[NCAP-Discuss] SSR2 Draft Report Overlap

Mon Jan 27 14:21:53 UTC 2020

FYI.  The SSR2 Draft Findings was published for public comment this weekend.  https://www.icann.org/en/system/files/files/ssr2-review-24jan20-en.pdf?mkt_tok=eyJpIjoiT0RJeE16a3pPRFkwWTJKbCIsInQiOiJtK3BtZUxtbTh3bWJCMXhOeXFrcXB0T0pmTTRkYzVvN2VueEJjdmlSWWVHOVU3Y21DRm9mcVpxNmQ5eElrcjdwd3NQVlhTVlVpUEZLY2ZTRktSNFpFbXh4RVwvTUVmbzBjVmV3MXhcL3AyNDRGeTNhazJVN2tZbGN1YlVcLzJldEFZYSJ9

The following are recommendations on Name Collision.  Personally, I think we should respond that much of the work is being done independently and that having yet another independent study to review this study is overkill.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Name Collision

Rationale and Findings
While ICANN org provides detailed education on name collision, there is no restriction of registrants utilizing a unique identifier for a private zone that collides with a public zone. There is no reporting and alerting mechanism allowing the community to file reports that may reveal sensitive data and security threats resulting from the collision. With the known instances of these attack vectors, the SSR2 RT feels the name collision problem is present and must be explored, diagnosed, and acted upon through careful study and action. Among the findings of "MitM attack by name collision: Cause analysis and vulnerability assessment in the new gTLD era"104 were that the last round of gTLDs measurably exacerbated this problem.

SSR2 Recommendation 28: Develop a Report on the Frequency of Name Collisions and Propose a Solution

  *   28.4. ICANN org should produce findings that characterize the nature and frequency of name collisions and resulting concerns. The ICANN community should implement a solution before the next round of gTLDs.
  *   28.5. ICANN org should facilitate this process by initiating an independent study of name collisions through to its eventual completion and adopt or account for the implementation or non-adoption of any resulting recommendations. By "independent," SSR2 RT means that ICANN org should ensure that the SSAC Name Collision Analysis Project (NCAP) work party research and report evaluation team's results need to be vetted by parties that are free of any financial interest in TLD expansion.
  *   28.6. ICANN org should enable community reporting on instances of name collision. These reports should allow appropriate handling of sensitive data and security threats and should be rolled into community reporting metrics.

Jeff Neuman
Senior Vice President

Com Laude | Valideus
1751 Pinnacle Drive
Suite 600, McLean
VA 22102, USA

M: +1.202.549.5079
D: +1.703.635.7514
E: jeff.neuman at comlaude.com<mailto:jeff.neuman at comlaude.com>
www.comlaude.com<http://www.comlaude.com/>

[cid:image001.jpg at 01D5D4F3.350921B0]

________________________________
The contents of this email and any attachments are confidential to the intended recipient. They may not be disclosed, used by or copied in any way by anyone other than the intended recipient. If you have received this message in error, please return it to the sender (deleting the body of the email and attachments in your reply) and immediately and permanently delete it. Please note that the Com Laude Group does not accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. The Com Laude Group does not accept liability for statements which are clearly the sender's own and not made on behalf of the group or one of its member entities. The Com Laude Group includes Nom-IQ Limited t/a Com Laude, a company registered in England and Wales with company number 5047655 and registered office at 28-30 Little Russell Street, London, WC1A 2HN England; Valideus Limited, a company registered in England and Wales with company number 06181291 and registered office at 28-30 Little Russell Street, London, WC1A 2HN England; Demys Limited, a company registered in Scotland with company number SC197176, having its registered office at 33 Melville Street, Edinburgh, Lothian, EH3 7JF Scotland; Consonum, Inc. dba Com Laude USA and Valideus USA, headquartered at 1751 Pinnacle Drive, Suite 600, McLean, VA 22102, USA; Com Laude (Japan) Corporation, a company registered in Japan having its registered office at Suite 319,1-3-21 Shinkawa, Chuo-ku, Tokyo, 104-0033, Japan. For further information see www.comlaude.com<https://comlaude.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ncap-discuss/attachments/20200127/2c9a3951/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6008 bytes
Desc: image001.jpg
URL: <http://mm.icann.org/pipermail/ncap-discuss/attachments/20200127/2c9a3951/image001-0001.jpg>