[NCAP-Discuss] Draft final Study 1 report: "re-registered name collisions"

Thu Apr 30 13:10:07 UTC 2020

Karen,
In your report you list four types of name collisions as in-scope, the 
fourth of which you refer to as "re-registration name collisions", with 
the following explanation in S2.2:

"4. Suppose that Alice registers a TLD or SLD and uses it for some time, 
then lets it expire. Subsequently someone else registers the same domain 
and delegates it. Now queries looking for the old domain (for Alice) 
will go to the new domain (for someone else). This report will refer to 
these as re-registered name collisions—the collision is caused by 
someone registering a domain that was previously registered by someone 
else."

and the following mapping to the RFP:

"B.b: Registrant Alice uses .EXAMPLE as a TLD in the public DNS and then 
lets the registration expire. Registrant Bob then registers and 
delegates .EXAMPLE. Traffic intended for Alice’s use of .EXAMPLE is now 
received by Bob’s use of .EXAMPLE

B.c: Registrant Alice uses EXAMPLE.COM and then lets the registration 
expire. Registrant Bob then registers and delegates EXAMPLE.COM. Traffic 
intended for Alice’s use of EXAMPLE.COM is now received by Bob’s use of 
EXAMPLE.COM"

and provide this context for scoping:

"All four of these types of name collisions are in scope for Study 1. 
Only duplicate name collisions and shortened name collisions (types A.a, 
A.b, and A.c from the RFP) are in scope for Section 5 of this report (on 
data sets for Studies 2 and 3). No other types of name collisions are in 
scope for any parts of Study 1."

Are we saying "re-registered name collisions" are in-scope or out of 
scope of Study 1?

By definition as conveyed in Section 1 they're in "the RZM namespace" 
and resolve in the same context so should this not be out of the scope 
of Study 1?  From Section 1:

For the purposes of Study 1, the term name collision “refers to the 
situation where a name that is defined and used in one namespace may 
also appear in another. Users and applications intending to use a name 
in one namespace may attempt to use it in a different one, and 
unexpected behavior may result where the intended use of the name is not 
the same in both namespaces. The circumstances that lead to a name 
collision could be accidental or malicious.
Study 1 concerns name collisions in the context of top-level domains 
(TLDs), where the conflicting namespaces are:
•	the global Internet Domain Name System (DNS) namespace reflected in 
the root zone overseen by the Internet Assigned Numbers Authority (IANA) 
Function; and
•	any other namespace, regardless of whether that other namespace is 
intended for use with the DNS or any other protocol.” [2]
Also from the RFP:
“Name collision refers to the situation in which a name that is used in 
one namespace may be used in a different namespace, where users, 
software, or other functions in that domain may misinterpret it. In the 
context of top level domains, the term ‘name collision’ refers to the 
situation in which a name that is used in the global Domain Name System 
(DNS) namespace defined in the root zone as published by the root zone 
management (RZM) partners ICANN and VeriSign (the RZM namespace) may be 
used in a different namespace (non-RZM), where users, software, or other 
functions in that domain may misinterpret it.” [2]

I don't consider these collisions at all.  I believe they have well 
known risks but that doesn't make them collisions - they're not 
colliding with anything.

I've re-read the RFP and see where it considers these collisions and 
"in-scope but not intended to the the subject of data studies" 
(s2.3.3.b.c) but I'm not convinced they are collisions by the very 
definitions in the report and the RFP.  Given that this the draft of the 
final study 1 report can someone help me understand what's "colliding" 
here and either change the definitions in the study or consider whether 
they should be in scope of a collision study at all?

Thanks,

-danny