HI there. Jeff Schmidt from JAS Advisors kindly answered our consultation on name collisions. Here are the questions we sent him and the answers he provided; we'll be discussing them in our next WT4 call, June 8. Rubens
What general guidance for namespace collisions would you like the community to consider for the next application process, and why ?
Like other large dynamic namespaces (phone numbers, postal addresses and codes, etc), reassignments/change of control (“collisions” in general) are a fact of life. They are not limited to newly created namespaces (new TLDs) or even the top level of the DNS – impactful collisions due to reassignment/change of control occur in every namespace for a wide range of reasons – corp.com being the poster child. In fact, every time an expired name is registered by a new registrant, there is the potential for potentially harmful collisions. Collisions will never be reduced to zero. The best the next round can do is to recognize the phenomena, create a “buffer” between legacy and new operators (ala controlled interruption), and create emergency response procedures should something unanticipated occur that reaches a bright danger threshold (danger to human life being the one we suggested and still advocate). There is precedent for all of this in the phone and postal systems.
A CI period for registrations that changed hands rapidly (for example, a “drop caught” expiration) would also be prudent to notify the legacy users that the name is now under new administrative control. This is how mature namespaces like phone numbers and postal deliveries work.
Were there non-applied for strings that would fall into a high risk profile that would be suggested to not be allowed for the time being in subsequent new gTLD procedures ? Which ones ?
JAS did not specifically research non-applied-for strings and, aside from the already-reserved “.local” nothing jumped out. It is possible that another “corp” sort of situation could emerge in future rounds for strange and unknown reasons (it really wasn’t foreseeable that “corp” was such a special string until the specific string was researched). Subsequent rounds should have mechanisms designed to detect these sorts of unicorns given applied-for strings. I’m not sure it’s possible to identify the universe of problematic strings in general – rather a list of applied-for strings must be evaluated for risk and prior use. Personal gut opinion: I’d be particularly vigilant to IDN variants, transliterations, and colloquial linguistic representations of the problematic Latin/English strings we’ve found so far.
What data sources could/should be used for analyzing namespace collisions for subsequent procedures ?
DITL is exceedingly valuable for this purpose and should be consulted in the future. Non-DITL data from root server operators and large recursive operators (Google, Comcast, etc) would also be helpful. The corp.com and friends collisions research dataset as announced at the Symposium (ORDINAL) would also be helpful.
Based on experience from the 2012 round, can the controlled interruption period be reduced in future procedures, if controlled interruption is suggested to be used ?
Philosophically, we need a way to raise awareness and notify legacy users of the new use cases. This takes time since it depends on a human noticing an anomaly. Here and now in mid- 2017, I can’t think of anything better than the plan we proposed in 2014 – which included controlled interruption and a set of emergency procedures. I also think history has shown the suggested approach to be effective – so I’m not sure I’d change anything (approach, timing, length, etc). It’s become relatively well known and predictable so there is good reason to stick with it. There is broad awareness of controlled interruption (specifically 127.0.53.53) and even some technical messaging baked into browsers like Chrome. It would be silly *not* to take advantage of this pre-existing knowledge and exposure for future rounds. Based on personal gut feel only, a CI period of 90 days is on the short end of where I’d feel comfortable – I wouldn’t suggest going any shorter. The value rapidly diminishes at some point – probably around 120 or 150 days – if the operator hasn’t noticed by then they probably never will, so the sweet spot is somewhere in that range.
Thank you Rubens. I like Jeff's shorthand reference to "unicorn" high risk strings in relation to assessment of future applications. Is the text below the entire original e-mail from Jeff Schmidt? Did he provide an estimate for any further work in this arena? Also I know CI means Controlled Interruption, but can you please remind me what DITL is? Thank you, Anne Anne E. Aikman-Scalese Of Counsel 520.629.4428 office 520.879.4725 fax AAikman@lrrc.com _______________________________ Lewis Roca Rothgerber Christie LLP One South Church Avenue, Suite 700 Tucson, Arizona 85701-1611 lrrc.com -----Original Message----- From: gnso-newgtld-wg-wt4-bounces@icann.org [mailto:gnso-newgtld-wg-wt4-bounces@icann.org] On Behalf Of Rubens Kuhl Sent: Friday, June 02, 2017 6:56 AM To: gnso-newgtld-wg-wt4@icann.org Subject: [Gnso-newgtld-wg-wt4] Fwd: Subsequent procedures PDP HI there. Jeff Schmidt from JAS Advisors kindly answered our consultation on name collisions. Here are the questions we sent him and the answers he provided; we'll be discussing them in our next WT4 call, June 8. Rubens
What general guidance for namespace collisions would you like the community to consider for the next application process, and why ?
Like other large dynamic namespaces (phone numbers, postal addresses and codes, etc), reassignments/change of control (“collisions” in general) are a fact of life. They are not limited to newly created namespaces (new TLDs) or even the top level of the DNS – impactful collisions due to reassignment/change of control occur in every namespace for a wide range of reasons – corp.com being the poster child. In fact, every time an expired name is registered by a new registrant, there is the potential for potentially harmful collisions. Collisions will never be reduced to zero. The best the next round can do is to recognize the phenomena, create a “buffer” between legacy and new operators (ala controlled interruption), and create emergency response procedures should something unanticipated occur that reaches a bright danger threshold (danger to human life being the one we suggested and still advocate). There is precedent for all of this in the phone and postal systems.
A CI period for registrations that changed hands rapidly (for example, a “drop caught” expiration) would also be prudent to notify the legacy users that the name is now under new administrative control. This is how mature namespaces like phone numbers and postal deliveries work.
Were there non-applied for strings that would fall into a high risk profile that would be suggested to not be allowed for the time being in subsequent new gTLD procedures ? Which ones ?
JAS did not specifically research non-applied-for strings and, aside from the already-reserved “.local” nothing jumped out. It is possible that another “corp” sort of situation could emerge in future rounds for strange and unknown reasons (it really wasn’t foreseeable that “corp” was such a special string until the specific string was researched). Subsequent rounds should have mechanisms designed to detect these sorts of unicorns given applied-for strings. I’m not sure it’s possible to identify the universe of problematic strings in general – rather a list of applied-for strings must be evaluated for risk and prior use. Personal gut opinion: I’d be particularly vigilant to IDN variants, transliterations, and colloquial linguistic representations of the problematic Latin/English strings we’ve found so far.
What data sources could/should be used for analyzing namespace collisions for subsequent procedures ?
DITL is exceedingly valuable for this purpose and should be consulted in the future. Non-DITL data from root server operators and large recursive operators (Google, Comcast, etc) would also be helpful. The corp.com and friends collisions research dataset as announced at the Symposium (ORDINAL) would also be helpful.
Based on experience from the 2012 round, can the controlled interruption period be reduced in future procedures, if controlled interruption is suggested to be used ?
Philosophically, we need a way to raise awareness and notify legacy users of the new use cases. This takes time since it depends on a human noticing an anomaly. Here and now in mid- 2017, I can’t think of anything better than the plan we proposed in 2014 – which included controlled interruption and a set of emergency procedures. I also think history has shown the suggested approach to be effective – so I’m not sure I’d change anything (approach, timing, length, etc). It’s become relatively well known and predictable so there is good reason to stick with it. There is broad awareness of controlled interruption (specifically 127.0.53.53) and even some technical messaging baked into browsers like Chrome. It would be silly *not* to take advantage of this pre-existing knowledge and exposure for future rounds. Based on personal gut feel only, a CI period of 90 days is on the short end of where I’d feel comfortable – I wouldn’t suggest going any shorter. The value rapidly diminishes at some point – probably around 120 or 150 days – if the operator hasn’t noticed by then they probably never will, so the sweet spot is somewhere in that range.
_______________________________________________ Gnso-newgtld-wg-wt4 mailing list Gnso-newgtld-wg-wt4@icann.org https://mm.icann.org/mailman/listinfo/gnso-newgtld-wg-wt4 ________________________________ This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521.
Em 2 de jun de 2017, à(s) 18:28:000, Aikman-Scalese, Anne <AAikman@lrrc.com> escreveu:
Thank you Rubens. I like Jeff's shorthand reference to "unicorn" high risk strings in relation to assessment of future applications.
Is the text below the entire original e-mail from Jeff Schmidt?
Other than "have a nice weekend" and things like that, yes.
Did he provide an estimate for any further work in this arena?
No, and I believe ICANN hasn't contracted him or anyone else for that. If we find ICANN should do, we will have to tell them that.
Also I know CI means Controlled Interruption, but can you please remind me what DITL is?
DITL = Day in In Internet Life, it's a project that captures DNS queries for 3 days every year in many different points of the network, but mostly in the root servers. It's one of the DNS-OARC projects I'll be mentioning in our call, in a recap of the Madrid events. https://www.dns-oarc.net/oarc/data/ditl <https://www.dns-oarc.net/oarc/data/ditl> The (in)famous alternate path to delegation (APD) lists were derived from DITL data... but don't blame the message, blame those who found that to be a good idea in the first place. ;-) Rubens
Thank you. So he is saying DITL is “exceedingly valuable”. Quote: “ DITL is exceedingly valuable for this purpose and should be consulted in the future. Non-DITL data from root server operators and large recursive operators (Google, Comcast, etc) would also be helpful. The corp.com and friends collisions research dataset as announced at the Symposium (ORDINAL) would also be helpful.” Do we have the ORDINAL Symposium data to which he refers? Anne Anne E. Aikman-Scalese Of Counsel 520.629.4428 office 520.879.4725 fax AAikman@lrrc.com<mailto:AAikman@lrrc.com> _____________________________ [cid:image003.png@01D2DBB3.3BE5A3A0] Lewis Roca Rothgerber Christie LLP One South Church Avenue, Suite 700 Tucson, Arizona 85701-1611 lrrc.com<http://lrrc.com/> From: Rubens Kuhl [mailto:rubensk@nic.br] Sent: Friday, June 02, 2017 3:05 PM To: Aikman-Scalese, Anne Cc: gnso-newgtld-wg-wt4@icann.org Subject: Re: [Gnso-newgtld-wg-wt4] Subsequent procedures PDP Em 2 de jun de 2017, à(s) 18:28:000, Aikman-Scalese, Anne <AAikman@lrrc.com<mailto:AAikman@lrrc.com>> escreveu: Thank you Rubens. I like Jeff's shorthand reference to "unicorn" high risk strings in relation to assessment of future applications. Is the text below the entire original e-mail from Jeff Schmidt? Other than "have a nice weekend" and things like that, yes. Did he provide an estimate for any further work in this arena? No, and I believe ICANN hasn't contracted him or anyone else for that. If we find ICANN should do, we will have to tell them that. Also I know CI means Controlled Interruption, but can you please remind me what DITL is? DITL = Day in In Internet Life, it's a project that captures DNS queries for 3 days every year in many different points of the network, but mostly in the root servers. It's one of the DNS-OARC projects I'll be mentioning in our call, in a recap of the Madrid events. https://www.dns-oarc.net/oarc/data/ditl The (in)famous alternate path to delegation (APD) lists were derived from DITL data... but don't blame the message, blame those who found that to be a good idea in the first place. ;-) Rubens ________________________________ This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521.
Em 2 de jun de 2017, à(s) 19:16:000, Aikman-Scalese, Anne <AAikman@lrrc.com> escreveu:
Thank you. So he is saying DITL is “exceedingly valuable”.
Quote: “ DITL is exceedingly valuable for this purpose and should be consulted in the future. Non-DITL data from root server operators and large recursive operators (Google, Comcast, etc) would also be helpful. The corp.com <http://corp.com/> and friends collisions research dataset as announced at the Symposium (ORDINAL) would also be helpful.”
Do we have the ORDINAL Symposium data to which he refers?
While the AC recording is not showing at this time at https://www.icann.org/ids <https://www.icann.org/ids>, although it was supposed to, the presentation is already available at: https://www.icann.org/en/system/files/files/presentation-ordinal-datasets-co... <https://www.icann.org/en/system/files/files/presentation-ordinal-datasets-co...> The website for ORDINAL is http://ordinal.jasadvisors.com/ <http://ordinal.jasadvisors.com/> , but the dataset is not directly available, a vetted research clearance from US Gov Homeland Security is required. I'll be mentioning ORDINAL in our next call. Rubens
So I’m guessing this whole ORDINAL business is why JAS Advisors said in their report that they could not reveal all the data on which they were basing their advice? Anne E. Aikman-Scalese Of Counsel 520.629.4428 office 520.879.4725 fax AAikman@lrrc.com<mailto:AAikman@lrrc.com> _____________________________ [cid:image003.png@01D2DBB6.204C0730] Lewis Roca Rothgerber Christie LLP One South Church Avenue, Suite 700 Tucson, Arizona 85701-1611 lrrc.com<http://lrrc.com/> From: Rubens Kuhl [mailto:rubensk@nic.br] Sent: Friday, June 02, 2017 3:32 PM To: Aikman-Scalese, Anne Cc: gnso-newgtld-wg-wt4@icann.org Subject: Re: [Gnso-newgtld-wg-wt4] Subsequent procedures PDP Em 2 de jun de 2017, à(s) 19:16:000, Aikman-Scalese, Anne <AAikman@lrrc.com<mailto:AAikman@lrrc.com>> escreveu: Thank you. So he is saying DITL is “exceedingly valuable”. Quote: “ DITL is exceedingly valuable for this purpose and should be consulted in the future. Non-DITL data from root server operators and large recursive operators (Google, Comcast, etc) would also be helpful. The corp.com<http://corp.com/> and friends collisions research dataset as announced at the Symposium (ORDINAL) would also be helpful.” Do we have the ORDINAL Symposium data to which he refers? While the AC recording is not showing at this time at https://www.icann.org/ids, although it was supposed to, the presentation is already available at: https://www.icann.org/en/system/files/files/presentation-ordinal-datasets-co... The website for ORDINAL is http://ordinal.jasadvisors.com/ , but the dataset is not directly available, a vetted research clearance from US Gov Homeland Security is required. I'll be mentioning ORDINAL in our next call. Rubens ________________________________ This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521.
On Jun 2, 2017, at 7:37 PM, Aikman-Scalese, Anne <AAikman@lrrc.com> wrote:
So I’m guessing this whole ORDINAL business is why JAS Advisors said in their report that they could not reveal all the data on which they were basing their advice?
I believe this a reference to JASBUG. In the first version of their report, they had to not disclose it due to responsible vulnerability disclosure, since Microsoft hasn't patched yet the vulnerability they found. The bug is now documented at https://technet.microsoft.com/en-us/library/security/ms15-011.aspx <https://technet.microsoft.com/en-us/library/security/ms15-011.aspx> . The data sources mentioned in the JAS Report are DNS-OARC DITL and requests to corp.com <http://corp.com/>; corp.com <http://corp.com/> is one of the collision domains now part of ORDINAL, but ORDINAL did not exist at the time of JAS Report, either phase 1 or phase 2. corp.com <http://corp.com/> could be seen as the seed of what is ORDINAL. Rubens
participants (2)
-
Aikman-Scalese, Anne -
Rubens Kuhl