Mitigating the Risk of DNS Namespace Collisions
26 February 2014 23:59 UTC
31 March 2014 23:59 UTC
Staff Report Due
21 April 2014 23:59 UTC
To solicit community comment on recommendations in a study on namespace collisions in the global Internet DNS and a framework for risk mitigation. The study, prepared by JAS Advisors, contains recommendations that describe a comprehensive approach to reducing current and future DNS namespace collisions, alerting operators of potential DNS namespace related issues, and providing emergency response capabilities in the event that critical (e.g., life safety) systems are adversely impacted.
Section I: Description and Explanation
ICANN is pleased to announce the publication of "Mitigating the Risk of DNS Namespace Collisions", a study report by JAS Global Advisors ("JAS"). The JAS study provides a set of recommendations that describe a comprehensive approach to reducing current and future DNS namespace collisions, alerting operators of potential DNS namespace related issues, and providing emergency response capabilities in the event that critical (e.g., life safety) systems are adversely impacted.
ICANN has undertaken a number of measures to assess and, where necessary, mitigate potential security and stability risks associated with the launch of new gTLDs. ICANN is presenting for public comment recommendations to mitigate potential risks of name collisions for new gTLDs.
Section II: Background
In SAC 057: SSAC Advisory on Internal Name Certificates, the ICANN Security and Stability Advisory Committee (SSAC) identified a Certificate Authority (CA) practice that, if widely exploited, could pose risks to the privacy and integrity of secure Internet communications. The SSAC thus advised ICANN to take immediate steps to mitigate the risks. The issues identified in SAC 057 are part of a more general category of issues whereby a party uses a domain name in a private network that includes a non-delegated TLD that later becomes delegated into the root as part of the new gTLD Program.
On 18 May 2013, the ICANN Board directed the ICANN President and CEO to commission a study on the use of TLDs that are not currently delegated at the root level of the public DNS. On 5 August 2013, ICANN published the requested study. The study, prepared by Interisle Consulting Group, addressed name collisions in the DNS, and also also recommended options to mitigate the various name collision risks. At the same time, and based on the Interisle Study, ICANN published a proposal (entitled "New gTLD Collision Occurrence Management Plan") to manage the risk of name collision for public comment.
After considering public comments, on 7 October 2013, the Board New gTLD Program Committee adopted a revised version of the New gTLD Collision Occurrence Management Plan. The New gTLD Collision Occurrence Management Plan adopted by the NGPC called for a follow up study that would develop a Name Collision Occurrence Management Framework. The JAS Study posted for public comments recommends a framework to address name collisions.
Section III: Relevant Resources
This announcement contains the following documents published today:
- Mitigating the Risk of DNS Namespace Collisions – The Name Collision Occurrence Management Framework available at http://www.icann.org/en/about/staff/security/ssr/name-collision-mitigation-26feb14-en.pdf [PDF, 322 KB]
- Frequently Asked Questions: Draft JAS Phase One Report on Mitigating the Risks of DNS Namespace Collisions available at http://www.icann.org/en/about/staff/security/ssr/name-collision-mitigation-faqs-25feb14-en.pdf [PDF, 451 KB]
Section IV: Additional Information
Report of Public Comments