AT-LARGE GATEWAY

At-Large Website

ALAC

RALOs

At-Large Regional Policy Engagement Program (ARPEP)

At-Large Governance

At-Large Reports

Policy Comments & Advice

Working Groups

ICANN Meetings

At-Large Summit (ATLAS III)

At-Large Review Implementation Plan Development

ALAC and RALO Elections, Selections, and Appointments

At-Large Priority Activities - 2021

Public Comment CloseStatement
Name 

Status

Assignee(s)

Call for
Comments Open		Call for
Comments
Close 		Vote OpenVote CloseDate of SubmissionStaff Contact and EmailStatement Number

18 April 2018

Draft Project Plan for the Proposed Name Collision Analysis Project (NCAP)

ADOPTED

12Y, 0N, 0A

Jonathan Zuck

Hadia Elminiawi

13 April 2018

16 April 2018

18 April 2018

22 April 2018

18 April 2018

Dennis Chang
dennis.chang@icann.org

AL-ALAC-ST-0418-03-00-EN

Hide the information below, please click here 

Brief Overview

Purpose: To seek community input in building a project plan for the Name Collision Analysis Project (NCAP).

Current Status: In January 2018, the SSAC Name Collision Analysis Project (NCAP) Work Party was formed and since then has been meeting weekly to discuss and prepare the project plan for submission to the Board.

Next Steps: The NCAP Work Party plans to present the draft project plan at ICANN 61 to facilitate community discussion and gather input. Upon completion of the public comment period, the NCAP Work Party will finalize the project plan and submit it to the full SSAC to obtain consensus, and subsequently, submit a consensus plan to the ICANN Board.

Section I: Description and Explanation

The proposed Name Collision Analysis Project (NCAP) project plan [PDF, 241 KB] has been drafted by the ICANN Security and Stability Advisory Committee (SSAC). It details their proposed approach for studying name collision in response to the ICANN Board's request in resolutions 2017.11.02.29 - 2017.11.02.31. The proposed SSAC study is intended to facilitate the development of policy on Collision Strings to mitigate potential harm to the stability and security of the DNS posed by delegation of such strings. The SSAC seeks community input on the project plan before it is finalized and SSAC consensus is reached for submission to the Board for approval and project kick-off.

In particular, feedback is invited on the following areas of the proposed project plan:

  1. The proposed approach for consultation and inclusion of views and considerations from beyond the NCAP Work Party.
  2. The proposed approach for providing transparency on the progress of the work.
  3. The proposed approach for managing Statements of Interest (SOI) and any perceived Conflicts of Interest (COI).
  4. Any additional risks that should be considered, along with any risk mitigation strategies.

Section II: Background

On 2 November 2017, the ICANN Board passed resolutions (2017.11.02.29 - 2017.11.02.31) requesting the ICANN Security and Stability Advisory Committee (SSAC) to conduct studies to present data, analysis and points of view on .CORP, .HOME, and .MAIL (C/H/M) and other Collision Strings. In the resolution, the Board also requested the SSAC to do the work in a timely and organized fashion, with adequate visibility on costs and schedule, which shall be subject to review and approval by the Board.

Following the Board resolution, the SSAC initiated the project planning in December 2017. In January 2018, the SSAC Name Collision Analysis Project (NCAP) Work Party was formed. It has been meeting weekly to discuss and prepare the project plan.

In resolutions (2017.11.02.29 - 2017.11.02.31) the Board requests the SSAC to conduct studies to present data, analysis and points of view, and provide advice to the Board:

  1. Regarding the risks posed to users and end systems if .CORP, .HOME, .MAIL strings were to be delegated in the root, as well as possible courses of action that might mitigate the identified risks.
  2. On a range of questions that include, but are not limited to, the following:
    1. a proper definition for name collision and the underlying reasons why strings that manifest name collisions are so heavily used.
    2. the role that negative answers currently returned from queries to the root for these strings play in the experience of the end user, including in the operation of existing end systems;
    3. the harm to existing users that may occur if Collision Strings were to be delegated, including harm due to end systems no longer receiving a negative response and additional potential harm if the delegated registry accidentally or purposely exploited subsequent queries from these end systems, and any other types of harm;
    4. possible courses of action that might mitigate harm;
    5. factors that affect potential success of the courses of actions to mitigate harm;
    6. potential residual risks of delegating Collision Strings even after taking actions to mitigate harm;
    7. suggested criteria for determining whether an undelegated string should be considered a string that manifest name collisions, (i.e.) placed in the category of a Collision String;
    8. suggested criteria for determining whether a Collision String should not be delegated, and suggested criteria for determining how remove an undelegated string from the list of Collision Strings; and
    9. measures to protect against intentional or unintentional creation of situations, such as queries for undelegated strings, which might cause such strings to be placed in a Collision String category, and research into risk of possible negative effects, if any, of creation of such a collision string list.

Section III: Relevant Resources



Section IV: Additional Information

Past Research and Studies on Name Collision

  1. SAC045: Invalid Top Level Domain Queries at the Root Level of the Domain Name System (https://www.icann.org/en/committees/security/sac045.pdf [PDF, 507 KB])
  2. SAC057: SSAC Advisory on Internal Name Certificates (https://www.icann.org/en/system/files/files/sac-057-en.pdf [PDF, 1.14 MB])
  3. Name Collision in the DNS (https://www.icann.org/en/system/files/files/name-collision-02aug13-en.pdf [PDF, 3.34 MB])
  4. New gTLD Collision Risk Mitigation (https://www.icann.org/en/system/files/files/new-gtld-collision-mitigation-05aug13-en.pdf [PDF, 165 KB])
  5. Name Collision Occurrence Management Framework (https://www.icann.org/en/system/files/files/name-collision-framework-30jul14-en.pdf [PDF, 634 KB])
  6. Mitigating the Risk of DNS Namespace Collisions (https://www.icann.org/en/system/files/files/name-collision-mitigation-final-28oct15-en.pdf [PDF, 11 MB])

Section V: Reports


FINAL VERSION TO BE SUBMITTED IF RATIFIED

The final version to be submitted, if the draft is ratified, will be placed here by upon completion of the vote. 


FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

The final draft version to be voted upon by the ALAC will be placed here before the vote is to begin.

As the principle voice of end users within the ICANN community, the At-large Advisory Committee (ALAC) supports the Security and Stability Advisory Committee (SSAC) in its efforts to address the issue of Name Collisions as it remains an area of some uncertainty. The ALAC urges the SSAC to proceed with the Name Collision Analysis Project (NCAP) Work Party's project plan and allocate enough time to do it right. We believe it is important to minimize the unintended consequences for end users. Name Collision occurs when a user, attempting to reach a private domain name, unintentionally reaches a public domain name and, as such, cut to the core of end user trust of the internet and could pose potential security issues.

The NCAP Work Party's project plan, as it currently stands, seems adequate without being excessive. We urge the SSAC to stay the course and not expedite the process for the benefit of any subsequent procedures. There is great anticipation, from parts of the community, for new applications but not only is a specific delay unlikely, given other factors, we believe it would be prudent for the SSAC to execute the project plan as submitted to provide the ICANN community with a holistic assessment of the risks.

Additionally, the ALAC seeks clarity on the SSAC's bidding process for work contemplated under this Draft Project Plan, as touched upon in sections 3.1 and 3.2. First, we appreciate the SSAC’s candour in disclosing that it will consider NCAP Work Party members’ bids (and that of their affiliates), but it remains unclear as to their overall status as compared to invited guests of the SSAC. Moreover, we see a potential issue with having only a select group of the SSAC community choosing with whom they will contract. The ALAC recommends that any decision with respect to contracting with either NCAP Work Party members and their affiliates or independent third-party contracting agents be taken by the whole SSAC (and excluding invited guests), and for SSAC to provide the ICANN community with adequate amount of notice with respect to any party with whom they wish to contract.

We believe that this recommendation will ameliorate concerns related to potential conflicts of interest that may arise.


FIRST DRAFT SUBMITTED

The first draft submitted will be placed here before the call for comments begins.

As the principle voice of end users within the ICANN community, the At-large Advisory Committee (ALAC) supports the Security and Stability Advisory Committee (SSAC) in its efforts to address the issue of Name Collisions as it remains an area of some uncertainty. The ALAC urges the SSAC to proceed with the Name Collision Analysis Project (NCAP) Work Party's project plan and allocate enough time to do it right. We believe it is important to minimize the unintended consequences for end users. Name Collision occurs when a user, attempting to reach a private domain name, unintentionally reaches a public domain name and, as such, cut to the core of end user trust of the internet.

The NCAP Work Party's project plan, as it currently stands, seems adequate without being excessive. We urge the SSAC to stay the course and not expedite the process for the benefit of any subsequent procedures. There is great anticipation, from parts of the community, for new applications but not only is a specific delay unlikely, given other factors, we believe it would be prudent for the SSAC to execute the project plan as submitted to provide the ICANN community with a holistic assessment of the risks.

We appreciate the opportunity to share our views on this matter. Thank you in advance for your time and consideration on this important issue.
 

17 Comments

  1. Krishna Seeburn

    I understand SSAC willingness to try and understand the name space collision rate. Please clear my mindset here. Apart from what i read IETF and a report on DNS name space report was produced 4 years back. I would like to understand the trigger here. Is it the problem that the new namespace out is generating which is really the problem. I hope someone can really make me understand. I look at new namespace that is mentioned within the draft. ..corp, .home, .mail. Will the not be handled the same original way as per reference above. Then every four years or two years the need to send some more money on reports? Sorry but i am trying to fit those in my mind but i can't understand the urgent need to do so. Also i want to know how the SSAC plans to get this reporting done. Is it that SSAC will send out survey material to be filled or hire a company to do the job?

    1. Abdulkarim Ayopo Oloyede

      I think they outlined how they would get the reporting done in different ways in the proposal and Its not SSAC that wants this done its the board resolution and not sure of the report you are referring too. Apologies if am not to respond to this, just trying to help since you need to clear your mindset. 


    2. Hadia Elminiawi

      ICANN has deferred delegating .corp, .mail and .home as these gTLDs are commonly used in private networks, however this deferral is not forever, therefore there is a current need for such a project 

      1. Krishna Seeburn

        Thanks...ok 

        I saw some of the updates and i'm in support of the updated draft. But i am part of those people who is not reluctant to reports or surveys.But if it brings a positive though-put  then fine. As Alan says short and sweet and gets to the point.

  2. Alan Greenberg

    I strongly support the draft statement. It is short and to the point and may help counter those who are saying that it must not delay the new gTLD process.

  3. Abdulkarim Ayopo Oloyede

    I think the this WP has done a lot of good work and provided a lot of information, especially with the risk management. My concern is the rationale behind the 3 workshops. My thinking is that each workshop should be dedicated to addressing issues with each of the three studies. Having the workshops during ICANN meetings might be attractive but I think it might not meet up with the timeline except if the timeline is not concurrent.  For the workshops to be during ICANN meetings might lead to a significant overlap of the three proposed studies. 

    Looking at the risks involved I would also think that there is a need to allocate more time (or change the approach)to study 1 despite the fact that it was stated that a lot of work has been done in this area. Bringing everyone up to speed might require more time than anticipated with the proposed approach. More importantly that the work is expected to start with volunteers while others are brought in later. Therefore, I would suggest that the membership of NCAP WP should be better defined from the unset rather than starting with volunteers and then bring in experts later.

     I agree with the transparency fact and that views should be accepted from outside of the WP but this must be done within a timeframe that should also be set in the plan for the views of NCAP DG to be reflected.

    The way the COI is structured is a bit not clear. On one hand, it says you can reject membership based on significant COI, on the other hand, there is an acknowledgement of the potential of involving members companies because it is a niche area. I agree its a niche area but there would be significant COI. I don't know what to suggest in this case as its a difficult situation and there has to be a balance. Maybe more taught should be put into how this can be solved. 

    Thank you 

    Thank you rea  

  4. Justine Chew

    I too support the draft statement, and although I have one point to raise in respect of the SSAC Draft Project Plan, I am indifferent as to whether it needs to be raised within ALAC's draft statement at present.

    The point being: 
    I appreciate SSAC's upfront disclosure regarding the possibility of not excluding members of the NCAP Work Party or their affiliated companies from bidding for the work summarily scoped out in the Draft Project Plan. It would be useful however for the Community to have adequate notice of any interest by such members or their affiliates to bid for such work so that reasonable steps can be (mooted and) applied beyond the existing COI policy cited in order to minimize not only the actual conflict of interest but also to manage any perception of conflict of interest thereof.

  5. Hadia Elminiawi

    Thank you Jonathan for submitting the final draft, i agree with Alan that it is to the point.

    I would just like to emphasis in the first paragraph that it is not only about users trust but that Name collision could lead to security risks 

    "Name Collision occurs when a user, attempting to reach a private domain name, unintentionally reaches a public domain name and, as such, cut to the core of end user trust of the internet and could impose potential security issues"

    I also have a comment with regard to contracting and engagement of independent third parties mentioned under bullet point membership under section 3.1 Project Teams – It is stated that "Contracting and engagement of independent third parties will be performed by full SSAC Members only and not Invited Guests." which means that SSAC members will have a different status than the invited guests and that only full SSAC members, who are basically volunteers from the SSAC will have the right to contract parties: that is basically a small group of the entire team therefore I would suggest that contracting and engagement of independent third parties be approved by the whole SSAC in order to have the input of a wider team

    I agree with Justine's comment and I would like to add that since the WP and their affiliated companies will have the right to bid for the work ( for reasons that I agree with) I would suggest having some examples of what would be considered a potential conflict of interest in addition to what is not considered a potential conflict of interest, it is understandable that it is impossible to define all the situations where a potential conflict of interest might arise however,  the examples will serve as guide lines.   

     

  6. Jonathan Zuck

    Hey folks, thanks for the comments. Here's a revised draft. Look good?

    As the principle voice of end users within the ICANN community, the At-large Advisory Committee (ALAC) supports the Security and Stability Advisory Committee (SSAC) in its efforts to address the issue of Name Collisions as it remains an area of some uncertainty. The ALAC urges the SSAC to proceed with the Name Collision Analysis Project (NCAP) Work Party's project plan and allocate enough time to do it right. We believe it is important to minimize the unintended consequences for end users. Name Collision occurs when a user, attempting to reach a private domain name, unintentionally reaches a public domain name and, as such, cut to the core of end user trust of the internet and could impose potential security issues.

    The NCAP Work Party's project plan, as it currently stands, seems adequate without being excessive. We urge the SSAC to stay the course and not expedite the process for the benefit of any subsequent procedures. There is great anticipation, from parts of the community, for new applications but not only is a specific delay unlikely, given other factors, we believe it would be prudent for the SSAC to execute the project plan as submitted to provide the ICANN community with a holistic assessment of the risks.

    Additionally, the ALAC seeks clarity on the Draft Project Plan’s bidding process as it related to section 3.1. First, we appreciate the SSAC’s candidness in disclosing that it will consider NCAP Work Party members’ bids, but it remains unclear as to their overall status as compared to invited guests of the SSAC. Moreover, we see a potential issue with having only a select group of the SSAC community choosing with whom they will contract. The ALAC recommends that the voting pool of those deciding independent third-party contracting agents should be open to the whole SSAC for input and provide the ICANN community with adequate amount of notice for any parties with whom they wish to contract. We believe that this will ameliorate these and other concerns related to potential conflicts of interest that may arise.

    We appreciate the opportunity to share our views on this matter. Thank you in advance for your time and consideration on this important issue. 

  7. Hadia Elminiawi

    Thanks Jonathan - looks good to me

  8. Justine Chew

    Jonathan,

    Thanks for inserting an additional paragraph. May I propose the ensuing edited copy to provide greater clarity in raising the COI element:

    Additionally, the ALAC seeks clarity on the SSAC's bidding process for work contemplated under this Draft Project Plan, as touched upon in sections 3.1 and 3.2. First, we appreciate the SSAC’s candour in disclosing that it will consider NCAP Work Party members’ bids (and that of their affiliates), but it remains unclear as to their overall status as compared to invited guests of the SSAC. Moreover, we see a potential issue with having only a select group of the SSAC community choosing with whom they will contract. The ALAC recommends that any decision with respect to contracting with either NCAP Work Party members and their affiliates or independent third-party contracting agents be taken by the whole SSAC (and excluding invited guests), and for SSAC to provide the ICANN community with adequate amount of notice with respect to any party with whom they wish to contract. We believe that this recommendation will ameliorate concerns related to potential conflicts of interest that may arise.

    1. Hadia Elminiawi

      Possibly not an issue but what does not look good is that you have SSAC members volunteering to be members of the NCAP WP, then this group will set a criteria for the invitation of technical experts, then they will invite the technical experts and finally this same group will contract third parties possibly including technical experts previously invited by them. That is why I believe that the vote of the wider SSAC community is recommended.

      1. Justine Chew

        Agreed. Which is why I referred to the need for managing perceived conflicts of interest.

  9. Hadia Elminiawi

    Jonathan, if you are going to edit again then i think the last sentence of the first paragraph reads better if we change could impose with threatens to   

    cut to the core of end user trust of the internet and threatens to impose potential security issues.

  10. Abdulkarim Ayopo Oloyede

    thanks. the statements seams fine

  11. Hadia Elminiawi

    Thank You Jonathan - The statement looks good, I believe we should proceed as the public comments period closes tomorrow

  12. Justine Chew

    Thanks Jonathan. Looks good. Let's proceed then.