Home / Blogs

The .Corp, .Home & .Mail Quandary

On 24 August, fifteen applicants for the .corp, .home, or .mail (CHM) new gTLDs sent a letter to the ICANN Board asking for action on the stalled process of the their applications. This points to the answer for the question I asked in march of this year: Whatever happened with namespace collision issues and the gTLD Round of 2012. As the letter from the applicants indicates, ICANN has done little to deal with issues concerned with namespace collisions in the last 2 years. Is it now time for action?

The ad hoc decisions from the ICANN Board in 2014, have left the contention set applicants, 24 in all for these names, with a combined total of more than $4 Million in application fees paid to ICANN (this without accounting for all the numerous ICANN surcharges for assorted processes and dispute resolution procedures) dangling in the wind. While they did nothing out of the ordinary or in any way wrong, the applicants have been treated with disdain and suspicion for applying for these available names. The decision not only ignored the ICANN policy development process but was never subject to community comment or discussion. It was another instance of the ICANN Board of 2014 acting on its own instincts.

The Board's decision in 2014, was made during a time when fear, uncertainly, and doubt about the potential dangers of new names was rampant. The Board's decision in 2014 on the CHM gTLDs gave preference to misuse, error and domain name squatters over applicants who followed ICANN's rules. ICANN did not put its resources behind an effort to find a solution, it just threw up its hands in surrender and said the problem was too hard. And then it let the applications sit 'on hold' while the fees sat in ICANN accounts.

The JAS report included 14 recommendations for how to handle a variety of name collisions. Recommendation 3 states:

Emergency response options are limited to situations where there is a reasonable belief that the DNS namespace collision presents a clear and present danger to human life.

This is a reasonable recommendation. In most cases, the report recommends controlled interruption and other mitigation techniques to handle the possibility of collisions. The report discussed several possible mitigation techniques that could be used to allow gTLDs considered collision risks to be delegated. The JAS report also claimed that, exceptionally, .corp, .home, and .mail presented a clear and present danger to the Internet, if not exactly to human life.

Now, two years later, as the letter points out, there is evidence that the fears of 2014 were overstated. We see that names alleged to be a risk to the Internet, were not very risky after all. Informal reports from some applicants indicate that there were only a small number of issues that were easily resolved; it would be useful to have a formal unbiased analysis of actual collision risk compared to projected risk and the results of the controlled interruption plan. Additionally we have also seen that some of the possible risk factors the decision was based on, for example difficulties with certificates, have long since been eliminated. Yet ICANN has still not taken any action to do the work it said it would do; to work with experts and have the consultations it promised to have to deal with issues related to .corp, .home and .mail.

The CHM names were targeted for special status by the ICANN Board. At this point it makes sense to see if that special status is warranted.

A 2013 Name Collision Study Report indicated:

There are no easy solutions to these problems. In an ideal world, the operators of these private networks would get a timely notification of the new TLD's delegation and then take action to address these issues. That seems very improbable.

What does timely mean? If ICANN had realized that there were possible risks before beginning the application process, that would have been timely. But does that mean that a timely notification is impossible for these names? Why would that be? We have already wasted 3 years during which an information and education campaign could have been designed and launched. There still is time, before those names could be delegated, to launch such a campaign.

One of items in the letter that made the strongest impression on me was the willingness of the applicants to work on finding ways to mitigate realistic risks. If ICANN were serious about notifying the public of risks before these names go live, it should be possible to make this part of a mitigation strategy. Defining the task as improbable before it was fully explored seems highly inappropriate. It is a wonder that the Board of 2014 accepted this kind of advice without evidence that went beyond fear, uncertainty, and doubt.

Just as we see in the Universal Acceptance effort that ICANN has begun to support, when ICANN rolls up its sleeves in order to work with applicants and the user community, the situation starts to improve. If ICANN put half the effort into living up to its promises when it accepted applications as it does to selling IPv6 around the world, any of the risks caused by misuse, domain name squatters, and bad advice on internal server names could be overcome. Applicants for domain names have a strong basis for expecting ICANN effort in support of the applications it allows. Where is that effort?

In cases like IPv6 and Universal Acceptance, ICANN has accepted that it is possible to change global internet behaviors. Why is it appropriate to close off the possibility of a change in internet behavior with regard to the use of .corp, .home or .mail? Now that we are seeing articles about new fears of risk to corporations at the second level for all new gTLDs, this may be a time to offer some capacity building to the internet community. Reaching out to the users is possible - a well formed campaign can be designed to effectively reach those responsible for their networks as part of any mitigation strategy.

Lastly, ICANN should be abashed at having reached out to the IETF to solve its problems. These are not technical issues, they are policy issues. ICANN has its own methods for reserving names, it is called the policy development process (PDP). Had ICANN really been interested in having the names added to the reserved list, it should have followed its own procedures and processes instead of just throwing the issue over the fence to a sister operational community. Perhaps they were looking for 'technical' cover for their own inability to research adequately and to solve the problem created by the Board's own practice of making gTLD policy in an ad hoc manner. If the transition process has taught us anything it is that each operational community is responsible for dealing with its own problems.

The request by the 15 applicants to the ICANN Board is a very reasonable request. The issue needs to be looked at by the expert members of the ICANN community and not just be left open. Especially in these days when ICANN is assuming responsibility for its accountability, how can it continue to ignore a fair conclusion to this deficit in its processes and decision making. We must remember the bylaws approved on 27 March 2016 which should come into effect on 1 Oct 2016, that state:

In this role, ICANN's scope is to coordinate the development and implementation of policies:
...
That are developed through a bottom-up consensus-based multistakeholder process

As one of those involved in trying to develop improved policies for subsequent procedures for yet more gTLDs, I believe this incident calls for a fair and well formed resolution before we decide to open up the doors to possible future applications. Otherwise, who knows which names will be misused and blocked in the future. ICANN is giving tacit approval for all sort of misuse of the domain name system, as long as it done before delegation. Is this a precedent that ICANN can be comfortable with?

By Avri Doria, Researcher
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

This isn't hard John Levine  –  Aug 29, 2016 2:54 PM PDT

It's quite clear that ICANN will not delegate any of these domains, so they should just refund all of the application fees. The last estimate I saw was that there would be $70M left at the end of the gTLD process, so they could write a check for the $4M without affecting anything else.
No doubt the applicants would prefer something else, like delegate the domains and tough luck for anyone whose legacy equipment leaks queries, but that's nit going to happen.

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

Whois

Sponsored byWhoisXML API

New TLDs

Sponsored byAfilias