Consideration of .CORP, .HOME, and .MAIL and other Collision Strings

Whereas, in March 2013, the SSAC issued SAC057: SSAC Advisory on Internal Name Certificates, wherein the SSAC referred to the issue of "name collision" and provided the ICANN Board with steps for mitigating the issue.

Whereas, on 18 May 2013, the ICANN Board adopted a resolution regarding SAC057, commissioning a study on the use of TLDs that are not currently delegated at the root level of the public DNS in enterprises.

Whereas, in August 2013, Interisle Consulting Group released a report which looked at historical query traffic and found that .HOME and .CORP were the top two most frequently appearing TLDs in queries.

Whereas, in August 2013, the ICANN organization, in conjunction with the study, sought broad community participation in the development of a solution, and a draft mitigation plan was published for public comment along with the report by Interisle. The draft mitigation plan cited .HOME and .CORP as high-risk strings, proposing not to delegate these two strings.

Whereas, on 7 October 2013, the ICANN Board New gTLD Program Committee (NGPC) took a resolution to implement the mitigation plan for managing name collision occurrences as proposed in the "New gTLD Name Collision Occurrence Management Plan."

Whereas, on 30 July 2014, the ICANN Board New gTLD Program Committee adopted the Name Collision Management Framework. In the Framework, .CORP, .HOME, and .MAIL were noted as high-risk strings whose delegation should be deferred indefinitely.

Whereas, on 28 October 2015, JAS Global Advisors issued the "Mitigating the Risk of DNS Namespace Collisions (Final Report)." The recommendations in the Final Report were consistent with the recommendations made in the Phase One report.

Whereas, in 2015, individuals in the IETF DNS Operations (DNSOP) working group wrote an Internet Draft, the first step in developing an RFC, that reserved the CORP, HOME, and MAIL labels from delegation into the top level of the DNS, but the working group and the authors of that draft were unable to reach consensus on the criteria by which labels would be reserved and the effort to create an RFC on the topic was abandoned.

Whereas, on 24 August 2016, applicants for .CORP, .HOME, and .MAIL sent correspondence to the ICANN Board requesting that "the Board commission a timely examination of mitigation measures that will enable the release of .HOME, .CORP, and .MAIL." On 6 March 2017 [PDF, 239 KB], Akram Atallah, President of the Global Domains Division, provided a response to the 24 August 2016 letter, acknowledging the request and noting that "the topic of name collision continues to be considered by the ICANN Board."

Whereas, the strings .CORP, .HOME, and .MAIL remain indefinitely on-hold in the New gTLD Program, and the ICANN Board wishes to provide additional clarity to these applicants and the ICANN community on the issue of name collision and high-risk strings.

Whereas, the de facto use of names in the DNS do not represent an error condition that must be eliminated. Such de facto use is integral to how the Internet works, and cannot be controlled by a single body such as ICANN, the IETF, ISO-3166, or others.

Whereas, ICANN's mission includes coordinating the allocation and assignment of names in the root zone of the Domain Name System and the development of related policies for which uniform or coordinated resolution is reasonably necessary to facilitate the openness, interoperability, resilience, security and/or stability of the DNS, and thereby manage what strings are allowed into the root zone, resolve collisions in the namespace that involve the root zone, and to coordinate with others who play a role in the namespace that do not involve the root zone.

Whereas, the effect of name collisions on interoperability, resilience, security and/or stability of the DNS is not fully understood.

Whereas, the Board's foremost consideration is the potential impact of strings that manifest name collision on Internet users and end systems and the consequent impact on the security and stability of the DNS. The Board has made no determination as to the efficacy or feasibility of potential mitigation mechanisms for Name Collision, and remains focused on minimizing or avoiding risk to the security and stability of the DNS.

Whereas, the Board believes that the roadmap towards understanding strings that manifest name collisions consists of four steps:

Technical study on strings that manifest name collisions;
Policy engagement and input from step 1 above into the Policy Development Process;
Community engagement and input based on the findings of Steps 1 and 2 above; and
Board evaluation of the outputs of Steps 1, 2 and 3 above.
Resolved (2017.11.02.29), the Board requests the ICANN Security and Stability Advisory Committee to conduct a study in a thorough and inclusive manner that includes technical experts (such as members of IETF working groups, technical members of the GNSO, and other technologists), to present data, analysis and points of view, and provide advice to the Board regarding the risks posed to users and end systems if .CORP, .HOME, .MAIL strings were to be delegated in the root, as well as possible courses of action that might mitigate the identified risks. The Board charges the Board Technical Committee to act as the Board's liaison to this study and requests the ICANN Security and Stability Advisory Committee to conduct this study in a timely and organized fashion, with adequate visibility on costs and schedule, which shall be subject to review and approval by the Board.

Resolved (2017.11.02.30), the Board requests the ICANN Security and Stability Advisory Committee to conduct a study in a thorough and inclusive manner that includes technical experts (such as members of IETF working groups, technical members of the GNSO, and other technologists), to present data, analysis and points of view and provide advice to the Board on a range of questions that include, but are not limited to, the following:

(1) a proper definition for name collision and the underlying reasons why strings that manifest name collisions are so heavily used;

(2) the role that negative answers currently returned from queries to the root for these strings play in the experience of the end user, including in the operation of existing end systems;

(3) the harm to existing users that may occur if Collision Strings were to be delegated, including harm due to end systems no longer receiving a negative response and additional potential harm if the delegated registry accidentally or purposely exploited subsequent queries from these end systems, and any other types of harm;

(4) possible courses of action that might mitigate harm;

(5) factors that affect potential success of the courses of actions to mitigate harm;

(6) potential residual risks of delegating Collision Strings even after taking actions to mitigate harm;

(7) suggested criteria for determining whether an undelegated string should be considered a string that manifest name collisions, (i.e.) placed in the category of a Collision String;

(8) suggested criteria for determining whether a Collision String should not be delegated, and suggested criteria for determining how remove an undelegated string from the list of Collision Strings; and

(9) measures to protect against intentional or unintentional creation of situations, such as queries for undelegated strings, which might cause such strings to be placed in a Collision String category, and research into risk of possible negative effects, if any, of creation of such a collision string list.

The Board charges the Board Technical Committee to act as the Board's liaison to this study and requests the ICANN Security and Stability Advisory Committee to conduct this study in a timely and organized fashion, with adequate visibility on costs and schedule, which shall be subject to review and approval by the Board.

Resolved (2017.11.02.31), the Board directs the President and CEO, or his designee(s), to provide options for the Board to consider to address the New gTLD Program applications for .CORP, .HOME, and .MAIL by the first available meeting of the Board following the ICANN60 meeting in Abu Dhabi.