[Comments-ncap-1-proposed-final-report-08may20] JAS Global Advisors comments on Name Collision Analysis Project (NCAP) Study 1 document

[Jeff Schmidt]

JAS Global Advisors was contracted by ICANN to research the collisions phenomena and provide recommendations on how to safely delegate new TLDs.  JAS research and recommendations lead directly to ICANN's Name Collision Occurrence Management Framework which resulted in the safe delegation of > 1,200 new TLDs to date.

JAS supports the Scarfone Cybersecurity findings and conclusions contained within the Name Collision Analysis Project (NCAP) Study 1 document.

In particular, the Scarfone document reminds us of several important truths regarding namespace collisions:

(1) Collisions are well understood and have been researched since the 1990s.  Problematic - even dangerous - collisions may occur now or in the future, and whether ICANN delegates new TLDs or not.  But the root causes are well understood as well as the available mitigation strategies.  Collisions will never be "zero" and that must not be our goal.

(2) Policy makers must understand that Collisions (as defined by the SSAC in SAC62 and SAC66) are a DNS problem, not a New gTLD problem.  They can and do occur throughout the global Internet DNS Namespace and in every TLD.  Collisions also occur in every other large namespace including telephone numbers and postal addresses.

(3) What ICANN (collectively) did during the 2012 New gTLD Round worked.  By every conceivable definition of "worked."  

   (a) ICANN delegated more than 1,200 New TLD strings with only a tiny handful of collision issues reported, none serious.  Policy makers interested in namespace collisions must review and understand the implications of Figure 1 in the Scarfone document.

   (b) Multiple parties (including Scarfone) have scoured the Internet looking for evidence of unreported serious collision-related issues and found none.  Several of the largest tech companies in the world are represented on NCAP and SSAC.  The individuals serving on NCAP and SSAC are some of the smartest, most informed, and well-connected technologists in the world.  If there were widespread serious collision problems, it is unreasonable to think they would not be known five plus years after delegating > 1,200 new TLDs.  

   (c) Based on a string-by-string analysis of applied-for strings, delegation of three dangerous strings (corp, home, mail) was (correctly) blocked based on discovering and analyzing their unique situations.

   (d) Controlled Interruption worked as intended; again, multiple parties (including Scarfone) have scoured the Internet and identified references to 127.0.53.53 directing administrators to helpful information.  All major search engines provide helpful content when searching for 127.0.53.53.  Most browsers provide appropriate messaging when they encounter 127.0.53.53.  The investment we collectively have made in the 127.0.53.53 signaling has been effective.  Many systems are better now as a result of corrections made following controlled interruption.

   (e) Zero litigation and zero privacy/regulatory issues resulted from ICANN's handling of collisions in the 2012 New gTLD Round. 

In summary, if ICANN were to consider delegating additional strings to the root at some future point, there is no reason to do anything differently than what it did in 2012.  If ICANN or the ICANN Community are unhappy with how collisions were eventually handled in the 2012 New gTLD Round, it must state a specific problem to be addressed.