[NCAP-Discuss] FINAL REVIEW: NCAP Public Comment responses

Mon May 9 19:18:39 UTC 2022

Jeff,

With item #1 below, I’m going to say we discussed those impacts within the context of name collisions several times. Let me just talk to the first technology change w/r/t Qname Minimization (QNM).  We have referenced other bodies of work [1] [2] [3] that have measured longitudinally the deployment of QNM; furthermore, we have examined those impacts to the various case study strings presented and ultimately arrived at the inclusion of labels beyond the TLD to be part of the CDMs.  Understanding the labels, their diversity, their context, etc provides valuable insights into current usage of the non-existent TLD and helps inform potential remediation/outreach efforts. The Root Cause report reiterates that sentiment. Furthermore, I’ll note that deployment of various types of QNM techniques by resolvers also impacts name collision analysis at the second label – not all resolvers “chop off” the extra labels, some add random labels, which will impact any risk assessment.

As for other changes within the DNS, there are several resources that clearly show additional impacts [4] [5].

Matt

[1] https://blog.verisign.com/security/maximizing-qname-minimization-a-new-chapter-in-dns-protocol-evolution/
[2] https://dnsthought.nlnetlabs.nl/#qnamemin
[3] https://research.utwente.nl/en/publications/a-first-look-at-qname-minimization-in-the-domain-name-system
[4] https://dash.harvard.edu/bitstream/handle/1/35979525/DNS_NBER_Working_Paper.pdf
[5] https://rssac002.root-servers.org/volume_udp_v_tcp_queries.html

From: NCAP-Discuss <ncap-discuss-bounces at icann.org> on behalf of Jeff Schmidt via NCAP-Discuss <ncap-discuss at icann.org>
Reply-To: Jeff Schmidt <jschmidt at jasadvisors.com>
Date: Monday, May 9, 2022 at 2:21 PM
To: Jennifer Bryce <jennifer.bryce at icann.org>, "ncap-discuss at icann.org" <ncap-discuss at icann.org>
Subject: [EXTERNAL] Re: [NCAP-Discuss] FINAL REVIEW: NCAP Public Comment responses

Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

I have concerns about our responses to the RySG comments:

(1) Regarding “changes to the DNS traffic” we have bantered about how qname minimization, doh, local roots, and a handful of other technical changes may impact collisions but I don’t recall anything more rigorous than banter. The “we believe there are changes to DNS traffic…” seems hollow, unsupported, and unactionable. Have we discussed this? Case Study 4.0 presents the issue at a high level but there are no conclusions vis-à-vis collisions.

(2) The larger RySG comment (row 21 in the Excel) deserves more than the dismissal currently in our response. The RySG comment is fundamental to what this group is tasked to accomplish: do the Case Study and/or Perspective Study indicate there is opportunity to make material improvements to existing procedures? Case Study 5.6 states that the conclusions the community came to a decade ago are “still sound.” We have generated lots of words, pretty graphs, statistics of all types, but I don’t think we’ve made any clear statements about how to materially improve existing procedures.

I think the RySG comment (and for that matter the OCTO comment) are canaries in the coalmine here that we should not merely dismiss or address defensively. These are sophisticated folks that made substantive comments. And these are the folks that need our help to address this issue.

Jeff

From: NCAP-Discuss <ncap-discuss-bounces at icann.org> On Behalf Of Jennifer Bryce
Sent: Monday, May 9, 2022 8:08 AM
To: ncap-discuss at icann.org
Subject: [NCAP-Discuss] FINAL REVIEW: NCAP Public Comment responses

Dear NCAP DG members,

Heather has updated the public comment responses (linked below and Excel version attached) as per the feedback collected from the NCAP Discussion Group call on 27 April. The only lines that changed (beyond adding a “thank you for your feedback”) were lines 14, 20, 21, and 22, as highlighted in the document.

FINAL CALL ON THE PUBLIC COMMENT RESPONSE DOCUMENT: Please review the highlighted changes. If you have any concerns, please raise them on this list before the 11 May Discussion Group call. The finalized document will be included as an appendix in the NCAP Study 2 draft report.

Link to Google doc: https://docs.google.com/spreadsheets/d/1zOp-ClPdGqkmwE2xf0HhLg7SKvL3AFmz4ArSRuUF3BI/edit#gid=0.

Thanks,
Jennifer
--
Jennifer Bryce
Project Manager, Office of the Chief Technology Officer (OCTO)
Internet Corporation for Assigned Names and Numbers (ICANN)

Skype: jennifer.bryce.icann
Email: jennifer.bryce at icann.org<mailto:jennifer.bryce at icann.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ncap-discuss/attachments/20220509/65beee62/attachment.html>