At-Large Mitigating the Risk of DNS Namespace Collisions Workspace

Comment Close Date	Statement Name	Status	Assignee(s) and RALO(s)	Call for Comments	Call for Comments Close	Vote Announcement	Vote Open	Vote Reminder	Vote Close	Date of Submission	Staff Contact and Email	Statement Number
31.03.2014	Mitigating the Risk of DNS Namespace Collisions	ADOPTED15Y, 0N, 0A	Julie Hammer	21.03.2014	26.03.2014 23:59 UTC	n/a	ALAC & Regional Leadership Wrap-Up Meeting 27.03.2014	n/a	ALAC & Regional Leadership Wrap-Up Meeting 27.03.2014	27.03.2014	Francisco Arias francisco.arias@icann.org	AL-ALAC-ST-0314-05-00-EN

For more information about this PC, please click here

Comment / Reply Periods (*)

Comment Open Date:

26 February 2014

Comment Close Date:

31 March 2014 - 23:59 UTC

Reply Open Date:

1 April 2014

Reply Close Date:

21 April 2014 - 23:59 UTC

Important Information Links

Public Comment Announcement

To Submit Your Comments (Forum)

View Comments Submitted

Brief Overview

Originating Organization:

ICANN

Categories/Tags:

Security/Stability
Top-Level Domains

Purpose (Brief):

To solicit community comment on recommendations in a study on namespace collisions in the global InternetDNS and a framework for risk mitigation. The study, prepared by JAS Advisors, contains recommendations that describe a comprehensive approach to reducing current and future DNS namespace collisions, alerting operators of potential DNS namespace related issues, and providing emergency response capabilities in the event that critical (e.g., life safety) systems are adversely impacted.

Current Status:

The New gTLD Collision Occurrence Management Plan adopted by the ICANN Board New gTLD Program Committee (NGPC) on 7 October 2013 called for a follow up study that would develop a name collision occurrence management framework. ICANN commissioned JAS Advisors to produce the follow up study, and to produce recommendations to be implemented by all new gTLD registries.

Next Steps:

Based on the public comments and discussions in Singapore and other fora, JAS Advisors is expected to revise and publish a final report. After reviewing feedback from the public comment forum and a finalized version of the JAS report, the ICANN Board will consider whether to adopt the recommendations in the report.

Staff Contact:

Francisco Arias

Email Staff Contact

Detailed Information

Section I: Description, Explanation, and Purpose:

ICANN is pleased to announce the publication of "Mitigating the Risk of DNS Namespace Collisions", a study report by JAS Global Advisors ("JAS"). The JAS study provides a set of recommendations that describe a comprehensive approach to reducing current and future DNS namespace collisions, alerting operators of potential DNS namespace related issues, and providing emergency response capabilities in the event that critical (e.g., life safety) systems are adversely impacted.

ICANN has undertaken a number of measures to assess and, where necessary, mitigate potential security and stability risks associated with the launch of new gTLDs. ICANN is presenting for public comment recommendations to mitigate potential risks of name collisions for new gTLDs.

Section II: Background:

In SAC 057: SSAC Advisory on Internal Name Certificates, the ICANN Security and Stability Advisory Committee (SSAC) identified a Certificate Authority (CA) practice that, if widely exploited, could pose risks to the privacy and integrity of secure Internet communications. The SSAC thus advised ICANN to take immediate steps to mitigate the risks. The issues identified in SAC 057 are part of a more general category of issues whereby a party uses a domain name in a private network that includes a non-delegated TLD that later becomes delegated into the root as part of the new gTLD Program.

On 18 May 2013, the ICANN Board directed the ICANN President and CEO to commission a study on the use of TLDs that are not currently delegated at the root level of the public DNS. On 5 August 2013, ICANN published the requested study. The study, prepared by Interisle Consulting Group, addressed name collisions in the DNS, and also also recommended options to mitigate the various name collision risks. At the same time, and based on the Interisle Study, ICANN published a proposal (entitled "New gTLD Collision Occurrence Management Plan") to manage the risk of name collision for public comment.

After considering public comments, on 7 October 2013, the Board New gTLD Program Committee adopted a revised version of the New gTLD Collision Occurrence Management Plan. The New gTLD Collision Occurrence Management Plan adopted by the NGPC called for a follow up study that would develop a Name Collision Occurrence Management Framework. The JAS Study posted for public comments recommends a framework to address name collisions.

Section III: Document and Resource Links:

This announcement contains the following documents published today:

Mitigating the Risk of DNS Namespace Collisions – The Name Collision Occurrence Management Framework available at http://www.icann.org/en/about/staff/security/ssr/name-collision-mitigation-26feb14-en.pdf [PDF, 322 KB]
Frequently Asked Questions: Draft JAS Phase One Report on Mitigating the Risks of DNSNamespace Collisions available at http://www.icann.org/en/about/staff/security/ssr/name-collision-mitigation-faqs-25feb14-en.pdf [PDF, 451 KB]

Section IV: Additional Information:

None

(*) Comments submitted after the posted Close Date/Time are not guaranteed to be considered in any final summary, analysis, reporting, or decision-making that takes place once this period lapses.

FINAL VERSION TO BE SUBMITTED IF RATIFIED

Please click here to download a copy of the pdf below.

Error rendering macro 'viewpdf'

com.atlassian.confluence.macro.MacroExecutionException: com.atlassian.confluence.macro.MacroExecutionException: The viewfile macro is unable to locate the attachment "AL-ALAC-ST-0314-05-00-EN.pdf" on this page

FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

No change from First Draft below

FIRST DRAFT SUBMITTED

The following Draft Statement is offered to trigger community comment and further input before finalization.

DRAFT ALAC STATEMENT ON

"MITIGATING THE RISK OF DNS NAMESPACE COLLISIONS":

A STUDY REPORT BY JAS GLOBAL ADVISORS ("JAS")

The ALAC welcomes the publication of the "Mitigating the Risk of DNS Namespace Collisions" study report by JAS Global Advisors but notes that at this stage, this report is incomplete. For security reasons, certain technical details have been omitted until vulnerabilities discovered during the study have been remedied.

The ALAC notes the assumption on page 3 that “The modalities, risks, and etiologies of the inevitable DNS namespace collisions in the new TLD namespaces will resemble the collisions that already occur routinely in other parts of the DNS.” While there is probably reasonable logic to make this assumption, only time will tell whether it proves to be valid.

The ALAC supports Recommendation 1 which proposes that the TLDs .corp, .home and .mail be permanently reserved for internal use, but considers that there are other potential TLD strings in high use in internal networks that should also be considered for reservation.

The ALAC considers that Recommendation 3 sets too high a barrier for the application of emergency response options. In deeming that these responses be limited to situations which present a “clear and present danger to human life”, this ignores a broad range of scenarios which may have huge detrimental impact on, for example, national security, critical infrastructure, key economic processes and the preservation of law and order. Indeed, a situation which presents a “probable danger to human life” should potentially be included. While recognizing the difficulty of making such judgments, the ALAC recommends that a more moderate approach be pursued in relation to emergency response options.

In conclusion, the ALAC reaffirms its view that security and stability should be paramount in the ongoing introduction of new TLDs and that the interests of internet users, whether they be registrants of domain names in the new TLDs or users who are impacted by disruption to the smooth operation of internal networks, should be safeguarded. ICANN should continue to implement initiatives to educate and inform not only system operators but also individual internet users.

Content

Space Tools

For more information about this PC, please click here

FINAL VERSION TO BE SUBMITTED IF RATIFIED

FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

FIRST DRAFT SUBMITTED