevant trademark rights during the 30-day Sunrise Period prior to the official launch of the public registration of the ʺ.信息ʺ  domain name. All trademark right holders will be entitled to equal priority in registration. Thereafter a Land Rush period of 60 days will be launched for the general public. 

Tele-info Ltd. will adopt an auction process in case of any domain name string contention during the above periods.

By auctioning domain names, the value of a domain name would be captured by the public, rather than by private entities that are rewarded too handsomely for their limited insights into the possible value of a name or their work as registrars. Yet, a domain name auction would not interfere with the exploitation and development of cyberspace, as new names would be allocated by the auction system to those who valued them most highly.  Indeed, it would speed the transfer of a domain name to its highest valued use, short-circuiting the current system that relies on privately negotiated sales to transfer the name from its initial owner to its highest valued user.

Tele-info Ltd. expects that a high volume of domain name registration and contention emerges during the Sunrise period and Land Rush period. To the extent that there are multiple persons who claim trademark rights in a domain name, a simple general rule would award that name to the trademark holder who is willing to pay the most for it.  Since economic strength often translates into public visibility, awarding the name to the entity that is willing to pay the most for it will probably accord with individual web-surfers expectations as to whom they will find at a website with that domain name. By auctioning domain names, rather than doling them out to the first applicant, the resource that the domain name system represents works directly in the information industry’s interest.  The proceeds of the auctions should be distributed by an information industry based body.

After the Sunrise Period and Land Rush period, which means the string contention is less likely to be seen, Tele-info Ltd. will resolve domain name string contention on the first-come⁄first serve basis to reduce the cost for auction. Where any domain name dispute occurs, UDRP shall apply. Besides, either party may resort to arbitration or judicial decision, or consumers may file complaints with URS in view of domain name use with bad faith.

18c.3.2 Cost Benefits for Registrants

  To drive the stable development of ʺ.信息ʺ , Tele-info Ltd. plans to adopt a two-stage promotion scheme based on the principle of providing fair and consistent preferential policies for all registrants and registries. The first stage will be consumer incentives, during which domain name registrants will be stimulated to enhance the popularity and acceptability of domain names; and the second stage will be channel incentives, during which further support will be provided for registrars to conduct marketing on the basis of consumers’ recognition in the first stage.

18c.3.2.1 First stage

18c.3.2.1.1 Targets
	(1) enhance the popularity and acceptability of domain names among consumers, and increase market attention;
	(2) increase the average term of registration of initial registered domain names and ensure the stability of domain name users.

18c.3.2.1.2 Methods

	Tele-info Ltd. will take incentive measures directly targeted at consumers to encourage them to register ʺ.信息ʺ  for a longer term of registration and provide certain term of the registration period for free of charge with respect to newly registered domain names, so as to expedite the popularization and increase the average new registration of domain names:

	(1) An one-year exemption will be granted to the users who register one time for four to six years ;
	(2) A two-year exemption will be granted to the users who register one time for seven to nine years; and
	(3) A three-year exemption will be granted to the users who register one time for ten years.

18c.3.2.1.3 Period

The period of the first stage will be the first natural year after the launch of ʺ.信息ʺ  for registration, with an implementation period for no less than 6 natural months, which will extends to the second natural year for 1-2 quarters if there are less than 6 months left in the first natural year.
 
18c.3.2.2 Second stage

18c.3.2.2.1Targets

	(1)encourage registrars to increase the new registration of the ʺ.信息ʺ  domain name;
	(2)encourage registrars to increase renewals of historical ʺ.信息ʺ  domain names;
	(3)encourage registrars to increase the proportion of their ʺ.信息ʺ  domain name 

18c.3.2.2.2Methods
   Tele-info Ltd. will invest a specifically allocated marketing fund amount to 50,000 - 75,000 RMB on a quarterly basis for promotion in those regions with lower domain name market penetration rate or lower renewal rate. By taking measures including local sales fairs,  advertising campaign and other formats of promotional activities in those regions lagged behind within Chinese language community, in comparison with the benchmark of the last quarter’s average performance, Tele-info Ltd. will endeavor enhance the overall acceptance of the new gTLD and the Chinese domain name applications. 
 
18c.3.2.2.3Period
  The period of the second stage shall be 12 natural months as of the end of the first stage, and appraisement will be conducted on a quarterly basis.

18c.3.3 Contractual Provisions on Pricing Change

18c.3.3.1 Limit on price increase

  Based on the expected increasing amount of the registration of ʺ.信息ʺ , the single unit service cost for each registration is expected to be reduced. However, we do anticipate a little chance for cost increase in the following cases:
	(1) fewer registration numbers than anticipated 
	(2) economic environment change with higher inflation rate in China
	(3) tax increase
	(4) labor cost increase 
        (5) Other market condition variation which may result in severe cost change

Based on our analysis of the 2011 Consumer Product Index and Purchase Management Index of China, Tele-info Ltd. currently proposes in ʺ.信息ʺ  contract that permit it to raise by 7% per year for registry services per name that Tele-info Ltd. collects from registrars. However, as described in the above sections, Tele-info Ltd. will strive to maintain a stable cost for registration with low possibility for price change.
 
Due to uncertainty of the market environment at the time of delegation, the actual contractual terms of annual price increase magnitude within the registry agreement shall be discussed within ICANN community and the information industrial community based on the market status at the time of delegation.

18c.3.3.2 Notice of Price Increase

With respect to initial domain name registrations, Tele-info Ltd. will provide ICANN and each ICANN accredited registrar that has executed the registry-registrar agreement for the TLD advance written notice of any price increase (including as a result of the elimination of any refunds, rebates, discounts, product tying or other programs, unless such refunds, rebates, discounts, product tying or other programs are of a limited duration that is clearly and conspicuously disclosed to the registrar when offered) of no less than thirty (30) calendar days. Tele-info Ltd. will offer registrars the option to obtain initial domain name registrations for periods of one to ten years at the discretion of the registrar, but no greater than ten years. 

With respect to renewal of domain name registrations, Tele-info Ltd. will provide ICANN and each ICANN accredited registrar that has executed the registry-registrar agreement for the TLD advance written notice of any price increase (including as a result of the elimination of any refunds, rebates, discounts, product tying, Qualified Marketing Programs or other programs which had the effect of reducing the price charged to registrars) of no less than one hundred eighty (180) calendar days. 

In addition, Tele-info Ltd. will have uniform pricing for renewals of domain name registrations (“Renewal Pricing”).  For the purposes of determining Renewal Pricing, the price for each domain registration renewal will be identical to the price of all other domain name registration renewals in place at the time of such renewal, and such price must take into account universal application of any refunds, rebates, discounts, product tying or other programs in place at the time of renewal.

The registry services complying with the requirements of ICANN, which are provided by Beijing Tele-info Network Technology Co., Ltd. (Tele-info Ltd.) for ʺ.信息ʺ Top Level Domain (TLD) mainly include Shared Registration System (SRS), Domain Name Service (DNS), registration data directory services (Whois), Internationalized Domain Name (IDN) and DNS Security Extensions (DNSSEC). With full consideration having been given to specific problems related to security and stability, all the above services are customary registry services which meet corresponding Request for Comments (RFC) standards, so there will be no security and stability problems.

Tele-info Ltd. selects China Internet Network Information Center (CNNIC) to be the provider of technology and operation services for ʺ.信息ʺ registry. Through the self-deployed ʺBack-End Registry Service Platformʺ, CNNIC provides the entrusted services for ʺ.信息ʺ TLD. Tele-info Ltd. will designate specialists to carry out coordination and supervise the work of CNNIC.

The platform is deployed and operated by CNNIC to support registry services for all new gTLDs which have the entrusted requirements such as ʺ.信息ʺ. And the platform is designed to support at least 2 million domain names. ʺBack-End Registry Service Platformʺ that is deployed, maintained and operated by the technicians from CNNIC, provides registry with all information systems required for five critical functions (including resources such as Internet data center (IDC), software, hardware and bandwidth etc.).

CNNIC has set up information security management system (ISMS) for ccTLDs and Chinese domain names in compliant with ISO27001 (GB⁄T 22080) (www.ptsn.net.cn⁄standard⁄std_query⁄show.php?source=gb&id=8618) security standard. ISMS is viewed to be suitable for the information security management work for ʺ.信息ʺ to provide sound security strategies and security guarantees for ʺ.信息ʺ registry services in the aspects of physical equipment, network, system, application, data and audit. Please refer to the answer to Question 30 for more information.
23.1 SRS

23.1.1 Service Description

SRS performs the following functions:
(1) Receiving Registration Data Related to Domain Names and Name Servers from the Registrar
It supports the registry⁄registrar separation mode and receives, by providing registrars with data interfaces that meet the requirements of RFC 5730, RFC 5731, RFC 5732, RFC 5733 and RFC 5734, relevant registration data submitted to Tele-info Ltd. by the registrars.
(2) Management Functions Related to Registration Data
To be specific, these functions include management of sessions, asynchronous messages, contacts, hosts, domain names, reserved name lists, registrars and status of the registry; performing automate⁄scheduled tasks; generating operation logs; performing financial operations and registration verifications; as well as bulk registration data access.
(3) Providing Interactive Interfaces for Other Related Services

(a) Providing with DNS interfaces service to read registration data to enable it to generate the ʺ.信息ʺ zone file.

(b) Providing interfaces for the Whois service to read registration data to enable it to respond to queries about registration information of ʺ.信息ʺ.

(c) Providing interfaces for the data escrow system to read registration data to enable it to process registration data into deposit files on a regular basis and submit them to the escrow agent.

(d) Providing interfaces for the monitoring system to enable it to monitor the SRS in a real-time manner.
(e) Providing the function of access to bulk data for ICANN in accordance with Specification 4 of the Registry Agreement.

(f) Connecting SRS to the Trade Mark Clearing House to search information of trade mark owners and decide whether to approve the registration application for a specific domain name based on the search result.

(g) Analyzing SRS logs through monitoring system to provide data report function to generate monthly report required by ICANN.

23.1.2 Security Analysis

SRS adopts the following security mechanisms to ensure that there will be no unauthorized disclosure, alteration, insertion or destruction of registration data related to ʺ.信息ʺ.
23.1.2.1 Physical Security Policy

7*24h operation and maintenance team monitors SRS in a real-time manner through the monitoring system. Servers placed in the lightening-proof, fire prevention, anti-theft and anti-static IDC with the video monitoring system. Fingerprint identification and access card reading devices are adopted to control the visit.
23.1.2.2 Network Security Policy

SRS adopts redundant system design. Each server adopts the Intranet IP address defined in RFC 1918, which is deployed in the service network. SRS registration database adopts Intranet IP addresses to prevent Internet users from accessing these servers.
23.1.2.3 System Security Policy

The operation system and application system of SRS severs are periodically updates. Remote operation to SRS needs to be performed through bastion servers. Monitoring system monitors the use of host resources and service status in a real-time manner, and once an abnormity is detected, gives off an alarm.
23.1.2.4 Application Security Policy
Application Security Strategy involves the following aspects:

(1) The login password of each registrar in the SRS is limited to 6-32 digits and the password is stored in an encrypted form.

(2) SRS connection between registrar and registry shall adopt Secure Sockets Layer (SSL) encryption mode. Client certificate and user name⁄password achieve the strong authentication to registrars.

(3) SRS restricts the login IP address of the registrar and only authorized IP addresses can be allowed. Certificate of registrar will be verified the effectiveness.

(4) Connection will be automatically closed by the SRS if there is no operation within a specified period of time after the registrar successfully logs in.

(5) Bulk registration data access function is open to ICANN, whom we consult about the security mechanism and adopt measures such as IP restriction and security of data transmission.

23.1.2.5 Data Security Policy

(1) SRS related registration data is stored in registration database, read and write access of which is strictly restricted. DNS service, Whois service and data escrow system only can read the SRS registration database.

(2) SRS registration database will be backed up in local tape library. Meanwhile data is also backed up into the local and remote secondary operation centers.

23.1.2.6 Auditing Security Policy

All operation records of SRS will be saved as logged, and then analyzed and audited.

23.1.3 Stability Analysis

(1) Analysis of Compliance with Relevant Standards

The implementation of SRS strictly complies with RFC 5730, RFC 5731, RFC 5732, RFC 5733, RFC 5734 and RFC 5910. In addition, the registration life cycle supported by SRS is in line with RFC 3915.
Considering the characteristics of IDN and ʺ.信息ʺ business, Tele-info Ltd. and CNNIC has made the following two extensions on the basis of Extensible Provisioning Protocol (EPP) in accordance with the guidance of RFC 3735.
(a) Completely compliant with RFC 3735, made the extension of RFC 5731. In details, submitted the associated draft to make extension of the variants of Chinese domain names in support of bundle registration of variants.

(b) Completely compliant with RFC 3735, made the extension of RFC 5910. In details, we submitted the associated draft to make extension of DNSSEC in support of the Delegation Signer (DS) bulk registration for variants of Chinese domain names.

(2) Analysis of the Impact of SRS on Related Internet Servers or End Systems

(a) Impact on the Other Systems of ʺ.信息ʺ Registry Services

By adopting a redundant backup architecture (refer to the answer to Question 24), SRS guarantees its stability and reliability to meet the requirements of DNS service, Whois service, the monitoring system, bulk registration data access and the data escrow system for accessing SRS registration database.
(b) Impact on the Registrar’s Registration System of ʺ.信息ʺ

SRS service strictly satisfies Service Level Requirements (SLR) prescribed in Specification 10 of the Registry Agreement to ensure that the registrar of ʺ.信息ʺ can normally submit registration data.
23.2 DNS Service

23.2.1 Service Description

DNS service mainly includes management of DNS zone files and resolution of DNS.
(1) DNS Zone File Management Performs the Following Functions:

(a) Generation of TLD zone files of ʺ.信息ʺ

The authoritative master servers of DNS obtain the original resource records from the SRS registration database to generate original zone files and provide them to DNS service after the files are signed through DNSSEC.
(b) Update of TLD zone files of ʺ.信息ʺ

The zone files are updated in a level-by-level manner between the authoritative master servers of DNS and the name servers at all levels, which enables these name servers to obtain the latest TLD zone files of ʺ.信息ʺ within the time limit specified in the Service Level Agreement (SLA).
(c) Access to TLD zone files of ʺ.信息ʺ

Access by authorized third-party organizations or Internet users to TLD zone files of ʺ.信息ʺ is made available.
(2) DNS Resolution Performs the Following Functions:

To provide resolution service for ʺ.信息ʺ domain name, a service platform is established whose name servers are distributed among multiple geographic locations and which supports IPv6 and DNSSEC by adopting Anycast and Unicast.
23.2.2 Security Analysis

DNS adopts the following security mechanisms to ensure that there will be no unauthorized disclosure, alteration, insertion or destruction of resolution data related with ʺ.信息ʺ.
23.2.2.1 Physical Security Policy

7*24h operation and maintenance team monitors DNS in a real-time manner through the monitoring system. DNS servers are placed in the lightening-proof, fire proof, anti-theft and anti-static IDC with the video monitoring system. Fingerprint identification and access card reading devices are adopted to control the visit.
23.2.2.2 Network Security Policy

DNS is deployed in a service subnet. Specialized DOS⁄DDOS defense instrument and Intrusion Detection System (IDS) are adopted. When suspicious Internet attack is detected, competent security specialists will be notified to handle the problem. Access Control List (ACL) is configured in the egress router for controlling access to DNS name servers. Only DNS service ports and relevant management ports are opened; other service ports are closed.
23.2.2.3 System Security Policy

The operation system and application system of DNS servers are periodically updated. Remote operation to the system needs to be performed through bastion servers. Monitoring system monitors the use of host resources and service status in a real-time manner, and once an abnormity is detected, gives off an alarm.
23.2.2.4 Application Security Policy

Application Security Strategy involves the following aspects:
(1) Setting up DNS primary masters which are not connected to the Internet and do not provide resolution service to the public to ensure the security of original zone files of ʺ.信息ʺ.

(2) The update of zone files between different levels of name servers is accomplished through IPsec encrypted communication, to ensure secure transmission of TLD zone files of ʺ.信息ʺ.

(3) Establishing a monitoring system to ensure the integrity and consistency of data of the generation and transmission of zone files.

(4) Authenticating the identity of Internet users who attempt to access TLD zone files of ʺ.信息ʺ and reject accessing these files who failed to pass authentication or violate the terms and conditions on data use (refer to 2.1.5 of Specification 4, Registry Agreement).

23.2.2.5 Data Security Policy

Periodically backup zone file and check the integrity of updated zone file through technical means. Data is backed up into the local tape library periodically as well as into the local and remote secondary data centers.

23.2.2.6 Audit Security Report

Monitoring system will collect and analyze DNS server logs, and provide auditing reports.

23.2.3 Stability Analysis

(1) Analysis of Compliance with Relevant Standards

DNS adopts the stable versions of Berkeley Internet Name Domain (BIND) and Name Server Daemon (NSD), two mainstream DNS software systems, and relevant security patches are timely updated.
The design and deployment of DNS meet relevant RFC provisions (including RFC 1034, RFC 1035, RFC 1982, RFC 2181, RFC 2182, RFC 2671, RFC 3226, RFC 3596, RFC 3597, RFC 3901, RFC 4343, RFC 4472 and RFC 5966) and the technical requirements of Internet Assigned Numbers Authority (IANA).
(2) Analysis of the Impact of DNS on Related Internet Servers or End Systems.

The stability and reliability of DNS service are fully ensure through the adoption of a redundant backup architecture (refer to the answer to Question 35) so that relevant SLR in Specification 10 of the Registry Agreement is fully satisfied and Internet users are able to normally resolve ʺ.信息ʺ.

23.3 Whois Service

23.3.1 Service Description

Whois service performs the following functions:

(1) Providing Services in Response to Queries about Domain Registration Information

Whois service gives response to queries about the information of registrars, hosts and domain names. Through Whois system (WhoisD and Whois Web), Internet users can know whether a domain name has been registered and its detailed information.
(2) Providing an Authorized Third Party with the Function of Bulk Access

Whois service provides authorized third parties with the function of bulk access, allowing bulk access to Whois data in a specific period of time.
(3) Providing Searchable Whois Service

Using a domain name, contacts and registrant’s name, postal address, registrar ID, name server name and name server’s IP address as key words, an authorized Internet user can perform searches based on a random combination of the key words through the AND⁄OR⁄NOT Boolean function.
23.3.2 Security Analysis

Whois service adopts the following security mechanisms to ensure that there will be no unauthorized disclosure, alteration, insertion or destruction of registry data related with ʺ.信息ʺ.
23.3.2.1 Physical Security Policy

7*24 operation and maintenance team monitors Whois in a real-time manner through the monitoring system. Servers are placed in the lightening-proof, fire proof, anti-theft and anti-static IDC with the video monitoring system. Fingerprint identification and access card reading devices are adopted to control the visit.
23.3.2.2 Network Security Policy

Whois system is deployed in service subnet. Access to WhoisD system is open via Port 43 while access to Whois Web is open via Port 80.
23.3.2.3 System Security Policy

The operation system and application system of Whois servers are periodically updated. Remote operation to the system needs to be performed through bastion servers. Monitoring system monitors the use of host resources and service status in a real-time manner, and once an abnormity is detected, gives off an alarm.
23.3.2.4 Application Security Policy

Application Security Policy mainly involves the following points:
(1) Whois Web servers are only used to transform Whois Web requests into WhoisD query requests and transmit such requests to WhoisD servers through load balancers. Then WhoisD servers are connected to Whois database to respond to Whois queries.

(2) For searchable Whois service, abuses of Whois information are prevented by adopting user access control and other preventive measures.

(3) Whois only permits Internet users’ queries and no alteration is permitted.

23.3.2.5 Data Security Policy

Whois database is created by replicating SRS registration database, and therefore, any operation of the Whois database will not affect the core registration data of ʺ.信息ʺ.

23.3.2.6 Audit Security Report

Monitoring system will collect and analyze Whois server logs, and provide and auditing report.

23.3.3 Stability Analysis

(1) Analysis of Compliance with Relevant Standards

Strictly conforming to the Whois protocol in the RFC 3912, the Whois system realizes the function of communication between the client and Whois servers by using Transmission Control Protocol (TCP) connection on Port 43 and, in strict accordance with RFC 3912 Protocol Model, uses ASCII CR and ASCII LF as the message separator.
(2) Analysis of Impact on Relevant Internet Servers and End Systems

By adopting a redundant architecture (refer to the answer to Question 26), Whois guarantees its stability and reliability so that relevant SLR in Specification 10 of the Registry Agreement is fully satisfied.
The following restrictive measures are taken to further guarantee the availability and quality of Whois service.
(a) To restrict the number of online users (configurable) of Whois service.

(b) If the user does not make any query within a specified time limit (configurable), the connection will be automatically terminated.

(c) To prevent a user from over-frequently making queries, thus delaying the response to the queries of others, the frequency (configurable) of a user to access Whois data is restricted.

(d) The Whois database for Whois bulk access is created by replicating the SRS registration database, so Whois bulk access will not affect the stability of routine Whois service.

(e) Whois database for searchable Whois service is created by replicating the SRS registration database, so searchable Whois service will not affect the stability of routine Whois service.

23.4 Internationalized Domain Names (IDN)

23.4.1 Service Description

IDN service includes:
(1) Developing, releasing and maintaining the Chinese IDN table corresponding to ʺ.信息ʺ.

(2) Formulating corresponding policies for registration of variants according to the characteristics of IDN variants.

(3) Extending relevant service systems to support IDN.

(a) SRS

SRS implements the registration extension of Chinese domain name variants based on EPP in accordance with RFC 3735 so that it supports the bundle registration of variants.
(b) DNS service

Following RFC 3743, RFC 4713 and Internationalized Domain Name Applications (IDNA) standards the DNS service is capable of resolving domain names in the form of traditional, simplified and variant Chinese.
(c) Whois Service

Whois service of ʺ.信息ʺ adopts the UTF-8 encoding format and supports both English and Chinese display of response information.
(d) DNSSEC

SRS implements DNSSEC extension of Chinese domain name variants based on EPP in accordance with RFC 3735 to support DS bulk registration of variants.
23.4.2 Security Analysis

To address the problem of phishing due to similarity of IDNs, an IDN anti-phishing detection system provided by CNNIC is developed and deployed, through which phishing domain names related with ʺ.信息ʺ can be detected and then corresponding measures can be taken.
To address the problem of cybersquatting related with ʺ.信息ʺ variant domain names, Tele-info Ltd., in accordance with RFC 4713, has worked out policies for coping with variant domain names. When a registrant registers an original ʺ.信息ʺ domain name, Tele-info Ltd. gives it full simplified and full traditional Chinese domain names on a free-of-charge basis and reserve all the variant domain names for the registrant.
23.4.3 Stability Analysis

(1) Analysis of Compliance with Relevant Standards

The Chinese IDN tables adopted by ʺ.信息ʺ will be submitted to IANA in a standard format.
The registry services of ʺ.信息ʺ fully satisfy RFC 3743, RFC 4713 and IDNA standards, such as RFC 5890, RFC 5891, RFC 5892, RFC 5893 and RFC 5894, and are in strict accordance with IDN guidelines by ICANN.
(2) Analysis of Impact on Relevant Internet Servers and End Systems

(a) SRS

The problem of variants of Chinese domain names may lead to occupation of more SRS resources, thus affecting the stability of SRS. To avoid such problems, ʺ.信息ʺ extended the registration of traditional, simplified and variant Chinese domain names based on EPP in accordance with RFC 3735, to support bundle registration of variant Chinese domain names and to enable the domains in the same bundle to have the same registration attributes. As a result, the impact of the problem of variant Chinese domain names on the stability of SRS is reduced.
(b) DNS service

In designing the capacity and performance of the DNS service , full consideration was given to the expansion of zone files of ʺ.信息ʺ TLD due to the existence of variant Chinese domain names. Servers with sufficient memory are used to avoid the impact of such expansion on the stability of DNS service.
(c) Whois Service

Whois service of ʺ.信息ʺ adopts the UTF-8 encoding format to support IDN. Until now, supporting IDN does not affect the stability of Whois service.
(d) DNSSEC

In designing the deployment of DNSSEC, full consideration was given to the expansion of zone files of ʺ.信息ʺ TLD due to the existence of variant Chinese domain names. DNSSEC zone files are signed through Hardware Security Module (HSM) to avoid the impact of such expansion on the stability of DNSSEC.
23.5 DNSSEC

23.5.1 Service Description

The main purpose of DNSSEC service is to provide source verification for DNS data obtained by recursive servers so as to ensure that data are from the right authoritative servers and that no alteration is made to the data.
DNSSEC includes the following:
(1) SRS

(a) According to RFC 5910, the extension of SRS supports DNSSEC registration.

(b) SRS implements DNSSEC extension of Chinese domain name variants based on EPP in accordance with RFC 3735 to support DS bulk registration of variants.

(2) DNS service

(a) Management of key generation and rollover of ʺ.信息ʺ TLD.

(b) Signing zone files of ʺ.信息ʺ TLD.

(3) Whois Service

In compliance with Specification 4 of the Registry Agreement, the query results of Whois service contain information about whether zone files have been duly signed.
(4) Policies

Formulating, releasing and maintaining DNSSEC Practice Statements (DPS) for implementing DNSSEC of ʺ.信息ʺ TLD.

23.5.2 Security Analysis

The following security mechanisms are adopted for DNSSEC implementation to ensure that there will be no unauthorized disclosure, alteration, insertion or destruction of registration data related to ʺ.信息ʺ.
23.5.2.1 Physical security policy

The HSM used for Key Signing Key (KSK) signing is installed in a locked electro-magnetic shielding cabinet which can effectively prevent the interference of electro-magnetic signals from the outside. Furthermore, both the HSM and the cabinet are placed in a separate room with access control measures and only authorized persons may get access to the cabinet.
23.5.2.2 Network Security Policy

HSM is deployed in the sole subnet. Only specific server can access to prevent Internet users from accessing HSM.
23.5.2.3 System Security Policy

Monitoring system is adopted to monitor operation situation of HSM in a real-time manner. When equipment is put out of use or eliminated, a demagnetizer would be used to delete all information so that no important information is leaked.
23.5.2.4 Application Security Policy

As one of the important measures for overcoming the security defects in the DNS system, DNSSEC uses public-key cryptography to add digital signatures to each Resource Record set (RRset) in zone files to further improve the security level of the DNS.
The security of DNSSEC depends on the proper management of the key. Keys of ʺ.信息ʺ TLD are divided into KSK and Zone Signing Key (ZSK). KSK is only used to sign ZSK. All signature operations are completed in the HSM. ZSK is used to sign zone files and key rollovers should be finished within ZSK’s security life cycle.
NSEC3 is adopted to avoid traverse of zone files of ʺ.信息ʺ TLD.
23.5.2.5 Data Security Policy

All pairs of key (ZSK and KSK) are generated and directly saved in HSM. Private key is prohibited to access and read in any plain text, but is admitted to store and back up in an encryption form in external storage media.
23.5.2.6 Audit Security Report

Monitoring system will collect log files of DNSSEC related systems, and analyze and audit.
23.5.3 Stability Analysis

(1) Analysis of Compliance with Relevant Standards

The design and deployment of DNSSEC of ʺ.信息ʺ meet all relevant RFC standards including RFC 4034, RFC 4035, RFC 5901, RFC 4641, RFC 5074 and RFC 5155, and follow the best practices described in RFC 4641 and its successors.
(2) Analysis of Impact on Relevant Internet Servers and End Systems

(a) SRS

As far as SRS service is concerned, the implementation of DNSSEC only requires that SRS supports the registration of DS records; therefore, the stability of SRS will not be affected.
(b) DNS service

In deploying the DNS service system adopted by ʺ.信息ʺ, full consideration has been given to the increase of load brought about by DNSSEC. By testing and analyzing the performance of DNSSEC, the hardware configuration of DNS servers has been improved and the network bandwidth has been increased (refer to the answer to Question 35) to ensure that the deployment of DNSSEC will not affect the stability of DNS service.
(c) Whois Service

So far as Whois is concerned, the implementation of DNSSEC only requires that the query results of Whois service contain information about whether zone files have been duly signed. So, the implementation of DNSSEC will not affect the stability of Whois service.

24. SRS

Beijing Tele-info Network Technology Co., Ltd. (Tele-info Ltd.) provides a Shared Registration System (SRS) that meet the requirements of Section 1.2, Specification 6 of the Registry Agreement. The SRS of ʺ.信息ʺ supports the registry⁄registrar separation mode and, by providing the registrar with an Extensible Provisioning Protocol (EPP) based data interface, enables the registrar to submit ʺ.信息ʺ-related registration data to Tele-info Ltd..
The SRS of ʺ.信息ʺ meets EPP1.0 data interface specifications defined by Request for Comments (RFC) 5730, and manages the database by using Oracle so that the reliability and stability of data storage and data access are guaranteed and registration operations can be accomplished properly and efficiently. By adopting real-time monitoring and redundant system design and by taking such measures as 7*24h on-site operation and maintenance, “.信息” ensures the proper and reliable operations of SRS under the precondition of meeting Service Level Requirement (SLR) of Specification 10 of the Registry Agreement.

Tele-info Ltd. entrusts China Internet Network Information Center (CNNIC) to provide the technology and operation for ʺ.信息ʺ TLD through the ʺBack-End Registry Service Platformʺ of CNNIC. Tele-info Ltd. will designate specialists to carry out coordination and supervise the work of CNNIC.

By far, all human resources, funds and equipment necessary for implementing and maintaining SRS have been put in place by Tele-info Ltd. and CNNIC respectively.
24.1 Implementation of SRS

24.1.1 An Overview of SRS

The SRS of ʺ.信息ʺ consists of two parts: the core registration system and the Business Operation Support System (BOSS). The core registration system is made up of the EPPServer and the registration database. BOSS provides supportive functions (e.g, financial and verification).
24.1.2 System Interfaces

SRS is connected to EPPClient, DNS service, the data escrow system, Whois service, the monitoring system and the Trade Mark Clearing House (TMCH). The interfaces between SRS and the above-mentioned systems are shown as follows.
Please see Figure 1 in the attachment of Q24_Attachment_Figure.
24.1.2.1 The Interface between SRS and EPPClient

Via an EPP1.0-compliant interface between EPPclient and SRS,ʺ.信息ʺ provides registration services for registrars. In line with RFC 5734, the above interface is performed based on Secure Sockets Layer (SSL) and TCP⁄IP. The functions of the interface include management of sessions, domain names, hosts and contacts (see the figure below).
Please see Figure 2 in the attachment of Q24_Attachment_Figure.
24.1.2.2 The Interface between SRS and DNS Service

The data needed for generating or updating zone files in DNS service comes from SRS registration database.

Please see Figure 3 in the attachment of Q24_Attachment_Figure.
DNS service consists of Authoritative Zone Transfer (AXFR) and Incremental Zone Transfer (IXFR).

The interface between AXFR and SRS is shown as follows:
Please see Figure 4 in the attachment of Q24_Attachment_Figure.
The interface between IXFR and SRS is shown as follows:
Please see Figure 5 in the attachment of Q24_Attachment_Figure.
24.1.2.3 The Interface between SRS and Data Escrow System

Data escrow system accesses the registration database via the interface to generate deposit files, in accordance with Specification 2 of the Registry Agreement, and regularly upload them to the data escrow agent.
24.1.2.4 The Interface between SRS and Whois System

Whois system replicates the SRS registration database as Whois database and provides Internet users with Whois service. Whois system mainly uses the following 4 tables in the registration database.
Please see Figure 6 in the attachment of Q24_Attachment_Figure.
24.1.2.5 The Interface between SRS and the Monitoring System

There are three interfaces between SRS and the monitoring system. The first is between EPPServer and the monitoring system; the second is between the registration database and the monitoring system; the third one is between BOSS and monitoring system.

24.1.2.6 The Interface between SRS and TMCH

BOSS is connected to TMCH, inquires about information of trade mark owners and decides whether to approve a specific domain name registration application according to the inquiry results.
24.1.3 Functions of SRS
24.1.3.1 Core Registration Function

(1) Session Management

In accordance with RFC 5730, SRS implements commands of login, logout, hello and greeting. SRS supports the SSL-based connection with registrars over IPv6. Each registrar uses a different certificate. SRS restricts the registrarʹs login IP. Only an authorized IP can be connected.
(2) Asynchronous Message Management

After sending the poll command, SRS processes all pending actions and information related to ʺ.信息ʺ domain verifications.
(3) Management of Contacts

In accordance with RFC 5733, SRS implements commands of check, info, transfer, create, delete and update about contacts. Accredited registrars have the full authority to perform all the above commands about the contact of their domain names.
(4) Management of Hosts

In accordance with RFC 5732, SRS implements commands of check, info, create, delete and update about hosts.
(a) SRS supports management of IPv6 hosts.

(b) All accredited registrars have the full authority to perform all the above commands about hosts.

(5) Management of Domain Names

According to RFC 5731, SRS implements all commands for domain management, including check, info, create, delete, renew, transfer and update.
In accordance with RFC 3735, ʺ.信息ʺ achieves EPP extension for traditional, simplified and variant Chinese domain names to support bundle registration of variant Chinese domain names. Moreover, EPP extension for DNSSEC is also achieved to support bulk registration of Delegation Signer (DS) records. Refer to the answer to Question 25.
According to the definitions in RFC 3915 and RFC 5731, SRS saves and maintains the status of EPP and Redemption Grace Period (RGP).
(6) Operation Logs

SRS records, in the form of operation logs, all business operations performed by the registrar without any impact on SRS performance. The rollback file size and the number of backup files are preset for each log file. Operation log will be pushed to the backup system periodically, please refer to the answer of Question 37. The monitoring system extracts the log for the use of data required by real-time business usability analyzing and monthly report.
(7) Automatic⁄Timed Tasks

SRS supports the following automatic⁄timed tasks:
(a) According to lifecycle requirements, SRS has an auto-renew function.

(b) SRS automatically permits transfer operations that exceed 5 days.

(d) When grace period is at maturity, domain name status will be deleted automatically.

24.1.3.2 Business Operation Supporting Function

(1) Financial and Verification Function

The core registration system records operations about registration fees without settling the account. The BOSS financial module performs settlement of accounts according to the price offered by the registrar and informs the core registration system of the financial status of each registrar.
(2) Management of Reserved Name Lists

BOSS provides the function of managing reserved name lists and maintains the reserved domain names and words in the registration database. Domain names and words that appear in the list are not permitted to register.
(3) Management of Registry Status

Due to specific reasons (legal arbitration for example), BOSS provides the function of creating or deleting server status for the domain names, hosts and contacts stored in the registration database. Relevant operations must be approved before they are carried out.
(4) Management of Registrars

BOSS can insert, delete and update the information of registrars stored in the registration database, as well as allocate and manage registrar connections.
(5) Automatic⁄Timed Tasks
BOSS supports the following automatic⁄timed tasks:

(a) In accordance with lifecycle requirements, BOSS supports the function of automatically updating the status of domain names and contacts.

(b) BOSS calculates registrars’ expenses on a daily basis.

(6) Bulk Registration Data Access

BOSS provides the function of bulk registration data access.
(a) Periodic Access to Thin Registration Data

Tele-info Ltd. entrusts CNNIC to submit to ICANN, on a weekly basis, the up-to-date registration data, which include data committed as of 00:00:00 UTC on the day previous to the one designated for retrieval by ICANN. In line with the data format specified in Specification 2, CNNIC provides the data for all registered domain names. The data files will be compressed and encrypted for download via Secure File Transfer Protocol (SFTP) by adopting by adopting security measures such as restricting the connection of IP address.
(b) Exceptional Access to Thick Registration Data

BOSS is capable of submitting to ICANN domain-related data by registrars in accordance with the requirement of Specification 2 on format. In case of registrar failure, de-accreditation, court order, etc, that prompts the temporary or definitive transfer of its domain names to another registrar, CNNIC may submit to ICANN all the registered domain information of the losing registrar. The files containing the information are made available for download by SFTP.

(7) Sending a Query to TMCH

BOSS is connected to TMCH, inquiring about information of trade mark owners and decides whether to approve a specific domain name registration application according to the inquiry results. Related functions will be improved according to the regulations of the global TMCH.
(8) Monthly Report Function

BOSS generates the monthly report compliant with Specification 3. The monitoring system collects the logs of SRS system to analyze the data of the log to generate data required by Pre-Registrar Transactions Monthly Report and Registry Functions Activity Report. BOSS generates monthly report and submits periodically.
24.1.4 System Deployment

Please see Figure 7 in the attachment of Q24_Attachment_Figure.

(1) Internet Access

SRS service addresses broadcast SRS service addresses via Border Gateway Protocol (BGP). A registrar may access SRS service through a number of Internet Service Providers (ISPs).
(2) Load Balancer

Registrars access the virtual IP configured in the layer 4 load balancers to perform registration operations.
(3) SRS Servers

SRS servers are responsible for core registration and BOSS functions.
The core registration system and BOSS consist of 4 high-performance blade servers respectively. In addition, the core registration system and BOSS are both equipped with one specific cold standby server respectively. To improve system stability, all the above servers are respectively installed in two different blade boxes and configured in two different subnets.
(4) Registration Database

The registration database is used to store registration data and respond to the access requests of the core registration system, DNS service, data escrow and the access request for ICANN bulk registration data.
(5) BOSS Database

The BOSS database is used to store financial and verification data.

(6) Storage

The data in the registration database is stored in a storage device.
24.2 A Plan for Operating Robust and Reliable SRS

24.2.1 Redundant System Design

To improve reliability, a redundant design is adopted for designing the SRS architecture including network devices, load balancers, registration servers and registration databases, so as to ensure there is no single point. In addition, cold-standby servers are always ready to take over the work of other servers.
Furthermore, both local and remote secondary operation centers adopt the same SRS deployment, to ensure that a swift switch over can be made when the primary operation center fails. Please refer to the answer to Question 37.

24.2.2 Registration Data Synchronization

A storage device is connected to the registration database to store registration data. The storage device of the primary operation center is connected to the local secondary operation center through optic fibers and uses synchronous replication to ensure the consistency of data. The storage devices of the primary operation center and the remote secondary operation center use asynchronous replication with a synchronization frequency of once every minute. For details, please refer to the answer to the Question 37.
24.2.3 Failure Monitoring and handling

The monitoring system adopted by ʺ.信息ʺ monitors the operations of SRS and the database. It will be equiped with a special 7*24 team for system operation and maintenance, who monitors the SRS in a real-time manner. Once a problem is detected, the monitoring system will lose no time to give off an alarm and notify the 7*24 maintenance team to shoot and solve the trouble. Refer to the answers to Questions 39 and 42 for information about the classification of and response to SRS failures.
24.3 Compliance Analysis

24.3.1 Compliance with Specification 6

(1) In accordance with RFC 5910, RFC 5730-5734, provisioning and management of domain names are achieved by using the EPP

ʺ.信息ʺ achieves the extension of EPP for DNSSEC by extending RFC 5910. DS or DNSKEY records can be added to a designated domain name when it is updated and created, and relevant DS or DNSKEY data are contained in the response message of info command.
SRS fully meets the requirements of RFC 5730-5734. Refer to the answer to Question 25 for more details.
(2) Full compliance with the RGP specified in RFC 3915

SRS strictly complies with the RGP specified in RFC 3915. The RGP status of domain names is stored in the SRS registration database.
(3) Extension is made and the draft is submitted in accordance with RFC 3735

RFC 5731 and RFC 5910 have been extended in accordance with RFC 3735. Refer to the answer to Question 25.
24.3.2 Compliance with Specification 10

SRS SLR are specified in Specification 10 as follows:
Please see Table 1 in the attachment of Q24_Attachment_Table.
(1) Service Availability

Based on 101,420 registration volumes (balance) , the ordinary peak Transactions Per Minute (TPM) is less than 840, while it is less than 2400 in the situation of cybersquatting. CNNIC, Tele-info Ltd.ʹs trustee of technology and operation has tested single SRS server of which average TPM may reach 30,696. So one server is capable of undertaking SRS service. Considering system redundancy, 4 servers should be provided which are enough to undertake SRS service.

More back-end servers can be added to load balancers for processing the excessive workload brought about by the grown business needs.

Therefore, the SRS adopted by ʺ.信息ʺ can surely guarantee that the availabity of SRS service can exceed 98%.

(2) Session-command Round-Trip Time (RTT)

As shown in the following table for SRS testing RTT of each type of command is in compliance with Specification 10.

Please see Table 2 in the attachment .

(3) Query-command RTT

As shown in the following table for SRS testing for data volume of tens of millions, average RTT of EPP〈check〉 command is 9.06ms, and 16ms for 95% of this command.

Please see Table 3 in the attachment .

As shown in the following table for SRS testing, RTT of EPP〈info〉 is in compliance with Specification 10.

Please see Table 4 in the attachment.

As shown in the following table for SRS testing, RTT of EPP〈poll〉 is in compliance with Specification 10.

Please see Table 5 in the attachment .

As shown in the following table for SRS testing, RTT of EPP〈transfer〉 query is in compliance with Specification 10.

Please see Table 6 in the attachment

(4) Transform-command RTT

System testing results of EPP〈create〉 command among transform commands are illustrated as below; as we can see, RTT is compliant with Specification 10.

Please see Table 7 in the attachment .

System testing results of EPP〈delete〉 command among transform commands are illustrated as below; as we can see, RTT is compliant with Specification 10.

Please see Table 8 in the attachment .

System testing results of EPP〈renew〉 command among transform commands are illustrated as below; as we can see, RTT is compliant with Specification 10.

Please see Table 9 in the attachment .

System testing results of EPP〈transfer〉 command among transform commands are illustrated as below. Every tested RTT is compliant with Specification 10.

Please see Table 10 in the attachment .

System testing results of EPP〈update〉 command among transform commands are illustrated as below; as we can see, RTT is compliant with Specification 10.

Please see Table 11 in the attachment .

24.4 Resource Allocation

24.4.1 Human Resources

For performing the service promises concerning SRS of ʺ信息ʺ, the human resources provided are as follows:

ʺ.信息ʺ adopts the human resources that are for CNNIC ʺBack-End Registry Service Platformʺ use, which equips with 6 software engineers who are responsible for software optimization and maintenance, and 6 system administrators who are responsible for 7*24 monitoring.

Tele-info Ltd. will designate 2 technical personnel to communicate and coordinate the technical issues of SRS with CNNIC, and supervise the work of CNNIC. Refer to the answer to Question 31.
24.4.2 Software and Hardware

For performing the service promises concerning SRS of ʺ信息ʺ,ʺ.信息ʺ adopts the software and hardware resources that are for CNNIC ʺBack-End Registry Service Platformʺ use. Associate hardware and software resources deployed by CNNIC are as following:

Hardware in the 3 operation centers includes 30 high-performance blade servers, 12 high-performance database servers and 3 storage devices.
Software includes SRS, database, database cluster and storage management software. So far development and testing of the software have been completed and the system is now in trial operation.
In addition, customization scope of SRS software covers core registration system and BOSS which supports financial and auditing, searching the TMCH and monthly report function, as well as the interface with EPPClient, DNS service, data escrow system, Whois system, monitoring system and TMCH; meanwhile it satisfies the Service Level Agreement (SLA) requirements. Software customization development is carried out according to the initiation of R&D, program plan, outline design, specific design, construction stage, trial stage and release and summarization procedures. Development procedure is compliant with regulations of Level 3 of Capability Maturity Model Integration (CMMI3).
Refer to the answer to Question 32 for more details about the software and hardware.
24.4.3 Funds

For performing the service promises concerning SRS of ʺ.信息ʺ, the funds of human resources and outsourcing funds for CNNIC ʺBack-End Registry Service Platformʺ have been put in place by Tele-info Ltd.. Refer to the answer to Question 46 for the sources and uses of these funds. Funds for human resources, equipment procurement and maintenance of CNNIC have been put in place by CNNIC.

Based on the EPP, Beijing Tele-info Network Technology Co., Ltd. (Tele-info Ltd.) provides registrars with a business interface that complies with Request for Comments (RFC) 3735, RFC 5730, RFC 5731, RFC 5732, RFC 5733 and RFC 5734 and has extended simplified, traditional and variant Chinese domain names, and DNS Security Extensions (DNSSEC) in accordance with RFC 3735. 

Tele-info Ltd. selects China Internet Network Information Center (CNNIC) to be the provider of technology and operation services for ʺ.信息ʺ registry. Through the self-deployed ʺBack-End Registry Service Platformʺ, CNNIC provides the entrusted services for ʺ.信息ʺ TLD. 

The platform is deployed and operated by CNNIC to support registry services for all new gTLDs which have the entrusted requirements such as ʺ.信息ʺ. And the platform is designed to support at least 2 million domain names. ʺBack-End Registry Service Platformʺ that is deployed, maintained and operated by the technicians from CNNIC, provides registry with all information systems required for five critical functions (including resources such as Internet data center (IDC), software, hardware and bandwidth etc.).

Tele-info Ltd. will designate specialists to carry out coordination and supervise the work of CNNIC. By far, all human resources, funds and equipment necessary for implementing and maintaining have been put in place by Tele-info Ltd. and CNNIC respectively.

25.1 Business Interface between Registrars and Registry

Based on EPP, ʺ.信息ʺ provides registrars with a business interface for managing sessions, domain names, hosts, contacts and asynchronous messages. Via the above business interface, a registrar can perform not only complete business operation functions but also their own business workflow.
　　
All the EPP commands given by ʺ.信息ʺ for registrars are listed in the following table.
　　
Please see Table 1 and Table 2 in the attachment of Q25_Attachment_Table.
　　
All the above commands for the registration and management of domain names, hosts and contacts meet the requirements of parameters standardized by EPP. According to RFC 3735 and the business demand of ʺ.信息ʺ, Tele-info Ltd. and CNNIC have agreed to extend the parameters of some of the above commands.
　　
25.2 Compliance with RFC

25.2.1 Compliance with RFC 5730

In accordance with the requirements of RFC 5730, ʺ信息ʺ has realized session login, logout and hello command, as well as poll command for asynchronous message reception and confirmation. Meanwhile, the formal syntax of EPP, result code, date format and international support satisfy RFC 5730.  
　　
25.2.2 Compliance with RFC 5731

In accordance with the requirements of RFC 5731, the business interface provided by ʺ.信息ʺ to the registrar has supported commands including check, info, create, delete, renew, transfer and update for domain names. 
　　
25.2.3 Compliance with RFC 5732

In accordance with the requirements of RFC 5732, the business interface provided by ʺ.信息ʺ to the registrar has implemented commands including check, info, create, delete and update for hosts. The host of a particular domain name can be automatically transferred as the domain name is transferred. The IP of the host may be either IPv4 or IPv6.　
　
25.2.4 Compliance with RFC 5733

In accordance with the requirements of RFC 5733, the business interface provided by ʺ.信息ʺ to the registrar has implemented commands including check, info, create, delete, renew, transfer and update for contacts.  
　　
25.2.5 Compliance with RFC 5734

In accordance with RFC 5734,  the business interface provided by ʺ.信息ʺ to the registrar has implemented EPP mapping and deployed the Secure Sockets Layer (SSL) protocol, both of which are based on TCP. The EPP message format, the TCP connection session, the communication sequence of the client and the server, as well as the monitoring port meet the requirement of RFC 5734.
　　
25.3 Proprietary EPP Extension

Due to the uniqueness of ʺ.信息ʺʹs business, Tele-info Ltd. and CNNIC have agreed to implement some function extensions of the standard EPP. To be specific, these extensions include the extension of traditional, simplified and variant Chinese domain names, and DNSSEC function extensions. 
　　
25.3.1 Extension of Traditional, Simplified and Variant Chinese Domain Names

25.3.1.1 Overview

According to the characteristics of Chinese domain names, Tele-info Ltd. has formulated relevant policies for ʺ.信息ʺ variant registration (refer to the answer to Question 44). To facilitate the implementation of these policies, Tele-info Ltd. and CNNIC, in accordance with RFC 3735, have agreed to extend EPP for traditional, simplified and variant Chinese domain names, making possible bundle registration of variant Chinese domain names.
　　
25.3.1.2 Explanation of Extensions

In accordance with the business requirements of ʺ.信息ʺ,  the response messages for the commands about the domain names mentioned in RFC 5731, including info, transfer, delete and renew as well as the commands and response messages of update and create in the EPP have been extended. Chinese characters in use have at least two forms, traditional and simplified Chinese characters. Therefore, in creating a domain name, a full traditional and a full simplified domain name will be generated according to the one the registrar submits to Tele-info Ltd. and will be stored in the database. 
　　
When executing the info command, ʺ信息ʺ feed the traditional, simplified and variant Chinese domain names and the corresponding A-Label record back to the client. 
　　
After the command is extended, the feedback message is as follows:

   S:〈?xml version=ʺ1.0ʺ encoding=ʺUTF-8ʺ standalone=ʺnoʺ?〉
   S:〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ〉
   S:  〈response〉
   S:    〈result code=ʺ1000ʺ〉
   S:      〈msg〉Command completed successfully〈⁄msg〉
   S:    〈⁄result〉
   S:    〈resData〉
   S:      〈domain:trnData
   S:       xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ〉
   S:        〈domain:name〉xn--fsq270a.xn--vuq861b〈⁄domain:name〉
   S:        〈domain:trStatus〉pending〈⁄domain:trStatus〉
   S:        〈domain:reID〉ClientX〈⁄domain:reID〉
   S:        〈domain:reDate〉2010-06-06T22:00:00.0Z〈⁄domain:reDate〉
   S:        〈domain:acID〉ClientY〈⁄domain:acID〉
   S:        〈domain:acDate〉2011-06-11T22:00:00.0Z〈⁄domain:acDate〉
   S:        〈domain:exDate〉2012-09-08T22:00:00.0Z〈⁄domain:exDate〉
   S:      〈⁄domain:trnData〉
   S:    〈⁄resData〉
   S:    〈extension〉
   S:      〈idn:trnData
   S:       xmlns:idn=ʺurn:ietf:params:xml:ns:idnv-1.0ʺ〉
   S:        〈idn:bundle〉
   S:          〈idn:oidn uLabel=ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”
   S:           activated=ʺtrueʺ〉xn--fsq270a.xn--vuq861b〈⁄idn:oidn〉
   S:          〈idn:pidn uLabel=ʺU+5BE6ʺʺU+4F8Bʺ.”U+4FE1”“U+606F”
   S:           activated=ʺtrueʺ〉xn--fsqz41a.xn--vuq861b〈⁄idn:pidn〉
   S:              〈idn:vidn uLabel=ʺU+5B9FʺʺU+4F8Bʺ.”U+4FE1”“U+606F”
   S:           activated=ʺtrueʺ〉xn--fsq470a.xn--vuq861b〈⁄idn:vidn〉
   S:        〈⁄idn:bundle〉
   S:      〈⁄idn:trnData〉
   S:    〈⁄extension〉
   S:    〈trID〉
   S:      〈clTRID〉ABC-12345〈⁄clTRID〉
   S:      〈svTRID〉54322-XYZ〈⁄svTRID〉
   S:    〈⁄trID〉
   S:  〈⁄response〉
   S:〈⁄epp〉

Example 〈create〉 command:

   C:〈?xml version=ʺ1.0ʺ encoding=ʺUTF-8ʺ standalone=ʺnoʺ?〉
   C:〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ〉
   C:  〈command〉
   C:    〈create〉
   C:      〈domain:create
   C:       xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ〉
   C:        〈domain:name〉xn--fsq270a.xn--vuq861b〈⁄domain:name〉
   C:        〈domain:period unit=ʺyʺ〉2〈⁄domain:period〉
   C:        〈domain:registrant〉123〈⁄domain:registrant〉
   C:        〈domain:contact type=ʺadminʺ〉123〈⁄domain:contact〉
   C:        〈domain:contact type=ʺtechʺ〉123〈⁄domain:contact〉
   C:        〈domain:authInfo〉
   C:          〈domain:pw〉2fooBAR〈⁄domain:pw〉
   C:        〈⁄domain:authInfo〉
   C:      〈⁄domain:create〉
   C:    〈⁄create〉
   C:    〈extension:
   C:      〈idn:create
   C:       xmlns:idn=ʺurn:ietf:params:xml:ns:idnv-1.0ʺ〉
   C:          〈idn:vidn uLabel=ʺU+5B9FʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〉
   C:               xn--fsq470a.xn--vuq861b〈⁄idn:vidn〉
   C:      〈⁄idn:create〉
   C:    〈⁄extension〉
   C:    〈clTRID〉ABC-12345〈⁄clTRID〉
   C:  〈⁄command〉
   C:〈⁄epp〉
 
  Example 〈create〉 Response for an authorized client:

   S:〈?xml version=ʺ1.0ʺ encoding=ʺUTF-8ʺ standalone=ʺnoʺ?〉
   S:〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ〉
   S:  〈response〉
   S:    〈result code=ʺ1000ʺ〉
   S:      〈msg〉Command completed successfully〈⁄msg〉
   S:    〈⁄result〉
   S:    〈resData〉
   S:      〈domain:creData
   S:       xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ〉
   S:        〈domain:name〉xn--fsq270a.xn--vuq861b〈⁄domain:name〉
   S:        〈domain:crDate〉1999-04-03T22:00:00.0Z〈⁄domain:crDate〉
   S:        〈domain:exDate〉2001-04-03T22:00:00.0Z〈⁄domain:exDate〉
   S:      〈⁄domain:creData〉
   S:    〈⁄resData〉
   S:    〈extension〉
   S:      〈idn:creData
   S:       xmlns:idn=ʺurn:ietf:params:xml:ns:idnv-1.0ʺ〉
   S:        〈idn:bundle〉
   S:          〈idn:oidn uLabel=ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”
   S:           activated=ʺtrueʺ〉xn--fsq270a.xn--vuq861b〈⁄idn:oidn〉
   S:          〈idn:pidn uLabel=ʺU+5BE6ʺʺU+4F8Bʺ.”U+4FE1”“U+606F”
   S:           activated=ʺtrueʺ〉xn--fsqz41a.xn--vuq861b〈⁄idn:pidn〉
   S:              〈idn:vidn uLabel=ʺU+5B9FʺʺU+4F8Bʺ.”U+4FE1”“U+606F”
   S:           activated=ʺtrueʺ〉xn--fsq470a.xn--vuq861b〈⁄idn:vidn〉
   S:        〈⁄idn:bundle〉
   S:      〈⁄idn:creData〉
   S:    〈⁄extension〉
   S:    〈trID〉
   S:      〈clTRID〉ABC-12345〈⁄clTRID〉
   S:      〈svTRID〉54322-XYZ〈⁄svTRID〉
   S:    〈⁄trID〉
   S:  〈⁄response〉
   S:〈⁄epp〉

Example 〈delete〉 response:

   S:〈?xml version=ʺ1.0ʺ encoding=ʺUTF-8ʺ standalone=ʺnoʺ?〉
   S:〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ〉
   S:  〈response〉
   S:    〈result code=ʺ1000ʺ〉
   S:      〈msg〉Command completed successfully〈⁄msg〉
   S:    〈⁄result〉
   S:    〈extension〉
   S:      〈idn:delData
   S:       xmlns:idn=ʺurn:ietf:params:xml:ns:idnv-1.0ʺ〉
   S:        〈idn:bundle〉
   S:          〈idn:oidn〉xn--fsq270a.xn--vuq861b〈⁄idn:oidn〉
   S:          〈idn:pidn〉xn--fsqz41a.xn--vuq861b〈⁄idn:pidn〉
   S:              〈idn:vidn〉xn--fsq470a.xn--vuq861b〈⁄idn:vidn〉
   S:        〈⁄idn:bundle〉
   S:      〈⁄idn:delData〉
   S:    〈⁄extension〉
   S:    〈trID〉
   S:      〈clTRID〉ABC-12345〈⁄clTRID〉
   S:      〈svTRID〉54321-XYZ〈⁄svTRID〉
   S:    〈⁄trID〉
   S:  〈⁄response〉
   S:〈⁄epp〉

Example 〈renew〉 response:

   S:〈?xml version=ʺ1.0ʺ encoding=ʺUTF-8ʺ standalone=ʺnoʺ?〉
   S:〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ〉
   S:  〈response〉
   S:    〈result code=ʺ1000ʺ〉
   S:      〈msg〉Command completed successfully〈⁄msg〉
   S:    〈⁄result〉
   S:    〈resData〉
   S:      〈domain:renData
   S:       xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ〉
   S:        〈domain:name〉 xn--fsq270a.xn--vuq861b〈⁄domain:name〉
   S:        〈domain:exDate〉2012-04-03T22:00:00.0Z〈⁄domain:exDate〉
   S:      〈⁄domain:renData〉
   S:    〈⁄resData〉
   S:    〈extension〉
   S:      〈idn:renData
   S:       xmlns:idn=ʺurn:ietf:params:xml:ns:idnv-1.0ʺ〉
   S:        〈idn:bundle〉
   S:          〈idn:oidn〉xn--fsq270a.xn--vuq861b〈⁄idn:oidn〉
   S:          〈idn:pidn〉xn--fsqz41a.xn--vuq861b〈⁄idn:pidn〉
   S:              〈idn:vidn〉xn--fsq470a.xn--vuq861b〈⁄idn:vidn〉
   S:        〈⁄idn:bundle〉
   S:      〈idn:renData〉
   S:    〈⁄extension〉
   S:    〈trID〉
   S:      〈clTRID〉ABC-12345〈⁄clTRID〉
   S:      〈svTRID〉54322-XYZ〈⁄svTRID〉
   S:    〈⁄trID〉
   S:  〈⁄response〉
S:〈⁄epp〉

Example 〈transfer〉 Response for an authorized client:

   S:〈?xml version=ʺ1.0ʺ encoding=ʺUTF-8ʺ standalone=ʺnoʺ?〉
   S:〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ〉
   S:  〈response〉
   S:    〈result code=ʺ1000ʺ〉
   S:      〈msg〉Command completed successfully〈⁄msg〉
   S:    〈⁄result〉
   S:    〈resData〉
   S:      〈domain:trnData
   S:       xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ〉
   S:        〈domain:name〉xn--fsq270a.xn--vuq861b〈⁄domain:name〉
   S:        〈domain:trStatus〉pending〈⁄domain:trStatus〉
   S:        〈domain:reID〉ClientX〈⁄domain:reID〉
   S:        〈domain:reDate〉2010-06-06T22:00:00.0Z〈⁄domain:reDate〉
   S:        〈domain:acID〉ClientY〈⁄domain:acID〉
   S:        〈domain:acDate〉2011-06-11T22:00:00.0Z〈⁄domain:acDate〉
   S:        〈domain:exDate〉2012-09-08T22:00:00.0Z〈⁄domain:exDate〉
   S:      〈⁄domain:trnData〉
   S:    〈⁄resData〉
   S:    〈extension〉
   S:      〈idn:trnData
   S:       xmlns:idn=ʺurn:ietf:params:xml:ns:idnv-1.0ʺ〉
   S:        〈idn:bundle〉
   S:          〈idn:oidn uLabel=ʺU+5B9EʺʺU+4f8bʺ.”U+4FE1”“U+606F”
   S:           activated=ʺtrueʺ〉xn--fsq270a.xn--vuq861b〈⁄idn:oidn〉
   S:          〈idn:pidn uLabel=ʺU+5BE6ʺʺU+4f8bʺ.”U+4FE1”“U+606F”
   S:           activated=ʺtrueʺ〉xn--fsqz41a.xn--vuq861b〈⁄idn:pidn〉
   S:              〈idn:vidn uLabel=ʺU+5B9FʺʺU+4f8bʺ.”U+4FE1”“U+606F”
   S:           activated=ʺtrueʺ〉xn--fsq470a.xn--vuq861b〈⁄idn:vidn〉
   S:        〈⁄idn:bundle〉
   S:      〈⁄IDN:trnData〉
   S:    〈⁄extension〉
   S:    〈trID〉
   S:      〈clTRID〉ABC-12345〈⁄clTRID〉
   S:      〈svTRID〉54322-XYZ〈⁄svTRID〉
   S:    〈⁄trID〉
   S:  〈⁄response〉
   S:〈⁄epp〉

Registrants are permitted to add or remove a variant domain name when executing the update command. Example 〈update〉 Command:

   C:〈?xml version=ʺ1.0ʺ encoding=ʺUTF-8ʺ standalone=ʺnoʺ?〉
   C:〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ〉
   C:  〈command〉
   C:    〈update〉
   C:      〈domain:update
   C:       xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ〉
   C:        〈domain:name〉xn--fsq270a.xn--vuq861b〈⁄domain:name〉
   C:        〈domain:add〉
   C:          〈domain:ns〉
   C:            〈domain:hostObj〉ns2.example.cn〈⁄domain:hostObj〉
   C:          〈⁄domain:ns〉
C:          〈domain:contact type=ʺtechʺ〉234〈⁄domain:contact〉
   C:          〈domain:status s=ʺclientHoldʺ
   C:           lang=ʺenʺ〉Payment overdue.〈⁄domain:status〉
   C:        〈⁄domain:add〉
   C:        〈domain:rem〉
   C:          〈domain:ns〉
   C:            〈domain:hostObj〉ns1.example.cn〈⁄domain:hostObj〉
   C:          〈⁄domain:ns〉
   C:          〈domain:contact type=ʺtechʺ〉123〈⁄domain:contact〉
   C:          〈domain:status s=ʺclientUpdateProhibitedʺ⁄〉
   C:        〈⁄domain:rem〉
   C:        〈domain:chg〉
   C:          〈domain:registrant〉234〈⁄domain:registrant〉
   C:          〈domain:authInfo〉
   C:            〈domain:pw〉2BARfoo〈⁄domain:pw〉
   C:          〈⁄domain:authInfo〉
   C:        〈⁄domain:chg〉
   C:      〈⁄domain:update〉
   C:    〈⁄update〉
   C:    〈extension〉
   C:      〈idn:update
   C:       xmlns:idn=ʺurn:ietf:params:xml:ns:idnv-1.0ʺ〉
   C:         〈idn:add〉
   C:          〈idn:vidn〉xn--fsq470a.xn--vuq861b〈⁄idn:vidn〉
   C:         〈⁄idn:add〉
   C:         〈idn:rem〉
   C:          〈idn:vidn〉xn--fsqz41a.xn--vuq861b〈⁄idn:vidn〉
   C:         〈⁄idn:rem〉
   C:      〈idn:deactivate〉
   C:           〈idn:vidn〉xn--fsq470a.xn--vuq861b〈⁄idn:vidn〉
   C:      〈⁄idn:deactivate〉
   C:      〈⁄idn:update〉
   C:    〈⁄extension〉
   C:    〈clTRID〉ABC-12345〈⁄clTRID〉
   C:  〈⁄command〉
   C:〈⁄epp〉

For details, please refer to the link: http:⁄⁄tools.ietf.org⁄html⁄draft-kong-epp-idn-variants-mapping-00.

25.3.2 DNSSEC Extension

25.3.2.1 Overview

According to ʺ.信息ʺ registration polices for Chinese domain names, the registrant will obtain a full traditional and a full simplified Chinese domain names when applying for domain name registration. To allow the registrants to apply for Delegation Signer (DS) records for multiple variant Chinese domain names, Tele-info Ltd. and CNNIC, in accordance with RFC 3735, have agreed to implement EPP extension for DNSSEC to support bulk registration of DS records.
　　
25.3.2.2 Explanation of Extensions 

In accordance with the business requirements of ʺ.信息ʺ,  the RFC 5910 in the EPP has been extended. DS records can be added to a designated domain name when it is created and updated, and relevant DS data are contained in the response message of info command. 
　　
Create message：

Create message：
　　
   C:〈?xml version=ʺ1.0ʺ encoding=ʺUTF-8ʺ standalone=ʺnoʺ?〉
   C:〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ〉
   C:  〈command〉
   C:    〈create〉
   C:      〈domain:create
   C:       xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ〉
   C:        〈domain:name〉
   C:          ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄domain:name〉
   C:        〈domain:period unit=ʺyʺ〉2〈⁄domain:period〉
   C:        〈domain:registrant〉123〈⁄domain:registrant〉
   C:        〈domain:contact type=ʺadminʺ〉123〈⁄domain:contact〉
   C:        〈domain:contact type=ʺtechʺ〉123〈⁄domain:contact〉
   C:        〈domain:authInfo〉
   C:          〈domain:pw〉2fooBAR〈⁄domain:pw〉
   C:        〈⁄domain:authInfo〉
   C:      〈⁄domain:create〉
   C:    〈⁄create〉
   C:    〈extension〉
   C:      〈secCDNS:create
   C:       xmlns:secCDNS=ʺurn:ietf:params:xml:ns:secCDNS-1.0ʺ〉
   C:           〈secCDNS:maxSigLife〉604800〈⁄secCDNS:maxSigLife〉
   C:        〈secCDNS:DS〉
   C:             〈secCDNS:CDN〉
   C:            ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄secCDNS:CDN〉
   C:          〈secCDNS:dsData〉
   C:            〈secCDNS:keyTag〉12345〈⁄secCDNS:keyTag〉
   C:            〈secCDNS:alg〉3〈⁄secCDNS:alg〉
   C:            〈secCDNS:digestType〉1〈⁄secCDNS:digestType〉
   C:            〈secCDNS:digest〉49FD46E6C4B45C55D4AC〈⁄secCDNS:digest〉
   C:          〈⁄secCDNS:dsData〉
   C:        〈⁄secCDNS:DS〉
   C:      〈⁄secCDNS:create〉
   C:    〈⁄extension〉
   C:    〈trID〉
   C:      〈clTRID〉ABC-12345〈⁄clTRID〉
   C:      〈svTRID〉54322-XYZ〈⁄svTRID〉
   C:    〈⁄trID〉
   C:  〈⁄response〉
   C:〈⁄epp〉
   
or：
   
   C:〈?xml version=ʺ1.0ʺ encoding=ʺUTF-8ʺ standalone=ʺnoʺ?〉
   C:〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ〉
   C:  〈command〉
   C:    〈create〉
   C:      〈domain:create
   C:       xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ〉
   C:        〈domain:name〉
   C:          ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄domain:name〉
   C:        〈domain:period unit=ʺyʺ〉2〈⁄domain:period〉
   C:        〈domain:registrant〉123〈⁄domain:registrant〉
   C:        〈domain:contact type=ʺadminʺ〉123〈⁄domain:contact〉
   C:        〈domain:contact type=ʺtechʺ〉123〈⁄domain:contact〉
   C:        〈domain:authInfo〉
   C:          〈domain:pw〉2fooBAR〈⁄domain:pw〉
   C:        〈⁄domain:authInfo〉
   C:      〈⁄domain:create〉
   C:    〈⁄create〉
   C:    〈extension〉
   C:      〈secCDNS:create
   C:       xmlns:secCDNS=ʺurn:ietf:params:xml:ns:secCDNS-1.0ʺ〉
   C:           〈secCDNS:maxSigLife〉604800〈⁄secCDNS:maxSigLife〉
   C:        〈secCDNS:KEY type=ʺallʺ〉
   C:          〈secCDNS:keyData〉
   C:            〈secCDNS:flags 〉257〈⁄secCDNS:flags〉
   C:            〈secCDNS:protocol〉3〈⁄secCDNS:protocol〉
   C:            〈secCDNS:alg〉1〈⁄secCDNS:alg〉
   C:            〈secCDNS:pubKey〉AQPJ⁄⁄⁄⁄4Q==〈⁄secCDNS:pubKey〉
   C:          〈⁄secCDNS:keyData〉
   C:        〈⁄secCDNS:KEY〉
   C:      〈⁄secCDNS:create〉
   C:    〈⁄extension〉
   C:    〈trID〉
   C:      〈clTRID〉ABC-12345〈⁄clTRID〉
   C:      〈svTRID〉54322-XYZ〈⁄svTRID〉
   C:    〈⁄trID〉
   C:  〈⁄response〉
   C:〈⁄epp〉
   
Update message：
　　
   C:〈?xml version=ʺ1.0ʺ encoding=ʺUTF-8ʺ standalone=ʺnoʺ?〉
   C:〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ
   C:     xmlns:xsi=ʺhttp:⁄⁄www.w3.org⁄2001⁄XMLSchema-instanceʺ〉
   C:  〈command〉
   C:    〈update〉
   C:      〈domain:update
   C:       xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ〉
   C:        〈domain:name〉 ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄domain:name〉
   C:      〈⁄domain:update〉
   C:    〈⁄update〉
   C:    〈extension〉
   C:      〈secDNS:update
   C:       xmlns:secCDNS=ʺurn:ietf:params:xml:ns:secCDNS-1.0ʺ〉
   C:        〈secDNS:rem〉
   C:         〈secCDNS:DS〉
   C:             〈secCDNS:CDN〉
   C:            ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄secCDNS:CDN〉
   C:          〈secCDNS:dsData〉
   C:            〈secCDNS:keyTag〉12345〈⁄secCDNS:keyTag〉
   C:            〈secCDNS:alg〉3〈⁄secCDNS:alg〉
   C:            〈secCDNS:digestType〉1〈⁄secCDNS:digestType〉
   C:            〈secCDNS:digest〉49FD46E6C4B45C55D4AC〈⁄secCDNS:digest〉
   C:          〈⁄secCDNS:dsData〉
   C:         〈⁄secCDNS:DS〉
   C:        〈⁄secCDNS:rem〉
   C:        〈secCDNS:add〉
   C:          〈secCDNS:DS〉
   C:             〈secCDNS:CDN〉
   C:            ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄secCDNS:CDN〉
   C:          〈secCDNS:dsData〉
   C:            〈secCDNS:keyTag〉12345〈⁄secCDNS:keyTag〉
   C:            〈secCDNS:alg〉3〈⁄secCDNS:alg〉
   C:            〈secCDNS:digestType〉1〈⁄secCDNS:digestType〉
   C:            〈secCDNS:digest〉49FD46E6C4B45C55D4AC〈⁄secCDNS:digest〉
   C:          〈⁄secCDNS:dsData〉
   C:        〈⁄secCDNS:DS〉
   C:        〈⁄secCDNS:add〉
   C:      〈⁄secCDNS:update〉
   C:    〈⁄extension〉
   C:    〈clTRID〉ABC-12345〈⁄clTRID〉
   C:  〈⁄command〉
   C:〈⁄epp〉

Example 〈info〉 Response for a Secure Delegation Using the DS Data Interface:

   S:〈?xml version=ʺ1.0ʺ encoding=ʺUTF-8ʺ standalone=ʺnoʺ?〉
   S:〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ
   S:     xmlns:xsi=ʺhttp:⁄⁄www.w3.org⁄2001⁄XMLSchema-instanceʺ〉
   S:  〈response〉
   S:    〈result code=ʺ1000ʺ〉
   S:      〈msg〉Command completed successfully〈⁄msg〉
   S:    〈⁄result〉
   S:    〈resData〉
   S:      〈domain:infData
   S:       xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ〉
   S:        〈domain:name〉
   S:          ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄domain:name〉
   S:        〈domain:roid〉123456-domain〈⁄domain:roid〉
   S:        〈domain:status s=ʺokʺ⁄〉
   S:        〈domain:registrant〉123CN〈⁄domain:registrant〉
   S:        〈domain:contact type=ʺadminʺ〉helloChina〈⁄domain:contact〉
   S:        〈domain:contact type=ʺtechʺ〉 helloChina〈⁄domain:contact〉
   S:        〈domain:ns〉
   S:          〈domain:hostObj〉ns1.china 〈⁄domain:hostObj〉
   S:          〈domain:hostObj〉ns2.china 〈⁄domain:hostObj〉
   S:        〈⁄domain:ns〉
   S:        〈domain:host〉
   S:          ns1.ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄domain:host〉
   S:        〈domain:host〉
   S:          ns2.ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄domain:host〉
   S:        〈domain:clID〉ClientX〈⁄domain:clID〉
   S:        〈domain:crID〉ClientY〈⁄domain:crID〉
   S:        〈domain:crDate〉2010-04-03T22:00:00.0Z〈⁄domain:crDate〉
   S:        〈domain:upID〉ClientX〈⁄domain:upID〉
   S:        〈domain:upDate〉2010-12-03T09:00:00.0Z〈⁄domain:upDate〉
   S:        〈domain:exDate〉2012-04-03T22:00:00.0Z〈⁄domain:exDate〉
   S:        〈domain:trDate〉2011-02-08T09:00:00.0Z〈⁄domain:trDate〉
   S:        〈domain:authInfo〉
   S:          〈domain:pw〉abc123〈⁄domain:pw〉
   S:        〈⁄domain:authInfo〉
   S:      〈⁄domain:infData〉
   S:    〈⁄resData〉
   S:    〈extension〉
   S:      〈secCDNS:infData
   S:       xmlns:secCDNS=ʺurn:ietf:params:xml:ns:secCDNS-1.0ʺ〉
   S:           〈secCDNS:maxSigLife〉604800〈⁄secCDNS:maxSigLife〉
   S:        〈secCDNS:DS〉
   S:             〈secCDNS:CDN〉
   S:            ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄secCDNS:CDN〉
   S:          〈secCDNS:dsData〉
   S:            〈secCDNS:keyTag〉12345〈⁄secCDNS:keyTag〉
   S:            〈secCDNS:alg〉3〈⁄secCDNS:alg〉
   S:            〈secCDNS:digestType〉1〈⁄secCDNS:digestType〉
   S:            〈secCDNS:digest〉DVF46E6C4B45C55D4AC〈⁄secCDNS:digest〉
   S:          〈⁄secCDNS:dsData〉
   S:        〈⁄secCDNS:DS〉
   S:             〈secCDNS:CDN〉
   S:            ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄secCDNS:CDN〉
   S:          〈secCDNS:dsData〉
   S:            〈secCDNS:keyTag〉12345〈⁄secCDNS:keyTag〉
   S:            〈secCDNS:alg〉3〈⁄secCDNS:alg〉
   S:            〈secCDNS:digestType〉1〈⁄secCDNS:digestType〉
   S:            〈secCDNS:digest〉59FD46E6C4B45C55D4AC〈⁄secCDNS:digest〉
   S:          〈⁄secCDNS:dsData〉
   S:          〈secCDNS:dsData〉
   S:            〈secCDNS:keyTag〉12345〈⁄secCDNS:keyTag〉
   S:            〈secCDNS:alg〉3〈⁄secCDNS:alg〉
   S:            〈secCDNS:digestType〉1〈⁄secCDNS:digestType〉
   S:            〈secCDNS:digest〉80FD46E6C4B45C55D4AC〈⁄secCDNS:digest〉
   S:          〈⁄secCDNS:dsData〉
   S:        〈⁄secCDNS:DS〉
   S:      〈⁄secCDNS:infData〉
   S:    〈⁄extension〉
   S:    〈trID〉
   S:      〈clTRID〉ABC-12345〈⁄clTRID〉
   S:      〈svTRID〉54322-XYZ〈⁄svTRID〉
   S:    〈⁄trID〉
   S:  〈⁄response〉
   S:〈⁄epp〉

   Example 〈info〉 Response for a Secure Delegation Using the Key Data Interface:

   S:〈?xml version=ʺ1.0ʺ encoding=ʺUTF-8ʺ standalone=ʺnoʺ?〉
   S:〈epp xmlns=ʺurn:ietf:params:xml:ns:epp-1.0ʺ
   S:     xmlns:xsi=ʺhttp:⁄⁄www.w3.org⁄2001⁄XMLSchema-instanceʺ〉
   S:  〈response〉
   S:    〈result code=ʺ1000ʺ〉
   S:      〈msg〉Command completed successfully〈⁄msg〉
   S:    〈⁄result〉
   S:    〈resData〉
   S:      〈domain:infData
   S:       xmlns:domain=ʺurn:ietf:params:xml:ns:domain-1.0ʺ〉
   S:        〈domain:name〉
   S:          ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄domain:name〉
   S:        〈domain:roid〉123456-domain〈⁄domain:roid〉
   S:        〈domain:status s=ʺokʺ⁄〉
   S:        〈domain:registrant〉123CN〈⁄domain:registrant〉
   S:        〈domain:contact type=ʺadminʺ〉helloChina〈⁄domain:contact〉
   S:        〈domain:contact type=ʺtechʺ〉 helloChina〈⁄domain:contact〉
   S:        〈domain:ns〉
   S:          〈domain:hostObj〉ns1.china 〈⁄domain:hostObj〉
   S:          〈domain:hostObj〉ns2.china 〈⁄domain:hostObj〉
   S:        〈⁄domain:ns〉
   S:        〈domain:host〉
   S:          ns1.ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄domain:host〉
   S:        〈domain:host〉
   S:          ns2.ʺU+5B9EʺʺU+4F8Bʺ.”U+4FE1”“U+606F”〈⁄domain:host〉
   S:        〈domain:clID〉ClientX〈⁄domain:clID〉
   S:        〈domain:crID〉ClientY〈⁄domain:crID〉
   S:        〈domain:crDate〉2010-04-03T22:00:00.0Z〈⁄domain:crDate〉
   S:        〈domain:upID〉ClientX〈⁄domain:upID〉
   S:        〈domain:upDate〉2010-12-03T09:00:00.0Z〈⁄domain:upDate〉
   S:        〈domain:exDate〉2012-04-03T22:00:00.0Z〈⁄domain:exDate〉
   S:        〈domain:trDate〉2011-02-08T09:00:00.0Z〈⁄domain:trDate〉
   S:        〈domain:authInfo〉
   S:          〈domain:pw〉abc123〈⁄domain:pw〉
   S:        〈⁄domain:authInfo〉
   S:      〈⁄domain:infData〉
   S:    〈⁄resData〉
   S:    〈extension〉
   S:      〈secCDNS:infData
   S:       xmlns:secCDNS=ʺurn:ietf:params:xml:ns:secCDNS-1.0ʺ〉
   S:        〈secCDNS:KEY type=ʺallʺ〉
   S:          〈secCDNS:keyData〉
   S:            〈secCDNS:flags 〉257〈⁄secCDNS:flags〉
   S:            〈secCDNS:protocol〉3〈⁄secCDNS:protocol〉
   S:            〈secCDNS:alg〉1〈⁄secCDNS:alg〉
   S:            〈secCDNS:pubKey〉AQPJ⁄⁄⁄⁄4Q==〈⁄secCDNS:pubKey〉
   S:          〈⁄secCDNS:keyData〉
   S:        〈⁄secCDNS:KEY〉
   S:      〈⁄secCDNS:infData〉
   S:    〈⁄extension〉
   S:    〈trID〉
   S:      〈clTRID〉ABC-12345〈⁄clTRID〉
   S:      〈svTRID〉54322-XYZ〈⁄svTRID〉
   S:    〈⁄trID〉
   S:  〈⁄response〉
   S:〈⁄epp〉

For details, please refer to the link:
http:⁄⁄tools.ietf.org⁄html⁄draft-kong-epp-cdn-dnssec-mapping-00.

25.4 The EPP Schema of Business Interface

The EPP Schema used by ʺ.信息ʺ includes two parts: one is the EPP XML Schema defined by RFC and the other is the EPP XML Schema of customized extension.
　　
25.4.1 The EPP XML Schema Defined by RFC

	(1) urn:ietf:params:xml:ns:eppcom-1.0 (Refer to RFC 5730)

	(2) urn:ietf:params:xml:ns:epp-1.0 (Refer to RFC 5730)

	(3) urn:ietf:params:xml:ns:domain-1.0 (Refer to RFC 5731)

	(4) urn:ietf:params:xml:ns:host-1.0 (Refer to RFC 5732)

	(5) urn:ietf:params:xml:ns:contact-1.0 (Refer to RFC 5733)

	(6) urn:ietf:params:xml:ns:rgp-1.0 (Refer to RFC 3915)

25.4.2 The EPP XML Schema of Customized Extension

	(1) urn:ietf:params:xml:ns:cdn-1.0 (draft-kong-epp-idn-variants-mapping-00)

	(2) urn:ietf:params:xml:ns:secCDNS-1.0 (Refer to draft-kong-epp-cdn-dnssec-mapping-00)

25.5 Resource Allocation

25.5.1 Human Resources

For performing the service promises concerning EPP of ʺ.信息ʺ, the human resources provided are as follows:

ʺ.信息ʺ adopts the human resources that are for CNNIC ʺBack-End Registry Service Platformʺ use, which equips with 2 software engineers who are responsible for EPP consistency analysis and for extending EPP in accordance with RFC 3735. 

Tele-info Ltd. will designate 2 technical personnel to communicate and coordinate technical issues with CNNIC and supervise the work of CNNIC. Refer to the answer to Question 31.

25.5.2 Funds

For performing the service promises concerning EPP of ʺ.信息ʺ, funds of human resources and outsourcing funds for CNNIC ʺBack-End Registry Service Platformʺ have been put in place by Tele-info Ltd.. Refer to the answer to Question 46 for the sources and uses of these funds. Funds for human resources, equipment procurement and maintenance of CNNIC have been put in place by CNNIC.

Based on Request for Comments (RFC) 3912, Beijing Tele-info Network Technology Co., Ltd. (Tele-info Ltd.) provides the ʺ信息ʺ TLD with data objects, bulk access, lookups and web-based searchable Whois service which are defined in Specification 4 and which meet the Service Level Requirements (SLR) of Specification 10. Appropriate precaution measures have been taken to prevent abuse of registered data information.

Tele-info Ltd. entrusts China Internet Network Information Center (CNNIC) to provide technology and operation for ʺ.信息ʺ TLD through the ʺBack-End Registry Service Platformʺ of CNNIC. Tele-info Ltd. will designate specialists to carry out coordination.

By far, all human resources, funds and equipment necessary for implementing and maintaining Whois have been put in place by Tele-info Ltd. and CNNIC respectively.

26.1 Realization of Whois System

The Whois system is used to check the detailed information of registered domain names and whether a particular domain name has been registered. In addition, ʺ.信息ʺ will support searchable Whois service which has a web search function with domain names, registrant names, postal addresses, contact names, registrar IDs and Internet Protocol addresses as key words and which also supports the Boolean search function.
26.1.1 System Architecture

Please refer to Figure 1 in the attachment of Q26_Attachment_Figure for the details of the architecture of the Whois system.
Data in the Whois database is created by advanced replication of the Shared Registration System (SRS) registration database. The Whois system consists of the WhoisD system which is accessible by command lines via Port 43, and the web-based Whois Web system. Whois Web requests are converted into WhoisD requests and the WhoisD system is connected to the Whois database to return query results to the user. The searchable Whois system provides searchable services by accessing Whois database index files. By advanced replication of the SRS registration database, a bulk access Whois database is generated which provides bulk access function for authorized registrars or third-party users.
26.1.2 System Functions
26.1.2.1 Queries about Domain Names

Registrars and registrants may send requests to the Whois system ʺwhois 实例.信息ʺ to query about a particular domain name. The Whois system will return the following information in accordance with Specification 4 of the Registry Agreement:
(1) Information about the domain name, including domain name (U-label, A-label and variant domain name), domain ID, updated date, creation date, registry expiry date and domain status.

(2) Whois server and referral URL.

(3) Information about the sponsoring registrar, including the sponsoring registrar and the sponsoring registrar Internet Assigned Numbers Authority (IANA) ID.

(4) Information about registrants in accordance with Specification 4.

(5) Information about administers in accordance with Specification 4.

(6) Information about the technician in accordance with Specification 4.

(7) Name Server and DNSSEC.

26.1.2.2 Queries about Registrars

Registrars and registrants may send requests to the Whois system whois ʺregistrar Example Registrar, Inc.ʺ to query about a particular registrar. The Whois system will return the following information in accordance with Specification 4 of the Registry Agreement:
(1) Information about the registrar in accordance with Specification 4.

(2) Whois server and referral URL.

(3) Information about the admin contact, including phone number, fax number and Email.

(4) Information about the technical contact, including phone number, fax number and Email.

26.1.2.3 Queries on Name Servers

Registrars and registrants may send requests to the Whois system whois ʺNS1.EXAMPLE.TLDʺ or whois ʺnameserver (IP Address)ʺ to query about a particular name server. The Whois system will return the following information in accordance with Specification 4 of the Registry Agreement:

(1) Information of the server, including server name and its IP address.

(2) Registrar.

(3) Whois server and referral URL.

26.1.2.4 Internationalized Domain Name (IDN) Support

The Whois system supports two ways of domain name query, i.e., U-label and A-label, and adopts UTF-8 encoding format to enable the Whois system to display information in both English and Chinese. Furthermore, the Whois system also supports displays both of U-label, and A-label of the queried domain.
26.1.2.5 IP Black List

The Whois system supports the IP black list function.
26.1.2.6 Connection Timeout

After a connection is established, if a user does not perform any query operation within a specified time limit (configurable), the system will automatically terminate the connection.
26.1.2.7 Restrictions on the Interval of Query Time

For a user whose IP is not in the white list, their interval of query time (configurable) should be restricted to prevent highly frequent queries from hampering the response to other usersʹ queries.
26.1.2.8 Searchable Whois Service and Prevention of Information Abuse

Searchable Whois service has the following functions:

(1) For domain names, contacts, registrantʹs name, contact and registrantʹs postal address, including all the sub-fields described in Extensible Provisioning Protocol (EPP) (e.g., street, city, state or province, etc.), partial match capabilities are available.

(2) For registrar ID, name server name and name server IP address, exact match capabilities are available.

(3) Boolean search capabilities are available which meet the search criteria of AND ⁄OR⁄NOT for multiple fields.

(4) All query results contain domain name-related information, including domain name, domain ID, updated date, creation date, registry expiry date and domain name status, etc.

ʺ.信息ʺ adopts the following measures to prevent information abuse:

(1) A registrar or registrant may only login the searchable Whois system using their own ID and password, and may only search information related to their own domain names.

(2) If a registrar, registrant or a third-party user wants to search othersʹ information, they need to explain the reasonable purposes, commit to protect privacy and security, and sign an agreement with Tele-info Ltd. at first.

26.1.2.9 Bulk Access

Whois service provides bulk access capabilities for authorized registrars and third-party users. To reduce the impact of bulk access on the load of core Whois database, the data related to the capabilities are provided by a separate Whois database for bulk access.
To guarantee the quality of bulk access service, the Whois system, by identifying the userʹs IP address, provides its service only for authorized registrars and third-party users.
26.1.3 System Deployment

Please see Figure 2 in the attachment of Q26_Attachment_Figure.

(1) Internet Access

Via Border Gateway Protocol (BGP), ʺ.信息ʺ service addresses of WhoisD, Whois Web, Whois bulk access and searchable Whois etc. will be broadcasted. Users can access Whois service through multiple Internet Service Providers (ISPs).
(2) Load Balancer

WhoisD, Whois Web, Whois bulk access and searchable Whois services are all configured in virtual IP of the layer 4 load balancers.
(3) Whois Web Servers

The load balancers directly distribute a Whois Web request to the 4 Whois Web servers which will transfer the request back to the load balancer. The load balancer will then transfer the request to the 4 WhoisD servers. The WhoisD server, by accessing the Whois database, feeds the WhoisD query results back to the Whois Web server, which will then transfer the results to the user through the load balancers.
(4) WhoisD Servers

The load balancers directly dissminate WhoisD requests to the 4 WhoisD servers which will, by accessing the Whois database, transfer the query results to the user.
(5) Searchable Whois Servers

Searchable Whois service requests are allocated to 4 searchable Whois servers.
(6) Bulk-access Whois Servers

Whois servers provide bulk access capabilities for authorized third parties. Four bulk-access Whois servers respond to their query requests.
(7) Searchable Whois Index Servers

Searchable Whois requests are distributed by searching searchable index files through searchable Whois servers. Two high-performance blade servers providing searchable Whois index files are configured in different blade boxes and subnets. Whois index file servers generate index files on a regular basis and the frequency of data update is once every 5 minutes.
(8) Whois Database

The core Whois database maintains Whois data and responds to the requests of WhoisD server only.
The Whois database is built by two high-performance database servers. Data are obtained by advanced replication of the SRS core registration database with a replication interval of 5 minutes.
(9) Bulk-access Whois Database

To reduce the impact of bulk access on the load of core Whois database, 2 Whois bulk-access databases are provided exclusively to achieve this function. Data are obtained by advanced replication of the SRS core registration database with a replication interval of 5 minutes.
26.2 A Plan for Operating Robust and Reliable Whois

26.2.1 Redundant System Design

To improve reliability, a redundant design is adopted for designing the Whois system architecture including network devices, load balancers, Whois-related servers and databases, so as to ensure there is no single point. In addition, cold-standby servers are provided which are always ready for deployment and service.
Furthermore, both local and remote secondary operation centers adopt the identical Whois system deployment, to ensure that a swift switch can be made when the primary operation center fails.
26.2.2 Whois Data Synchronization

Whois data and bulk-access Whois data are obtained by advanced replication of the SRS core registration database with a replication interval of 5 minutes. Searchable Whois index data are obtained by generating searchable Whois index files through the Whois database, with an update interval of 5 minutes.

26.2.3 Failure Monitoring and Handling

ʺ.信息ʺ adopts a monitoring system and a special 7*24h team for system operation and maintenance that monitor the Whois system in a real-time manner. Once any abnormity is detected in the Whois system, the monitoring system will promptly notify the system administrator. Once a problem is detected, the 7*24h team will immediately notify the system administrator to handle it.
26.3 Compliance Analysis

26.3.1 Compliance with RFC 3912

Strictly conforming to the Whois protocol defined in the RFC 3912, Tele-info Ltd. and CNNIC have agreed that the Whois system needs to achieve the function of communication between the client and Whois servers by using TCP connection on Port 43 and, in strict accordance with RFC 3912 Protocol Model, uses ASCII CR and ASCII LF to separate one message from another.
26.3.2 Compliance with Specification 4

(1) The format of Whois command response strictly complies with the format defined in Specification 4 of the Registry Agreement, followed by a blank line and a legal disclaimer.

(2) Each data object is represented as a set of key⁄value pairs, with lines beginning with keys, followed by a colon and a space as delimiters, followed by the value.
(3) For fields where more than one value exists, multiple key⁄value pairs have the same key.

(4) The format of response to queries about domain names, registrars and name servers meets Specification 4 of the Registry Agreement. It includes at least the display fields and formats as specified therein.

(5) The format of the following data fields: domain status, individual and organizational names, address, street, city, state⁄province, postal code, country, telephone and fax numbers, Email addresses, date and time conform to the mappings specified in EPP RFC 5730, RFC 5731, RFC 5732, RFC 5733 and RFC 5734.

(6) Searchable Whois service is provided in accordance with Specification 4 of the Registry Agreement, and measures are taken to prevent abuse of registered data.

26.3.3 Compliance with Specification 10

For Whois (Registration Data Directory Services, RDDS) service level, Specification 10 of the Registry Agreement sets forth the following requirements:
Please see Table 1 in the attachment of Q26_Attachment_Table.
(1) Availability

CNNIC, Tele-info Ltd.ʹs trustee of technology and operation, has tested the Whois system used by ʺ.信息ʺ, and the results are as follows:
For a million-level aggregate registration volume (no index), 2136 transactions are successfully submitted per second. For a 10-million-level aggregate registration volume (index established), 2010 transactions are successfully submitted per second.

According to the 101,420 registration scale (balance) estimated by Tele-info Ltd. in 3 years of ʺ.信息ʺ, the daily query of WhoisD is about 106,000, and the peak value is about 3.7 times per seconds, while the query value of Whois Web is lower. Therefore, under normal conditions, one server is capable of undertaking WhoisD service. Considering system redundancy, 4 servers and 1 cold-standby server should be provided and another 4 servers are enough to undertake Whois web service.

Whois bulk access is open only to authorized registrars and third-party users and 4 Whois bulk access servers are provided for this purpose.
In case registration volume increases sharply due to attacks, more back-end servers could be added under load balancers for extension.
So, the Whois system design adopted by ʺ.信息ʺcan surely guarantee that the availability of Whois service can be kept above 98%.
(2) Query Round-Trip Time (RTT)

The average query RTT is 23.65ms. 95% of queries for WhoisD, Whois Web and Whois bulk access can be finished within 1000ms to meet Specification 10 of the Registry Agreement.
(3) Update Time

The update time of Whois database and Whois bulk access database is 5 minutes to meet Specification 10 of the Registry Agreement.
26.3.4 Laws and Policies on Privacy Protection that Searchable Service must Abide by

26.3.4.1 Registration-related Privacy

As an entity established and registered in Peopleʹs Republic of China, Tele-info Ltd. must comply with Chinaʹs laws and regulations and policies. In accordance with Article 4 of Rules on Technical Protective Measures for Internet Security of Peopleʹs Republic of China (Directive 82 of the Ministry of Public Security), Tele-info Ltd. requires that each registrar send a notice to holders of newly-registered or renewed domain names, informing them of the following:
(1) The intended use of the applicantʹs personal information to be collected.

(2) The receiver or type of receiver of such information (including the registry and other parties that are to receive such information from the registry).

(3) What information shall be provided and what (if there is any) can be provided on a voluntary basis.

(4) In what way the registered domain name holder can access or modify (if necessary) the stored data concerning them.

Only after the user has confirmed and agreed to the above information can the registrar start to collect registration information from the user. Collection of registration information without the registrantʹs consent will be regarded as infringing upon his⁄her privacy. Information collected will be considered invalid and will not pass the registryʹs review.
26.3.4.2 Query-related Privacy

Tele-info Ltd. will in compliance with Section 2, Article 18 of the Implementation Rules for the Provisional Regulations on Management of International Networking of Computer Information Networks of the Peopleʹs Republic of China, take the following measures to regulate usersʹ behavior in using Whois:
(1)Tele-info Ltd. provides searchable services for fuzzy and accurate queries about limited fields that meet the requirements of ICANN. For non-existing domain names, a negative response will be given and no suggestions on related domain names will be provided in any form.

(2) For typical searchable services, users need to pass username and password authentications before accessing the searchable Whois system and they can only make queries about their own information.

(3) Searchable services for all other types of information may be opened to some of the users who have passed authentication. Such users shall inform Tele-info Ltd. of the purpose of their queries and their contact information. If there is any violation of privacy, such as massively spreading other peopleʹs private information or sending large amounts of junk mail using Whois information, Tele-info Ltd. will mete out punishment on the infringer in accordance with relevant laws and regulations on privacy protection and if the case is serious enough, it will be reported to relevant judicial organs.

26.4 Resource Allocation

26.4.1 Human Resources

For performing the service promises concerning Whois of ʺ.信息ʺ, the human resources provided are as follows:

ʺ.信息ʺ adopts the human resources that are for CNNIC ʺBack-End Registry Service Platformʺ use, which equips with 4 software engineers who are responsible for software optimization and maintenance, 6 system administrators who are responsible for 7*24 monitoring of the Whois system.

Tele-info Ltd. will designate 2 technical personnel to communicate and coordinate the technical issues of Whois with CNNIC and supervise the work of CNNIC. Refer to the answer to Question 31.
26.4.2 Software and Hardware

For performing the service promises concerning Whois of ʺ.信息ʺ, ʺ.信息ʺ adopts the software and hardware resources that are for CNNIC ʺBack-End Registry Service Platformʺ use. Associated hardware and software resources deployed by CNNIC are as following:

Hardware in the 3 operation centers includes 60 high-performance blade servers and 12 high-performance database servers.
Software includes Whois software, database software, database cluster software and storage management software. So far development and testing of the software have been completed and the system is now in trial operation.
In addition, customization scope of Whois system software covers Whois system based on Port 43 and Whois Web system, Whois bulk access function and searchable Whois function; meanwhile it satisfies the SLR. Software customization development is carried out according to the initiation of R&D, program plan, outline design, specific design, construction stage, trial stage and release and summarization procedures. Development procedure is compliant with regulations of Level 3 of Capability Maturity Model Integration (CMMI3).
Refer to the answer to Question 32 for more details about the software and hardware.
26.4.3 Funds

For performing the service promises concerning Whois of ʺ.信息ʺ, funds for human resources and outsourcing funds for CNNIC ʺBack-End Registry Service Platformʺ have been put in place by Tele-info Ltd.. Refer to the answer to Question 46 for the sources and uses of these funds. Funds for human resources, equipment procurement and maintenance of CNNIC have been put in place by CNNIC.

For the purpose of minimizing abusive registration and other activities that have a negative impact on Internet users, Beijing Tele-info Network Technology Co., Ltd. as “the Registry Operator” has thoroughly measured different types of potential acts of domain name abuse, and correspondingly formulated series of policies on the prevention of domain name abuse, including registrars enforcement provisions, application provisions, active monitoring provision and complaints handling provisions. 

Based on the above policies, The Registry Operator has retained China Internet Network Information Center (CNNIC) as “the Registry Back-End Service Provider” of “.信息”, which provides instruments including a comprehensive contact point for filing complaints on domain name abuse, a whole life-circle domain abuse monitoring and handling platform, and an information sharing mechanism with industrial partners in order to prevent domain name abuse. The Registry Operator strives to make sure that problems of domain name abuse are detected in the first time and concurrently to improve the WHOIS accuracy and completeness. To implement the above policies and measures, The Registry Operator, collaborating with the Registry Back-End Service Provider, will allocate adequate resources in terms of manpower, equipment and finance and worked out an implementation plan on startup and on-going basis.

28.1 Policies of Domain Name Abuse Prevention and Mitigation

28.1.1 The Definition of Malicious or Abusive Behavior

To set up goals for domain name abuse prevention and control, The Registry Operator defines, based on the standards for domain name abuse formulated by the Registration Abuse Policy Working Group (RAPWG) of SSAC ( February 2009, available at  http:⁄⁄gnso.icann.org⁄issues⁄rap⁄rap-wg-final-report-29may10-en.pdf), acts of domain name abuse as those that:

	(1)Causes actual and substantial harm, or is a material predicate of such harm, and

	(2)Is illegal or illegitimate, or is otherwise considered contrary to the intention and design of a stated legitimate purpose, if such purpose is disclosed.

28.1.2 Scope of Malicious or Abusive Behavior  

Based on the definition by RAPWG and by reference to the report by the Fast-Flux working group ( 03 September 2009, available at http:⁄⁄gnso.icann.org⁄meetings⁄minutes-03sep09.htm), The Registry Operator currently captures 10 kinds of domain name abuse, which are categorized as registration abuse and malicious use as following:

28.1.2.1 Registration Abuse Includes:

	(1) Cybersquatting;

	(2) Front running;

	(3) Pornographic or offensive domain names;

	(4) Fake renewal notice;

	(5) Domain spinning;

	(6) Domain tasting

28.1.2.2 Malicious Use of Domain Names Includes:

	(1) Conduct phishing to steal users’ information or commit fraud;

 	(2) Take advantage of the domain name to spread viruses or install malware for botnet command-and-control;

 	(3) Send out spams;

 	(4) Disseminate malicious information (concerning child pornography, race discrimination, sex discrimination, and etc.) that go against international ethics and morality or interfere with public order.

28.1.3 Domain Name Abuse Prevention and Mitigation Implementation Plan

Please refer to Q28_attachment_table attached for details of the description of policies that define malicious and abusive behaviors of each category above. The Registry Back-End Service Provider will provide the capture metrics and solution to deal with those abusive behaviors respectively in the stages of registrar management, application review, active monitoring and suspension as well as complaint handling. 

28.1.4 Proposed Policies and Procedures for Prevention of Domain Name Abuse 

28.1.4.1 Provision on Registrar Enforcement of Domain Name Abuse Prevention

The Registry Operator will, based on the Registrar Accreditation Agreement (RAA) requirements formulated by ICANN, establish a code of conduct for registrars of “.信息” domain to control domain name abuse by registrars, and cooperate with the registrars to mitigate and prevent domain name abuse. The following policies are included in the Registry-Registrar Agreement (RRA) of The Registry Operator for prevention of domain name abuse.

28.1.4.1.1 Registrar Qualification

To prevent and mitigate domain name abuse, The Registry Operator requires that registrars shall:

	(1) be accredited by ICANN, i.e., having been validly accreditation by ICANN pursuant to RAA agreement;

	(2) have relevant technologies and capabilities for providing “.信息” registration services, and shall be able to provide valid registration services and WHOIS enquiry services;

	(3) have sound network and information security guarantee measures;

	(4) cooperate with registry to review users’ information with respect to the accuracy thereof;

	(5) render cooperation in the enforcement of the determinations of the court and arbitration institutions;

	(6) have a sound mechanism for domain name transfer;

	(7) guarantee the registrants’ rights protection when retreat from domain name registration service;	

28.1.4.1.2 Prohibited Terms

The RRA also provides that registrars shall execute a registration agreement with each registrant to lay down obligations of both parties. Where any registrar is engaged in any of the following activities that result in infringement upon the interests of any registrant, the registrar shall undertake all responsibilities incurred:

	(1) provide domain name registration services in a disguised name of governments, or other enterprises, public institutions or social organizations;

	(2) occupy domain name resources in a disguised form by registering domain names based on false information;

	(3) provide domain name registration services by using such unfair competition means as misleading and threatening users;

	(4) induce uses to register domain names that are confusingly similar to those that are already registered;

	(5) force users to extend the term of domain name registration or sell bundled services;

	(6) fail to submit registration information to the Registry Back-End Service Provider in accordance with the actual registration years of domain name users.

	(7) reject without any justified reason applications filed by domain name holders for password of domain name transfer, or charge the same for such application;

	(8) use of the Whois database to send unsolicited e-mail to registrants, to solicit registrants by telephone or to use the database for other commercial purposes;

	(9) purchase of domain names for any purpose except instances where the registrar has a bona fide intent to use that domain name on its own behalf;

	(10) other conducts which are in violation of laws and regulations or infringe upon the interests of domain name users. 

28.1.4.1.3 Cooperation with Registrars in Prevention of Domain Name Abuse

The RRA lays down the registrars’ obligations for cooperation with the Registry Operator and the Registry Back-End Service Provider in terms of domain name abuse mitigation and prevention, specifically registrars shall: 

	(1) conduct authentication of registrant information as complete and accurate at the time of registration. 
	Note: All registrar needs to ensure the authenticity of the information provided by the registrants. The Registry Back-End Service Provider will conduct a review process based on the application material forwarded by the registrars employing telephone call back methods to investigate the WHOIS accuracy level and the Registry Operator will provide regular monitoring of registration data for accuracy and completeness.

	(2) set up a help desk to receive complaints filed by the users on domain name abuse and disputes, to serve as the first level complaints contacting point. 
	Note: The Registry Back-End Service Provider will serve as the second level complaints contacting point to the customer.

	(3) implement based on United Domain Name Dispute Resolution Policies, the decisions, judgments or verdicts of domain name dispute resolution provider or courts to rapid take down or suspension relevant domain names and provide the registrants with corresponding notices and explanations;

	(4) establish expedited channels and contact information for law enforcement and community partners and drive towards response times of domain name take down request in the 1‐3 hours range.

	(5) provide user ID and password at the time of registration, and provide registration data update, domain name transfer and cancellation services upon password verification and identification documents authentication. The domain name may be changed and put into use only upon obtaining the approval of the registrars within three working days after the registrars receive the application form for domain name registration data update, domain name transfer and cancellation.

28.1.4.2 Policies on Name Reservation

28.1.4.2.1 Reserved Names

The Registry Operator will initially reserve the following types of names for registration to ensure that domain names will not be used for such abuse activities as fraud and phishing:

	(1) Names required to be reserved as stipulated in the agreement executed between The Registry Operator and ICANN:

	*ICANN reserved names in the Top Level Reserved List in Application Guide Book and their translation in multiple languages  
                   
	*Single & Two Character Names including the use of symbols

	*Tagged names

	*Nic, Whois, www

	(2) Geographical names (see Question 22 for details);

	(3) Names or abbreviations of the local government authorities and international inter-governmental organizations (ASCII and Chinese Translation); 
Note：The list will be formulated before or during the start-up period based on the final decision made by GAC, ICANN and local government authorities;
	
	(4) Other controversial names that may conflict with public interests according to the domain name regulation in China.

28.1.4.2.2 Release of Reserved Names 

After obtaining permit from respective relevant authorities, legitimate registrant will be allowed to submit the application to a registrar accredited by the Registry Operator for registration of the domain name. The application material shall include documentations as following:

	*Domain name registration application form with an organizational stamp;

	*Proof of establishment of the organizational registrant;

	*Proof of personal identification of the registration contact person;

	*other documentations issued by relevant parties for release of reserved domain names;

The registrar shall forward the above material to the registry. After verification process, the Registry Operator will release the domain name to the database of the registrar. If the registration application doesnʹt get approved, the Registry Back-End Service Provider will notify the registrar about the reason of declination. The process of verification shall be finished within 3 days since the Registry Back-End Service Provider receives the application material from the registrar.   

28.1.4.3 Policies on Domain Name Application Review  

For the purpose of protecting the legitimate rights and interests of the general public and preventing domain name abuse, in addition to name reservation, the registrar shall review and determine whether the registration information is inaccurate and the Registry Back-End Service Provider shall review whether the domain names applied violate the provisions of “China Internet Domain Name Regulations” (please refer to http:⁄⁄www1.cnnic.cn⁄html⁄Dir⁄2005⁄03⁄24⁄2861.htm). In case of any domain name violating the provisions of Article 27 of the Regulations or with false, inaccurate or incomplete registration information, the Registry Back-End Service Provider shall inform the registrars of such cases for cancellation. Specific review policies include:

28.1.4.3.1 Registrant Eligibility Requirement

“.信息” registrants are divided into two categories: Organizational Registrant and Natural Person Registrant. 

	(1) Organizational registrants which represent an enterprise, shall be organizations registered under the laws of the country or region where the applicant is located and capable of undertaking civil liabilities.
 
	(2) Natural Person registrants shall be all individual human-being registered with real identity. 

28.1.4.3.2 Application Process

In order to apply for “.信息” domain name, registrant needs to complete a application form collecting all required information for Whois. In addition, organizational registrant shall submit authentic, complete and accurate organizational proof of establishment to the registrars. Acceptable documentation includes business ID, tax ID, VAT registration certificate or equivalent of the applicant issued by local administrative authority. Natural person registrants shall submit personal identification materials issued by a recognized authority, which can be personal ID, passport or equivalent. The registration contact person shall also submit personal identification materials, which can be personal ID, passport or equivalent.   This additional documentation will be properly stored and is just for registration record authentication but against any release to the public. 

  Based on authentication conducted by registrars, an application for domain name registration shall be rejected or cancelled in the following circumstances:
	
	(1)The applicant submits incomplete application form with necessary information missing.
	
	(2) The applicant provides invalid or fake supporting identity authentication material;
	
	(3) The contact information is inaccessible; 
	
	(4)The applicant provides incoherent information in the application form with its identity proof.

28.1.4.3.3 Prohibited Names

The Registry Back-End Service Provider will review the domain name strings pending approval manually to prevent the strings in the following circumstances which violates of the “China Internet Domain Name Regulations” or international ethics and morality:

	(1) instigate hostility or discrimination among different ethnic groups, or disrupt national solidarity;

	(2) spread rumors, disturb public order or disrupt social stability;

	(3) spread obscenity, pornography, violence, homicide or terror or instigate crimes;

	(4) insult or libel others and thus infringing other people’s legitimate rights and interests;

	(5) contain other contents prohibited by laws and administrative regulations.
 
28.1.4.4 Policies on Active Monitoring and Handling of Domain Name Abuse

The Registry Operator and the Registry Back-End Service Provider are also required to follow serials policies including WHOIS accuracy control, information security control and orphan glue records removal in order to mitigate and prevent domain name abuse.

28.1.4.4.1 Policies on WHOIS Accuracy Control

The Registry Operator requires the registrars and the Registry Back-End Service Provider to take the responsibility of maintaining WHOIS accuracy to ensure in-time handling of domain name abuse, specifically the Registry Operator will:

	(1) require applicants to submit domain name application forms along with identity certificates of registration contact person or proof of establishment of the registration organization, and require registrars to conduct identity verification;

	(2) require registrars to cancel applications for domain name registration by registrants who have provided fake registration information;

	(3) require the domain name holder to apply to the registrars for registration information changing before the changes take place, in case of any changes to the registration information. 
	Note: When applying for registration information changes, the applicant shall submit relevant application documents for domain name changes in the way selected while applying for the domain name registration. The domain name shall be changed and put into use only upon obtaining the approval of the registrars. The registrars shall submit the changed registration information to the Registry Back-End Service Provider after receiving the changes from the domain name holder. The registrars shall not make changes to any client’s registration information without the consent of the domain name holder.

	(4) require the Registry Back-End Service Provider to monitor registration record registered users by random telephone revisit, where any information on the domain name in the WHOIS is found to be inaccurate, to notify the registrar to correspond to the registration contact person for making corrections, or take measures to suspend fraudulent domain name registration;

	(5) conduct Whois accuracy audit of every registrar on yearly basis, where registrars with weak enforcement of registration review policy which results in higher unreachable Whois data will receive incremental penalty.
 
28.1.4.4.2 Policies on Information Security Control

Applicants for domain name registration shall submit authentic, accurate and complete domain name registration information, so as to intensify protection of usersʹ information and avoid leakage and misuse.

The Registry Operator, as a trusted neutral third-party registry, must maintain the trust of the registrars and the consumers. Therefore, The Registry Operator will not market, in any way, the registrant information obtained from registrars for purposes of running the registry, nor will it share that data with any unrelated third parties. The registry operator will only have access to such data as is necessary for operation of the Registry Back-End Service Provider itself and will use that data only for registry operation.

The Registry Operator will provide registrars with a mechanism for accessing and correcting personal data and will take reasonable steps to protect personal data from loss, misuse, unauthorized disclosure, alteration or destruction. To further secure registrant data, each registrant will have a secure password for his or her registry records. Only through use of this password will data be changed, registrars transferred, domain name servers be updated, etc. Registrars will develop, in consultation with the Registry Operator, secure password verification and authentication mechanisms. Moreover all registrars will be required to abide by all applicable international, national, and local laws.

28.1.4.4.3 Provisions for Employees With Respect to Information Security

The Registry Operator will attach special importance to the security management with respect to in-house staffs and the Registry Back-End Service Provider staffs in charge of domain name user information, and require the Registry Back-End Service Provider to take the following measures to avoid the occurrence of deliberate information leakage:

	(1) designate special managerial staffs to conduct centralized collection and custody of domain name user information, and domain name registries shall keep such identity information of its managerial staffs and submit the same to registries for file;

	(2) execute a special confidentiality agreement with the managerial staffs in charge of domain name user information, which shall expressly provides that any leakage of domain name user information will be subject to legal liabilities;

	(3) set standards to the operation process of managerial staffs, reinforce audit of staff operation, and conduct audit and issue audit report regularly;
 
	(4) conduct security training and education for managerial staffs on a regular basis.

28.1.4.4.4 Policies on Orphan Glue Records
  
To prevent the orphan glue records in the root domain from causing problems of domain name abuse, the Registry Operator does not allow the existence of orphan glue records, namely, glue records are required to be removed before the delegation point NS record is removed.

28.1.4.5 Policies of Complaints Handling

To handle domain name abuse in time and mitigate its negative influence on the registrars and internet users, the Registry Operator has formulated policies on the handling of complaints on domain name abuse as follows:

28.1.4.5.1 Contact Points for Filing Complaints

Users may file complaints on domain name registration abuse or abusive use of a domain through the following channels:

	(1) The complaint contact points (web, fax, email, SMS) established by the Registry Back-End Service Provider;

	(2) The complaint channels published on the website of the registrar，which may in turn report the complaints to the Registry Back-End Service Provider for handling;

	(3) The complaint channels provided by National Computer Network Emergency Response technical Team⁄Coordination Center of China (CNCERT⁄CC), which may in turn report the complaints to the Registry Back-End Service Provider for handling;

	(4) The complaint channels provided by the Anti-Phishing Alliance of China(APAC), which may in turn report the complaints to the Registry Back-End Service Provider for handling;

	(5) The complaint channel of 12321 Internet Spam Information Reporting and Resolution Center (12321 Center), which may in turn report the complaints to the Registry Back-End Service Provider for handling;

28.1.4.5.2 Complaint Acceptance

The Registry Operator has retained the Registry Back-End Service Provider responsible for the acceptance and investigation of complaints and making records of the complainants’ information. 
  
The evidence required to verify that a site is being used for domain name abuse shall be submitted to the Registry Back-End Service Provider.  Assessment shall be conducted by anti-abuse complaint handling personnel pursuant to relevant measurement criteria (please refer to attached Q28_attachment_table for detail criteria), and if necessary, a special investigation team shall be formed to conduct research, analysis and judgment. Feedback shall be provided for the complainants in time upon the completion of assessment. All the investigation shall be completed within 5 business days. The Registry Operator will keep conducting onsite supervision on complaint handling monitoring based on periodical customer service record check.

28.1.4.5.3 Response to and Handling of Complaints

	(1) Handling of complaints shall be made within 5 business days upon acceptance of complaint from each channel. Afterwards the result of handling complaints will be forwarded, via telephone call or email, to the complainant, the person against whom the complaint is filed and other parties involved.

	(2) where the Registry Back-End Service Provider back end operator the Registry Back-End Service Provider is found upon investigation of complaints to have committed violations of laws, or fail to effectively respond to complaint filed according to Trademark Post-Delegation Dispute Resolution Procedure (PDDRP) or Registry Restriction Dispute Resolution Procedure (RRDRP), it shall be ordered to take remedies according to the PDDRP and RRDRP provisions and pay penalty accordingly. In the case of severe breach of Registry agreement without any correction upon notification, The Registry Operator is entitled to cancel the agreement and conduct further registry transition afterwards. 

	(3) where any registrar is found upon investigation of complaints to have committed violations of laws or Registry-Registrar Agreement terms, it shall be ordered to make corrections and make relevant compensations. In the case of severe breach of RRA without any correction upon notification, The Registry Operator is entitled to cancel the agreement and conduct further registrar transition afterwards. 
	
	(4) where any registrant is found upon investigation of complaints to have committed violations of relevant regulations, the registrant shall be ordered to make corrections. In the case of such domain name abuse as phishing and dissemination of illegal information, the existence of which will continue to cause greater losses to the users，the domain name shall be suspend within 1-3 hours after verification of the misconduct. 
	
	(5) where the complaint involves domain name dispute, the complainant shall be told to resort to domain name dispute resolution provider or the court based on Uniform Domain Name Dispute Resolution Policy (UDRP) or relevant judicial procedures, then the registrar will be asked to lock the domain to prevent transfer or update till the dispute being resolved. The registrars shall unlock domain name or make transfer and suspension based on the dispute resolution decision. 
	
	(6) where any information provided by the complainant is found to be inaccurate or there is no evidence to prove domain name abuse, the Registry Back-End Service Provider will reject the complaint and give corresponding explanations, and the complainant may, if not satisfied, provide further evidence to file an appeal.

28.2 Abuse Prevention and Mitigation Measures

Based on the abuse prevention and mitigation policies above, The Registry Operator has retained the Registry Back-End Service Provider to establish 3 instruments of domain name abuse mitigation and prevention, including an abuse monitoring and handling platform, a comprehensive contact point and customer support center for filing complaints on domain name abuse, and an information sharing outreach mechanism with industry partners. In addition, The Registry Operator will assign its in-house staff to monitor the Registry Back-End Service Provider’s performance of executing those measures on a regular basis 

28.2.1 Abuse monitoring and handling platform 

The Registry Back-End Service Provider will assign experienced personnel to build an abuse monitoring and handling platform in charge of monitoring policy compliance of registrars, domain name application, as well as post-registration domain name abuse. 

28.2.1.1 Compliance Review on Registrars

The Registry Back-End Service Provider will perform periodic standards compliance reviews of operational registrars, as well as conducting the registrar performance review before a registrar is permitted to go live on the system. In addition to standard performance response testing, the group will also test that all operational features are functioning correctly. The standards compliance section will accept complaints about registrars from domain name holders, as an alternative method for compliance measurement.  
 
In addition, the Registry Back-End Service Provider will carrying out annual audit on registrars covering their technology and financial supports and policy compliance situation and impose penalties for abusive behaviors, specifically the Registry Operator requires that:

	(1) The requirements on technical and financial supports shall be in conformity with registrars’ existing registered users and plans for future development;

	(2) Registrars’ service records and data backups shall illustrate the registrarʹs compliance to relevant policy. 

	(3) Result from registrants’ satisfaction survey shall meet an average standard.

	(4) There should be no report of identified violations committed by registrars.

28.2.1.2 Review of Domain Name Applications 

The Registry Operator will take step to adopt the procedures of applicant’s identity review, rights and interests review to mitigate and prevent abuse of domain names.

28.2.1.2.1 Data Collection

The “.信息” registrars shall collect and store as many of the technical details of the registration as possible. This information has multiple uses, including registration scoring, validation, takedown resolution, investigation, etc. This registrant’s data to be collected includes:

(1) Registrant Name 	
(2) E-mail Address 	
(3) Registrant Personal Identification Material 	
(4) Company Name 	
(5) Proof of Company Establishment 	
(6) Address 	
(7) City 	
(8) Country 	
(9) State 	
(10) Zip 	
(11) Phone Number 	
(12) Additional Phone 	
(13) Fax 	
(14) Alternative Contact Name 	
(15) Alternative Contact E-mail 	
(16) Alternative Contact Phone 

The registrar shall use this information for the account, not for the WHOIS information. In addition the registrar shall have a separate form for the WHOIS information that is pre-populated with this information. The registrars shall take the responsibility to explain that this WHOIS information will be used by external parties to contact that person in event of malicious activity or other issues with the domain.

28.2.1.2.2 Registration Information Authentication

From the CNNIC’s past experience of managing “.cn”, registration information authentication procedure can effectively prevent fake Whois data and enhance the accessibility of the contact information. Therefore the Registry Operator will continue to take these proceedings in “.信息” domain:

	 (1) “.信息” registrars shall strictly review the identity certificate submitted by registration applicants, and decline applications with incoherent information on the application form, so as to ensure the authenticity and accuracy of registration records in the WHOIS. Where any user who has been declined is not satisfied with the review of “.信息” registrars, he or she may file a complaint with The Registry Operator for reconsideration, with respect to which The Registry Operator’s determination shall be final and binding. 

	(2) The original documentation verified by registrars will be recorded as photocopies and forwarded to the Registry Back-End Service Provider for further review of registration record.  The Registry Back-End Service Provider will provide monitoring of registration data for accuracy and completeness of Whois data. The Registry Back-End Service Provider will also employ telephone call back methods to ensure reachable WHOIS contact information. Any false registration information provided by the registrants will directly result in cancellation of application. 

28.2.1.2.3 Rights and Interests Review

In the sunrise period, all applications of registration are required to be validated by ICANN’s Trademark Clearinghouse to examine potential infringement of known trademarks. Only validated trademark owners are allowed to register with priority in the sunrise period. In order to validate the trademark status, the registrant shall provide proof of trademark registration and trademark usage to evidence its trademark rights to the string. Detailed requirement to such proof and validation process will be established upon the implementation of Trademark Clearing House.

During the first 60 days after launching general availability, the Registry Back-End Service Provider will continue to review applications to see if the domain names applied for matches any trademark included in the Trademark Clearing House. The applicant who intend to apply for such domain names will be advised that a third party or parties have claimed intellectual property rights over that domain name, they are directed to a notice that refers to intellectual property status of the domain name. The applicant is not prevented from completing the registration. Once the application has been completed, all parties who have their trademarks for that exact domain name included in the Trademark Clearing House are advised by email that a party has registered that domain name. Included in the email will be further information on the UDRP and an explanation of steps to take for further dispute action. 

In the following process of general operation, in addition, the Registry Back-End Service Provider shall review and determine whether the domain names applied and the registration information violate the provisions of “China Internet Domain Name Regulations” (please refer to http:⁄⁄www1.cnnic.cn⁄html⁄Dir⁄2005⁄03⁄24⁄2861.htm). The Registry Back-End Service Provider may carry out verification on the domain name registration information manually. In case of any domain name violating the provisions of Article 27 of the Regulations or with false, inaccurate or incomplete registration information, the Registry Back-End Service Provider shall inform the registrars of such cases for cancellation.

In order to fight against phishing websites, the Registry Back-End Service Provider will also screen⁄score all registrations for “unusual” domain name registration practices, such as registering hundreds of domains at a time, registering domains which are unusually long or complex, include an obvious series of numbers tied to a random word (baddomain01, baddomain02, baddomain03).

The Registry Back-End Service Provider, in cooperation with APAC will also screen⁄score all registrations for patterns known to be associated with phishing (government, bank, secure etc). the Registry Back-End Service Provider will also review all domain names proposed for registration against known sites that are often the subject of phishing type attacks to ensure “.信息” do not inadvertently aid in the provisioning of illegitimate content in online scams.

28.2.1.3 Post-registration Review Domain Name Abuse 

28.2.1.3.1 Measure for Examining WHOIS Accuracy 
  
The Registry Back-End Service Provider will be continuously committed to enhancing WHOIS accuracy to ensure enforceability of the determinations regarding domain name abuse by taking the following measures: 

	(1)During the reviews, the registrars will make telephone check in order to ensure accuracy and accessibility of contact information provided by registrants.  

	(2)In case of any change to the contact information on points of contact, registrars will be required to provide strong passwords for verification so as to prevent any third party from impairing the accessibility of the WHOIS information by making changes to such information;

	(3)To further enhance the accuracy of WHOIS data, the Registry Back-End Service Provider will conduct further examination on fake or inaccurate information based on the application material submitted by the registrar. The Registry Operator will also conduct annual reviews on registrars in terms of Whois accuracy level. 

	(4)In case of any identified inaccessible WHOIS information concerning a domain name registration, the registrar will be advised to get in touch with the point of contact for correction to such false information. If the domain name has involved in any abusive behavior, the domain name shall be suspended by the registrar.

28.2.1.3.2 Measures for Removing Orphan Glue Records

The Registry Back-End Service Provider will take action to remove orphan glue records following to the following procedures:

At the time of registration of domain name or update domain name or host, the host must have IP address in order to prevent Orphan NS records.

Before delete a domain name, if the domain name already has a host, the host must be deleted on the first hand. If the host is being used for other domain name as name server, the domain name shall not be deleted unless the name server or the host name is changed. This procedure also applies for the host deletion process in order to prevent orphan A record.

In the circumstance that the domain name uses the host of other domain in this zone as name server, if the domain name do not use its own host as domain name server at the same time, the NS record cannot be generated.

However, we expect that there are two circumstances which may result in the existence of orphan glue records:  

	(1)If the domain name has been spotted abusive behavior and thereafter be turned to “severHold” status, all the domains that use such domain name’s host as domain name server will be unable to resolve, and hence will generate orphan glue records.

	(2)If the domain name has been turned to “clientHold” status due to the registrants’ cause, all the domains that use such domain name’s host as domain name server will be unable to resolve, and hence will generate orphan glue records.

In response to the above occasions, the Registry Back-End Service Provider has already adopted DNS operation monitoring system which will spot the generated NS record in a timely manner. Once the orphan glue record has been generated, the Registry Back-End Service Provider will notify the registrar to contact registrants to change NS server and thereafter remove the orphan glue record in the zone file.  

28.2.1.3.3 Limit of fast-Flux domains.

In addition, the Registry Back-End Service Provider recognizes that fast‐Flux domains, as domains for which either the base IP address (A record) or nameserver address (NS record), or both (known as double‐flux), are changed numerous times during the day, are now increasingly being used by criminal phishing, spam, and botnet gangs to ensure the resiliency of their sites and make it increasingly difficult for takedown authorities to remove or restrict access to illegitimate sites. This problem can be addressed partially by preventing or making it much more difficult to frequently change the NS record of a domain registration. There is very little, if any, legitimate need to change the NS record for a domain more than few times a month and any such action should trigger immediate red flags and possible investigation of the domain for illegal activity. 
  
The Registry Back-End Service Provider will limit the ability of registrants to repeatedly change their name servers via a programmatic interface to reduce or eliminate automated name server hopping. With domains that change name servers more than twice a week (except by agreement), scrutiny and even the suspension of the domain will be conducted until a suitable explanation is provided by the registrant.

28.2.2 Measures for Protecting User Information throughout Lifecycle

In view of the lifecycle of ʺ.信息ʺ domain name user information, there are four steps to be considered in the formulation of protection measures: 

	(1)Information submission from the user to the domain name registrar;

	(2)Custody and use of the information by the domain name registrar;

	(3)Information transmission from the domain name registrar to the domain name registry;

	(4)Custody and use of the information by the registry.

28.2.2.1 Information Submission from the User To The Registrar

28.2.2.1.1 Obtaining Consent to the Personal Data Processing 

The Registry Back-End Service Provider will notify each ICANN-accredited registrar that is a party to the registry-registrar agreement for the TLD of the purposes for which data about any identified or identifiable natural person (ʺPersonal Dataʺ) submitted to the Registry Back-End Service Provider by such registrar is collected and used, and require such registrar to obtain the consent of each registrant in the TLD for such collection and use of personal data. 

Registrar shall agree that it will not process the Personal Data collected from the Registered Name Holder in a way incompatible with the purposes and other limitations about which it has provided notice to the registered name holder in accordance with the RRA.

Registrars shall send a notice to each holder of newly registered domain names or that of renewed domain names stating:

	*The purposes for which any Personal Data collected from the applicant are intended;

	*The intended recipients or categories of recipients of the data (including the Registry Operator and others who will receive the data from Registry Operator);

	* Which data are obligatory and which data, if any, are voluntary; and

	*How the Registered Name Holder or data subject can access and, if necessary, rectify the data held about them.
 
28.2.2.1.2 Data Access Control for Security

Registrars shall conduct vulnerability scanning at the system on a regular basis with respect to the online system through which users submit information to detect security vulnerabilities timely and conduct reinforcement. System account⁄password shall be kept with encryption.

28.2.2.1.3 Non-Online Data Processing

As to domain name registration materials submitted by means of email, fax or post, domain name registrars shall designate special staffs to receive and handle. Electronic data shall be deleted timely after being transferred to magnetic tape⁄CD⁄portable hard drive for offline storage.

28.2.2.2 Custody and Use of Information by Domain Name Registrars

Registrar shall agree that it will take reasonable precautions to protect Personal Data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. Specifically, domain name registrars shall take the following measures to reinforce protection of usersʹ information:

28.2.2.2.1 Secure Storage of Personal Data

	(1) Backstage business operation system and front-end service system (Whois system, online submission system, and etc.) shall not share the same server and storage system; 

	(2) Access control shall be conducted with respect to the backstage business system and front-end public service system.

	(3) User information under protection (including certificate of incorporation, personal certificates, telephones, family address, etc.) shall be encrypted before being written into the database. Sensitive information may not be read directly from the database.

	(4) Identity verification materials which are in picture format shall be encrypted before being stored online or, if stored offline, be transferred to such media as magnetic tape⁄CD⁄portable hard drive for proper storage. 
	
28.2.2.2.2 Control of Information Access

	(1) Encrypted domain name user information shall be made available for search and use only after being decrypted with special application systems.

	(2) Access to domain name user information by application systems shall be controlled by allowing access only by special personnel or system. A combination of such access control functions as IP restriction, username⁄password, and etc. will be used.

28.2.2.2.3 Proper Storage of Offline Data

	(1) Paper materials and electronic media shall be kept by special personnel and stored with lock in normal times, and access password shall be set in regard to data stored in electronic media.

	(2) Reviews shall be conducted with respect to the use of paper materials and electronic media, and records shall be made in respect thereof, including the object to be use, time of use, purpose, signature of the custodian and the user.

28.2.2.2.4 Data Removal

In the absence of extenuating circumstances, any personal data must be deleted within 45 days of either the registrar or the registrant terminating a registration agreement. Extenuating circumstances are defined as:

	(1) UDRP action

	(2) valid court order

	(3) failure of a Registrarʹs renewal process (which does not include failure of a registrant to respond)

	(4) the domain name is used by a name server that provides DNS service to third-parties (additional time may be required to migrate the records managed by the name server)

	(5) the registrant is subject to bankruptcy proceedings, payment dispute (where a registrant claims to have paid for a renewal, or a discrepancy in the amount paid)

	(6) billing dispute (where a registrant disputes the amount on a bill)

	(7) domain name subject to litigation in a court of competent jurisdiction, or other circumstance as approved specifically by ICANN.

28.2.2.3 Information Transmission from the Domain Name Registrar to The Domain Name Registry

The Registry Back-End Service Provider is responsible for the security of the transmission of information from the registrar to itself.

28.2.2.3.1 Network Transmission Encryption

Specific measures may include: HTTPS encryption for WEB services, SSL encryption for EPP registration services, and FTPS or SFTP encryption for FTP services.

28.2.2.3.2 System Reinforcement and Access Control

To detect security vulnerabilities timely, the Registry Back-End Service Provider will conduct vulnerability scanning at the system level on a regular basis with respect to the online system through which registrar submit information. System account⁄password will be kept with encryption.

28.2.2.3.3 Non-online Data Receiving and Handling
   
As to domain name registration materials submitted by means of email, fax or post, domain name registrars shall designate special staffs to receive and handle. Electronic data shall be deleted timely after being transferred to magnetic tape⁄CD⁄portable hard drive for offline storage.

28.2.2.4 Custody and Use of Information By Domain Name Registry

The Registry Back-End Service Provider will take reasonable steps to protect Personal Data collected from loss, misuse, unauthorized disclosure, alteration or destruction. The Registry Back-End Service Provider will not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars in the RAA. The Registry Back-End Service Provider, upon receiving domain name user information, take measures to reinforce protection of usersʹ information:

28.2.2.4.1 Secure Storage of Personal Data

	(1) Backstage business operation system and front-end service system (Whois system, online submission system, and etc.) shall not share the same server and storage system; 

	(2) User information under protection (including personal certificates, telephones, family address, etc.) shall be encrypted before being written into the database. Sensitive information may not be read directly from the database.

	(3) backstage storage system shall be separated physically from and may not share the same server with the front-end user information transmission system.

	(4) Access control shall be conducted with respect to the storage system via software or hardware firewall.

28.2.2.4.2 Control of Information Access

	(1) Encrypted domain name user information shall be made available for search and use only after being decrypted with special application systems.

	(2) Access to domain name user information by application systems shall be controlled by allowing access only by special personnel or system. A combination of such access control functions as IP restriction, username⁄password, and etc. will be used.

28.2.2.4.3 Proper Storage of Offline Personal Data

	(1) Paper materials and electronic media shall be kept by special personnel and stored with lock in normal times, and access password shall be set in regard to data stored in electronic media.

	(2) Reviews shall be conducted with respect to the use of paper materials and electronic media, and records shall be made in respect thereof, including the object to be use, time of use, purpose，signature of the custodian and the user.

28.2.2.4.4 Data Removal

In the absence of extenuating circumstances, any personal data must be deleted within 45 days of either the registrar or the registrant terminating a registration agreement. Extenuating circumstances are defined as:

	(1) UDRP action

	(2) valid court order

	(3) failure of a Registrarʹs renewal process (which does not include failure of a registrant to respond) 

	(4) the domain name is used by a name server that provides DNS service to third-parties (additional time may be required to migrate the records managed by the name server)

	(5) the registrant is subject to bankruptcy proceedings, payment dispute (where a registrant claims to have paid for a renewal, or a discrepancy in the amount paid)

	(6) billing dispute (where a registrant disputes the amount on a bill)

	(7) domain name subject to litigation in a court of competent jurisdiction, or other circumstance as approved specifically by ICANN

28.2.3 Comprehensive Contact Point For Filing Complaints 

28.2.3.1 Contact Channel

For the purpose of receiving reports on domain name abuse, the Registry Back-End Service Provider will published at the homepage of its official website (www.tele-info.cn) the following contact information for abuse complaints:

	*Complaints Hotline: +86-10-58813000 (Direct connect to the Registry Back-End Service Provider)

	*Email: supervise@tele-info.cn
	
	*Fax: +86-10-58812666 (Direct connect to the Registry Back-End Service Provider)
	
	*SMS: 12302 (applicable to complaints filed within China mainland)
	
	*Online complaint form available at: jubao.tele-info.cn

The contact point is accessible 24 hours a day, 7 days a week, the channels listed above accept abuse complaints of all kinds and guarantee handling within five working days. Complainants should describe the domain names they are complaining about, the abusive behaviors and the consequences, and provide their contact information including phone numbers, email addresses, etc. so that the results of complaint received by the Registry Back-End Service Provider and The Registry Operator can be handled in time. The Registry Operator will assign personnel to review all complaint handling records.

28.2.3.2 Measures for Abuse Complaints Handling

28.2.3.2.1 Identification of Abusive Behaviors

Dedicated personnel of domain name abuse review will be employed by the Registry Back-End Service Provider to verify the domain name abuse complaint. The Registry Operator will remain updated on the policies concerning domain name abuse made by ICANNʹs Registration Abuse Policies Working Group (RAPWG), and thereby identify different kinds of abusive behaviors and inform related domain name holders of the results of such identification.

28.2.3.2.2 Approaches to Abuse Complaints Handling
  
Approaches to abuse complaints handling include general procedures and rapid suspension procedures:

	(1)The general procedures are applicable mainly to those abusive behaviors where the persistent existence of domain names will not lead to great further losses of Internet users, such as domain name registration abuse. The specific enforcement procedures are as follows:

	*Once an abuse compliant is received, the Registry Back-End Service Provider will forthwith change the EPP status of the domain name concerned to “serverTransferProhibited”, and inform the holder of the domain name concerned. The abuse examiner will verify related abusive behaviors within 5 working days;

	*In the case of cyber squatting complaint where the Uniform Domain-Name Dispute-Resolution Policy (UDRP) is applicable, the complainant will be advised to submit the dispute to the domain name dispute resolution provider or court for resolution. The domain name registrar is required to lock the domain name from further transfer or update once the dispute has been confirmed by dispute resolution provider. Thereafter, upon receipt of the domain name dispute resolution decision or law enforcement request, relevant registrar to proceed further domain name unlock, transfer or domain name suspension within 3 working days.

	*In the case of complaint on registrar’s violation of RRA or the Registry Back-End Service Provider’s misconduct, the Registry Back-End Service Provider will verify the complaint within 5 working days and notify the relevant registrar or personnel to make correction of their illicit behavior or terminate the agreement if applicable; 

	(2)The rapid suspension procedures are applicable to abusive behaviors regarding the use of domain names such as phishing or spreading of illegal contents, which may cause further losses to internet users. This procedure will most likely be the result of a complaint filed via APAC or URS (Uniform Rapid Suspension System) or 12321 center. The specific enforcement procedures are as follows:

	*Once an abuse compliant is received, the registrar will be required to directly lock the domain to prevent further transfer and update, while a dedicated group is assigned to communicate with relevant complaint to authenticate the complaint manually within 1-3 hours.

	* After verification, the registrar will be required to directly suspend the domain name in the SRS system and the EPP status will be changed into “serverHold”, so that the domain name will not be able to resolve or be transferred until it is “restored”. The domain name holder and the registrar concerned will be informed at the same time to make corrections. After the registrant has stopped the abusive behavior and made adequate correction, which need to be confirmed by the registry, t the registrar will be required to restore the domain name to the status before suspension. 

	*Once the complaint is determined to be tenable and no further appeal or correction confirmed by the Registry Back-End Service Provider within 60 days, the Registry Back-End Service Provider will take down the domain name and delete the registration record, which means the domain name comes to general availability.

	* The Registry Back-End Service Provider will insure that glue records using an invalid domain are removed when that domain is found to be invalid, even if those glue records are in use in conjunction with other domains.

	* The registrar concerned shall inform the domain name holder for three times as it has been locked, suspended, and canceled;

28.2.3.2.3 Support Escalation 

The Registry Back-End Service Provider will operate with an escalation device. Normally support calls or other forms of communication shall start with the lowest level of support, and be escalated should the first level of support be insufficient. In cases where higher levels of support are immediately apparent (all levels of support staff will be trained in identifying these) the escalation chain may be jumped. Also, should the time limit expire with no notice, the support level may be escalated. The escalation levels and response requirements are as follows: 

	Level 1：Entry level support, basic complaints of operations or inquiries of registrar information, provided on an immediate 24⁄7 level. 

	Level 2:  Technical based question, usually unique to the registrar,  that may require support from a registry systems operator or engineer. 

	Level 3: Systems outage involving non-critical operations to the Registry Back-End Service Provider affecting one or more registrars only,  but not the entire system. 

	Level 4:  Catastrophic outage, or disaster recovery involving critical operations to the Registry Back-End Service Provider overall. 
   
All customer service should use to the fullest customer management resource (CMR) systems, computer telephony integration (CTI) and databases to retain a reliable record of registry performance. While institution of such systems may be gradual, the goal should be to provide as much as possible automated systems in order to increase efficiencies and scale of operations.

28.2.4 Measures for Information Sharing With Respect To Abuse Prevention

Through the linkage mechanisms The Registry Operator requires the Registry Back-End Service Provider to established jointly with the Anti-Phishing Alliance of China (APAC), the Anti-Phishing Working Group (APWG), the National Computer Network Emergency Response Technical Team ⁄ Coordination Center of China (CNCERT⁄CC) and the 12321 Internet Spam Information Reporting and Resolution Center, the Registry Back-End Service Provider will be committed to share information of domain name abuse prevention and mitigation with those industry partners. Data to consider sharing include:

	(1) IPs associated with fraudulent domain registrations with respectable blacklists;

	(2) Full fraud reports with industry and law enforcement;

	(3) Best practices regarding accepting and managing domain registrations.

28.2.4.1 Cooperation with APAC
  
The Registry Back-End Service Provider is an initiator and key member of the APAC, and the place where the Secretariat and the Secretary General of APAC are located the Registry Back-End Service Provider has published at the homepage of its official website the complaint channels provided by APAC.
 
28.2.4.1.1 Reports On Phishing Websites May Be Submitted To APAC through The Following Channels:

	(1)Email: jubao@apac.cn
	
	(2)Telephone: 010-58813000

28.2.4.1.2 The Cooperation with APAC with Regard to Phishing Websites

	(1)Upon receiving complaints on phishing websites involving APAC members, the Secretariat of APAC will submit the complaints to third party technology authentication institutions for webpage analysis; the Secretariat should make determinations within one working day; in case of any difficulties or complicated circumstances, the Secretariat will ask for advices from the experts’ committee before making determinations; 

	(2)If any phishing website is identified, a notice will be sent to the registrar by mail. The registrar should suspend the domain name resolution within two hours upon receipt of the notice, and resolve the name to the information page of the phishing website;

	(3)If the registrar fails to suspend the domain name resolution within two hours, the Registry Back-End Service Provider, as a registry, will suspend the resolution directly and resolve the domain name to the information page of the phishing website and respond the handling information to APAC;

	(4)Any opposition held by the registrant may be filed with the Secretariat of APAC;

	(5)The Secretariat of APAC will inform the complainant concerned of the results of such procedures. 

28.2.4.1.3 Cross Reference of Phishing Websites

The APAC can provide a daily feed to the Registry Back-End Service Provider listing all of the phishing URLs identified by the APAC community for cross reference. The Registry Back-End Service Provider would check against this information at DNS set-up or modification time; and meanwhile, conduct periodic scanning for suspicious phishing websites.

28.2.4.2 Cooperation With Anti-phishing Working Group (APWG)

The APWG can also provide a daily feed to the Registry Back-End Service Provider listing all of the phishing URLs identified by the APWG community for cross reference. The Registry Back-End Service Provider would check against this information at DNS set-up or modification time; and meanwhile, conduct periodic scanning for suspicious phishing websites.

Specifically, the Registry Back-End Service Provider shall:

	(1) assist APWG in carrying out online phishing investigation and publish in a timely manner the trend of the distribution of phishing websites in our country;

	(2) regularly follow up the reports published by APWG on phishing websites and establish a contact interface for receiving phishing URLs updates submitted by APWG;

	(3) verify within one working day upon receipt of any complaint of the phishing domain in light of request by APWG, notify the registrar to handle the complaint, and after verification, resolve the domain name to the IP address which contains the notice of the phishing website.

28.2.4.3 Cooperation with National Computer Network Emergency Response Technical Team⁄Coordination Center Of China (CNCERT⁄CC)

The registry will cooperate with CNCERT⁄CC in dealing with network virus transmission and system attack via domain names. CNCERT⁄CC, an emergency response team responsible for coordinating security events of computer networks in China, provides the national public internet, major national network information systems and key departments with such services as security monitoring for computer networks, early warning, emergency response and precaution as well as technical support and collect, verify, gather and publish in a timely manner authoritative information on internet security. It has currently become an official member of the international authoritative organization, Forum of Incident Response and Security Teams (FIRST).

The interaction between the Registry Back-End Service Provider and CNCERT is mainly reflected in the following aspects:

	(1) The Registry Back-End Service Provider will follow up on a regular basis vulnerabilities and early warnings on virus related to the DNS system published by CNCERT, and CNCERT will provide assistance in inspecting whether any “.信息” domain name is involved in virus transmission;

	(2) The registry will timely deal with vulnerabilities in the domain name system in view of opinions of CNCERT on handling abuse events, and establish service levels against network attacks;

	(3) The registry will assist CNCERT in carrying out research on unexpected network events and gathering statistics on and monitoring the trend of distribution of botnet and malware in our country.

28.2.4.4 Cooperation with 12321 Internet Spam Information Reporting and Resolution Center

12321 Internet Spam Information Reporting and Resolution Center (“12321 Center”), a complaint acceptance agency established by the Internet Society of China under the entrustment of the Ministry of Industry and Information Technology (formerly known as the Ministry of Information Industry) ,is responsible for assisting the Ministry of Industry and Information Technology in undertaking such work as complaint acceptance, investigation, analysis and imposition of punishment with regard to illicit information (including unsolicited information sent to end users) transmitted via information communication networks as the internet, mobile phone network, telephone network or other telecommunication services.
 
The registry’s cooperation with the 12321 Center is mainly reflected in the following aspects:

	(1) receive complaint reported by the 12321 Center with respect to “.信息” domain names which contain malicious information and timely search the WHOIS for the registration contact persons of the domain names which involve such information for further law enforcement;

	(2) notify relevant registrars in rapidly suspending illicit information spreading domain against which complaints are filed;

	(3) provide assistance for gathering statistics on and track the result of illicit information handling;

28.3 Resource Planning

The resource planning model for domain name abuse mitigation and prevention in “.信息” domain will be a combination of efforts from both The Registry Operator and the Registry Back-End Service Provider. As of the date of the application, The Registry Operator will consist of its Board of Managers, with several additional executive to supervise the operation of the Registry Back-End Service Provider as the Registry Back-End Service Provider 

Meanwhile, The Registry Operator will benefit from the Registry Back-End Service Provider’s established application review, customer service and complaint handling platform for operating ccTLDs including “.cn” and “.中国” with proven capability. Based on the existing platform, the Registry Back-End Service Provider will also expand its current resource devotion for satisfying the additional needs coming from the service of new gTLDs, enabling The Registry Operator to set a target date to begin offering its services by the end of 2013. It is estimated that the Registry Back-End Service Provider’s expanded platform will perform adequate capabilities for scaling their staff to meet the needs at peak level demands, and The Registry Operator will benefit from the transfer of knowledge from the Registry Back-End Service Provider to successfully build “.信息” as demand levels require.

28.3.1 Staffing 

28.3.1.1 Initial Staffing

In order to provide higher standard services of new gTLD with lower rate of domain name abuse, The Registry Operator is expected to have 3 persons to operate on the Registry Back-End Service Provider level for domain name abuse solution. 

Meanwhile, the Registry Back-End Service Provider will, based on its agreement with The Registry Operator, utilize its current platform of application review, customer service center, and domain name abuse monitoring and handling platform to simultaneously serving “.信息”. In order to maintain adequate service standard of “.信息” , other than its current staff, the Registry Back-End Service Provider will also recruit additional staff in the start-up period for the first 3 years operation for maintaining the functionality.

28.3.1.1.1 Managerial Level Provided by the Registry Operator

The Registry Operator will retain an operation executive responsible for supervise the back-end registry provider for ensuring high-quality technology support and billing customer support for registrars. The Registry Operator expects this role to be critical during the Sunrise and Land Rush Period, during which time domain name registrations rises significantly. This person, within the technology group of the Registry Operator, will guarantee the neutrality of service among all the TLD’s under the Registry Back-End Service Provider’s management. By assign this executive, who will keep checking the overall service performance of “信息” by means of registrar survey and periodical record check, the back end-registry’s performance will be guaranteed.  

The Registry Operator will retain another operation executive responsible for ensuring high-quality service in application review, registrants and end-user customer services as well as the complaint monitoring and handling. This staff will supervise the customer service level and the establishment of communication channel for end-users provided by the Registry Back-End Service Provider. By assign this executive, who will keep checking the overall service performance of “信息” by means of registrants satisfaction survey and periodical record check, the customer service level will be maintained with high quality.

The Registry Operator will also retain an representative responsible to handle with any registry misconduct lawsuit and dispute according to PDDRP and RRDRP, and to serve as an ombudsman, assisting registrants and registrars in dispute resolutions related to “.信息”.  This person will also take responsibility to establish and maintain a long term cooperation mechanism to cooperate with the Anti-phishing Alliance of China, the International Anti-phishing Working Group, the 12321 Network Negative Information Complaint Center, Trademark Clearing House Provider, Uniform Rapid Suspension System Provider as well as other assigned body designated by ICANN.  

28.3.1.1.2 Customer Support Center Staff Provided By the Registry Back-End Service Provider

The Registry Back-End Service Provider has set up a Customer Support Center providing 7×24 hours’ service to handle inquires and complaints from registrants. Upon ICANN’s delegation of new gTLDs, volume of end-user’s inquiries and complaints are expected to rise accordingly and more staff members will be hired to enhance the service capacities. Based on the original staffing basis with 31 employees, 5 additional employees will be recruited to support the new operation. The staff members are divided into the 3 subgroups:

*Registrant Service group providing telephone inquiries and complaints handling services;

*Registrant Caring group responsible for registrant visiting and renewal reminding;

*Service Supporting group performing back-office support and performance supervision for the Customer Support Centre. 

28.3.1.1.3 Registrar Supporting Staff Provided By the Registry Back-End Service Provider

The Registry Back-End Service Provider’s Registrar Supporting Group provides 7×24 hours’ telephone or on-site support to the registrars. This support will be dedicated primarily to operational registrars along with respond to inquiries from potential registrars. Overall, the registrar supporting group shall attempt to provide round the clock, real time professional support ranging from basic inquiries to high level operations critical technical support. Registrar contractual compliance review and performance evaluation shall be supported also by this group periodically. Registrars shall receive equal levels of support regardless of their location of operations. Based on our current staffing as 9 employees, we expect that 1 more staff members will be hired to improve our service offerings of new gTLD.  

28.3.1.1.4 Review and Monitoring Staff Provided By the Registry Back-End Service Provider

The Registry Back-End Service Provider currently has 20 members to review of domain names applications and monitor the Whois accuracy on 5×8 hours’ basis.  As all required staff members are expected to be on duty starting from the start-up period, additional recruitment must meet the needs of the peak registration season. 1 more staff responsible for supervision of review work and monitoring of registration status should be hired to supporting the new gTLD forming a team with 21 persons.

28.3.1.1.5 Security Specialist Provided By the Registry Back-End Service Provider

In order to monitor and handling of the domain name abuse caused by system vulnerability or human errors, the Registry Back-End Service Provider will assign technical personnel to serve the as security specialist in order to actively monitor and prevent domain name abuse. The security specialist will operate with an escalation device supporting customer complaint. Specifically, their tasks include monitoring generated orphan glue record or phishing websites and communicate with relevant registrar for further solutions. As discussed in Question 31, the Registry Back-End Service Provider have already allocated 6 persons to serve this function, including 2 additional staff already recruited for the expanded operation of new gTLDs.

28.3.1.2 Staffing on Ongoing Basis

The managerial staff provided by The Registry Operator is expected to be sustainable during the first three years and on-going basis. The Registry Back-End Service Provider, on the other hand, has also been structured to operate with an initial human capital investment to staff and manage the infrastructure required for sustaining the domain name abuse policies during the first 3 years of operations. The current staffing model also allows for back-up staffing, which provides a better overall understanding of the systems security. Therefore, The Registry Operator foresees little expansion required for domain name abuse prevention and mitigation. However, The Registry Operator itself and the Registry Back-End Service Provider will expand its staff if necessary on ongoing basis. Staffing allocations may also need to be adjusted as demand for our services increases. Adjustments could include overall staff size or refinements to required technical skills. Cross-training will be used in all positions to promote job interest. Specific factors which could affect staffing levels include:

	(1)Increase in the number of registrars;

	(2)Higher than anticipated domain name registration or transfer request;

	(3)Higher than anticipated complaint volume;

	(4)Higher than anticipated domain name dispute;

	(5)Increase in the complexity of our services.

Additional staff requirements will be met through a rigorous recruitment process following the requirement of employment. To meet registration demand and the cumulative growth of new registrars, The Registry Operator may hire 3 additional people and the Registry Back-End Service Provider may hire an additional 5 staff for the functionalities described above in the fourth and fifth years of “.信息” operations, as necessary.

28.3.1.3 Requirement of Employee

The Registry Operator is structured to meet the needs of its customers: ICANN registrars, registrants and the Internet community at large which will address the overall needs of ICANN. The Registry Operator and the Registry Back-End Service Provider staff will meet or exceed the stated requirements in skills, competence, and experience. The staff will be augmented during the initial 3 years and thereafter, as necessary, by subject-matter experts. The requirement for employee is as following:

	(1)All of the key management and technical positions will be staffed with employees who have demonstrated successful previous employment experiences.

	(2) Our customer service and complaint handling staff will embody the qualities of customer sensitivity and friendly efficiency, crucial to achieving a positive client reception to the Registry Back-End Service Provider.

	(3)Standard background investigations will be conducted on all employment candidates, both permanent and temporary. We will verify employment and check references with prior employers, perform credit and criminal checks, and explore any employment gaps.

	(4)Staff members will be required to sign non-disclosure agreements to protect proprietary information for The Registry Operator and its clients.

28.3.2 Equipment Planning

28.3.2.1 Major Systems

The Registry Back-End Service Provider will provide the Registry Operator with the software and hardware required for the domain name application review, customer self-service, customer support and abuse monitoring, including the following:

28.3.2.1.1 Electronic Registrant Review System

This system will collect the application information transmitted to the Registry Back-End Service Provider by registrars and display the information in a user friendly format for the Registry Back-End Service Provider staff to review the application. Once the review process has finished the system has also connect with shared registration system for further process of domain name registration status.

28.3.2.1.2 Customer Self-Service System

The Registry Back-End Service Provider will set up a multiple language system customer self-service system on our official website. This webpage will contain the following functions: 

*Web-based searchable Whois.
	
* Registrar information and contact;
	
* “.信息” Registration Policy Tutorial;
	
* Complaint and dispute challenge filing tutorial;
	
* Web-based complaint channel
	
*“.信息” related Frequent asked questions(FAQs)
 
28.3.2.1.3 Customer Support System

The Registry Back-End Service Provider has provided an interface on its website that allows a user to determine the appropriate customer support contact information based on the domain name. Access to our customer support will be through telephone, email and web based interface. the Registry Back-End Service Provider has integrated Consumer Relationship Management(CRM), accounts, trouble ticketing, document tracking, into its customer support system infrastructure. Computer telephony integration (CTI) and databases is also used to retain a reliable record of registry performance.

28.3.2.1.4  System Monitoring And Database Management Systems
 
The system monitoring applications developed by the Registry Back-End Service Provider create a detailed error alert if the application encounters a situation of domain name abuse such as that orphan glue record has been generated or suspected phishing website is spotted with confusingly similar domain string to specific renowned websites, etc. These application alerts are automatically sent to the security team, which generates an alert to the Operations staff 24⁄7.

28.3.2.2 Work Space and Administrative Resources

The Registry Operator and the Registry Back-End Service Provider’s current work site is currently equipped to accommodate all required personnel listed above. Every staff has been equipped with at least one desktop computer. All software required for working are pre-installed in their computers. The internet connection and telephone connection is also provided to every working staff by our office assistance team. The current infrastructure will be sustainable for the projected 3 years of initial operation of “.信息”. the Registry Back-End Service Provider will undertake to update the software and hardware in time for ongoing basis, if necessary.

28.3.3 Funding

The Registry Operator is planning to invest enough funding to ensure the implementation of the policies and measures on domain name abuse. The funding will support our customer service and technical security maintenance and other administrative function such as website design and equipment update. Please see question 47 for detailed amount of funding for each section.

For the purpose of protecting the rights and interests of internet users and registrants to the greatest extent possible, Beijing Tele-info Ltd. Network Technology Co., Ltd. (Tele-info Ltd.) has formulated series of policies on domain name reservation, registration eligibility restriction, domain name dispute resolution, rights infringement complaints infringement handling.

Tele-info Ltd. has also plans to collaborate with China Internet Network Information Center (CNNIC) to provide registrants and end-users with 4 rights protection instruments including a sunrise period, trademark claim services, registration review and verification and a uniform domain name dispute handling mechanism to safeguard the intellectual property rights and other rights. Tele-info Ltd. along with CNNIC have made plans in terms of manpower, equipment and fund allocation for the implementation on both startup and ongoing basis.

Tele-info Ltd. will also encourage the community to bring to its attention other reasonable safeguards, if any, that may be appropriate to employ in this area. Additionally, Tele-info Ltd. will adopt any policies promulgated by ICANN with respect to rights protection.

29.1 Rights Protection Policies

As described in Question 28, Tele-info Ltd. will employ a variety of methods to minimize the potential for abusive registrations to prevent rights infringement. This section will describe in detail of how these measure will protect the rights of registrants and end-users with a special focus on the protection of trademark rights. With its full endeavor, Tele-info Ltd. is planning to promote the adoption of “.信息” without harming others legitimate trademarks. In case any violation of legal rights and interests are caused by registering or using “.信息” domain name, the domain name registrant shall take the responsibility.

29.1.1 Scope of Rights for Protection

Based on the Rights Protection Mechanism (RPM) Proposal made by ICANN GNSO and in view of the interests of the “.信息” community, policies on the “.信息” top level domain name are formulated mainly for the protection of two categories of rights that may be involved in domain name registration and the scope thereof, specifically:

29.1.1.1 Intellectual Property Rights

Tele-info Ltd. will comply with all international trademark and cybersquatting laws that apply to the operation of a domain name registry. To highlight the importance of adhering to these laws, in addition, the Registry Registrar Agreement will require each registrar to adhere to all applicable laws and regulations relating to trademarks and cybersquatting. If a registrar fails to comply with such laws and regulations, then Tele-info Ltd. will reject all registration applications from the registrar, and if such non-compliance persists, then Tele-info Ltd. will terminate the RRA.

To protect intellectual property rights involved domain names, Tele-info Ltd. has also stipulated in contractual conditions to restrict the registration and use of the second or the third domain of “.信息” in the following circumstance:

(1) The domain name is identical with or confusingly similar to the name or mark in which other one has civil rights or interests, and

(2) The domain name holder has no right or legitimate interest in respect of the domain name or major part of the domain name, and

(3) The domain name holder has registered or has been using the domain name in bad faith.

Note:
a. Any of the following circumstances may be the evidence of the registration and use of a domain name in bad faith:
*The purpose for registering or acquiring the domain name is to sell, rent or otherwise transfer the domain name registration to the party who is the owner of the name or mark or to a competitor of that trademark owner, and to obtain unjustified benefits;
* The disputed domain name holder, on many occasions, registers domain names in order to prevent owners of the names or marks from reflecting the names or the marks in corresponding domain names;
* The disputed domain name holder has registered or acquired the domain name for the purpose of damaging the Complainantʹs reputation, disrupting the trademark holder’s normal business or creating confusion with the trademark holder’s name or mark so as to mislead the public;
* Other circumstances which may prove the bad faith.

b. The person against whom the complaint is filed in any of the following circumstances before his⁄her receipt of the complaint delivered by the dispute resolution provider shall be deemed to enjoy legitimate rights and interests in the domain name:
*has used the domain name or any name corresponding thereto during the provision of commodities or services;
*has not obtained the trademark, but the domain name he⁄she holds has been in existence for over two years and obtained a certain degree of reputation;
*has been using the domain name reasonably or legitimately and non-commercially without the intention to mislead the consumers for commercial profits.

29.1.1.2 Other Rights

Except for the articles provided in preceding paragraphs, in order to maintain the interests of the nation and the civil society, Tele-info Ltd. will take necessary measures to protect certain words in the following circumstances:

(1)Country geographic names shall not be registered by any parties without obtaining consent or non-objection of the local authorities which the geographical name points;

(2)The names of products and services subject to relevant provisions of the State on obtaining license shall not be registered by individuals or enterprises without the license;

(3)The names of well-recognized government and international organizations shall not be used by any organizations and individuals other than those to which such names point;

(4)Domain names shall not disseminate contents that violate public order and good morals, such as pornography, violence and terrorism

(5) Open access to registrant information shall be maintained to the extent compatible with applicable privacy laws and the Tele-info Ltd. policy of treating all registrants equitably.

29.1.2 Implementation Plan for different categories of rights infringement

Please refer to table 1 in attachment Q29_Attachment_Table.

29.1.3 Rights Protection Policies

29.1.3.1 Policies on Domain Name Registration Eligibility

Once the application submitted via registrar, Tele-info Ltd. has retained each registrar to conduct authentication of registrants identity (please refer to Question 28 for details) and registration eligibility check. If a registered domain name involves any of the following requirements, the original domain name registrar shall delete it and notify the domain name holder in written form:

(1) In case the domain name holder or his⁄her deputy applies for the cancellation of the domain name registration;

(2) In case the registration information submitted by the domain name holder is unauthentic, inaccurate or incomplete;

(3) In case the domain name holder fails to pay the corresponding fees in accordance with the provisions;

(4) In case the domain name shall be written off in accordance with the judgment by the peopleʹs court, arbitration institution or the domain name dispute resolution institution;

(5) In case the domain name is in violation of the provisions and the relevant laws and regulations.

29.1.3.2 Prohibited Strings

In addition, according to “China Internet Domain Name Regulations” (please refer to http:⁄⁄www1.cnnic.cn⁄html⁄Dir⁄2005⁄03⁄24⁄2861.htm). Tele-info Ltd. does not allow the registration and use of domain names for malicious purpose. Please refer to Question 28 for detailed description.

29.1.3.3 Reserved Names

Tele-info Ltd. will initially reserve strings in the following circumstances for registration by specific right holders only to protect the rights of the users. Please refer to Question 28 for detailed description.

Except for the names provided in preceding paragraphs, Tele-info Ltd. and the registrars shall not reserve domain names or do so in disguised form. During the process of domain name registration, the registry and registrars shall not represent any actual or potential domain name holder.

29.1.3.4 Rules for Domain Name Dispute Resolution

In order to ensure the fairness, convenience and promptness of a domain name dispute resolution procedure, the “.信息” domain name dispute policy are formulated in accordance with Uniform Domain Name Dispute Policy (UDRP), which is incorporated by reference and made a part of the registration agreement, and binding to the holders of the domain names. The decision the decisions based on of the facts related to the dispute will be carried out by dispute resolution provider approved by ICANN. Tele-info Ltd. and domain name registrars shall not participate in the domain name resolution proceedings in any capacity or manner other than providing the information relevant to the registration and use of the domain name upon the request of the Dispute Resolution Service Providers.

During the period of domain name dispute resolution and within 10 days upon the issuance of the determination, the domain name holder may not apply for transfer or registration information update of the domain name in dispute, except where the transferee agrees in writing to be bound by the determination on dispute resolution.

Tele-info Ltd. provides in its agreement with registrars that each registrar shall handle the domain name in accordance with the result of the decision on the dispute: where the complainant wins, carry out the remedies which the complainant has chosen for dispute resolution including domain name suspension or further transfer if necessary; where the person against whom the complaint is filed wins, the status of the domain name shall be unlocked.

29.1.3.5 Policies on Complaints for Rights Infringement

29.1.3.5.1 Complaint Acceptance

Tele-info Ltd. will retain CNNIC to take the responsibility for the acceptance and investigation of complaints and make records of the complainants’ information on 7*24 hours basis. Assessment shall be conducted by anti-abuse complaint handling personnel pursuant to relevant measurement criteria (please refer to attached document for detail criteria), and if necessary, a special investigation team shall be formed to conduct research, analysis and judgment. Feedback shall be provided for the complainants in time upon the completion of assessment.

29.1.3.5.2 Response to and Handling of Complaints

(1) Handling of complaints shall be made within 5 business days upon acceptance of complaint from each channel. Afterwards the result of handling complaints will be forwarded, via telephone call or email, to the complainant, the person against whom the complaint is filed and other parties involved.

(2) Where the registry back end operator CNNIC is found upon investigation of complaints to have committed violations of laws, or fail to effectively respond to complaint filed according to Trademark Post-Delegation Dispute Resolution Procedure (PDDRP) or Registry Restriction Dispute Resolution Procedure (RRDRP), it shall be ordered to take remedies relevant provisions and pay penalty accordingly. In the case of severe breach of Registry agreement without any correction upon notification, Tele-info Ltd. is entitled to cancel the agreement and conduct further registry transition afterwards.

(3) Where any registrar or the registry back-end operator is found upon investigation of complaints to have committed violations of laws or agreement terms, it shall be ordered to make corrections and make relevant compensations. In the case of severe breach of RRA without any correction upon notification, Tele-info Ltd. is entitled to cancel the agreement and conduct further registry or registrar transition afterwards.

(4) Where any registrant is found upon investigation of complaints to have committed violations of relevant regulations, the registrant shall be ordered to make corrections. In the case of such domain name abuse as phishing and dissemination of illegal information, the existence of which will continue to cause greater losses to the users, the domain name shall be suspend within 2 hours after verification of the misconduct.

(5) Where the complaint involves domain name dispute, the complainant shall be told to resort to domain name dispute resolution provider or the court based on Uniform Domain Name Dispute Resolution Policy (UDRP) or relevant judicial procedures, then the registrar will be asked to lock the domain to prevent transfer or update till the dispute being resolved. Tele-info Ltd. will further notify the registrar to unlock domain name or make transfer based on the dispute resolution decision.

(6) Where any information provided by the complainant is found to be inaccurate or there is no evidence to prove domain name abuse, Tele-info Ltd. will reject the complaint and give corresponding explanations, and the complainant may, if not satisfied, provide further evidence to file an appeal.

29.2 Rights Protection Measures

29.2.1 Sunrise Period Registration for Trademark Holders

Tele-info Ltd. will, in the initial phase of launching registration, provide Sunrise Period registration service to ensure full protection for the rights of the trademark holders. Prior to the top level domain general availability for registration, a 30-day pre-registration period is set only allowing for domain name registration by trademark holders.

Early applications for domains are recommended, as Sunrise applications will be processed and awarded by the registry on a first-come first-served basis. Registrant will be asked to provide additional information about their trademark. The Trademark Clearinghouse provider designated by ICANN will take charge of validate and authenticate trademark information with respect to each domain names registration in the sunrise period.

In addition, Tele-info Ltd. will provide notice for all trademark holders in the Clearinghouse if someone is seeking a sunrise registration. This notice will be provided to holders of marks in the Clearinghouse that are an identical match to the name to be registered during Sunrise.

Tele-info Ltd. will, upon designation of the Trademark Clearinghouse Service Provider by ICANN, immediately set up a database connection to obtain information required for the provision of sunrise registration services.

29.2.1.1 Schedule for Sunrise Period

The schedule for the Sunrise Period will be as follows:

At least 6 months prior to the proposed gTLD being opened to the general public, Tele-info Ltd., in coordination with the intellectual property community, will make a general public announcement with the estimated date that it will open the proposed gTLD to the general Internet community.

Although it is likely that registrars and others will begin accepting pre-registrations long before the beginning of the Sunrise Period, Tele-info Ltd. will not begin to collect and process Sunrise Period requests until at least thirty days after the announcement. Once it begins processing these requests, Tele-info Ltd. will continue to do so for a period of 30 days.

29.2.1.2 Sunrise Eligibility Requirement

Tele-info Ltd. will provide Sunrise service in accordance with the Sunrise eligibility requirement and incorporate a Sunrise Dispute Resolution Policy.

The detailed eligibility requirements include:

(1) Ownership of a word mark:

*nationally or regionally registered and for which proof of use was submitted to and validated by Trademark Clearing house; or

*that have been court validated; or

*that are specifically protected by a statute or treaty currently in effect and that was in effect before 26 June 2008.

(2) Representation that all provided information is true and correct

(3) Provision of data sufficient to document rights in this trademark, including the registration number and the country of registration for the mark as part of a Sunrise registration request.

(4)Other requirement in accordance with current and future China domain name registration regulation. (Please see 29.1.3.1 for reference)

29.2.1.3 Sunrise Dispute Resolution Policy

Tele-info Ltd. allows challenges of sunrise registration based on the following four grounds:

(1)At the time the challenged domain name was registered, the registrant did not hold a trademark registration of national effect (or original effect) or the trademark had not been court validated or protected by statute or treaty;

(2)The domain name is not identical to the mark on which the registrant based its Sunrise registration;

(3)The registrant did not hold a trademark registration of national effect (or original effect) or the trademark had not been court validated or protected by statute or treaty;

(4)The trademark registration on which the registrant based its Sunrise registration did not issue on or before the effective date of the Registry Agreement and was not applied for on or before ICANN announce the application received;

For registration contention of the same name between two legitimate trademark holders, the Tele-info Ltd. will adopt a first-come-first-served method to address the contention during sunrise period. If any challenge is raised thereby, resolve domain name disputes in accordance with the Sunrise Dispute Resolution Policy (SDRP) under such principles and resort to relative dispute resolution provider or the court. Tele-info Ltd. will process further domain name transfer or unlock based on the result of resolution.

29.2.2 Trademark Claims Service

Tele-info Ltd. plans to provide Trademark Claims service in the initial launch period as the first 60 days that registration is open for general registration.

29.2.2.1 Trademark Claims Service Process

Specific service process is as follows:

(1) Upon the submission of any registration application by the registrant, Tele-info Ltd. will search the database of the Clearinghouse during the domain name review stage;

(2) If the domain name for registration is found to be in complete accord with any trademark in the database of the Clearinghouse designated by ICANN, Tele-info Ltd. will provide the prospective registrant with a clear notice of the scope of the mark holder’s rights in order to minimize the chilling effect of the registrant. It should be a specific statement by prospective registrant warrant that: (i) the prospective registrant has received notification that the mark(s) is included in the Clearinghouse, (ii) the prospective registrants has received and understood the notice, and (iii) to the best of the prospective registrant’s knowledge, the registration and use o the requested domain will not infringe on the rights that are the subject of the notice.

(3) The Trademark Claims Notice should provide the prospective registrant access to the Clearinghouse Database information referenced in the Trademark Claim Notice to enable the registrants to understand more fully the trademark rights claimed by the trademark holder; specifically the trademark notice should be able to be provided in Chinese.

(4) If the prospective registrant asks for registration after receiving the notice, the registrar will, after the domain name registration is effectuated, notify in a timely manner the holder of the trademark.

29.2.2.2 Trademark Claims Service Eligibility Requirement

Tele-info Ltd. will provide Trademark Claims Service in accordance with the Trademark Claims Service eligibility requirement.

(1) The registrant shall hold a trademark registration of valid national effect (or original effect) or the trademark had been court validated or protected by statute or treaty;

(2) The domain name shall be identical to the mark included in the trademark Clearinghouse database and for identical match the language of the word mark should be the same.

29.2.3 Domain Name Registration Review platform

In order to provide accurate information for the determination of the person responsible for an infringing, Tele-info Ltd. has also retained CNNIC to allocate experience personnel to implement domain name registration review to concurrently prevent infringements.

29.2.3.1 Registrant Information Verification

Tele-info Ltd. will cooperate with the registrars to verify whether any domain name applicant is with legitimate capacity for civil conduct and the information submitted thereby is authentic and accurate through verification of the registration application form and corresponding identity certificates, including personal photo ID, enterprise business license or other proof of identity, submitted by the applicant to the registrar, so as to ensure that relevant responsible person can be determined and handled in time once domain name infringement occurs. Domain name applications include information of the registration contact person which is unauthentic, inaccurate or incomplete will be rejected

29.2.3.2 Rights and Interests Review Process

In accordance with the “China Internet Domain Name Regulations” , Tele-info Ltd. has cooperate with CNNIC to create a list of strings forbidden for registration, which will be used in the review process to check whether any domain name contains strings forbidden for registration. The registry will reject those applications so as to prevent the appearance of infringing domain names.

CNNIC will screen all registrations for “unusual” domain name registration practices, such as registering hundreds of domains at a time, registering domains which are unusually long or complex, include an obvious series of numbers tied to a random word (baddomain01, baddomain02, baddomain03).

CNNIC will also screen all registrations for patterns known to be associated with phishing (bank, secure, etc.)

CNNIC will reviewing all domain names proposed for registration against known sites that are often the subject of phishing type attacks, which will ensure “.信息” do not inadvertently aid in the provisioning of illegitimate content in online scams.

29.2.3.3 Name Reservation and Registration Process

Tele-info Ltd. will ensure that the reserved domain names, once released for registration, are released the right holders and eliminate illegal cybersquatting. Please refer to Question 28 for detailed description.

29.2.4 Domain Name Infringement Handling

29.2.4.1 Unified Rapid Suspension System (URS)

Tele-info Ltd. will fully respect the trademark infringement complaints submitted by the providers of the URS system services and establish a response channel on a 24*7 basis, specifically:

(1)Firstly, lock the domain name concerned upon the receipt of a notice of complaint from the URS provider, whereby the EPP status will be “Transfer Prohibited”, and forbid all changes of the registered data, including transfer and deletion of the domain name, but the domain name shall continue to be resolved;

(2)Tele-info Ltd. will immediately inform the URS provider of the domain name lock, and provide the same with detailed WHOIS information channel, so as to provide convenience for it to contact the registrant;

(3)Where the complainant wins, Tele-info Ltd. will, upon receipt of the determination on URS, immediately suspend the domain name, whereby the domain name may not be resolved to the original website, the domain name server will be redirected to the information note page of URS, and information in the WHOIS on other domain names will continue to be that of the original registrants. In addition, the Whois shall reflect that the domain name will not be able to be transferred, deleted or modified for the life of the registration.

(4)Where the determination is in favor of the registrant, domain name parsing will be restored to the original domain name server.

29.2.4.2 Domain Name Disputes Resolution Measures

Tele-info Ltd. will mandate its registrar in RAA to provide assistance for taking measures for domain name disputes resolution as required by UDRP, specifically:

(1) If the complainant submits written complaint material to the registrar or the registry to prove that he⁄she is the holder of the domain name concerned, the registrar or the registry will provide the complaint with information on the designated dispute resolution provider for further resolution;

(2) The dispute resolution provider shall, upon receipt of complete complaint materials and confirmation of payment, send an acceptance notice to Tele-info Ltd. and the registrar;

(3) Upon receive notification of the dispute resolution provider, the registrar will lock the domain name to prohibit the person against which the complaint is filed from modifying the registered data and the transfer of the domain name, at the time of which the domain name may still can be resolved;

(4) The person against whom the complaint is filed shall submit within 20 calendar days authentic and accurate written material in response upon the notification of the dispute resolution provider, otherwise the adjudication authority will issue a judgment based on the evidence submitted by the complainant alone;

(5) The dispute resolution provider will appoint a panel to conduct hearing and ruling with respect to the disputed domain name, and the result of judgment shall be issued within 14 calendar days upon the provision of response by the party against which the complaint is filed;

(6) Where the Panel supports the Complaint, the registered domain name shall be cancelled or transferred to the Complainant by the registrar; otherwise, the Complaint shall be rejected.

(7) If the Dispute Resolution Service Provider rules in its decision to cancel the registered domain name or to transfer it to the Complainant, the domain name Registrar, before enforcing the decision, shall wait 10 calendar days calculating from the date on which the decision is published. If during such waiting period the Respondent submits valid proof attesting that a competent judicial authority or arbitration institution has accepted the relevant dispute, the registrar shall not enforce the decision of the Dispute Resolution Service Provider.

*If any proof attests that the parties have reached a settlement by themselves, the Registrar shall enforce such settlement;

*If any proof attests that the party that instituted the judicial action or applied for arbitration has withdrawn the Complaint or the relevant action or Complaint has been rejected, the Registrar shall enforce the Dispute Resolution Service Providerʹs decision;

*If the judicial authority or arbitration institution has rendered a judgment or an award that has become legally effective, the Registrar shall enforce such judgment or award.

29.2.4.3 Rapid Takedown Measures

The rapid suspension procedures are applicable to abusive behaviors regarding the use of domain names such as phishing or spreading of illegal contents, which may cause further losses to internet users. This procedure will most likely be the result of a complaint filed via APAC or 12321 Center. The specific enforcement procedures are as follows:

(1) Once an abuse compliant is received, the registrar will be requested to directly lock the domain to prevent further transfer and update, while a dedicated group is assigned to confirm the complaint manually within 1-3 working hours. After confirmation the registrar will be requested to suspend the domain name in the SRS system and the EPP status will be changed into “serverHold”, so that the domain name will not be able to resolve or be transferred until it is “restored”. In case such registrar fails to give a reply on handling within one working day, CNNIC will take step to handle the complaint, which may include suspension of the domain name against which the complaint is filed. The domain name holder will be informed at the same time to make corrections. After the registrant has stopped the abusive behavior and made adequate correction, which need to be confirmed by Tele-info Ltd., the registrar will restore the domain name to the status before suspension.

(2) Once the complaint is determined to be tenable and no further appeal or correction confirmed by Tele-info Ltd. within 60 days, Tele-info Ltd. will take down the domain name and delete the registration record, which means the domain name comes to general availability.

(3) The domain name holder and its registrar concerned will be informed three times as it has been locked of investigation, suspended, or deleted ;

29.2.5 Complaints Filing

Tele-info Ltd. has signed agreement with CNNIC for providing a channel of handling complaints on domain name infringement by collecting complaints from users and in cooperation with industrial communities.

29.2.5.1 Tele-info Ltd. Complaint Channels

At present, unified contact information for domain name abuse complaints and reports is published on the home page of Tele-info Ltd. (www.Tele-info Ltd..cn, www.泰尔英福.cn, or www.泰尔英福.中国 ). The complaint channels established with the assistance of CNNIC are open to receive all kinds of complaints on domain name abuse on a 7*24h basis, and Tele-info Ltd. undertakes to give reply thereto within 5 working days. The complainant shall describe the domain name against which the compliant is to be filed, evidence of abuse, results caused, and contact information, including telephone, email, and etc., for the purpose of receiving the result of complaint handling by and from Tele-info Ltd. in time.

29.2.5.2 Community Interactive Complaint Channel

Currently, Tele-info Ltd. has retained CNNIC to establish a sound information sharing mechanism with the registrars, the Anti-phishing Alliance of China and the International Anti-phishing Working Group, 12321 Center to fight against rights infringement.

CNNIC will, based on the information obtained through these channels for the determination of any rights infringement behavior related “.信息” domain names, notify relevant registrar in time for handling. In case such registrar fails to give a reply on handling within one working day, CNNIC will take step to handle the complaint, which may include suspension of the domain name against which the complaint is filed. Tele-info Ltd. will further share the phishing data with Internet Explorer and Microsoft or other industry partners.

29.3 Resource Planning

The resource planning model for rights protection in “.信息” domain will be a combination of efforts form both Tele-info Ltd. and CNNIC. As of the date of the application, Tele-info Ltd. will consist of its Board of Managers, with several additional executive to supervise the operation of CNNIC as the registry back-end operator.

Meanwhile, Tele-info Ltd. will benefit from the CNNIC’s established application review, customer service and complaint handling platform for operating ccTLDs including “.CN” and “.中国” with proven capability. Based on the existing platform, CNNIC will also expand its current resource devotion for satisfying the additional needs coming from the service of new gTLDs, enabling Tele-info Ltd. to set a target date to begin offering its services by the end of 2013. It is estimated that CNNIC’s expanded platform will perform adequate capabilities for scaling their staff to meet the needs at peak level demands, and Tele-info Ltd. will benefit from the transfer of knowledge from CNNIC to successfully build “.信息” as demand levels require.

29.3.1 Staffing

29.3.1.1 Initial Staffing

In order to provide higher standard services of new gTLD with lower rate of domain name abuse, Tele-info Ltd. is expected to have 3 persons to operate on the registry level for domain name abuse solution.

Meanwhile, CNNIC will, based on its agreement with Tele-info Ltd., utilize its current platform of application review, customer service center, and domain name abuse monitoring and handling platform to simultaneously serving “.信息”. In order to maintain adequate service standard of “.信息”, other than its current staff, CNNIC will also recruit additional staff in the start-up period for the first 3 years operation for maintaining the functionality.

29.3.1.1.1 Managerial Level

Tele-info Ltd. will retain an operation executive responsible for supervise the back-end registry provider for ensuring high-quality technology support and billing customer support for registrars. Tele-info Ltd. expects this role, performing by a technology supervisor, to be critical during the Sunrise and Land Rush Period, during which time domain name registrations rises significantly. This person will guarantee the neutrality of service among all the TLD’s under CNNIC’s management. By assign this executive, who will keep checking the overall service performance of “.信息” by means of registrar survey and periodical record check, the back end-registry’s performance will be guaranteed.

Tele-info Ltd. will retain another operation executive responsible for ensuring high-quality service in application review, registrants and end-user customer services as well as the complaint monitoring and handling. This staff will supervise the customer service level and the establishment of communication channel for end-users provided by the registry back-end operator. By assign this executive, who will keep checking the overall service performance of “.信息” by means of registrants satisfaction survey and periodical record check, the customer service level will be maintained with high quality.

Tele-info Ltd. will also retain its experienced legal manager to handle with any registry misconduct lawsuit and Intellectual property dispute according to PDDRP and RRDRP, and to serve as an ombudsman, assisting registrants and registrars in dispute resolutions related to “.信息”. This person will also take responsibility to establish and maintain a long term cooperation mechanism to cooperate with the Anti-phishing Alliance of China, the International Anti-phishing Working Group, the 12321 Network Negative Information Complaint Center, Trademark Clearing House Provider, Uniform Rapid Suspension System Provider as well as other assigned body designated by ICANN.

29.3.1.1.2 Customer Support Staff

CNNIC has set up a Customer Support Center providing 7×24 hours’ service to handle inquires and complaints from registrants of “.信息”. Upon ICANN’s delegation of new gTLDs, volume of end-user’s inquiries and complaints are expected to rise accordingly and more staff members will be hired to enhance the service capacities. Based on the original staffing basis with 31 employees, 5 additional employees will be recruited to support the new operation. The staff members are divided into the 3 subgroups. Please refer to Question 28 for detailed description.

29.3.1.1.3 Review and Monitoring Staff

CNNIC currently has 20 members to review of domain names applications and monitor the Whois accuracy and the potential rights infringement. As all required staff members are expected to be on duty starting from the start-up period, additional recruitment must meet the needs of the peak registration season. 1 more staff responsible for supervision of review work and monitoring of registration status should be hired to supporting the new gTLD which means a team with 21 persons will take charge of this functionality.

29.3.1.2 Staffing on Ongoing Basis

The managerial staff provided by Tele-info Ltd. is expected to be sustainable during the first three years and on-going basis. CNNIC, on the other hand, has also been structured to operate with an initial human capital investment to staff and manage the infrastructure required for sustaining the domain name abuse policies during the first 3 years of operations. The current staffing model also allows for back-up staffing, which provides a better overall understanding of the systems security. Therefore, Tele-info Ltd. foresees little expansion required for domain name abuse prevention and mitigation. However, Tele-info Ltd. itself and CNNIC will expand its staff if necessary on ongoing basis. Staffing allocations may also need to be adjusted as demand for our services increases. Adjustments could include overall staff size or refinements to required technical skills. Cross-training will be used in all positions to promote job interest. Specific factors which could affect staffing levels include:

(1)Increase in the number of registrars;

(2)Higher than anticipated domain name registration or transfer request;

(3)Higher than anticipated complaint volume;

(4)Higher than anticipated domain name dispute;

(5)Increase in the complexity of our services;

Additional staff requirements will be met through a rigorous recruitment process following the requirement of employment. To meet registration demand and the cumulative growth of new registrars, Tele-info Ltd. may hire 3 additional people and CNNIC may hire an additional 5 staff for the functionalities described above in the fourth and fifth years of “.信息” operations, as necessary.

28.3.1.3 Requirement of Employee

Tele-info Ltd. is structured to meet the needs of its customers: ICANN registrars, registrants and the Internet community at large which will address the overall needs of ICANN. Tele-info Ltd. and CNNIC staff will meet or exceed the stated requirements in skills, competence, and experience. The staff will be augmented during the initial 3 years and thereafter, as necessary, by subject-matter experts. For our requirement for employee, please refer to Question 28.

29.3.2 Equipment Planning

29.3.2.1 Major Systems

CNNIC will provide Tele-info Ltd. with the software and hardware required for the domain name application review, customer self-service, customer support and abuse monitoring, including the following:

29.3.2.1.1 Electronic registrant review system;

Please refer to Question 28 for detailed description.

29.3.2.1.2 Customer Self-Service System

Please refer to Question 28 for detailed description.

29.3.2.1.3 Customer Support System

Please refer to Question 28 for detailed description.

29.3.2.1.4 Systematical Interface with Trademark Clearing House and Uniform Rapid Suspension System;

As ICANN has yet confirmed the implementation model of Trademark Clearing House and Uniform Rapid Suspension System Completely, we are currently expecting to establish interface with those provider upon ICANN’s designation. We will integrate further extension in our current infrastructure to communicate with those service providers and establish independent database to restore the data they transit to us.

29.3.2.2 Work Space and Administrative Resources

Tele-info Ltd. and CNNIC’s current work site is currently equipped to accommodate all required personnel listed above. Every staff has been equipped with at least one desktop computer. All software required for working are pre-installed in their computers. The internet connection and telephone connection is also provided to every working staff by our office assistance team.

The current infrastructure will be sustainable for the projected 3 years of initial operation of “.信息”. CNNIC will undertake to update the software and hardware in time for ongoing basis, if necessary.

29.3.3 Funding

Tele-info Ltd. is planning to invest enough funding to ensure the implementation of the policies and measures on domain name abuse. The funding will support our customer service and technical security maintenance and other administrative function such as website design and equipment update. Please see question 47 for detailed amount of funding for each section.

Beijing Tele-info Network Technology Co., Ltd. (Tele-info Ltd.) provides ʺ.信息ʺ TLD with sound security strategy and guarantee.

The Information Security Management System (ISMS), established by CNNIC, has been certified by China Information Security Certification Center (ISCCC) accredited by China National Accreditation Service for Conformity Assessment (CNAS), accords with ISO 27001:2005 and the Statement of Applicability (SOA) thereof, and possesses relevant ISCCC certificates. Since ISMS is viewed to be suitable for the information security management of ʺ.信息ʺ, the security policy is jointly formulated by Tele-info Ltd. and CNNIC based on ISMS and the risk assessment of ʺ.信息ʺ. Associated assurance measures will be implemented according to the policy.

By far, all human resources, funds and equipment necessary for implementing corresponding security strategy have been put in place by Tele-info Ltd. and CNNIC respectively.

30(a).1 Overview of Security Policy

The security policies and corresponding security measures for ʺ.信息ʺ registry services are divided into two categories. One is for technical security and the other is for management security. Technical security includes physical security, network security, system security, application security, data security and auditing security. Management security involves security management organizations, security management personnel and security management rules. Relevant security policies conform to the following standards:

(1) YD⁄T2091-2010 Security Specification for Public DNS Resolution System (http:⁄⁄www.ptsn.net.cn⁄standard⁄std_query⁄show-yd-3460-1.htm)

(2) YD⁄T2140-2010 Technical Specification of DNS Security Framework (http:⁄⁄www.ptsn.net.cn⁄standard⁄std_query⁄show-yd-3523-1.htm)

(3) YD⁄T 2136-2010 Technical Specifications of DNS Delegation (http:⁄⁄www.ptsn.net.cn⁄standard⁄std_query⁄show-yd-3519-1.htm)

(4) YD⁄T 2245-2011 Security Protection Requirements for the Domain Name Registration System (http:⁄⁄www.ptsn.net.cn⁄standard⁄std_query⁄show-yd-3684-1.htm)

(5) YD⁄T 2246-2011 Security Protection Testing Requirements for the Domain Name Registration System (http:⁄⁄www.ptsn.net.cn⁄standard⁄std_query⁄show-yd-3685-1.htm)

(6) YD⁄T 2052-2009 Security Protection Requirements for the Domain Name System (http:⁄⁄www.ptsn.net.cn⁄standard⁄std_query⁄show-yd-3397-1.htm)

(7) YD⁄T 2053-2009 Security Protection Testing Requirements for the Domain Name System (http:⁄⁄www.ptsn.net.cn⁄standard⁄std_query⁄show-yd-3398-1.htm)

(8) Information Security Technology—Baseline for Classified Protection of Information System Security (GB⁄T 22239-2008) (http:⁄⁄www.ptsn.net.cn⁄standard⁄std_query⁄show.php?source=gb&id=8623)

(9) GB⁄T 22080:2008 (ISO⁄IEC 27001:2005, IDT) Information technology-Security techniques-Information security management systems-Requirements (http:⁄⁄www.ptsn.net.cn⁄standard⁄std_query⁄show.php?source=gb&id=8618)

(10) GB⁄T 22081:2008 (ISO⁄IEC 27002:2005, IDT) Information technology-Security techniques-Code of practice for information security management (http:⁄⁄www.ptsn.net.cn⁄standard⁄std_query⁄show-gb-8619-1.htm)

Below is an introduction of the above-mentioned various security policies.

30(a).1.1 Technical Security Policy

30(a).1.1.1 Physical Security Policy

All the systems related to ʺ.信息ʺ registry services are deployed in the Internet Data Center (IDC) that meet the following security requirements:

(1) 7*24 on-site security personnel.

(2) A 7*24 video monitoring system is used to monitor the IDC room.

(3) Door-access cards and fingerprint identification technology are used for access control.

(4) Two separate circuits and one standby Uninterruptible Power Supply (UPS) are available to ensure uninterrupted power supply.

(5) Lightening-proof, fire prevention and anti-static measures are taken.

(6) All windows are equipped with infrared anti-theft alarm devices.

Furthermore, only authorized technicians (e.g. system administrators) are permitted to enter the IDC room for operations such as hardware or software update.

30(a).1.1.2 Network Security Policy

A full redundancy design is adopted for all the network equipment and links related to ʺ.信息ʺ registry services. Four security zones are respectively defined as office subnet, a monitoring subnet, a service subnet and a database subnet according to their security level. Intrusion Detection Systems (IDS) and equipment against Denial of Service (DOS)⁄Distributed Denial of Service (DDOS) have been adopted by ʺ.信息ʺ.

All the servers for ʺ.信息ʺ registry services are protected by load balancers. Each server adopts the intranet IP address defined in Request for Comments (RFC) 1918. Important internal servers such as databases also adopt intranet IP addresses to prevent Internet users from accessing these servers.

30(a).1.1.3 System Security Policy

All systems related to ʺ.信息ʺ registry services conform to the following security policies:

(1) Unnecessary services and processes are prohibited.

(2) Upgrading operating systems and important application programs shall be performed at a regular basis.

(3) Dynamic Rivest-Shamir-Adieman (RSA) token security systems shall be deployed for system authorization, access control and access password protection.

(4) Remote operation of servers within the intranet shall be performed through bastion hosts.

In addition, the use of server resources and service status will be monitored on a 7*24 basis by a exclusive network operation and maintenance system and an alarm will be given off once an abnormity is detected. System-level scanning devices are used to perform systematic vulnerability scanning periodically for the internal and external networks and system reinforcement is performed very soon.

30(a).1.1.4 Application Security Policy

All applications related to ʺ.信息ʺ registry services conform to the following security policies:

(1) Shared Registration System (SRS)

(a) The SRS connection between Tele-info Ltd. and the registrars shall adopt the Secure Sockets Layer (SSL) encryption technology, and a client certificate and a username⁄password shall be used to achieve the strong authentication to each registrar.

(b) If a registrar does not perform any operation within a preset period of time after successful login, SRS will automatically terminate the connection.

(c) Each registrarʹs login password in the SRS is restricted to within 6-32 characters, which is stored in an encrypted form.

(2) DNS service

(a) Hidden DNS resolution primary masters are adopted which are not connected with the Internet and which do not provide resolution service, so as to ensure the security of the original zone files of ʺ.信息ʺ.

(b) Transmission of zone files between hidden primary masters and each secondary server at each nameserver data center is achieved in the way of IPsec encryption, so as to achieve safe transmission of zone files of ʺ.信息ʺ.

(c) A monitoring system is adopted to ensure data integrity in the process of generating and transmitting zone files of ʺ.信息ʺ.

(d) The specified security configuration regulations are formulated for the configuration of resolution software with inspection to the configuration at regular intervals (quarterly). If the items are not accordant with the regulations, they will be modified to keep the software configuration safe.

(e) Track the vulnerabilities of the resolution software by the specialized personnel and test and upgrade in time after detecting the vulnerabilities.

(3) Whois

(a) Whois only permits Internet usersʹ queries and no alteration is permitted.

(b) Whois Web servers are only used to transform Whois Web requests into WhoisD query requests and transmit such requests to WhoisD servers through load balancers. Then WhoisD servers are connected to Whois database to response to Whois queries.

(4) DNS Security Extensions (DNSSEC)

(a) The Hardware Security Module (HSM) used for Key Signing Key (KSK) signing is installed in a locked electro-magnetic shielding cabinet which can effectively prevent key disclosure from the interference of electro-magnetic signals from the outside.

(b) Both the HSM and the cabinet are placed in a separate room with access control measures and only authorized persons may get access to the cabinet.

(5) Internationalized Domain Names (IDN)

(a) To address the problem of phishing due to similarity of internationalized domain names, an system of Chinese domain similarity detection is adopted by “.信息”, through which phishing domain names related to ʺ.信息ʺ can be detected and then corresponding measures can be taken.

30(a).1.1.5 Data Security Policy

Only Database Administrators (DBA) who are responsible for maintenance are permitted to manage database servers. Only through specific management PCs and specific accounts can a DBA access a database server. For any change in the data and programs of an internal database, an application must be submitted through the procedures as specified for managing changes in internal databases. The application shall be reviewed by the DBA and the responsible person before operations are performed at the presence of the DBA. DBAs inspect the data backup of the database on a daily basis to make sure that backup data is correct. Technical measures are taken to perform real-time check of the integrity of updated DNS zone files.

A system has been adopted to guard against illegal alteration of websites to ensure data integrity of the websites related to ʺ.信息ʺ registry services. Important data are regularly backed up into the local tape library and the local secondary operation center. The local and remote secondary operation centers have been adopted to realize backup of important data in the three operation centers in Beijing and Chengdu.

30(a).1.1.6 Auditing Security Policy

ʺ.信息ʺ formulates the thorough auditing technical methods and management measures;

ʺ.信息ʺ adopts exclusive database auditing system to audit with the database orders, bastion hosts system to audit the server management operation and in addition, the specified centralized log collection and auditing system (LegendSec) to collect the logs of all network devices, servers and application systems, uniformly collecting and centralizing the logs to make the records.

Auditors use the database auditing system, bastion hosts system and log collection and auditing system to audit at each level and produce corresponding reports on a regular basis.

30(a).1.2 Management Security Policy

30(a).1.2.1 Security Management Organization

Tele-info Ltd. and CNNIC are jointly responsible for relevant security management and emergency response of ʺ.信息ʺ registry services. CNNIC has established a security management department to organize and implement all security-related work; Tele-info Ltd. arranges special technical personnel as security contacts, who are responsible for coordinating the regular security affairs with CNNICʹs security management department, as well as supervise the work of CNNIC. In addition, Tele-info Ltd. and CNNIC jointly agree to establish, on the basis of the existing organizational structure, a ʺvirtualʺ information security management organization which consists of three tiers: the decision-making tier, the execution tier and the auditing tier.

30(a).1.2.2 Security Management Personnel

An investigation must be conducted on the background of the personnel responsible for security management related to ʺ.信息ʺ registry services to make sure that they are reliable enough in terms of educational level, work experiences, credibility, etc. The investigation should be carried out by corresponding Personnel Department.

30(a).1.2.3 Security Management Rules

Security management rules of “.信息” registry services will be put into place in accordance with ISMS, which has been set up by CNNIC for ccTLDs and Chinese domain names in compliant with ISO27001, and viewed to be suitable for ʺ.信息ʺ as well. Based on the ISMS, the security management rules is formulated consisting of 4 tiers of documents: information security management manual; management specifications⁄measures⁄procedures⁄standards; implementation rules⁄operation guidelines⁄work guidance; and records⁄logs. See the figure below:

Please see Figure 1 in the attachment of Q30a_Attachment_Figure.

(1) The information security management manual is the guiding document for ʺ.信息ʺ information security management work. The manual contains such contents as information security policy, overall objective and control measures that are mentioned in the SOA and that have been implemented. Documents of the second and third tiers, such as management specifications and implementation rules can be regarded as documents supporting the information security management manual.

(2) Management specifications, measures, procedures and standards clearly define various management systems and technical control measures. Documents of the second tier provide methods and guidance for carrying out main activities of implementing the information security management system and for allocating duties. Lower-tier documents should also be referred to in implementing ISMS.

(3) Implementation rules, operation guidelines and work guidance are documents that give a detailed description of the processes mentioned in the second-tier documents. Consisting of work guidance, tables & lists, workflow charts, service standards and system manuals, documents of this tier give a detailed description of specific work and activities.

(4) Records and logs are used to keep record of various activities, serving as evidence that these activities meet the requirements of upper-tier documents. During the implementation of ISMS, a series of record tables and reports need to be kept to serve as the evidence that relevant preventive and corrective measures have been carried out.

30(a).2 Security Capability Assessment

30(a).2.1 Security assessment report

The security and safeguarding measures concerning the implementation of “.信息” registry services will be put into place in accordance with ISMS, which was set up by CNNIC for ccTLDs and Chinese domain names in compliant with ISO27001(GB⁄T 22080). The ISMS was certified on March 9, 2011 by China Information Security Certification Center (ISCCC) accredited by China National Accreditation Service for Conformity Assessment (CNAS). With relevant ISCCC certificates, ISMS conforms to ISO 27001:2005 and the SOA thereof.

Please see Figure2 in the attachment of Q30a_Attachment_Figure.

30(a).2.2 Security Capability Test and Assessment

A ʺ.信息ʺ security risk assessment will be carried out at least once a year which covers classification and categorization of information assets; identification and assessment of risks; risk treatment plan and implementation thereof; continuous improvement of risk assessment, etc.. The assessment results will serve as the basis for Tele-info Ltd. and CNNIC to make decisions on overall risk management of ʺ.信息ʺ, assist us in identifying overall risks facing ʺ.信息ʺ, and formulate or adjust risk treatment measures and plans.

Meanwhile, ʺ.信息ʺ invites a third-party security service organization to conduct security inspection and assessment every year, the result of which will be used as an important basis for carrying out security-related work.

30(a).3 Security Level Commitment

According to the classified protection standard of ʺInformation Security Technology—Baseline for Classified Protection of Information System Security (GB⁄T 22239-2008)ʺ, ʺSecurity Protection Requirements for the Domain Name System (YD⁄T 2052-2009)ʺ and ʺSecurity Protection Requirements for the Domain Name Registration System (YD⁄T 2245-2011)ʺ (please refer to Section 30(b).3.1 for the details of security level introduction), ʺ.信息ʺ undertakes the following security commitments to registrants:

(1) The DNS ⁄DNSSEC service system provides global Internet users with ʺ.信息ʺ domain name resolution services. Class-4 protection is used for the primary operation centers and Class-3 protection for nameserver data centers (all nameserver data centers as one unit).

(2) With Class-3 protection, SRS service provides global users with ʺ.信息ʺ domain name registration service through registrars.

(3) With Class-3 protection, Whois service provides global users with ʺ.信息ʺ domain name query service.

Tele-info Ltd. and CNNIC have agreed to set up corresponding security policy with the reference to the security requirements to information systems of different classes, deploy security assurance measures, satisfy each requirement in the standards and accept the examination of the third-party organizations, in a view to guaranteeing ʺ.信息ʺʹs fulfillment of its security-level promises to the public.

Jing Zhang	Secretary
Rui Liu	Supervisor
Song Li	Chief Financial Officer
Tong Song	Chief Executive Officer

Beijing Kaida Telecom Consulting Co.,Ltd.	Not Applicable
Beijing Ruite Telecom Technology Company	Not Applicable

New gTLD Application Submitted to ICANN by: Beijing Tele-info Network Technology Co., Ltd.

String: 信息

Originally Posted: 13 June 2012

Application ID: 1-995-44061

Applicant Information

1. Full legal name

2. Address of the principal place of business

3. Phone number

4. Fax number

5. If applicable, website or URL

Primary Contact

6(a). Name

6(b). Title

6(c). Address

6(d). Phone Number

6(e). Fax Number

6(f). Email Address

Secondary Contact

7(a). Name

7(b). Title

7(c). Address

7(d). Phone Number

7(e). Fax Number

7(f). Email Address

Proof of Legal Establishment

8(a). Legal form of the Applicant

8(b). State the specific national or other jursidiction that defines the type of entity identified in 8(a).

8(c). Attach evidence of the applicant's establishment.

9(a). If applying company is publicly traded, provide the exchange and symbol.

9(b). If the applying entity is a subsidiary, provide the parent company.

9(c). If the applying entity is a joint venture, list all joint venture partners.

Applicant Background

11(a). Name(s) and position(s) of all directors

11(b). Name(s) and position(s) of all officers and partners

11(c). Name(s) and position(s) of all shareholders holding at least 15% of shares

11(d). For an applying entity that does not have directors, officers, partners, or shareholders: Name(s) and position(s) of all individuals having legal or executive responsibility

Applied-for gTLD string

13. Provide the applied-for gTLD string. If an IDN, provide the U-label.

14(a). If an IDN, provide the A-label (beginning with "xn--").

14(b). If an IDN, provide the meaning or restatement of the string in English, that is, a description of the literal meaning of the string in the opinion of the applicant.

14(c). If an IDN, provide the language of the label (in English).

14(c). If an IDN, provide the language of the label (as referenced by ISO-639-1).

14(d). If an IDN, provide the script of the label (in English).

14(d). If an IDN, provide the script of the label (as referenced by ISO 15924).

14(e). If an IDN, list all code points contained in the U-label according to Unicode form.

15(a). If an IDN, Attach IDN Tables for the proposed registry.

15(b). Describe the process used for development of the IDN tables submitted, including consultations and sources used.

15(c). List any variant strings to the applied-for gTLD string according to the relevant IDN tables.

16. Describe the applicant's efforts to ensure that there are no known operational or rendering problems concerning the applied-for gTLD string. If such issues are known, describe steps that will be taken to mitigate these issues in software and other applications.

17. (OPTIONAL) Provide a representation of the label according to the International Phonetic Alphabet (http://www.langsci.ucl.ac.uk/ipa/).

Mission/Purpose

18(a). Describe the mission/purpose of your proposed gTLD.

18(b). How do you expect that your proposed gTLD will benefit registrants, Internet users, and others?

18(c). What operating rules will you adopt to eliminate or minimize social costs?

Community-based Designation

19. Is the application for a community-based TLD?

20(a). Provide the name and full description of the community that the applicant is committing to serve.

20(b). Explain the applicant's relationship to the community identified in 20(a).

20(c). Provide a description of the community-based purpose of the applied-for gTLD.

20(d). Explain the relationship between the applied-for gTLD string and the community identified in 20(a).

20(e). Provide a description of the applicant's intended registration policies in support of the community-based purpose of the applied-for gTLD.

20(f). Attach any written endorsements from institutions/groups representative of the community identified in 20(a).

Geographic Names

21(a). Is the application for a geographic name?

Protection of Geographic Names

22. Describe proposed measures for protection of geographic names at the second and other levels in the applied-for gTLD.

Registry Services

23. Provide name and full description of all the Registry Services to be provided.

Demonstration of Technical & Operational Capability

24. Shared Registration System (SRS) Performance

25. Extensible Provisioning Protocol (EPP)

26. Whois

27. Registration Life Cycle

28. Abuse Prevention and Mitigation

29. Rights Protection Mechanisms

30(a). Security Policy: Summary of the security policy for the proposed registry

© Internet Corporation For Assigned Names and Numbers.