The New gTLD Program Committee (NGPC) made its recommendations tonight to the ICANN Board on the Collision report and its pretty messy.
In short the NGPC recommends additional study of the issue without a stated time frame, but with the exception of .Corp and .Home which seem to be indefinitely delaye, gives all other registries the option to proceed to delegation prior to receiving its SLD collision occurrence assessment report, if the registry operator initially blocks all SLDs that appear in the DITL dataset while the assessment is conducted which maybe either temporary or permanent.
In all it seems like a comprise that will not satisfy anyone and everyone walks away with a some degree of loss.
Some new gTLD registries will have to make the call to go to delegation risking that a number of its “better” domains, those in highest collision risk might never be delegated
Registries, as well as opponents to the new gTLD program based on collision, will walk away less than thrilled as registries will not have to wait for additional studies to be conducted before delegation
The proposal is not suprsingly pretty confusing and will be the subject of a lot of discussion in the coming weeks.
Here is the resolution and accompanying documents to the NGPC recommendations.
“”The NGPC recommends to the Board that:
(1) the ICANN Board Risk Committee expressly reviews this matter and reports back to the Board, and continues to review and report at regular intervals;
(2) the Board directs the ICANN President and CEO to develop a long-term plan to manage name collision at the root; and
(3) the Board directs the ICANN President and CEO to work with the community to develop a long-term plan to retain and measure root-server data.
The Proposal being considered by the NGPC (attached to this resolution as Annex 1) presents a plan to manage the collision occurrences between new gTLDs and existing private uses of the same strings.
A core feature of the updated Proposal includes undertaking additional study to develop a name collision occurrence management framework.
The framework will include appropriate parameters and processes to assess both probability and severity of harm resulting from the occurrence of name collisions.
Examples of the parameters might include number of DNS requests, type of DNS requests, type of queries, diversity of query source and appearances in internal name certificates. The framework will specify a set of collision occurrence assessments and corresponding mitigation measures if any, that ICANN or TLD applicants may need to implement per second level domain name (SLD) seen in the “day in the life of the Internet” (DITL) dataset.
The proposal provides a registry operator with the option to proceed to delegation prior to receiving its SLD collision occurrence assessment report (subject to established processes and procedures).
If the registry operator chooses this alternative path to delegation, it must initially block all SLDs that appear in the DITL dataset while the assessment is conducted.
An additional feature of the Proposal recommends a process to enable an affected party(ies) to report and request the blocking of a SLD that causes demonstrably severe harm as a consequence of name collision occurrences.
This process is intended to mitigate the risk that collision occurrences not observed in the study dataset could have severe impact.
The report does not seem to identify who are “affected parties who are qualified to request a block on an SLD.
The Proposal describes an outreach campaign targeted to potentially affected parties to help them identify and manage the origins (causes) of name collision occurrences in their networks.
As part of the outreach campaign, ICANN would invite and collaborate with other parties and members of the community that share the same interest in making progress in this issue. The NGPC is resolving to direct the ICANN President and CEO to appropriately target this proposed planned outreach campaign.
The NGPC is also recommending to the ICANN Board that it direct the ICANN President and CEO to develop a long term plan to manage name collision risks related to the delegation of new TLDs, and to work with the community to develop a long-term plan to retain and measure root-server data.
The NGPC also is recommending to the ICANN Board that the ICANN Board Risk Committee should review this matter expressly at regular intervals and report back the Board.
The Proposal, as revised in response to community comments, provides a path forward to delegating new gTLDs in a secure and stable manner.
The NGPC’s action to direct the President, Generic Domains Division to move forward with implementing the Proposal will provide a positive impact to the community because it will allow ICANN to proceed to delegate new gTLDs when the potential for harm resulting from the delegation of an applied-for TLD is judged to be small.
A name collision occurs when users unknowingly access a name that has been delegated in the public DNS when the user’s intent was to access a resource identified by the same name in a private network. Circumstances like these, where the administrative boundaries of private and public namespaces overlap and name resolution yields unintended results, present concerns and should be avoided if possible. However, the collision occurrences themselves are not the concern, but whether such collisions cause unexpected behavior or harm, the nature of the unexpected behavior or harm and the severity of consequence.
2. HIGH-RISK (HOME, CORP)
The Study identifies two strings, home and corp, that will likely cause problems if delegated, given their high frequency of occurrence in the 2012 and 2013 DITL data (an order of magnitude higher than the next most frequently occurring string).
The Study identifies these strings as having a level of queries in the realm of heavily used TLDs. Both strings are also widely used in private namespaces within internal networks (for example, see Appendix G of RFC 6762, http://tools.ietf.org/html/rfc6762).
Additionally, corp is identified as the string with the highest number of internal name certificates (see Appendix C of the Study).
Based on the analysis of frequency of occurrence and the perceived severity of impact,
ICANN will defer delegating home and corp indefinitely.
ICANN will commission a study to develop a name collision occurrence management framework. The framework will include appropriate parameters and processes to assess both probability and severity of impact resulting from name collision occurrences. Examples of the parameters include number of DNS requests, type of DNS requests, type of queries, diversity of query source and appearances in internal name certificates.
The framework will specify a set of name collision occurrence assessments and corresponding mitigation measures if any, that ICANN or TLD applicants may need to implement per second level domain name (SLD) seen in the DITL and other relevant dataset (e.g., information from Certificate Authorities regarding the issuance of internal name certificates)2. The proposed name collision management framework will be made available for public comment
3.2. COLLISION OCCURRENCE ASSESSMENT
ICANN will apply the final name collision occurrence framework, using DITL and other relevant data as an input, to each applied-for TLD and will deliver a name collision occurrence assessment to each applicant. The assessments will be published.
The assessment for each applied-for TLD will include a list of SLDs, an associated name collision occurrence assessment, and suggested mitigation measures; for example;
• Block the SLD indefinitely.
In this proposal “block” means that the SLD must not be made available for registration, must not be delegated or otherwise activated in the TLD zone file (i.e., the SLD must not resolve and must return the same DNS results (NXDOMAIN) that the public DNS returns today, i.e., prior to the delegation of the new gTLD), and must not be used in any way by the registry operator,
• Block the SLD temporarily, i.e., until analysis or evidence that the cause of collision occurrence has been mitigated or data are available to demonstrate the collision occurrences are substantially reduced (e.g., demonstrably “negligible),
• Conduct a trial delegation of some form,
• Make the SLD available to the single entity that is the sole originator of name collisions for that SLD, or
• Other mitigation measures that may be identified during the course of the collision
occurrence assessment or other studies.
ICANN will proceed with its established processes and procedures for delegating each applied-for gTLD.
The registry operator will either (a) implement the mitigation measures described in its SLD collision occurrence assessment before activating any SLD, or (b), the registry operator can block those SLDs for which the mitigation plan has not been implemented, and proceed with delegating SLDs that are not listed in the report. The implementation of the mitigation measures may allow the release of blocked SLDs at a later time, based on analysis or evidence that the cause of collision occurrence has been mitigated.
Additionally, registry operators will implement a “wait” period of no less than 120 days from the date that a registry agreement is signed before it may activate any names under the applied-for TLD in the DNS.
The length of this period is based on the Baseline Requirement 11.1.4 for Certification Authorities (CAs)3. Impact on TLD launch should be minimal in most cases because a set of activities must be completed between contracting and launch that account for a significant part of the 120 days (see figure 1). This measure will help mitigate the risks related to the internal name certificates issue as described in the Study report and SAC 057, SSAC Advisory on Internal Name Certificates located at http://www.icann.org/en/groups/ssac/documents/sac-057-en.pdf.
Registry operators, if they choose and if otherwise allowed by their registry agreement, may accept registrations during this period, but they will not be permitted to activate them in the DNS. If a registry operator chooses to register names during this 120-day period, the operator must clearly inform the registrants (through the registrars) about the inability to activate names until the period ends.
It is possible that name collision occurrences of some second-level labels that did not appear in the study dataset might occur after the applied-for gTLD begins operation.
To mitigate the risk that name collisions not observed in the study dataset occur and cause severe impact, ICANN and the registry operator shall implement a process to enable an affected party(ies) to report and request the blocking of a domain name (SLD) that causes demonstrably severe harm as a consequence of name collision occurrences.
Such reports must be processed through an ICANN point of contact, which will coordinate the notification with registry operators and ensure that the report is acted upon in an expedited manner.
The process will allow the deactivation (SLD removal from the TLD zone) of the name for a period of up to two (2) years in order to allow the affected party to effect changes to its network to eliminate the DNS request leakage that causes collisions, or mitigate the harmful impact. The process will be in effect only for the first two years after delegation.
3.3. ALTERNATE PATH TO DELEGATION
A registry operator may elect to proceed to delegation (subject to established processes and procedures) prior to receiving its corresponding SLD collision occurrence assessment report. If the registry operator so chooses, it must implement a conservative collision mitigation measure and initially block all SLDs that appear in the DITL and other relevant dataset while the assessment is conducted. ICANN will develop a list of labels to be blocked at the second level under the TLD, and then determine whether the proposed TLD is eligible for this option to delegation. This list will be made publicly available and will consist of all the second-level labels that appeared in DNS requests to the applied-for TLD in the DITL and other relevant dataset. Blocking all second level labels (and thus preventing these labels from resolving in the newly delegated TLD) ensures that corresponding DNS requests for such labels in the newly delegated TLD will return the same DNS results (NXDOMAIN) that the public DNS returns today, i.e., prior to the delegation of the new gTLD.
The registry operator will have the option to (1) request its corresponding SLD collision occurrence assessment in order to implement the mitigation measures or (2) leave the SLD blocking in place. The registry operator will still be required to participate with ICANN in the process that enables affected party(ies) to report and request the blocking of a domain name (SLD) that causes demonstrably severe harm as a consequence of name collision occurrences.
3.4. OUTREACH CAMPAIGN ICANN will develop an outreach campaign to
a) Make the public as well as private network operators aware of the possibility of name collision occurrences as new TLDs are delegated (e.g., raise general awareness of the problem space using multiple communications media, technical briefs, or social media),
b) Advise users and private network operators of the measures that ICANN and new TLD registries are able to and will take to minimize the potential for unintended consequences or harm, (e.g., measures that manage collision occurrences by maintaining the same (NXDOMAIN) responses for queries that appear in the public DNS),
c) Assist users, private network operators, and software or equipment manufacturers with the identification of causes (origins) of name collisions.
ICANN will invite and collaborate with other parties and members of the community that share a common interest in identifying strategies for eliminating or managing name collision causes from their networks.