Purpose: To seek community input in building a project plan for the Name Collision Analysis Project (NCAP).
Current Status: In January 2018, the SSAC Name Collision Analysis Project (NCAP) Work Party was formed and since then has been meeting weekly to discuss and prepare the project plan for submission to the Board.
Next Steps: The NCAP Work Party plans to present the draft project plan at ICANN 61 to facilitate community discussion and gather input. Upon completion of the public comment period, the NCAP Work Party will finalize the project plan and submit it to the full SSAC to obtain consensus, and subsequently, submit a consensus plan to the ICANN Board.
Section I: Description and Explanation
The proposed Name Collision Analysis Project (NCAP) project plan [PDF, 241 KB] has been drafted by the ICANN Security and Stability Advisory Committee (SSAC). It details their proposed approach for studying name collision in response to the ICANN Board's request in resolutions 2017.11.02.29 - 2017.11.02.31. The proposed SSAC study is intended to facilitate the development of policy on Collision Strings to mitigate potential harm to the stability and security of the DNS posed by delegation of such strings. The SSAC seeks community input on the project plan before it is finalized and SSAC consensus is reached for submission to the Board for approval and project kick-off.
In particular, feedback is invited on the following areas of the proposed project plan:
- The proposed approach for consultation and inclusion of views and considerations from beyond the NCAP Work Party.
- The proposed approach for providing transparency on the progress of the work.
- The proposed approach for managing Statements of Interest (SOI) and any perceived Conflicts of Interest (COI).
- Any additional risks that should be considered, along with any risk mitigation strategies.
Section II: Background
On 2 November 2017, the ICANN Board passed resolutions (2017.11.02.29 - 2017.11.02.31) requesting the ICANN Security and Stability Advisory Committee (SSAC) to conduct studies to present data, analysis and points of view on .CORP, .HOME, and .MAIL (C/H/M) and other Collision Strings. In the resolution, the Board also requested the SSAC to do the work in a timely and organized fashion, with adequate visibility on costs and schedule, which shall be subject to review and approval by the Board.
Following the Board resolution, the SSAC initiated the project planning in December 2017. In January 2018, the SSAC Name Collision Analysis Project (NCAP) Work Party was formed. It has been meeting weekly to discuss and prepare the project plan.
In resolutions (2017.11.02.29 - 2017.11.02.31) the Board requests the SSAC to conduct studies to present data, analysis and points of view, and provide advice to the Board:
- Regarding the risks posed to users and end systems if .CORP, .HOME, .MAIL strings were to be delegated in the root, as well as possible courses of action that might mitigate the identified risks.
- On a range of questions that include, but are not limited to, the following:
- a proper definition for name collision and the underlying reasons why strings that manifest name collisions are so heavily used.
- the role that negative answers currently returned from queries to the root for these strings play in the experience of the end user, including in the operation of existing end systems;
- the harm to existing users that may occur if Collision Strings were to be delegated, including harm due to end systems no longer receiving a negative response and additional potential harm if the delegated registry accidentally or purposely exploited subsequent queries from these end systems, and any other types of harm;
- possible courses of action that might mitigate harm;
- factors that affect potential success of the courses of actions to mitigate harm;
- potential residual risks of delegating Collision Strings even after taking actions to mitigate harm;
- suggested criteria for determining whether an undelegated string should be considered a string that manifest name collisions, (i.e.) placed in the category of a Collision String;
- suggested criteria for determining whether a Collision String should not be delegated, and suggested criteria for determining how remove an undelegated string from the list of Collision Strings; and
- measures to protect against intentional or unintentional creation of situations, such as queries for undelegated strings, which might cause such strings to be placed in a Collision String category, and research into risk of possible negative effects, if any, of creation of such a collision string list.
Section III: Relevant Resources
- Proposed NCAP plan: https://community.icann.org/display/NCAP/NCAP+Working+Documents?preview=/79437474/79438151/NCAP%20Proposal%20for%20Public%20Comment%2020180302.pdf
- The Board Resolution 2018.02.04.12 Addressing the New gTLD Program Applications for .CORP, .HOME, and .MAIL
- NCAP Community wiki: https://community.icann.org/display/NCAP
Section IV: Additional Information
Past Research and Studies on Name Collision
- SAC045: Invalid Top Level Domain Queries at the Root Level of the Domain Name System (https://www.icann.org/en/committees/security/sac045.pdf [PDF, 507 KB])
- SAC057: SSAC Advisory on Internal Name Certificates (https://www.icann.org/en/system/files/files/sac-057-en.pdf [PDF, 1.14 MB])
- Name Collision in the DNS (https://www.icann.org/en/system/files/files/name-collision-02aug13-en.pdf [PDF, 3.34 MB])
- New gTLD Collision Risk Mitigation (https://www.icann.org/en/system/files/files/new-gtld-collision-mitigation-05aug13-en.pdf [PDF, 165 KB])
- Name Collision Occurrence Management Framework (https://www.icann.org/en/system/files/files/name-collision-framework-30jul14-en.pdf [PDF, 634 KB])
- Mitigating the Risk of DNS Namespace Collisions (https://www.icann.org/en/system/files/files/name-collision-mitigation-final-28oct15-en.pdf [PDF, 11 MB])