[NCAP-Discuss] [Ext] Revised draft of NCAP Study 1 report

Rubens Kuhl rubensk at nic.br
Sun Feb 9 17:54:00 UTC 2020 

On the original topic of corp.com <http://corp.com/>, press coverage of it:
https://krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-sale/ <https://krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-sale/>


Rubens


> On 9 Feb 2020, at 13:17, Rubens Kuhl <rubensk at nic.br> wrote:
> 
> Signed PGP part
> 
> 
>> On 9 Feb 2020, at 13:06, Patrik Fältström <paf at frobbit.se <mailto:paf at frobbit.se>> wrote:
>> 
>> On 9 Feb 2020, at 7:06, Rubens Kuhl wrote:
>> 
>>> Where can I find (regardless of author) well-thought analysis supporting the claim that the delegation of new TLDs could make people die ?
>> 
>> The only claim of people dying I know of is coming from a blogger:
>> 
>> <http://domainincite.com/13221-verisign-says-people-might-die-if-new-gtlds-are-delegated <http://domainincite.com/13221-verisign-says-people-might-die-if-new-gtlds-are-delegated>>
>> 
>> I have not seen many statements by bloggers like this author which are based on analysis and because of that I do not think we have to go down that path and investigate it further.
> 
> Actually, this made into the new gTLD program, and included the following mitigation mechanism:
> https://www.icann.org/en/system/files/files/name-collision-framework-30jul14-en.pdf <https://www.icann.org/en/system/files/files/name-collision-framework-30jul14-en.pdf>
> 
> "7. EMERGENCY	RESPONSE ICANN	will	limit	emergency	response	for name	collision	reports to	situations where	there	is	a	reasonable	belief	that	the	name collision	presents	a	clear	and	present	danger	to	human	life."
> 
> So, this already found its way into current in-force policy.
> 
>> 
>> Also note that the link in this blog post to Verisigns actual response is wrong. You can find Verisigns response here:
>> 
>> <https://forum.icann.org/lists/comments-gac-safeguard-advice-23apr13/pdfzz0VhyFkZw.pdf <https://forum.icann.org/lists/comments-gac-safeguard-advice-23apr13/pdfzz0VhyFkZw.pdf>>
> 
> And the actual words from Pat Kane and Danny Mcpherson are:
> "These "outlier" strings with very low query rates may actually pose the most risks because they could support critical devices including emergency communications systems or other life-supporting networked devices."
> 
> But besides that response, no other published document has ever went to describe how this could be a reasonable line of thinking. Pink fish could turn into white fish too, but that never happened. And having the data to support that risk analysis could make all of us propose a different set of mitigations, so if it's somewhere to be found, it would be very interesting material for the NCAP project.
> 
> 
> 
> 
> Rubens
> 
> 
> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ncap-discuss/attachments/20200209/0908b30c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 529 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/ncap-discuss/attachments/20200209/0908b30c/signature-0001.asc>

More information about the NCAP-Discuss mailing list