Historical Resolution Tracking Feature » Accepting Name Collision Analysis Project (NCAP) Study 1 and Proceeding with Study 2
Important note: The explanatory text provided through this database (including the summary, implementation actions, identification of related resolutions, and additional information) is an interpretation or an explanation that has no official authority and does not represent the purpose behind the Board actions, nor does any explanations or interpretations modify or override the Resolutions themselves. Resolutions can only be modified through further act of the ICANN Board.
Accepting Name Collision Analysis Project (NCAP) Study 1 and Proceeding with Study 2
Whereas, in 2017 the Board passed resolutions 2017.11.02.29 - 2017.11.02.31 asking a series of questions about name collisions.
Whereas, the ICANN Security and Stability Advisory Committee (SSAC) responded with a proposal for three studies intended to address the Board's questions.
Whereas, SSAC and the Office of the Chief Technology Officer (OCTO) within ICANN org worked together to produce a mutually agreed revised proposal for NCAP Study 1.
Whereas, in April 2019 the Board directed ICANN org to proceed with NCAP Study 1 and authorized the associated expenditures for that purpose.
Whereas, ICANN org engaged Scarfone Cybersecurity, an independent contractor, to research and write NCAP Study 1.
Whereas, on 30 June 2020, ICANN org sent the final version of NCAP Study 1 to the Board Technical Committee (BTC) after two public comment periods on the draft and final versions of the report.
Whereas, NCAP Study 1 recommended that NCAP Studies 2 and 3 not proceed as currently designed.
Whereas, the NCAP Discussion Group (DG) revised the design of NCAP Study 2 to take into account the issues raised by NCAP Study 1.
Whereas, on 5 February 2021, the NCAP DG leadership presented the revised design of NCAP Study 2 to the BTC for approval.
Resolved (2021.03.25.11), the Board reiterates its thanks to the SSAC for its work in responding to the November 2017 resolution and developing an initial proposal for the NCAP and subsequent revisions to that proposal.
Resolved (2021.03.25.12), the Board thanks the NCAP DG for its contributions to NCAP Study 1.
Resolved (2021.03.25.13), the Board affirms the continued relevance of the nine questions related to name collisions presented in Board resolutions 2017.11.02.29 - 2017.11.02.31, especially questions (7) and (8) concerning criteria for identifying collision strings and determining if collision strings are safe to be delegated.
Resolved (2021.03.25.14), the Board directs the NCAP DG to proceed with Study 2 as redesigned, and directs the President and CEO, or his designee(s), to participate in Study 2 in the manner indicated in the redesigned proposal.
Name collision refers to the situation where a name that is defined and used in one namespace may also appear in another. A "namespace" in this context refers to all possible names that can be resolved, e.g., the public DNS namespace as administered by ICANN through the IANA functions or a "private" namespace that is limited to an enterprise network. Users and applications intending to use a name in one namespace may attempt to use it in a different one (typically accidentally due to misconfigurations), and unexpected behavior may result where the intended use of the name is not the same in both namespaces. An example of name collision outside the DNS would be calling out a common person's name in a closed environment like a company lunch room versus calling out that name in a crowded public space: in the first case, the intended person is likely to respond whereas in the latter case, multiple people may respond.
On 2 November 2017, the ICANN Board passed resolutions 2017.11.02.29 - 2017.11.02.31 requesting SSAC to conduct studies to present data, analysis, and points of view, and provide advice to the Board regarding the risks posed to users and end systems if .CORP, .HOME, .MAIL strings were to be delegated in the root, as well as possible courses of action that might mitigate the identified risks. The Board also asked nine questions related to the definition of name collision, user experience and possible harm, causes of collisions, potential risks, and possible mitigations, among other topics related to name collisions.
Following the Board resolution, the SSAC began project planning in December 2017 for the work necessary to address the Board's requests. In January 2018, the SSAC NCAP Work Party ("NCAP WP") was formed and prepared a plan calling for three studies. Also created was the NCAP Administration ("NCAP Admin"), a smaller group comprising the NCAP WP leadership and SSAC leadership, which guides the NCAP effort both within SSAC and in the larger ICANN community.
In June 2018, the ICANN organization's CEO, after input from the Board, assigned OCTO to be responsible for completing the NCAP studies since SSAC did not have the administrative infrastructure or the resources to undertake and manage such a large project.
In September 2018, SSAC published "SSAC Proposal for the Name Collision Analysis Project", which proposed three consecutive studies to address the Board's request. OCTO proposed minor changes to the proposal and, after discussion between SSAC and OCTO, an updated version of the proposal was published in February 2019.
In April 2019, the NCAP DG was formed to allow interested members of the larger ICANN community to also participate in the NCAP effort. The NCAP DG consists of both the SSAC NCAP WP and any interested community members.
Due to resource constraints, OCTO chose to outsource the completion of Study 1 to a contractor. An RFP for the work was published on 9 July 2019 and in September 2019, Scarfone Cybersecurity was selected in accordance with ICANN org's standard procurement processes. Study 1 was the result of a collaborative effort between Scarfone Security, NCAP DG and ICANN org. Every draft of the study during each Public Comment proceedings was met with various comments and points of discussion before the publication of the final report. The final Study 1 report was published on 19 June 2020.
The major findings of Study 1 can be summarized as follows:
Name collisions have been a known problem for decades but published work only began to appear starting in 2012. The only known work on name collisions in the past few years has been done within the ICANN community by the NCAP DG and the New gTLD Subsequent Procedures PDP Working Group ("SubPro WG").
Few instances of name collisions were reported to ICANN or publicly since controlled interruption was instituted. Only one of the reports to ICANN necessitated action by a registry, and none of the public reports surveyed mentioned major harm to individuals or organizations.
There are several root causes of name collisions but these have typically been found researching a specific leaked TLD, not by examining datasets.
No gaps or other issues were identified in accessing datasets that would be needed for Studies 2 and 3.
Study 1 goes on to state:
Given these findings, the recommendation is that Studies 2 and 3 should not be performed as currently designed. Regarding Study 2, analyzing datasets is unlikely to identify significant root causes for name collisions that have not already been identified. New causes for name collisions are far more likely to be found by investigating TLD candidates for potential delegation on a case by case basis. Regarding Study 3, controlled interruption has already proven an effective mitigation strategy, and there does not appear to be a need to identify, analyze, and test alternatives for the vast majority of TLD candidates. (Executive Summary, p. v)
In response to the findings of Study 1, the NCAP DG redesigned Study 2 and made several major changes: (1) the removal of two original study goals, (2) the expansion and added detail of other study goals, and (3) having the NCAP DG undertake most of the work which was slated for paid contractors in the original version of the Study 2 proposal. These modifications dramatically reduce the scope, level of effort, total costs, and resources required to execute Study 2.
NCAP DG will undertake a significant portion of the work in the redesigned Study 2, while ICANN will provide project management support and engage a technical writer and a technical investigator to assist with preparation of the Study. The estimated costs to ICANN org for the redesigned Study 2 fall below the threshold required for Board approval and are therefore not described further here.
The BTC affirms that the questions related to name collisions posed in Board resolutions 2017.11.02.29 - 2017.11.02.31 are still relevant. The BTC emphasizes the particular importance of questions (7) and (8) regarding the criteria for identifying collision strings and determining if collision strings are safe to be delegated.
The Board's action is expected to have a positive impact on the security, stability and resiliency of the Internet's DNS, as it is designed to continue to study name collisions. This action also serves ICANN's mission in ensuring a secure and stable operation of the Internet's unique identifier systems. This resolution is in the public interest in meeting ICANN's core value of preserving and enhancing the administration of the DNS and the operational stability, reliability, security, global interoperability, resilience, and openness of the DNS and the Internet.
The Board's action is an Organizational Administrative Function not requiring public comment.