Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
From ARS Technica, 18 May 2023: A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links. https://arstechnica.com/information-technology/2023/05/critics-say-googles-n...
Thank you Olivier. There is indeed a long list of TLDs that are File Extension including very widely used ones such as .io or .xyz This blog post has the full list : https://wkumari.github.io/2023/05/15/TLDs-that-are-extensions.html PS: The writer of the blogpost is Warren Kumari from Google PS2: I agree with his statement "I think that this particular ship has sailed" Khaled Khaled Koubaa Twitter : @koubaak <https://twitter.com/koubaak> LinkedIn : linkedin.com/in/koubaak/ <http://www.linkedin.com/in/koubaak/> Website : koubaa.net On Tue, May 30, 2023 at 1:29 PM Olivier MJ Crépin-Leblond via CPWG < cpwg@icann.org> wrote:
From ARS Technica, 18 May 2023:
A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links.
https://arstechnica.com/information-technology/2023/05/critics-say-googles-n...
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
It's not really a debate about harm. Adding cognitive load to an end user results in a wider attack plane enabling more DNS abuse which is bad for end users. Does this mean the ship has sailed on the fight against DNS Abuse? I certainly hope not. End Users deserve a voice ... wherever the ship may be. Let's look at the reality found in Olivier's link ... He then provided two URLs: https://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.zip and https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.27.1.zip Market forces may be pushing a new product with no perceivable value, but let's call it what it is. A product defect is a product defect. Google is playing a game with End User trust that At-Large should not follow. Cheers, David On Tue, May 30, 2023 at 6:50 AM Khaled Koubaa via CPWG <cpwg@icann.org> wrote:
Thank you Olivier.
There is indeed a long list of TLDs that are File Extension including very widely used ones such as .io or .xyz
This blog post has the full list : https://wkumari.github.io/2023/05/15/TLDs-that-are-extensions.html
PS: The writer of the blogpost is Warren Kumari from Google PS2: I agree with his statement "I think that this particular ship has sailed"
Khaled
Khaled Koubaa
Twitter : @koubaak <https://twitter.com/koubaak>
LinkedIn : linkedin.com/in/koubaak/ <http://www.linkedin.com/in/koubaak/>
Website : koubaa.net
On Tue, May 30, 2023 at 1:29 PM Olivier MJ Crépin-Leblond via CPWG < cpwg@icann.org> wrote:
From ARS Technica, 18 May 2023:
A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links.
https://arstechnica.com/information-technology/2023/05/critics-say-googles-n...
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
This whole issue of DNS abuse needs a new look from a new angle, which is not easy. I am trying to think about our givens and if we need to have different considerations. Best Hadia From: CPWG <cpwg-bounces@icann.org> On Behalf Of David Mackey via CPWG Sent: Tuesday, May 30, 2023 2:46 PM To: Khaled Koubaa <khaled.koubaa@gmail.com> Cc: cpwg@icann.org Subject: Re: [CPWG] Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back It's not really a debate about harm. Adding cognitive load to an end user results in a wider attack plane enabling more DNS abuse which is bad for end users. Does this mean the ship has sailed on the fight against DNS Abuse? I certainly hope not. End Users deserve a voice ... wherever the ship may be. Let's look at the reality found in Olivier's link ... He then provided two URLs: https://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.zip and https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.27.1.zip Market forces may be pushing a new product with no perceivable value, but let's call it what it is. A product defect is a product defect. Google is playing a game with End User trust that At-Large should not follow. Cheers, David On Tue, May 30, 2023 at 6:50 AM Khaled Koubaa via CPWG <cpwg@icann.org<mailto:cpwg@icann.org>> wrote: Thank you Olivier. There is indeed a long list of TLDs that are File Extension including very widely used ones such as .io or .xyz This blog post has the full list : https://wkumari.github.io/2023/05/15/TLDs-that-are-extensions.html PS: The writer of the blogpost is Warren Kumari from Google PS2: I agree with his statement "I think that this particular ship has sailed" Khaled Khaled Koubaa Twitter : @koubaak<https://twitter.com/koubaak> LinkedIn : linkedin.com/in/koubaak/<http://www.linkedin.com/in/koubaak/> Website : koubaa.net<https://koubaa.net/> On Tue, May 30, 2023 at 1:29 PM Olivier MJ Crépin-Leblond via CPWG <cpwg@icann.org<mailto:cpwg@icann.org>> wrote: From ARS Technica, 18 May 2023: A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links. https://arstechnica.com/information-technology/2023/05/critics-say-googles-n... _______________________________________________ CPWG mailing list CPWG@icann.org<mailto:CPWG@icann.org> https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. _______________________________________________ CPWG mailing list CPWG@icann.org<mailto:CPWG@icann.org> https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
The ship has sailed, this is a certainty. But that does not mean that the fight against DNS abuse has stopped, or has no meaning now. The .zip was an example the article's writer has used to highlight the risk, but that is indeed the same risk that existed already with the long list of other extensions that existed before the .zip Khaled Koubaa Twitter : @koubaak <https://twitter.com/koubaak> LinkedIn : linkedin.com/in/koubaak/ <http://www.linkedin.com/in/koubaak/> Website : koubaa.net On Tue, May 30, 2023 at 3:45 PM David Mackey <mackey361@gmail.com> wrote:
It's not really a debate about harm. Adding cognitive load to an end user results in a wider attack plane enabling more DNS abuse which is bad for end users.
Does this mean the ship has sailed on the fight against DNS Abuse?
I certainly hope not. End Users deserve a voice ... wherever the ship may be.
Let's look at the reality found in Olivier's link ...
He then provided two URLs: https://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.zip
and
https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.27.1.zip Market forces may be pushing a new product with no perceivable value, but let's call it what it is. A product defect is a product defect. Google is playing a game with End User trust that At-Large should not follow.
Cheers, David
On Tue, May 30, 2023 at 6:50 AM Khaled Koubaa via CPWG <cpwg@icann.org> wrote:
Thank you Olivier.
There is indeed a long list of TLDs that are File Extension including very widely used ones such as .io or .xyz
This blog post has the full list : https://wkumari.github.io/2023/05/15/TLDs-that-are-extensions.html
PS: The writer of the blogpost is Warren Kumari from Google PS2: I agree with his statement "I think that this particular ship has sailed"
Khaled
Khaled Koubaa
Twitter : @koubaak <https://twitter.com/koubaak>
LinkedIn : linkedin.com/in/koubaak/ <http://www.linkedin.com/in/koubaak/>
Website : koubaa.net
On Tue, May 30, 2023 at 1:29 PM Olivier MJ Crépin-Leblond via CPWG < cpwg@icann.org> wrote:
From ARS Technica, 18 May 2023:
A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links.
https://arstechnica.com/information-technology/2023/05/critics-say-googles-n...
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
On 30/05/2023 11:49, Khaled Koubaa via CPWG wrote:
Thank you Olivier.
There is indeed a long list of TLDs that are File Extension including very widely used ones such as .io or .xyz
This blog post has the full list : https://wkumari.github.io/2023/05/15/TLDs-that-are-extensions.html <https://wkumari.github.io/2023/05/15/TLDs-that-are-extensions.html> ble PS: The writer of the blogpost is Warren Kumari from Google PS2: I agree with his statement "I think that this particular ship has sailed"
I would not agree with that, Khaled, The .ZIP gTLD is going to be a major problem because of the way that domain names and links are parsed. Not everyone is an expert with regular expressions used to parse text so the default position for many mailserver administrators will be to ban the .ZIP gTLD at a mailserver level. The .MOV may also be a problem but it is the .ZIP which poses the greatest risk due to its widespread use. The key factor in the damage that .ZIP will cause, and it will cause problems, will be the pricing of .ZIP new registrations. If Google prices them as a multiple of .COM then that will limit some of the damage. If it uses discounting to drive registration volume, that will turn a small problem into a much bigger one. Regards...jmcc
Khaled
Khaled Koubaa
Twitter : @koubaak <https://twitter.com/koubaak>____
LinkedIn : linkedin.com/in/koubaak/ <http://www.linkedin.com/in/koubaak/>
Website :koubaa.net <https://koubaa.net/>
On Tue, May 30, 2023 at 1:29 PM Olivier MJ Crépin-Leblond via CPWG <cpwg@icann.org <mailto:cpwg@icann.org>> wrote:
From ARS Technica, 18 May 2023:
A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links. https://arstechnica.com/information-technology/2023/05/critics-say-googles-n... <https://arstechnica.com/information-technology/2023/05/critics-say-googles-n...>
_______________________________________________ CPWG mailing list CPWG@icann.org <mailto:CPWG@icann.org> https://mm.icann.org/mailman/listinfo/cpwg <https://mm.icann.org/mailman/listinfo/cpwg>
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy <https://www.icann.org/privacy/policy>) and the website Terms of Service (https://www.icann.org/privacy/tos <https://www.icann.org/privacy/tos>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com ********************************************************** -- This email has been checked for viruses by Avast antivirus software. www.avast.com
I don't work for Google nor speak on their behalf. I checked the domains.google: I found that the price of the .zip is $15, and there is a requirement for a .zip website to use HTTPS. I don't think the SSL part could resolve the risk as anyone could obtain a free SSL certificate nowadays, but the price is reasonably higher than a .com The focus should not be on the ".zip" but on reducing the risk for end users. The solution could be at the browser level and the DNS level. Any attempt to resolve this issue at the DNS level would consider the effect of measures on the rest of the DNS. Khaled Koubaa Twitter : @koubaak <https://twitter.com/koubaak> LinkedIn : linkedin.com/in/koubaak/ <http://www.linkedin.com/in/koubaak/> Website : koubaa.net On Tue, May 30, 2023 at 3:49 PM John McCormac via CPWG <cpwg@icann.org> wrote:
On 30/05/2023 11:49, Khaled Koubaa via CPWG wrote:
Thank you Olivier.
There is indeed a long list of TLDs that are File Extension including very widely used ones such as .io or .xyz
This blog post has the full list : https://wkumari.github.io/2023/05/15/TLDs-that-are-extensions.html <https://wkumari.github.io/2023/05/15/TLDs-that-are-extensions.html> ble PS: The writer of the blogpost is Warren Kumari from Google PS2: I agree with his statement "I think that this particular ship has sailed"
I would not agree with that, Khaled, The .ZIP gTLD is going to be a major problem because of the way that domain names and links are parsed. Not everyone is an expert with regular expressions used to parse text so the default position for many mailserver administrators will be to ban the .ZIP gTLD at a mailserver level. The .MOV may also be a problem but it is the .ZIP which poses the greatest risk due to its widespread use.
The key factor in the damage that .ZIP will cause, and it will cause problems, will be the pricing of .ZIP new registrations. If Google prices them as a multiple of .COM then that will limit some of the damage. If it uses discounting to drive registration volume, that will turn a small problem into a much bigger one.
Regards...jmcc
Khaled
Khaled Koubaa
Twitter : @koubaak <https://twitter.com/koubaak>____
LinkedIn : linkedin.com/in/koubaak/ <http://www.linkedin.com/in/koubaak/
Website :koubaa.net <https://koubaa.net/>
On Tue, May 30, 2023 at 1:29 PM Olivier MJ Crépin-Leblond via CPWG <cpwg@icann.org <mailto:cpwg@icann.org>> wrote:
From ARS Technica, 18 May 2023:
A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links.
https://arstechnica.com/information-technology/2023/05/critics-say-googles-n... < https://arstechnica.com/information-technology/2023/05/critics-say-googles-n...
_______________________________________________ CPWG mailing list CPWG@icann.org <mailto:CPWG@icann.org> https://mm.icann.org/mailman/listinfo/cpwg <https://mm.icann.org/mailman/listinfo/cpwg>
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy <https://www.icann.org/privacy/policy>) and the website Terms of Service (https://www.icann.org/privacy/tos <https://www.icann.org/privacy/tos>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your
personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com **********************************************************
-- This email has been checked for viruses by Avast antivirus software. www.avast.com _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
"The focus should not be on the ".zip" but on reducing the risk for end users. The solution could be at the browser level and the DNS level. " I disagree. I think we should pursue two goals simultaneously: 1) modify the process for vetting new proposed gTLDs, so problems like this get stopped. Maybe it's a new review. Maybe it's just putting people on the review panel who are familiar enough with the online world to spot these sorts of issues immediately. 2) deal with .ZIP specifically. I think the potential harm here is substantial enough that ICANN should explore rescinding it's approval. At absolute minimum, the gTLD holder should be notified a) that we see an obvious risk here, and b) that by continuing to register .ZIP domains they are assuming any and all legal risks -- that is, any victims of DNS Abuse can sue them and have ICANN's explicit support (in addition to being able to cite the notification at trial). In short, by registering a .ZIP domain they are complicit, and legally accessories before the fact. Bill Jouris Sent from Yahoo Mail on Android On Tue, May 30, 2023 at 5:49 AM, Khaled Koubaa via CPWG<cpwg@icann.org> wrote: _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
I noticed that your first goal focuses on the future round of gTLDs, and the second focuses on the .zip. Does this mean we shouldn't look at the existing TLDs? I said the focus should not be the .zip to avoid the risk of omitting the other extension-TLDs - the risk associated with them - and not to diminish the risk associated with .zip Khaled On Tue, May 30, 2023 at 7:41 PM Bill Jouris via CPWG <cpwg@icann.org> wrote:
"The focus should not be on the ".zip" but on reducing the risk for end users. The solution could be at the browser level and the DNS level. "
I disagree. I think we should pursue two goals simultaneously:
1) modify the process for vetting new proposed gTLDs, so problems like this get stopped. Maybe it's a new review. Maybe it's just putting people on the review panel who are familiar enough with the online world to spot these sorts of issues immediately.
2) deal with .ZIP specifically. I think the potential harm here is substantial enough that ICANN should explore rescinding it's approval. At absolute minimum, the gTLD holder should be notified a) that we see an obvious risk here, and b) that by continuing to register .ZIP domains they are assuming any and all legal risks -- that is, any victims of DNS Abuse can sue them and have ICANN's explicit support (in addition to being able to cite the notification at trial). In short, by registering a .ZIP domain they are complicit, and legally accessories before the fact.
Bill Jouris
Sent from Yahoo Mail on Android <https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_Andr...>
On Tue, May 30, 2023 at 5:49 AM, Khaled Koubaa via CPWG <cpwg@icann.org> wrote: _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
I apologize for misunderstanding your point. Indeed we should look at other existing gTLDs as well. But .ZIP is something that we already know about, and thus can act on immediately. Plus, as we do so, we create a process for dealing with other problematic existing gTLDs as we discover them. Bill Jouris Sent from Yahoo Mail on Android On Tue, May 30, 2023 at 12:25 PM, Khaled Koubaa via CPWG <cpwg@icann.org> wrote: _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Chantelle, Let’s find some time on the next CPWG call to discuss this situation. This might result in a discussion of advice or in a discussion of correspondence to the SSAC. Let’s get it on the agenda. Thanks. Jonathan From: CPWG <cpwg-bounces@icann.org> on behalf of Bill Jouris via CPWG <cpwg@icann.org> Date: Tuesday, May 30, 2023 at 4:26 PM To: cpwg@icann.org <cpwg@icann.org> Subject: Re: [CPWG] Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back I apologize for misunderstanding your point. Indeed we should look at other existing gTLDs as well. But .ZIP is something that we already know about, and thus can act on immediately. Plus, as we do so, we create a process for dealing with other problematic existing gTLDs as we discover them. Bill Jouris Sent from Yahoo Mail on Android<https://mail.onelink.me/107872968?pid=nativeplacement&c=Global_Acquisition_Y...> On Tue, May 30, 2023 at 12:25 PM, Khaled Koubaa via CPWG <cpwg@icann.org> wrote: _______________________________________________ CPWG mailing list CPWG@icann.org<mailto:CPWG@icann.org> https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Hi everyone, Sorry my view might not be too informed - but what is even Google's rationale to pushing these? Also isn't there some sort of black list of forbidden domains? Thank you, Maria On Tue, May 30, 2023, 11:09 PM Jonathan Zuck via CPWG <cpwg@icann.org> wrote:
Chantelle,
Let’s find some time on the next CPWG call to discuss this situation. This might result in a discussion of advice or in a discussion of correspondence to the SSAC. Let’s get it on the agenda. Thanks.
Jonathan
*From: *CPWG <cpwg-bounces@icann.org> on behalf of Bill Jouris via CPWG < cpwg@icann.org> *Date: *Tuesday, May 30, 2023 at 4:26 PM *To: *cpwg@icann.org <cpwg@icann.org> *Subject: *Re: [CPWG] Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
I apologize for misunderstanding your point. Indeed we should look at other existing gTLDs as well.
But .ZIP is something that we already know about, and thus can act on immediately. Plus, as we do so, we create a process for dealing with other problematic existing gTLDs as we discover them.
Bill Jouris
Sent from Yahoo Mail on Android <https://mail.onelink.me/107872968?pid=nativeplacement&c=Global_Acquisition_Y...>
On Tue, May 30, 2023 at 12:25 PM, Khaled Koubaa via CPWG
<cpwg@icann.org> wrote:
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Hi Maria, Not sure if forbidden is the right label here but in the old rules - this would be like the 2012 round of gTLD - each TLD had a list of reserved names, meaning those that could not be in the trade. If memory serves, those were listed in the RA. At the top level, there are reserved strings that may not be delegated and those were listed. Well, almost all of them anyways; .internet itself was an outlier. Carlton ============================== *Carlton A Samuels* *Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround* ============================= On Tue, 30 May 2023 at 17:53, Maria A via CPWG <cpwg@icann.org> wrote:
Hi everyone,
Sorry my view might not be too informed - but what is even Google's rationale to pushing these?
Also isn't there some sort of black list of forbidden domains?
Thank you, Maria
On Tue, May 30, 2023, 11:09 PM Jonathan Zuck via CPWG <cpwg@icann.org> wrote:
Chantelle,
Let’s find some time on the next CPWG call to discuss this situation. This might result in a discussion of advice or in a discussion of correspondence to the SSAC. Let’s get it on the agenda. Thanks.
Jonathan
*From: *CPWG <cpwg-bounces@icann.org> on behalf of Bill Jouris via CPWG < cpwg@icann.org> *Date: *Tuesday, May 30, 2023 at 4:26 PM *To: *cpwg@icann.org <cpwg@icann.org> *Subject: *Re: [CPWG] Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
I apologize for misunderstanding your point. Indeed we should look at other existing gTLDs as well.
But .ZIP is something that we already know about, and thus can act on immediately. Plus, as we do so, we create a process for dealing with other problematic existing gTLDs as we discover them.
Bill Jouris
Sent from Yahoo Mail on Android <https://mail.onelink.me/107872968?pid=nativeplacement&c=Global_Acquisition_Y...>
On Tue, May 30, 2023 at 12:25 PM, Khaled Koubaa via CPWG
<cpwg@icann.org> wrote:
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Maria, Carlton is correct. In the 2012 round, there was a Top-Level Reserved Names List which contained strings that were not allowed, these were mainly associated with ICANN-related entities and functions as well as some "well-known technical words": AFRINIC ALAC APNIC ARIN ASO CCNSO EXAMPLE GAC GNSO GTLD-SERVERS IAB IANA IANA-SERVERS ICANN IESG IETF INTERNIC INVALID IRTF ISTF LACNIC LOCAL LOCALHOST NIC NRO RFC-EDITOR RIPE ROOT-SERVERS RSSAC SSAC TEST TLD WHOIS WWW For the next round, the ICANN Board has already approved a SubPro PDP recommendation to add PTI to the above list. Justine On Wed, 31 May 2023 at 07:18, Carlton Samuels via CPWG <cpwg@icann.org> wrote:
Hi Maria, Not sure if forbidden is the right label here but in the old rules - this would be like the 2012 round of gTLD - each TLD had a list of reserved names, meaning those that could not be in the trade. If memory serves, those were listed in the RA.
At the top level, there are reserved strings that may not be delegated and those were listed. Well, almost all of them anyways; .internet itself was an outlier.
Carlton
============================== *Carlton A Samuels*
*Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround* =============================
On Tue, 30 May 2023 at 17:53, Maria A via CPWG <cpwg@icann.org> wrote:
Hi everyone,
Sorry my view might not be too informed - but what is even Google's rationale to pushing these?
Also isn't there some sort of black list of forbidden domains?
Thank you, Maria
On Tue, May 30, 2023, 11:09 PM Jonathan Zuck via CPWG <cpwg@icann.org> wrote:
Chantelle,
Let’s find some time on the next CPWG call to discuss this situation. This might result in a discussion of advice or in a discussion of correspondence to the SSAC. Let’s get it on the agenda. Thanks.
Jonathan
*From: *CPWG <cpwg-bounces@icann.org> on behalf of Bill Jouris via CPWG <cpwg@icann.org> *Date: *Tuesday, May 30, 2023 at 4:26 PM *To: *cpwg@icann.org <cpwg@icann.org> *Subject: *Re: [CPWG] Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
I apologize for misunderstanding your point. Indeed we should look at other existing gTLDs as well.
But .ZIP is something that we already know about, and thus can act on immediately. Plus, as we do so, we create a process for dealing with other problematic existing gTLDs as we discover them.
Bill Jouris
Sent from Yahoo Mail on Android <https://mail.onelink.me/107872968?pid=nativeplacement&c=Global_Acquisition_Y...>
On Tue, May 30, 2023 at 12:25 PM, Khaled Koubaa via CPWG
<cpwg@icann.org> wrote:
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
There are not many ICANN-related issues that break through to the general consciousness and mainstream media. The attempted sale of .ORG was one such issue. .ZIP (specifically) is another such issue. I have seen it now mentioned on TV news. I have also seen a large global financial institution issue a warning about .zip to employees and vendors, even while noting the gTLD's existence is "above board." It is true that .zip is not unique in the type of risk it might pose. However, I think it is fair to consider .zip a highly malignant variation on this type of risk, with some special features. "Zip files" are sent by email all day every day by general business and non-business users. Indeed, they exist to be sent by email. ".io files" do not fit the same profile (and .io is a ccTLD, which changes the analysis as well). While this might be an opportunity to educate end-users about the existence of the larger problem, the .zip problem cannot be treated as merely one of many. Greg On Tue, May 30, 2023 at 9:21 PM Justine Chew via CPWG <cpwg@icann.org> wrote:
Maria,
Carlton is correct. In the 2012 round, there was a Top-Level Reserved Names List which contained strings that were not allowed, these were mainly associated with ICANN-related entities and functions as well as some "well-known technical words":
AFRINIC ALAC APNIC ARIN ASO CCNSO EXAMPLE GAC GNSO GTLD-SERVERS IAB IANA IANA-SERVERS ICANN IESG IETF INTERNIC INVALID IRTF ISTF LACNIC LOCAL LOCALHOST NIC NRO RFC-EDITOR RIPE ROOT-SERVERS RSSAC SSAC TEST TLD WHOIS WWW
For the next round, the ICANN Board has already approved a SubPro PDP recommendation to add PTI to the above list.
Justine
On Wed, 31 May 2023 at 07:18, Carlton Samuels via CPWG <cpwg@icann.org> wrote:
Hi Maria, Not sure if forbidden is the right label here but in the old rules - this would be like the 2012 round of gTLD - each TLD had a list of reserved names, meaning those that could not be in the trade. If memory serves, those were listed in the RA.
At the top level, there are reserved strings that may not be delegated and those were listed. Well, almost all of them anyways; .internet itself was an outlier.
Carlton
============================== *Carlton A Samuels*
*Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround* =============================
On Tue, 30 May 2023 at 17:53, Maria A via CPWG <cpwg@icann.org> wrote:
Hi everyone,
Sorry my view might not be too informed - but what is even Google's rationale to pushing these?
Also isn't there some sort of black list of forbidden domains?
Thank you, Maria
On Tue, May 30, 2023, 11:09 PM Jonathan Zuck via CPWG <cpwg@icann.org> wrote:
Chantelle,
Let’s find some time on the next CPWG call to discuss this situation. This might result in a discussion of advice or in a discussion of correspondence to the SSAC. Let’s get it on the agenda. Thanks.
Jonathan
*From: *CPWG <cpwg-bounces@icann.org> on behalf of Bill Jouris via CPWG <cpwg@icann.org> *Date: *Tuesday, May 30, 2023 at 4:26 PM *To: *cpwg@icann.org <cpwg@icann.org> *Subject: *Re: [CPWG] Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
I apologize for misunderstanding your point. Indeed we should look at other existing gTLDs as well.
But .ZIP is something that we already know about, and thus can act on immediately. Plus, as we do so, we create a process for dealing with other problematic existing gTLDs as we discover them.
Bill Jouris
Sent from Yahoo Mail on Android <https://mail.onelink.me/107872968?pid=nativeplacement&c=Global_Acquisition_Y...>
On Tue, May 30, 2023 at 12:25 PM, Khaled Koubaa via CPWG
<cpwg@icann.org> wrote:
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- *Greg Shatan* *Chair, NARALO*
https://circleid.com/posts/20230627-alleviating-the-risks-.zip-and-similar-d... An interesting article on .zip and other similarly confusing gTLDs .(app, .cab, .cam, .mobi, .mov, .pub, .rip, and .win cited) from a DNS Abuse point of view. Kind regards, Justine On Wed, 31 May 2023 at 13:56, Greg Shatan [NARALO] <gregshatanalac@gmail.com> wrote:
There are not many ICANN-related issues that break through to the general consciousness and mainstream media. The attempted sale of .ORG was one such issue.
.ZIP (specifically) is another such issue. I have seen it now mentioned on TV news. I have also seen a large global financial institution issue a warning about .zip to employees and vendors, even while noting the gTLD's existence is "above board."
It is true that .zip is not unique in the type of risk it might pose.
However, I think it is fair to consider .zip a highly malignant variation on this type of risk, with some special features. "Zip files" are sent by email all day every day by general business and non-business users. Indeed, they exist to be sent by email. ".io files" do not fit the same profile (and .io is a ccTLD, which changes the analysis as well).
While this might be an opportunity to educate end-users about the existence of the larger problem, the .zip problem cannot be treated as merely one of many.
Greg
On Tue, May 30, 2023 at 9:21 PM Justine Chew via CPWG <cpwg@icann.org> wrote:
Maria,
Carlton is correct. In the 2012 round, there was a Top-Level Reserved Names List which contained strings that were not allowed, these were mainly associated with ICANN-related entities and functions as well as some "well-known technical words":
AFRINIC ALAC APNIC ARIN ASO CCNSO EXAMPLE GAC GNSO GTLD-SERVERS IAB IANA IANA-SERVERS ICANN IESG IETF INTERNIC INVALID IRTF ISTF LACNIC LOCAL LOCALHOST NIC NRO RFC-EDITOR RIPE ROOT-SERVERS RSSAC SSAC TEST TLD WHOIS WWW
For the next round, the ICANN Board has already approved a SubPro PDP recommendation to add PTI to the above list.
Justine
On Wed, 31 May 2023 at 07:18, Carlton Samuels via CPWG <cpwg@icann.org> wrote:
Hi Maria, Not sure if forbidden is the right label here but in the old rules - this would be like the 2012 round of gTLD - each TLD had a list of reserved names, meaning those that could not be in the trade. If memory serves, those were listed in the RA.
At the top level, there are reserved strings that may not be delegated and those were listed. Well, almost all of them anyways; .internet itself was an outlier.
Carlton
============================== *Carlton A Samuels*
*Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround* =============================
On Tue, 30 May 2023 at 17:53, Maria A via CPWG <cpwg@icann.org> wrote:
Hi everyone,
Sorry my view might not be too informed - but what is even Google's rationale to pushing these?
Also isn't there some sort of black list of forbidden domains?
Thank you, Maria
On Tue, May 30, 2023, 11:09 PM Jonathan Zuck via CPWG <cpwg@icann.org> wrote:
Chantelle,
Let’s find some time on the next CPWG call to discuss this situation. This might result in a discussion of advice or in a discussion of correspondence to the SSAC. Let’s get it on the agenda. Thanks.
Jonathan
*From: *CPWG <cpwg-bounces@icann.org> on behalf of Bill Jouris via CPWG <cpwg@icann.org> *Date: *Tuesday, May 30, 2023 at 4:26 PM *To: *cpwg@icann.org <cpwg@icann.org> *Subject: *Re: [CPWG] Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
I apologize for misunderstanding your point. Indeed we should look at other existing gTLDs as well.
But .ZIP is something that we already know about, and thus can act on immediately. Plus, as we do so, we create a process for dealing with other problematic existing gTLDs as we discover them.
Bill Jouris
Sent from Yahoo Mail on Android <https://mail.onelink.me/107872968?pid=nativeplacement&c=Global_Acquisition_Y...>
On Tue, May 30, 2023 at 12:25 PM, Khaled Koubaa via CPWG
<cpwg@icann.org> wrote:
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy ( https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy ( https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- *Greg Shatan* *Chair, NARALO*
They didn't include .COM which is an executable in Windows/MSDOS. :-) For anyone interested in this topic, I'd recommend watching a segment of the ALAC meeting with the SSAC at ICANN77, where some well informed discussion took place and SSAC experts explained the topic in further detail as well as its limited impact. https://icann.zoom.us/rec/share/eaGs3LYmt7fnnYb6DLIMvhG0EWAeQCEVpURvmZjwCfTa... Kindest regards, Olivier On 28/06/2023 05:02, Justine Chew via CPWG wrote:
https://circleid.com/posts/20230627-alleviating-the-risks-.zip-and-similar-d...
An interesting article on .zip and other similarly confusing gTLDs .(app, .cab, .cam, .mobi, .mov, .pub, .rip, and .win cited) from a DNS Abuse point of view.
Kind regards, Justine * *
On Wed, 31 May 2023 at 13:56, Greg Shatan [NARALO] <gregshatanalac@gmail.com> wrote:
There are not many ICANN-related issues that break through to the general consciousness and mainstream media. The attempted sale of .ORG was one such issue.
.ZIP (specifically) is another such issue. I have seen it now mentioned on TV news. I have also seen a large global financial institution issue a warning about .zip to employees and vendors, even while noting the gTLD's existence is "above board."
It is true that .zip is not unique in the type of risk it might pose.
However, I think it is fair to consider .zip a highly malignant variation on this type of risk, with some special features. "Zip files" are sent by email all day every day by general business and non-business users. Indeed, they exist to be sent by email. ".io files" do not fit the same profile (and .io is a ccTLD, which changes the analysis as well).
While this might be an opportunity to educate end-users about the existence of the larger problem, the .zip problem cannot be treated as merely one of many.
Greg
On Tue, May 30, 2023 at 9:21 PM Justine Chew via CPWG <cpwg@icann.org> wrote:
Maria,
Carlton is correct. In the 2012 round, there was a Top-Level Reserved Names List which contained strings that were not allowed, these were mainly associated with ICANN-related entities and functions as well as some "well-known technical words":
AFRINIC ALAC APNIC ARIN ASO CCNSO EXAMPLE GAC GNSO GTLD-SERVERS IAB IANA IANA-SERVERS ICANN IESG IETF INTERNIC INVALID IRTF ISTF LACNIC LOCAL LOCALHOST NIC NRO RFC-EDITOR RIPE ROOT-SERVERS RSSAC SSAC TEST TLD WHOIS WWW
For the next round, the ICANN Board has already approved a SubPro PDP recommendation to add PTI to the above list.
Justine * *
On Wed, 31 May 2023 at 07:18, Carlton Samuels via CPWG <cpwg@icann.org> wrote:
Hi Maria, Not sure if forbidden is the right label here but in the old rules - this would be like the 2012 round of gTLD - each TLD had a list of reserved names, meaning those that could not be in the trade. If memory serves, those were listed in the RA.
At the top level, there are reserved strings that may not be delegated and those were listed. Well, almost all of them anyways; .internet itself was an outlier.
Carlton
============================== /Carlton A Samuels/ /Mobile: 876-818-1799 Strategy, Process, Governance, Assessment & Turnaround/ =============================
On Tue, 30 May 2023 at 17:53, Maria A via CPWG <cpwg@icann.org> wrote:
Hi everyone,
Sorry my view might not be too informed - but what is even Google's rationale to pushing these?
Also isn't there some sort of black list of forbidden domains?
Thank you, Maria
On Tue, May 30, 2023, 11:09 PM Jonathan Zuck via CPWG <cpwg@icann.org> wrote:
Chantelle,
Let’s find some time on the next CPWG call to discuss this situation. This might result in a discussion of advice or in a discussion of correspondence to the SSAC. Let’s get it on the agenda. Thanks.
Jonathan
*From: *CPWG <cpwg-bounces@icann.org> on behalf of Bill Jouris via CPWG <cpwg@icann.org> *Date: *Tuesday, May 30, 2023 at 4:26 PM *To: *cpwg@icann.org <cpwg@icann.org> *Subject: *Re: [CPWG] Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
I apologize for misunderstanding your point. Indeed we should look at other existing gTLDs as well.
But .ZIP is something that we already know about, and thus can act on immediately. Plus, as we do so, we create a process for dealing with other problematic existing gTLDs as we discover them.
Bill Jouris
Sent from Yahoo Mail on Android <https://mail.onelink.me/107872968?pid=nativeplacement&c=Global_Acquisition_Y...>
On Tue, May 30, 2023 at 12:25 PM, Khaled Koubaa via CPWG
<cpwg@icann.org> wrote:
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- *Greg Shatan* *Chair, NARALO*
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
I think that the article points out right where the problem lies: The reason is that many sites and software automatically convert strings like "arstechnica.com" or "mastodon.social" into a URL that, when clicked, leads a user to the corresponding domain. This is yet another example of problems caused by imaginative assumptions by programmers. Remember the assumption that a TLD is either 2 or 3 chars long, or it is “ARPA”? R.
On 30.05.2023, at 11:28, Olivier MJ Crépin-Leblond via CPWG <cpwg@icann.org> wrote:
From ARS Technica, 18 May 2023:
A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links. https://arstechnica.com/information-technology/2023/05/critics-say-googles-n... <https://arstechnica.com/information-technology/2023/05/critics-say-googles-n...>
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Dear All, This has been an interesting thread with some quick reactions. Attached please find an infographic that indicates that 100% of .zip TLD websites are shady!!! Gopal T V 0 9840121302 https://vidwan.inflibnet.ac.in/profile/57545 https://www.facebook.com/gopal.tadepalli ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Dr. T V Gopal Professor Department of Computer Science and Engineering College of Engineering Anna University Chennai - 600 025, INDIA Ph : (Off) 22351723 Extn. 3340 (Res) 24454753 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ________________________________ From: CPWG <cpwg-bounces@icann.org> on behalf of Olivier MJ Crépin-Leblond via CPWG <cpwg@icann.org> Sent: 30 May 2023 14:58 To: cpwg@icann.org <cpwg@icann.org> Subject: [CPWG] Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back
From ARS Technica, 18 May 2023:
A recent move by Google to populate the Internet with eight new top-level domains is prompting concerns that two of the additions could be a boon to online scammers who trick people into clicking on malicious links. https://arstechnica.com/information-technology/2023/05/critics-say-googles-n...
On 31/05/2023 00:07, gopal via CPWG wrote:
Dear All,
This has been an interesting thread with some quick reactions.
Attached please find an infographic that indicates that 100% of .zip TLD websites are shady!!!
Unfortunately, that was a graphic from Bluecote from 2015, Gopal, It was wrong about .ZIP because the .ZIP gTLD zone file only had the Google NIC entries and no active websites. http://domainincite.com/19211-laughable-security-report-labels-google-regist... https://domainnamewire.com/2015/09/04/domain-dunce-award-blue-coat/ Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com ********************************************************** -- This email has been checked for viruses by Avast antivirus software. www.avast.com
participants (13)
-
Bill Jouris -
Carlton Samuels -
David Mackey -
gopal -
Greg Shatan [NARALO] -
Hadia Abdelsalam Mokhtar EL miniawi -
John McCormac -
Jonathan Zuck -
Justine Chew -
Khaled Koubaa -
Maria A -
Olivier MJ Crépin-Leblond -
Roberto Gaetano