ICANN ICANN Email List Archives


<<< Chronological Index >>>    <<< Thread Index >>>

Verisign Exploratory Consumer Impact Analysis

  • To: "comments-name-collision-05aug13@xxxxxxxxx" <comments-name-collision-05aug13@xxxxxxxxx>
  • Subject: Verisign Exploratory Consumer Impact Analysis
  • From: "McPherson, Danny" <dmcpherson@xxxxxxxxxxxx>
  • Date: Tue, 27 Aug 2013 22:59:21 +0000


With regards to the topic of name collisions in the DNS, and ICANN’s proposal 
to mitigate risks related to the delegation of new gTLDs, Verisign submits the 
attached New gTLD Security, Stability, Resiliency Update: Exploratory Consumer 
Impact Analysis study for your consideration.

In a previous technical report provided to ICANN in March of 2013, also 
attached, Verisign cataloged unresolved issues in the new gTLD program's 
rollout, issues upon which we believed the security, stability, and safe 
introduction of new gTLDs is predicated.   While, as stated at the time, most 
of the issues in that report were not new, we reiterated that many of the 
critical accompanying recommendations were unresolved, and remain unresolved.  
This was reinforced in April of 2013 in the SSAC’s SAC059, which conveyed to 
the ICANN Board that many critical issues related to the safe introduction of 
new gTLDs remain unresolved.

To augment our March report, in this study we propose a novel set of measures 
that represent actual risks to end users, and illustrate their incidence by 
measuring operational threat vectors that could be used to orchestrate failures 
and attacks.  We present our candidate quantification in the form of a Risk 
Matrix, and illustrate one possible way to interpret its results.  What we find 
is that there are quantifiable signs that disruptions might occur if the 
current deployment trajectory is followed while outstanding recommendations 
remain unimplemented.  We acknowledge that our study and risk matrix is by no 
means comprehensive, but we do believe that with systematic and an 
intellectually honest approach with sufficient consideration of community and 
subject matter expert input, and due consideration of "public interest", we can 
develop a sufficient risk matrix upon which systemic risk can be assessed.

We reiterate that these recommendations to which we refer are not originally 
Verisign’s recommendations, but instead are recommendations from ICANN’s very 
own advisory committees. We believe that absent the implementation of these 
recommendations sufficient information cannot exist to make informed decisions 
about what constitutes risks.  Furthermore, until an agreed upon risk matrix 
exists and sufficient information to inform that risk matrix established, what 
we have currently is not “risk” at all, but instead a great deal of 

Please let us know if we can provide any additional information or assistance.


Danny McPherson
CSO, VeriSign, Inc.

Attachment: verisign-gtld-ssr1.pdf
Description: verisign-gtld-ssr1.pdf

Attachment: verisign-gtld-ssr2.pdf
Description: verisign-gtld-ssr2.pdf

<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy