[bc-gnso] FW: ICANN News Alert -- Addressing the Consequences of Name Collisions
psc at vlaw-dc.com
Tue Aug 6 18:43:22 UTC 2013
Query: The staff recommendations resulting from the Name Collision study have just been put out for public comment. It suggests that for the 80% of gTLD applications deemed Low Risk that there be two sequential waiting periods, of 120 days plus 30 days, before domains at those new gTLDs go live. That delay period runs from the date of signing the registry agreement with ICANN.
While not strictly a BC issue, since many on the list are either affiliated with or working with applicants, does that result in any significant additional delay since after the date of agreement signing given that there is still a sunrise registration period, marketing efforts must be engaged in, etc. I’m just interested in appraising the real world impact in a broader context.
For the 20% of applications deemed to be of Uncalculated Risk, the study recommends an additional study that will run 3-6 months.
Two applications -- .home and .corp – are deemed High Risk and would be put on indefinite hold.
Philip S. Corwin, Founding Principal
1155 F Street, NW
Washington, DC 20004
"Luck is the residue of design" -- Branch Rickey
From: ICANN News Alert [mailto:communications at icann.org]
Sent: Tuesday, August 06, 2013 2:18 PM
To: Phil Corwin
Subject: ICANN News Alert -- Addressing the Consequences of Name Collisions
Addressing the Consequences of Name Collisions
5 August 2013
As directed by the ICANN Board of Directors on 18 May 2013, ICANN commissioned and today releases the results of a study that considers the likelihood and impact of name space collisions between applied-for new gTLD strings and non-delegated TLDs. Additionally, the study also reviewed the possibility of collisions arising from the use of X.509 digital certificates.
Background: In a study published in January 2013, ICANN's Security and Stability Advisory Committee (SSAC) identified fact that some certificate authorities issue X.509 certificates for domain names that are not resolvable in the public DNS. Such issues identified in SAC 057, as well as in SAC 045, are symptoms of entities that have local environments that include strong assumptions about the number of top-level domains and/or have introduced local top-level domains in private namespaces that may conflict with names yet to be allocated. These private namespaces sometimes "leak" into the public DNS (either through misconfiguration or the use of old software), meaning that requests for resources on private networks could end up querying the public-facing DNS Root Servers and hence "colliding" with the delegated new gTLD.
The Study: On 18 May 2013, the ICANN Board approved a resolution calling for a detailed study of the name collision issue. ICANN contracted with Interisle Consulting Group, LLC to collect and analyze the necessary data on all applied-for strings.
The resulting study, Name Collision in the DNS<http://www.icann.org/en/about/staff/security/ssr/name-collision-02aug13-en.pdf> [PDF, 3.34 MB], identifies three categories of strings by the potential risk of name space collision:
* Low Risk: 80% of applied-for strings.
* Uncalculated Risk: 20% of applied-for strings.
* High Risk: 2 strings (.home, .corp).
To minimize the likelihood of any impact, ICANN proposes to the community several mitigation measures to be taken as described in an accompanying staff recommendation paper, New gTLD Collision Risk Management<http://www.icann.org/en/about/staff/security/ssr/new-gtld-collision-mitigation-05aug13-en.pdf> [PDF, 166 KB]. They include:
* Proceeding with contracting and delegation of those strings categorized as "low risk" (80%) but recommending additional mitigation measures which should not materially impact their timeline for delegation.
* Conducting further study on those strings categorized as "uncalculated risk" (20%) anticipated to take 3-6 months to complete.
* Delaying contracting and delegation of the two "high risk" strings until mitigation efforts can place them in the "low risk" category.
New gTLD Security and Stability: Throughout the development of the New gTLD program, the security and stability of the Domain Name System has remained the paramount concern of the ICANN community. ICANN staff has prepared an information sheet, Secure and Stable Introduction of new gTLDs<http://www.icann.org/en/about/staff/security/ssr/intro-new-gtlds-05aug13-en.pdf> [PDF, 102 KB], that describes the measures ICANN has taken to ensure the introduction of new gTLDs will not jeopardize that commitment.
Public Comment: At this time, the mitigation steps outlined in the staff recommendation paper are proposals only and community input is strongly suggested. As a result, ICANN has opened a formal process for soliciting public comment. The form for submitting public comment and the calendar for doing so is available here<http://www.icann.org/en/news/public-comment/name-collision-05aug13-en.htm>.
Coordinated Vulnerability Disclosure Process: ICANN takes this opportunity to inform the community that it has updated its risk management procedures for improved reporting and response to any unforeseen issues arising from the delegation of new gTLDs. Members of the community are urged to familiarize themselves with the process available for review here<http://www.icann.org/en/about/staff/security/vulnerability-disclosure-05aug13-en.pdf> [PDF, 628 KB].
This message was sent to pcorwin at butera-andrews.com<mailto:pcorwin at butera-andrews.com> from:
ICANN | 12025 Waterfront Drive Suite 300 | Los Angeles, CA 90094-2536
Email Marketing by [iContact - Try It Free!] <http://www.icontact.com/a.pl/144186>
Manage Your Subscription <http://app.icontact.com/icp/mmail-mprofile.pl?r=9829339&l=6333&s=7I8Y&m=917981&c=165637>
No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2013.0.3392 / Virus Database: 3209/6545 - Release Date: 08/02/13
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bc-gnso