business-dreyfus-81-150x150The program of new generic strings known as New gTLDs (New Generic Top Level Domain Names), such as <.PARIS>, <.BOOKS>, <.SHOP>, <.LOVE> and several hundred others, has entered its final phase. However, the risk of domain name collisions, taken very seriously by ICANN, is delaying the activation of these new strings awaited with such anticipation by Internet users and rights holders alike. The management of these risks is imposing new constraints on the reservation of second level domains and de facto forcing changes to the reservation of domain names in the new strings.

Reminder

note1

A domain name comprises a radical and a suffix, which is also known as a string. The suffix is the top level domain name (TLD) and the radical is the second level domain name (SLD).

Example : dreyfus.fr -> level2.level1 -> SLD.TLD

 

What is domain name collision?

Name Collision is a problem of nomenclature that could occur in the domain name system (DNS), between the new strings and those used in a private domain name system. In reality, these names are used in different protocols on the Internet and may give rise to confusion. An Internet enquiry could thereby be directed to a non-designated site.

 

The risks

  • Enquiries aimed at resources in private networks end up searching the public DNS and thereby “collide” with the newly delegated gTLDs, and vice versa.
  • A firm’s e-mail system could transfer mails to the wrong server.
  • Internet users could be directed to the wrong Internet site.
  • Internet users could conclude that the requested website does not exist.

 

The challenge

What is at stake regarding Name Collision is nothing less than public confidence in the DNS system and the Internet itself.

 

ICANN’s positionnote2

Taking very seriously the risks that could be caused by name collisions, ICANN asked IAS Global Advisors LLC to carry out a study to analyze the risks relating to each future domain name, both at top level (gTLD) and also second level (SLD)..

 

The methodology of the risk analysis

On August 5 2013, ICANN published a study on Name Collisions (link:  http://www.icann.org/en/about/staff/security/ssr/name-collision-02aug13-en.pdf). This study evaluated string categories according to data observed in the DNS root servers.

 

It is worth remembering that the DNS root servers are the thirteen root servers of the Internet’s Domain Name System that come under the authority of ICANN. They respond to requests concerning top level domain names (TLDs) and redirect them towards the DNS server of the relevant top level. The root server data were collected on the “Day in the life of the internet” (DITL), an initiative run by the Domain Name System Operations Analysis and Research Center alias DNS-OARC).

 

The study analyzed two types of data:

  • Samples of DNS requests transferred to root servers
  • Information coming from certification authorities concerning the delivery of certificates for internal names (for example: TLS/SSL certificates for non-delegated names).

 

Based on this study ICANN was able to take measures that aimed to reduce the risk of name collision. These measures affect both first level and second level domains.

 

Name Collision & generic top level domains (gTLDs)

 

Risk classification : L’étude sur la collision des noms identifie trois catégories d’extension en fonction de leurs risques potentiels de collision dans l’espace de noms.

  • High Risk: only 2 strings (<.home> and <.corp>), the most widely used in Company networks, were classed as “High” risk.
  • Indeterminate Risk: in 20% of applied-for strings (ex: <.cba>), the risk of name collision is undefined.
  • Low risk: 80% of applied-for strings represent a low risk of name collision. In general, the longer and more descriptive the gTLD, the lower the risk. A minimum of 4 letters represents adequate security in the majority of cases.

 

Measures taken to reduce risks:

  • High Risk: No delegation of <.corp> and <.home>.
  • Indeterminate Risk: Carry out more detailed studies knowing that they could take from 3 to 6 months (ex: <.cba>)
  • Low risk: It is possible to delegate strings belonging to this category. However, a waiting period of at least 120 days from signing the delegation contract must be respected before being able to activate the first domain names at the second level (SLD) in the DNS.

 

Name Collision & second level domains (SLDs)

 

In order to activate second level domain names (SLDs), the registry operators of new strings must first receive their Collision Occurrence Assessment. According to the results of this evaluation, personalized risk-reduction measures to avoid collision will be required of registry operators for each new gTLD. These measures can include:

 

  • The indefinite block of second level domain names (SLDs)
  • The temporary block of second level domain names (SLDs)
  • The creation of a delegation trial using any format
  • Making the SLD valid for the single entity causing the name collision
  • Any other risk-reducing measures that may be identified during the evaluation or by any further studies

 

The specific context for the management of the consequences of the collision-risk evaluation has not yet been defined. ICANN hopes to finalize this before the end of March 2014.  As a result, the activation of SLDs has yet to be tabled.

 

note3ter

 

However, if the activation of SLDs for new gTLDs still requires patience, the same is not true of their delegation.  On November 17 2013, ICANN published its report on the “APDs” or “Alternate Path to Delegation Reports” ;  http://newgtlds.icann.org/en/announcements-and-media/announcement-2-17nov13-en).

 

  • Two lists of TLDs : note4b

Eligible for the APD.
Ineligible for the APD.

  • If the New gTLDs are eligible, the operators of these registers will be able to delegate the SLDs before the name collision risk is evaluated. However, they must block all the domain names designated by ICANN (for example: <.PARIS> a list of approximately 18,000 SLDs including <disneyland>, <hermes>, <diesel>, <louisvuitton>, etc…).
  • If they are not eligible, the operators of these new registers will not be able to delegate the SLDs before doing an in-depth evaluation. Since the final framework for this evaluation has not yet been determined, the 25 ineligible new gTLDs will have longer to wait. The TLDs involved are the following: .blog, .box, .business, .casa, .cisco, .comcast, .dev, .family, .free, .google, .iinet, .mail, .network, .office, .orange, .philips, .prod, .sfr, .site, .taobao, .taxi, .web, .work, .world, .zip .

 

As a result, it is now vital for rights holders to check the reservation possibilities for their second level domain names in relation to each new string.

 

We can offer you a personalized study according to the strategy defined for the reservation of domain names in the new strings.