[NCAP-Discuss] Comment deadline extended (was Re: Draft final Study 1 report)

Aikman-Scalese, Anne AAikman at lrrc.com
Wed May 6 18:27:27 UTC 2020 

OK – I don’t have technical background but given the changes in the internet since 2012, it seems there would be datasets out there that would be helpful.  For example, the data that was just retrieved from the ICANN server?
Thank you,
Anne

From: Karen Scarfone <karen at scarfonecybersecurity.com>
Sent: Wednesday, May 6, 2020 9:36 AM
To: Aikman-Scalese, Anne <AAikman at lrrc.com>
Cc: NCAP Discussion Group <ncap-discuss at icann.org>
Subject: Re: [NCAP-Discuss] Comment deadline extended (was Re: Draft final Study 1 report)

[EXTERNAL]
________________________________
Anne,

I didn’t find any dataset issues or gaps, so I don’t have a list of other datasets that would be needed. I am going to add a finding to that effect.


Karen

From: "Aikman-Scalese, Anne" <AAikman at lrrc.com<mailto:AAikman at lrrc.com>>
Date: Tuesday, May 5, 2020 at 6:21 PM
To: Karen Scarfone <karen at scarfonecybersecurity.com<mailto:karen at scarfonecybersecurity.com>>
Cc: NCAP Discussion Group <ncap-discuss at icann.org<mailto:ncap-discuss at icann.org>>
Subject: RE: [NCAP-Discuss] Comment deadline extended (was Re: Draft final Study 1 report)

Thanks Karen. I may have misunderstood the discussion on the list, but  I think the RFP specifies the following requirement which is independent of the recommendation whether or not to proceed:

creation of a list of additional data sets that would be required to successfully complete Studies 2 and 3.



Anne

From: Karen Scarfone <karen at scarfonecybersecurity.com<mailto:karen at scarfonecybersecurity.com>>
Sent: Tuesday, May 5, 2020 12:15 PM
To: Aikman-Scalese, Anne <AAikman at lrrc.com<mailto:AAikman at lrrc.com>>
Cc: NCAP Discussion Group <ncap-discuss at icann.org<mailto:ncap-discuss at icann.org>>
Subject: Re: [NCAP-Discuss] Comment deadline extended (was Re: Draft final Study 1 report)

[EXTERNAL]
________________________________
Anne,

I was asked to make a recommendation based not only on dataset availability, but also “the results of the survey of prior work.” I felt that the survey of prior work indicated that Studies 2 and 3 should not go forward as designed, so dataset access was irrelevant. Actually, I didn’t find significant issues in obtaining the datasets. In an earlier draft of the report, I had an explicit finding about dataset access not being an issue, but that seemed superfluous, so I deleted it. I can add it back to the report if that would be clearer.


Karen

From: NCAP-Discuss <ncap-discuss-bounces at icann.org<mailto:ncap-discuss-bounces at icann.org>> on behalf of "Aikman-Scalese, Anne" <AAikman at lrrc.com<mailto:AAikman at lrrc.com>>
Date: Friday, May 1, 2020 at 3:37 PM
To: Matt Larson <matt.larson at icann.org<mailto:matt.larson at icann.org>>
Cc: NCAP Discussion Group <ncap-discuss at icann.org<mailto:ncap-discuss at icann.org>>
Subject: Re: [NCAP-Discuss] Comment deadline extended (was Re: Draft final Study 1 report)


Scope of Study 1 and the Unanswered Board Questions



Hi all - I checked the ICANN RFP in relation to the scope of Study 1.  It clearly looks for the consultant's recommendation as to whether or not to proceed to Studies 2 and 3.   In fact, the ICANN RFP actually specifically suggests to the bidders that the consultant might conclude “that it would not be possible to obtain the data necessary to successfully complete Studies 2 and 3”.     It appears that Karen has concluded it would not be possible to obtain the data sets.   However, there are others on the list who disagree regarding the ability to obtain the data.  In addition,  the SSAC is charged with answering the ICANN Board’s questions regarding certain topics that are only addressed in Study 2.  So what is the Discussion Group’s view  as to how Study 2 might be redesigned in a way that would permit these answers to be provided to the Board?  (See Jim’s chart on this point.)



Effectiveness of Controlled Interruption to Mitigate Harm



In recommending against Study 2 and 3 as currently designed, Karen’s report further states “Also, controlled interruption has already proven an effective mitigation strategy.”    Regarding the standard for reporting in the last round, see the following from the icann.org website “If your system is suffering demonstrably severe harm (emphasis added) as a consequence of name collision, please fill in the form below to report the incident.   ICANN will initiate an emergency response for name collision reports only where there is a reasonable belief that the name collision presents a clear and present danger to human life.”  In particular in light of the current level of community concern over DNS Abuse, it appears that the question of “effective mitigation strategy” cannot be limited to “demonstrably severe harm” or “clear and present danger to human life.”   Further, recent data from ICANN’s server suggests that users have not been effectively “educated” to avoid non-existent TLDs.  There has been no suggestion that Man in the Middle consumer protection issues such as fraud resulting from name collisions should be reported to ICANN.  (The reporting form appears to have been addressed to IT professionals.)



Need for Useful Name  Collision Tools for the Next Round – DO NOT APPLY List and Test for Level of  Risk associated with an Applied-For String



All that said, in particular after yesterdays’ Sub Pro call, I’m personally focused on the fact that the Sub Pro WG will be formally recommending to the GNSO (and then ultimately to the Board) (A) the development of a “Do Not Apply” list and (B) a reliable test for Name Collision strings to be identified for the next round that would be used to test each applied-for string before delegation to determine whether the string is “high risk”, “medium risk”, or “low risk”.   Jeff Neuman mentioned these useful tools in the last NCAP call and there was discussion around redesigning Study 2 for the purpose of arriving at practical tools that would fulfill these roles in the next round.  Call me crazy, but it appears that the logical place for these tools to be developed is within the Name Collision Analysis Project.



Looking forward to further discussion in next Wednesday’s call,

Anne



Section of RFP related to Scope:



"The SSAC proposal calls for three studies investigating name collisions to be performed consecutively. Study 1 will serve as a foundation for Studies 2 and 3. This RFP covers only Study 1 .However, Study 1 will provide insight in Studies 2 and 3, and an important outcome and deliverable of Study 1 is a recommendation on whether or not to proceed with Studies 2 and 3.(Study 1 might conclude, for example, that it would not be possible to obtain the data necessary to successfully complete Studies 2 and 3.)"



The goals of Study 1 are:

1. Production of a summary report on the topic of name collision that brings forth important knowledge from prior work in the area. The report will be a primer for those new to the subject. The report will be based on an examination of all relevant prior work on the issue of name collisions.

2. Creation of a list of datasets used in past name collision studies; an identification of gaps 2, if any; and creation of a list of additional data sets that would be required to successfully complete Studies 2 and 3.

3. A recommendation if Studies 2 and 3 should be performed based on the results of the survey of prior work and the availability of data sets.”



-----Original Message-----
From: NCAP-Discuss <ncap-discuss-bounces at icann.org<mailto:ncap-discuss-bounces at icann.org>> On Behalf Of Matt Larson
Sent: Friday, May 1, 2020 9:57 AM
To: Jeff Schmidt via NCAP-Discuss <ncap-discuss at icann.org<mailto:ncap-discuss at icann.org>>
Subject: [NCAP-Discuss] Comment deadline extended (was Re: Draft final Study 1 report)



[EXTERNAL]



Dear colleagues,



Given the ongoing discussion on the list, I am extending the deadline for your comments on the draft final Study 1 report to next Wednesday, 6 May.



After that, Karen will revise the report and we will open a Public Comment.



Thanks,



Matt





> On Apr 24, 2020, at 11:03 AM, Matt Larson <matt.larson at icann.org<mailto:matt.larson at icann.org>> wrote:

>

> Dear colleagues,

>

> Attached is Karen's draft of the final version of Study 1. Changes since the last version are highlighted, but the significant updates are in Section 5 (Datasets) and the addition of an executive summary and a conclusion.

>

> OCTO has told Karen all along that she should feel free to reach whatever conclusion she felt warranted by the research she's done. We have not attempted to undermine her professional integrity by leading her in any particular direction.

>

> We'd be grateful for your review and comment. We'll be following the same process as we did with the draft version of the report: this group has a chance to comment first and then the report will go out for a formal Public Comment.

>

> In order to stay on schedule to deliver the final report to the Board by 30 June as we've promised, we need any feedback from this group by next Friday, 1 May.

>

> Thanks,

>

> Matt

>

> <NCAP Phase 1 Report Draft 20200422-for-DG-review.docx>

>



_______________________________________________

NCAP-Discuss mailing list

NCAP-Discuss at icann.org<mailto:NCAP-Discuss at icann.org>

https://mm.icann.org/mailman/listinfo/ncap-discuss



_______________________________________________

By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.



________________________________

This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521.

________________________________

This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521.

________________________________

This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ncap-discuss/attachments/20200506/e31bd116/attachment-0001.html>

More information about the NCAP-Discuss mailing list