[Gnso-newgtld-wg] [NCAP-Discuss] [Ext] Re: Draft final Study 1 report

Rubens Kuhl rubensk at nic.br
Wed Apr 29 20:11:42 UTC 2020


Anne,

Most of what you posted is more of the same and I'll just refer people to my previous comments on them, available on both list archives. On the man in the middle issue, this was already identified by SAC 057, and had its most prominent threat vector mitigated by measures by both the ICANN collision framework and CA/B Forum guidelines that now don't allow certificates to not delegated TLDs. Other than that specific threat vector, commonplace security measures in Internet applications already handle man in the middle threats, regardless of being collision-related or not.


Rubens


> On 29 Apr 2020, at 15:50, Aikman-Scalese, Anne <AAikman at lrrc.com> wrote:
> 
> Thanks Rubens.  I guess I took the comments as a potential need to work on the design of Study 2.   Perhaps OCTO staff can clarify the scope of Study 1 in this regard?  Did OCTO identify the independent contractor as a name collision expert?  Or was the assignment limited to gathering existing information and identifying gaps in the data?
> 
> As you know, the Board has posed questions to the SSAC that cannot be answered without further research.  The NCAP Discussion Group has been working on how those questions might be addressed and properly answered in all of its recent weekly calls.   Further,  Rod Rasmussen recently sent out an email confirming that the SSAC Work Party is itself a separate body from the Name Collision Analysis Project and will need to consider its responses to the Board’s questions and the degree to which more data may be needed in order to respond to those questions.  Interestingly, some data has come in recently from ICANN’s own server indicating that there are voluminous queries going to the non-existent .home and .corp TLDs (in addition to .lan and others).  It therefore seems very superficial (and even inaccurate based on the data) to conclude that 90 day controlled interruption is adequate to address all name collision issues.  This is particularly true because “Man in the Middle” interceptions of the misguided queries from the 2012 round were apparently never measured. As you know, these Man in the Middle interceptions provide fertile ground for fraud and other harm to consumers.
> 
> Public comment on the Sub Pro “Initial Report” name collisions summary emphasizes the need  to “defer to the SSAC”.  In some cases, it also says, “Defer to the NCAP”.  For well over a year, we have been hearing from some individuals in Sub Pro Leadership that the name collision analysis “isn’t going anywhere” and that our Sub Pro deliberations should not “be held up” waiting for that to happen.  Nevertheless, so far we have a tentative recommendation that ICANN develop a “Do Not Apply” list and it’s clear that this work can be part of the NCAP and SSAC work that is already underway.  A “DO NOT APPLY” list and/or a test for measuring the name collision risk of a particular string as a “gating mechanism” at the time of application would certainly be useful.
> 
> Accordingly, I have always maintained that Sub Pro should be “dovetailing” its efforts with those of NCAP and the SSAC so that we all have our “ducks in a row” in time for the next round.  The ICANN Board specifically stated in its public comment on the “Initial Report” from Sub Pro that this issue presented an opportunity for us to work across the community and work together.  For some reason, there is continuing resistance to that approach and Sub Pro Leadership continues to cast doubt on the need for continued work of the NCAP and the SSAC in this arena.  In my view, that approach will not get us to the next round any faster and will, in fact, have the opposite effect as we risk setting up another “bottleneck” at the Board level where they may be getting conflicting advice coming from different arms of the community.  (This general phenomenon of not working things out before conflicts get to the Board level is ICANN’s biggest weakness in terms of organizational effectiveness and it causes immense delays.)
> 
> Based on the public comment previously received by Sub Pro as well as the Board questions to the SSAC, we need to work together as requested by the Board, rather than stubbornly resisting the further study of these risks.
> 
> Anne
> 
> From: NCAP-Discuss <ncap-discuss-bounces at icann.org> On Behalf Of Rubens Kuhl
> Sent: Tuesday, April 28, 2020 3:43 PM
> To: gnso-newgtld-wg at icann.org; ncap-discuss at icann.org
> Subject: Re: [NCAP-Discuss] [Ext] Re: Draft final Study 1 report
> Importance: High
> 
> 
> Anne,
> 
> The exact quote from Karen's report is as this:
> 
> "Given these findings, the recommendation is that Studies 2 and 3 should not be performed as currently designed. Regarding Study 2, analyzing datasets is unlikely to identify significant root causes for name collisions that have not already been identified. New causes for name collisions are far more likely to be found by investigating TLD candidates for potential delegation on a case by case basis. Regarding Study 3, the review of prior work has not identified any new mitigation strategies for name collisions to be tested. Also, controlled interruption has already proven an effective mitigation strategy. Without a compelling new mitigation strategy to consider, Study 3 does not seem to be needed at this time.
> All of that being said, this does not mean further study should not be conducted into name collision risks and the feasibility of potentially delegating additional domains that are likely to cause name collisions. However, the proposals for Studies 2 and 3 do not seem to still be effective ways of achieving those goals."
> 
> I think her words are self-explanatory of her views, which have already been endorsed in the NCAP mailing list by Jeff Schimdt.
> 
> 
> 
> 
> Rubens
> 
> 
> On 28 Apr 2020, at 19:14, Aikman-Scalese, Anne <AAikman at lrrc.com <mailto:AAikman at lrrc.com>> wrote:
> 
> HI Jeff,
> I listened to last night’s Sub Pro call (which I was unable to attend).  In that call, you advised the Sub Pro Working Group verbally that the independent contractor for NCAP Study 1, Karen Scarfone, had made a Study 1 recommendation against proceeding to Study 2 and 3.  You also stated that “not everyone” in the NCAP Discussion Group agrees with Karen’s recommendation that Study 2 and 3 should not proceed.
> 
> I can’t quite figure out why you believe that Karen made such a recommendation.  It would be good if you could clarify this before the April 30 call on Name Collisions.  Please reply to all.
> 
> Thank you,
> Anne
> 
> 
> From: NCAP-Discuss <ncap-discuss-bounces at icann.org <mailto:ncap-discuss-bounces at icann.org>> On Behalf Of Jeff Neuman
> Sent: Monday, April 27, 2020 8:59 AM
> To: Matt Larson <matt.larson at icann.org <mailto:matt.larson at icann.org>>
> Cc: ncap-discuss at icann.org <mailto:ncap-discuss at icann.org>
> Subject: Re: [NCAP-Discuss] [Ext] Re: Draft final Study 1 report
> 
> [EXTERNAL]
> Thanks Matt.  I forwarded to the SubPro Group your original e-mail which contained the study and your cover note.
> 
> Jeff Neuman
> Senior Vice President
> Com Laude | Valideus
> D: +1.703.635.7514
> E: jeff.neuman at comlaude.com <mailto:jeff.neuman at comlaude.com>
> 
> From: Matt Larson <matt.larson at icann.org <mailto:matt.larson at icann.org>>
> Sent: Monday, April 27, 2020 11:29 AM
> To: Jeff Neuman <jeff.neuman at comlaude.com <mailto:jeff.neuman at comlaude.com>>
> Cc: ncap-discuss at icann.org <mailto:ncap-discuss at icann.org>
> Subject: Re: [NCAP-Discuss] [Ext] Re: Draft final Study 1 report
> 
> Hi, Jeff, everyone.
> 
> 
> On Apr 27, 2020, at 8:01 AM, Jeff Neuman <jeff.neuman at comlaude.com <mailto:jeff.neuman at comlaude.com>> wrote:
> 
> The SubPro Working Group is discussing the issue of Name Collisions on its Thursday call.  Is this list public?  And if so, can I post the latest document to the SubPro list so that they can see the current state of the studies?  I would be happy to post other comments you all have to the report as well that you would want shared.
> 
> This list has public archives, so anyone can see my message with the current draft attached. If you want to share on the SubPro list, could I please suggest that you point people to my message in the archives rather than send the document itself? That link is https://mm.icann.org/pipermail/ncap-discuss/2020-April/000275.html <https://mm.icann.org/pipermail/ncap-discuss/2020-April/000275.html>. Sharing the document that way will hopefully help keep the context clear, specifically, that this report is not final.
> 
> Matt
> 
> The contents of this email and any attachments are confidential to the intended recipient. They may not be disclosed, used by or copied in any way by anyone other than the intended recipient. If you have received this message in error, please return it to the sender (deleting the body of the email and attachments in your reply) and immediately and permanently delete it. Please note that the Com Laude Group does not accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. The Com Laude Group does not accept liability for statements which are clearly the sender's own and not made on behalf of the group or one of its member entities. The Com Laude Group includes Nom-IQ Limited t/a Com Laude, a company registered in England and Wales with company number 5047655 and registered office at 28-30 Little Russell Street, London, WC1A 2HN England; Valideus Limited, a company registered in England and Wales with company number 06181291 and registered office at 28-30 Little Russell Street, London, WC1A 2HN England; Demys Limited, a company registered in Scotland with company number SC197176, having its registered office at 33 Melville Street, Edinburgh, Lothian, EH3 7JF Scotland; Consonum, Inc. dba Com Laude USA and Valideus USA, headquartered at 1751 Pinnacle Drive, Suite 600, McLean, VA 22102, USA; Com Laude (Japan) Corporation, a company registered in Japan having its registered office at Suite 319,1-3-21 Shinkawa, Chuo-ku, Tokyo, 104-0033, Japan. For further information see www.comlaude.com <https://comlaude.com/>
> 
> 
> This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521.
> _______________________________________________
> NCAP-Discuss mailing list
> NCAP-Discuss at icann.org <mailto:NCAP-Discuss at icann.org>
> https://mm.icann.org/mailman/listinfo/ncap-discuss <https://mm.icann.org/mailman/listinfo/ncap-discuss>
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy <https://www.icann.org/privacy/policy>) and the website Terms of Service (https://www.icann.org/privacy/tos <https://www.icann.org/privacy/tos>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
> 
> 
> 
> This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-newgtld-wg/attachments/20200429/8d38099c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 529 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/gnso-newgtld-wg/attachments/20200429/8d38099c/signature-0001.asc>


More information about the Gnso-newgtld-wg mailing list