Name Collision

Revision as of 22:54, 17 February 2014 by Jonah (talk | contribs)

Currently building this page.

A Name Collision is a term used to describe the circumstance in which a term is used to try and reach a private Domain Name that results in resolving to a public Domain Name unintentionally. Private domain names are used in Intranets and in many corporations and organizations throughout the world. A domain name on a private network that matches a name in the public Internet can create security risks in which private information is obtained or private networks are hacked.

History

Although the Name Collision issue is not new, the topic was reintroduced and debated in the ICANN community in 2013 during the New gTLD Program.

New gTLD Program

A renewed interest in the name collision issue came about as ICANN's New gTLD Program was preparing to delegate hundreds of New domain names to the Root.

Interisle Consulting Report

ICANN contracted Interisle Consulting to carry out an investigation into the effects the delegation of 100s of new gTLDs would have on the security of the existing Internet and intranets around the world. The resulting report, which was published on August 6th, 2013 by ICANN, found that there would be many name collisions for new gTLDs that could create potential security risks. ICANN's initial response to this report was to propose a delay based on the assessed security risk each New gTLD would carry. [1]

  • For .home and .corp, ICANN deemed the two strings "high-risk" because of the widespread use of the terms on internal networks. Currently, ICANN is indefinitely delaying the delegation of these string to the Root Zone.
  • 20% of applications had been deemed an "uncalculated risk" by ICANN initially, saying these strings would be delayed 2-3 months in their application process while they conduct more research into whether the string is of "high" or "low" risk.
  • 80% of applications were deemed "low risk" by ICANN. These strings would face a delay in activating domains until 120 days after contracting with ICANN, but otherwise would not face any long terms delays towards delegation.

Overall, the initial reaction to the publishing of the Interisle report took the form of outrage by many New gTLD applicants, especially since the delays could potentially add on millions of dollars in costs to the applicants on their way to delegating a new gTLD. In the months following the report's publishing, the ICANN community mobilized to create alternative solutions to the Name Collision issue, as well as argue whether or not the issue was serious enough to delay delegation of 100s of gTLDs.[2]

The report and ICANN's proposal for how to deal with the situation were posted on ICANN's website for public comment until September 17, 2013[3]

Reception by New gTLD Applicants

Reception by New gTLD Applicants to the Interisle Report as well as ICANN's response to the report was varied. Many applicants were angered that the timing of the report was poor, since ICANN was only months away from delegating the first New gTLDs in the program. Others pointed out to the potential of millions of dollars in extra costs because of this delay. A few applicants, most notably Verisign, were more supportive of ICANN's response to the report and felt the delay was warranted in order to make sure the security of the Internet would not be compromised. Many applicants however, felt that the report and ICANN's response was too conservative and that the Name Collision issue was not that serious of a risk.[4]

Donuts initially reacted to the Interisle Report and ICANN's response by saying: "We also think that name collision is an overstated issue. Rather than take the overdone step of halting or delaying these TLDs, if the issue really is such a concern, it would be wiser to focus on the second-level names where a conflict could occur."[4]

Uniregistry's Frank Schilling stated: "We are deeply dismayed by this new report, both by its substance and its timing."[4]

Famous Four Media has this to say: "Famous Four Media’s primary concern is the security and stability of the Internet. Since this is in the interest of all parties involved in the new gTLD program from registries to registrants and all in between Famous Four Media welcomes these proposals."[4]

NTAG Response

The New gTLD Applicant's Group within ICANN sent a letter responding to the Interisle's report and ICANN recommendations. The NTAG felt that the report overstated the risks of Name Collision, and called for all of the strings that were designated by ICANN as "uncalculated risk" to be moved into the "low risk" category. The NTAG stated that they agreed however, that the .home and .corp strings should remain as "high risk" and further research is required to move forward with those strings.[3]

Community Discussions

The discussions surrounding the Interisle Report and ICANN's response occurred online, in the public comments on the ICANN site, as well as several in-person conferences organized by several community members.

Artemis Internet, the applicant for .secure, held a day-long conference in San Francisco in August 2013 to discuss the Names Collision issue. Delegates from Google and Paypal were listed as panelists.


Proposed Solutions

Research

References