<<<
Chronological Index
>>> <<<
Thread Index
>>>
[bc-gnso] FW: ICANN News Alert -- Addressing the Consequences of Name Collisions
- To: "bc-gnso@xxxxxxxxx" <bc-gnso@xxxxxxxxx>
- Subject: [bc-gnso] FW: ICANN News Alert -- Addressing the Consequences of Name Collisions
- From: Phil Corwin <psc@xxxxxxxxxxx>
- Date: Tue, 6 Aug 2013 18:43:22 +0000
Query: The staff recommendations resulting from the Name Collision study have
just been put out for public comment. It suggests that for the 80% of gTLD
applications deemed Low Risk that there be two sequential waiting periods, of
120 days plus 30 days, before domains at those new gTLDs go live. That delay
period runs from the date of signing the registry agreement with ICANN.
While not strictly a BC issue, since many on the list are either affiliated
with or working with applicants, does that result in any significant additional
delay since after the date of agreement signing given that there is still a
sunrise registration period, marketing efforts must be engaged in, etc. I’m
just interested in appraising the real world impact in a broader context.
For the 20% of applications deemed to be of Uncalculated Risk, the study
recommends an additional study that will run 3-6 months.
Two applications -- .home and .corp – are deemed High Risk and would be put on
indefinite hold.
Philip S. Corwin, Founding Principal
Virtualaw LLC
1155 F Street, NW
Suite 1050
Washington, DC 20004
202-559-8597/Direct
202-559-8750/Fax
202-255-6172/cell
Twitter: @VlawDC
"Luck is the residue of design" -- Branch Rickey
From: ICANN News Alert [mailto:communications@xxxxxxxxx]
Sent: Tuesday, August 06, 2013 2:18 PM
To: Phil Corwin
Subject: ICANN News Alert -- Addressing the Consequences of Name Collisions
[ICANN]<http://www.icann.org/>
News Alert
http://www.icann.org/en/news/announcements/announcement-3-05aug13-en.htm
________________________________
Addressing the Consequences of Name Collisions
5 August 2013
As directed by the ICANN Board of Directors on 18 May 2013, ICANN commissioned
and today releases the results of a study that considers the likelihood and
impact of name space collisions between applied-for new gTLD strings and
non-delegated TLDs. Additionally, the study also reviewed the possibility of
collisions arising from the use of X.509 digital certificates.
Background: In a study published in January 2013, ICANN's Security and
Stability Advisory Committee (SSAC) identified fact that some certificate
authorities issue X.509 certificates for domain names that are not resolvable
in the public DNS. Such issues identified in SAC 057, as well as in SAC 045,
are symptoms of entities that have local environments that include strong
assumptions about the number of top-level domains and/or have introduced local
top-level domains in private namespaces that may conflict with names yet to be
allocated. These private namespaces sometimes "leak" into the public DNS
(either through misconfiguration or the use of old software), meaning that
requests for resources on private networks could end up querying the
public-facing DNS Root Servers and hence "colliding" with the delegated new
gTLD.
The Study: On 18 May 2013, the ICANN Board approved a resolution calling for a
detailed study of the name collision issue. ICANN contracted with Interisle
Consulting Group, LLC to collect and analyze the necessary data on all
applied-for strings.
The resulting study, Name Collision in the
DNS<http://www.icann.org/en/about/staff/security/ssr/name-collision-02aug13-en.pdf>
[PDF, 3.34 MB], identifies three categories of strings by the potential risk
of name space collision:
* Low Risk: 80% of applied-for strings.
* Uncalculated Risk: 20% of applied-for strings.
* High Risk: 2 strings (.home, .corp).
To minimize the likelihood of any impact, ICANN proposes to the community
several mitigation measures to be taken as described in an accompanying staff
recommendation paper, New gTLD Collision Risk
Management<http://www.icann.org/en/about/staff/security/ssr/new-gtld-collision-mitigation-05aug13-en.pdf>
[PDF, 166 KB]. They include:
* Proceeding with contracting and delegation of those strings categorized
as "low risk" (80%) but recommending additional mitigation measures which
should not materially impact their timeline for delegation.
* Conducting further study on those strings categorized as "uncalculated
risk" (20%) anticipated to take 3-6 months to complete.
* Delaying contracting and delegation of the two "high risk" strings until
mitigation efforts can place them in the "low risk" category.
New gTLD Security and Stability: Throughout the development of the New gTLD
program, the security and stability of the Domain Name System has remained the
paramount concern of the ICANN community. ICANN staff has prepared an
information sheet, Secure and Stable Introduction of new
gTLDs<http://www.icann.org/en/about/staff/security/ssr/intro-new-gtlds-05aug13-en.pdf>
[PDF, 102 KB], that describes the measures ICANN has taken to ensure the
introduction of new gTLDs will not jeopardize that commitment.
Public Comment: At this time, the mitigation steps outlined in the staff
recommendation paper are proposals only and community input is strongly
suggested. As a result, ICANN has opened a formal process for soliciting public
comment. The form for submitting public comment and the calendar for doing so
is available
here<http://www.icann.org/en/news/public-comment/name-collision-05aug13-en.htm>.
Coordinated Vulnerability Disclosure Process: ICANN takes this opportunity to
inform the community that it has updated its risk management procedures for
improved reporting and response to any unforeseen issues arising from the
delegation of new gTLDs. Members of the community are urged to familiarize
themselves with the process available for review
here<http://www.icann.org/en/about/staff/security/vulnerability-disclosure-05aug13-en.pdf>
[PDF, 628 KB].
This message was sent to
pcorwin@xxxxxxxxxxxxxxxxxx<mailto:pcorwin@xxxxxxxxxxxxxxxxxx> from:
ICANN | 12025 Waterfront Drive Suite 300 | Los Angeles, CA 90094-2536
Email Marketing by [iContact - Try It Free!]
<http://www.icontact.com/a.pl/144186>
Manage Your Subscription
<http://app.icontact.com/icp/mmail-mprofile.pl?r=9829339&l=6333&s=7I8Y&m=917981&c=165637>
________________________________
No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 2013.0.3392 / Virus Database: 3209/6545 - Release Date: 08/02/13
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|