[NCAP-Discuss] Draft final Study 1 report: "re-registered name collisions"
Danny McPherson
danny at tcb.net
Thu Apr 30 13:10:07 UTC 2020
Karen,
In your report you list four types of name collisions as in-scope, the
fourth of which you refer to as "re-registration name collisions", with
the following explanation in S2.2:
"4. Suppose that Alice registers a TLD or SLD and uses it for some time,
then lets it expire. Subsequently someone else registers the same domain
and delegates it. Now queries looking for the old domain (for Alice)
will go to the new domain (for someone else). This report will refer to
these as re-registered name collisions—the collision is caused by
someone registering a domain that was previously registered by someone
else."
and the following mapping to the RFP:
"B.b: Registrant Alice uses .EXAMPLE as a TLD in the public DNS and then
lets the registration expire. Registrant Bob then registers and
delegates .EXAMPLE. Traffic intended for Alice’s use of .EXAMPLE is now
received by Bob’s use of .EXAMPLE
B.c: Registrant Alice uses EXAMPLE.COM and then lets the registration
expire. Registrant Bob then registers and delegates EXAMPLE.COM. Traffic
intended for Alice’s use of EXAMPLE.COM is now received by Bob’s use of
EXAMPLE.COM"
and provide this context for scoping:
"All four of these types of name collisions are in scope for Study 1.
Only duplicate name collisions and shortened name collisions (types A.a,
A.b, and A.c from the RFP) are in scope for Section 5 of this report (on
data sets for Studies 2 and 3). No other types of name collisions are in
scope for any parts of Study 1."
Are we saying "re-registered name collisions" are in-scope or out of
scope of Study 1?
By definition as conveyed in Section 1 they're in "the RZM namespace"
and resolve in the same context so should this not be out of the scope
of Study 1? From Section 1:
For the purposes of Study 1, the term name collision “refers to the
situation where a name that is defined and used in one namespace may
also appear in another. Users and applications intending to use a name
in one namespace may attempt to use it in a different one, and
unexpected behavior may result where the intended use of the name is not
the same in both namespaces. The circumstances that lead to a name
collision could be accidental or malicious.
Study 1 concerns name collisions in the context of top-level domains
(TLDs), where the conflicting namespaces are:
• the global Internet Domain Name System (DNS) namespace reflected in
the root zone overseen by the Internet Assigned Numbers Authority (IANA)
Function; and
• any other namespace, regardless of whether that other namespace is
intended for use with the DNS or any other protocol.” [2]
Also from the RFP:
“Name collision refers to the situation in which a name that is used in
one namespace may be used in a different namespace, where users,
software, or other functions in that domain may misinterpret it. In the
context of top level domains, the term ‘name collision’ refers to the
situation in which a name that is used in the global Domain Name System
(DNS) namespace defined in the root zone as published by the root zone
management (RZM) partners ICANN and VeriSign (the RZM namespace) may be
used in a different namespace (non-RZM), where users, software, or other
functions in that domain may misinterpret it.” [2]
I don't consider these collisions at all. I believe they have well
known risks but that doesn't make them collisions - they're not
colliding with anything.
I've re-read the RFP and see where it considers these collisions and
"in-scope but not intended to the the subject of data studies"
(s2.3.3.b.c) but I'm not convinced they are collisions by the very
definitions in the report and the RFP. Given that this the draft of the
final study 1 report can someone help me understand what's "colliding"
here and either change the definitions in the study or consider whether
they should be in scope of a collision study at all?
Thanks,
-danny
More information about the NCAP-Discuss
mailing list