[council] Final ICANN Security Committee Document on new GTLDs

Neuman, Jeff Jeff.Neuman at Neustar.us
Wed Sep 3 17:10:40 UTC 2003


This is the final document that was sent to the ICANN Public Comments list
regarding new TLDs from the Security Committee.  I think it does a great job
in explaining the problems and recommending next steps.  I believe this
paper should be endorsed by the Council in addition to the work the GNSO
will undertake.


ICANN Security and Stability Committee
August 25, 2003


There are now more than 2 million domain names that use one of the new Top
Level Domains (TLDs) approved by ICANN in November 2000.  These include
several TLDs with 4 or more characters (.aero, .coop, .info, .name, and
.museum).  ICANN intends to expand the list of new TLDs, including a limited
number of sponsored top-level domains this year.  Such expansion may take
place at regular intervals.

Although the implementation of the new TLDs began in 2001, compatibility
problems were found with the installed base of software used by Internet
infrastructure operators (including Internet Service Providers (ISPs) and
corporate network operators) and application providers (such as web hosting
companies, ecommerce websites, and email services).

The underlying DNS protocols can easily support the introduction of new TLDs
into the top-level zone files.  However, some of the software written to use
domain names was written without taking into account the addition of new
TLDs.  This includes DNS resolvers, provisioning software (e.g., to
facilitate the creation of web sites or email services), and end-user
application software (e.g., email programs and web forms).

Sometimes, as in the case of many DNS resolvers, a configuration change is
all that is needed to support the new TLDs.  Other times, as in the case of
checking user input against expected behavior, there are problems because a
fixed list of TLDs is used or TLDs are presumed to be at most three
characters in length.

Some web applications use algorithms that guess or attempt to automatically
complete domain name entries (e.g., search engines, directories, browsers)
when a fully qualified domain name is not supplied.  Problems arise when
these applications use an outdated list of TLDs, or attempt to redirect
users to a different TLD when the user's intent was to lookup one of the new

There are many pieces of software used in the Internet that make use of
domain names.  The problem of checking all existing software for support of
new TLDs is a similar problem to that of checking software for the ability
to handle dates beyond 2000.


1. ICANN should develop an advisory regarding support for new TLDs for
display on their website, and the GNSO constituencies should publicise this
advisory through their membership and customer bases.

2. ICANN should recommend that the IAB consider issuing an informational RFC
advising of the issue, and publicising this through the IETF technical

3. Internet infrastructure providers that have their own customised software
for Internet service provision should test the capability of the software to
support new TLDs, and correct problems quickly where they are found.

4. Internet software application developers should be encouraged to review
their software for support of new TLDs.  Where problems are found,
application developers should upgrade their software, and provide these
updates to their user base.

5. A central repository of known commonly used software that has
compatibility problems (e.g., DNS resolver software used by common operating
systems) with new TLDs, and instructions for how to upgrade the software
should be created.  This repository would facilitate Internet infrastructure
providers and software application developers to provide necessary software
updates to users of the Internet to resolve known compatibility issues.

6. ICANN should examine compatibility problems with the introduction of new
TLDs in 2001 as a topic in its Proof of Concept study.

More information about the council mailing list