ICANN Resolutions » Consideration of .CORP, .HOME, and .MAIL and other Collision Strings
Important note: The Board Resolutions are as reported in the Board Meeting Transcripts, Minutes & Resolutions portion of ICANN's website. Only the words contained in the Resolutions themselves represent the official acts of the Board. The explanatory text provided through this database (including the summary, implementation actions, identification of related resolutions, and additional information) is an interpretation or an explanation that has no official authority and does not represent the purpose behind the Board actions, nor does any explanations or interpretations modify or override the Resolutions themselves. Resolutions can only be modified through further act of the ICANN Board.
Whereas, in March 2013, the SSAC issued SAC057: SSAC Advisory on Internal Name Certificates, wherein the SSAC referred to the issue of "name collision" and provided the ICANN Board with steps for mitigating the issue.
Whereas, on 18 May 2013, the ICANN Board adopted a resolution regarding SAC057, commissioning a study on the use of TLDs that are not currently delegated at the root level of the public DNS in enterprises.
Whereas, in August 2013, Interisle Consulting Group released a report which looked at historical query traffic and found that .HOME and .CORP were the top two most frequently appearing TLDs in queries.
Whereas, in August 2013, the ICANN organization, in conjunction with the study, sought broad community participation in the development of a solution, and a draft mitigation plan was published for public comment along with the report by Interisle. The draft mitigation plan cited .HOME and .CORP as high-risk strings, proposing not to delegate these two strings.
Whereas, on 7 October 2013, the ICANN Board New gTLD Program Committee (NGPC) took a resolution to implement the mitigation plan for managing name collision occurrences as proposed in the "New gTLD Name Collision Occurrence Management Plan."
Whereas, on 30 July 2014, the ICANN Board New gTLD Program Committee adopted the Name Collision Management Framework. In the Framework, .CORP, .HOME, and .MAIL were noted as high-risk strings whose delegation should be deferred indefinitely.
Whereas, on 28 October 2015, JAS Global Advisors issued the "Mitigating the Risk of DNS Namespace Collisions (Final Report)." The recommendations in the Final Report were consistent with the recommendations made in the Phase One report.
Whereas, in 2015, individuals in the IETF DNS Operations (DNSOP) working group wrote an Internet Draft, the first step in developing an RFC, that reserved the CORP, HOME, and MAIL labels from delegation into the top level of the DNS, but the working group and the authors of that draft were unable to reach consensus on the criteria by which labels would be reserved and the effort to create an RFC on the topic was abandoned.
Whereas, on 24 August 2016, applicants for .CORP, .HOME, and .MAIL sent correspondence to the ICANN Board requesting that "the Board commission a timely examination of mitigation measures that will enable the release of .HOME, .CORP, and .MAIL." On 6 March 2017 [PDF, 239 KB], Akram Atallah, President of the Global Domains Division, provided a response to the 24 August 2016 letter, acknowledging the request and noting that "the topic of name collision continues to be considered by the ICANN Board."
Whereas, the strings .CORP, .HOME, and .MAIL remain indefinitely on-hold in the New gTLD Program, and the ICANN Board wishes to provide additional clarity to these applicants and the ICANN community on the issue of name collision and high-risk strings.
Whereas, the de facto use of names in the DNS do not represent an error condition that must be eliminated. Such de facto use is integral to how the Internet works, and cannot be controlled by a single body such as ICANN, the IETF, ISO-3166, or others.
Whereas, ICANN's mission includes coordinating the allocation and assignment of names in the root zone of the Domain Name System and the development of related policies for which uniform or coordinated resolution is reasonably necessary to facilitate the openness, interoperability, resilience, security and/or stability of the DNS, and thereby manage what strings are allowed into the root zone, resolve collisions in the namespace that involve the root zone, and to coordinate with others who play a role in the namespace that do not involve the root zone.
Whereas, the effect of name collisions on interoperability, resilience, security and/or stability of the DNS is not fully understood.
Whereas, the Board's foremost consideration is the potential impact of strings that manifest name collision on Internet users and end systems and the consequent impact on the security and stability of the DNS. The Board has made no determination as to the efficacy or feasibility of potential mitigation mechanisms for Name Collision, and remains focused on minimizing or avoiding risk to the security and stability of the DNS.
Whereas, the Board believes that the roadmap towards understanding strings that manifest name collisions consists of four steps:
Technical study on strings that manifest name collisions;
Policy engagement and input from step 1 above into the Policy Development Process;
Community engagement and input based on the findings of Steps 1 and 2 above; and
Board evaluation of the outputs of Steps 1, 2 and 3 above.
Resolved (2017.11.02.29), the Board requests the ICANN Security and Stability Advisory Committee to conduct a study in a thorough and inclusive manner that includes technical experts (such as members of IETF working groups, technical members of the GNSO, and other technologists), to present data, analysis and points of view, and provide advice to the Board regarding the risks posed to users and end systems if .CORP, .HOME, .MAIL strings were to be delegated in the root, as well as possible courses of action that might mitigate the identified risks. The Board charges the Board Technical Committee to act as the Board's liaison to this study and requests the ICANN Security and Stability Advisory Committee to conduct this study in a timely and organized fashion, with adequate visibility on costs and schedule, which shall be subject to review and approval by the Board.
Resolved (2017.11.02.30), the Board requests the ICANN Security and Stability Advisory Committee to conduct a study in a thorough and inclusive manner that includes technical experts (such as members of IETF working groups, technical members of the GNSO, and other technologists), to present data, analysis and points of view and provide advice to the Board on a range of questions that include, but are not limited to, the following:
(1) a proper definition for name collision and the underlying reasons why strings that manifest name collisions are so heavily used;
(2) the role that negative answers currently returned from queries to the root for these strings play in the experience of the end user, including in the operation of existing end systems;
(3) the harm to existing users that may occur if Collision Strings were to be delegated, including harm due to end systems no longer receiving a negative response and additional potential harm if the delegated registry accidentally or purposely exploited subsequent queries from these end systems, and any other types of harm;
(4) possible courses of action that might mitigate harm;
(5) factors that affect potential success of the courses of actions to mitigate harm;
(6) potential residual risks of delegating Collision Strings even after taking actions to mitigate harm;
(7) suggested criteria for determining whether an undelegated string should be considered a string that manifest name collisions, (i.e.) placed in the category of a Collision String;
(8) suggested criteria for determining whether a Collision String should not be delegated, and suggested criteria for determining how remove an undelegated string from the list of Collision Strings; and
(9) measures to protect against intentional or unintentional creation of situations, such as queries for undelegated strings, which might cause such strings to be placed in a Collision String category, and research into risk of possible negative effects, if any, of creation of such a collision string list.
The Board charges the Board Technical Committee to act as the Board's liaison to this study and requests the ICANN Security and Stability Advisory Committee to conduct this study in a timely and organized fashion, with adequate visibility on costs and schedule, which shall be subject to review and approval by the Board.
Resolved (2017.11.02.31), the Board directs the President and CEO, or his designee(s), to provide options for the Board to consider to address the New gTLD Program applications for .CORP, .HOME, and .MAIL by the first available meeting of the Board following the ICANN60 meeting in Abu Dhabi.
In a number of prior actions, the Board has considered the applications for .CORP, .HOME and .MAIL and determined to defer delegation of these names indefinitely because of collisions. A name collision occurs when an attempt to resolve a name used in a private name space (e.g. under a non-delegated Top-Level Domain, or a short, unqualified name) results in a query to the public Domain Name System (DNS). When the administrative boundaries of private and public namespaces overlap, name resolution may yield unintended or harmful results. This class of as-yet undelegated strings is referred to as "Collision Strings." In some cases, the unintended or harmful results of delegating Collision Strings may be considered "high-risk". Example parameters for classifying a Collision String as high risk include: high frequency of appearance in queries to the root servers, the severity of the impact from Collision Strings, the type of DNS requests, the type of user causing the collision (e.g. emergency services, air traffic controllers, etc.), diversity of query source, and appearance in internal name certificates. At this time, the Board is revisiting this matter and determining a more definitive course of action. Accordingly, the Board is taking action to request that the ICANN Security and Stability Advisory Committee to conduct a thorough study and provide advice to the Board on a range of questions related to Collision Strings that include, but are not limited to, the questions outlined in the Board's resolutions. The Board also is requesting that the SSAC conduct a thorough study and provide advice to the Board regarding the risks posed to users and end systems if .CORP, .HOME, .MAIL strings were to be delegated in the root.
The Board is requesting the SSAC to conduct these studies in a timely and organized fashion, with adequate visibility on costs and schedule, which shall be subject to review and approval by the Board. Additionally, the studies should be conducted in a thorough and inclusive manner that includes technical experts (such as members of IETF working groups, technical members of the GNSO, and other technologists), to present data, analysis and points of view and provide advice to the Board. The Board Technical Committee will act as the Board's liaison to these studies.
With respect to the New gTLD Program applications for .CORP, .HOME and MAIL, the Board is directing the ICANN President and CEO to develop potential options for the Board to address these open applications. The Board intends to begin considering the potential options at the next available Board meeting after ICANN60.
In adopting this resolution, the Board acknowledges that the matter of Collision Strings has been a topic of discussion in various parts of the community over time. The Board also acknowledges that the roadmap towards understanding strings that manifest name collisions will require additional steps beyond the Board's current action as outlined in the resolutions, which includes policy engagement and community engagement and input about the findings from the technical studies.
In adopting these resolutions, the Board reviewed various materials, including, but not limited to, the following:
SAC045: Invalid Top Level Domain Queries at the Root Level of the Domain Name System (https://www.icann.org/en/committees/security/sac045.pdf [PDF, 507 KB])
SAC057: SSAC Advisory on Internal Name Certificates (https://www.icann.org/en/system/files/files/sac-057-en.pdf [PDF, 1.14 MB])
Name Collision in the DNS (https://www.icann.org/en/system/files/files/name-collision-02aug13-en.pdf [PDF, 3.34 MB])
New gTLD Collision Risk Mitigation (https://www.icann.org/en/system/files/files/new-gtld-collision-mitigatio... [PDF, 165 KB])
Name Collision Occurrence Management Framework (https://www.icann.org/en/system/files/files/name-collision-framework-30j... [PDF, 634 KB])
Mitigating the Risk of DNS Namespace Collisions (https://www.icann.org/en/system/files/files/name-collision-mitigation-fi... [PDF, 11 MB])
24 August 2016 letter from applicants for .CORP, .HOME, and .MAIL (https://www.icann.org/en/system/files/correspondence/home-registry-inc-e... [PDF, 104 KB])
Taking this action is in the public interest as it contributes to the commitment of the ICANN organization to the security, stability and resiliency of the DNS. Taking this action benefits the ICANN community as it will provide transparency and predictability regarding the issue of name collision and high-risk strings. The Board is committed to openness, transparency and community-wide participation and welcomes input from the entire community on this issue.
This Board action is consistent with ICANN's Mission to coordinate the allocation and assignment of names in the DNS root zone and to coordinate policy development on issues for which uniform or coordinated resolution is reasonably necessary to facilitate the openness, interoperability, resilience, security and/or stability of the DNS. The proposed SSAC study is intended to facilitate the development of policy on Collision Strings to mitigate potential harm to the stability and security of the DNS posed by delegation of such strings.
The Board's action is not anticipated to have a fiscal impact on ICANN that is not already anticipated in the current budget, but the Board has requested SSAC to provide adequate visibility on costs and schedule for the proposed study, which shall be subject to the Board's review and approval. This resolution is an organizational administrative function for which no public comment is required.