Security Study Reveals Potential for Internal Name Collisions; Could Delay New gTLD Program
ICANN could still delay its rollout of new generic top-level domains if security issues will “impact the global DNS,” said ICANN Chief Security Officer Jeff Moss Wednesday at ICANN’s meeting in Durban, South Africa. ICANN has remained committed to a timeline under which new gTLDs will roll out in the beginning of September (WID July 16 p1), but a new security study, the preliminary results of which were released Wednesday, said nearly every applied-for new gTLD could have some potential for an internal name collision. “I'm not going to recommend that we do anything that has any substantial [security, stability and resiliency] impact. It’s not worth the risk,” Moss said. “If there’s something that we find that we think is a showstopper, deadlines will have to move.”
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Wednesday’s discussion centered on the potential of new gTLDs clashing or colliding with existing internal name certificates, presenting a routing error and perhaps posing a security risk. Internal name certificates resemble the digital certificates assigned to secure, Web-based transactions but are assigned to domain names on private servers or server partitions (WID May 28 p1). Several stakeholders, including the Internet infrastructure provider Verisign and the certification authority DigiCert, have warned ICANN this year that many enterprises currently employ TLDs like .corp or .home to designate their intranet. If ICANN delegates those strings, both of which have several applicants, end-users querying long-existing servers could be re-routed or even sent to phishing sites. ICANN commissioned a study from the Interisle Consulting Group into the issue in May, the results of which were intended to be released before Durban.
Both Digicert and Interisle presented the preliminary results of their reports Wednesday, and plan to publish their entire reports within the next two weeks, said Francisco Arias, ICANN Registry Technical Liaison. Interisle found that in a 48-hour period, 3 percent of the requests to the DNS root were for strings that have been applied for in this round of the new gTLD program, Interisle CEO Lyman Chapin said. Another 19 percent of requests were for strings that could be applied for in future rounds. Only 14 of the applied-for strings do not have any root traffic. The TLD for .home, which was the most frequently requested string, received more than one billion requests over the 48-hour period, while the TLD .corp received more than 153 million queries. In the same period, the .com TLD received 8.5 billion queries. In a list of the top 100 most-requested TLDs, 13 are strings that have corresponding applications in this round of the new gTLD rollout, Chapin said.
But Chapin warned that a large volume of root queries for a particular TLD wouldn’t necessarily spell disaster if that TLD were delegated. He cited the TLD .ice, which flooded root servers with nearly 19 million requests in 48 hours. Closer examination of the requests showed that nearly all were coming from a single utility provider in Costa Rica that had misrouted its networks. Assessing risks requires two considerations, Chapin said. “An event that occurs very frequently but has no negative side effects is one thing, but an event that occurs very infrequently but has a really serious side effect, like a meteor strike or something like that” is another thing, he said. “Just because a string occurs a lot, and it looks scary, it’s not necessarily so."
Chapin proposed four paths ICANN could take, given the information his team had collected, though he said Interisle would not offer explicit recommendations for any of the options. ICANN could permanently reserve some strings to prevent name collision issues, he said, which would be “a pretty radical step to take.” It could also delay delegation and continue to study either a specific string or the overall issue. It could delay delegation until string use stopped in several years, working to educate enterprises to stop using certain TLD server partitions. Or, it could delegate a string under closely monitored conditions to evaluate the impact -- so “if something bad happens, they could very quickly withdraw” the delegation, he said.
"This isn’t isolated like ICANN has been leading us to believe,” said Amy Mushahwar, a Ballard Spahr lawyer who represents the Association of National Advertisers. “Nearly all of these strings have some sort of problems and issues with them that will cause things to break.” She said ICANN hasn’t done enough research into the types of impacts that a collision could have, and emphasized that some of the queries to applied-for TLDs could be coming from power utilities, emergency communications servers, hospitals or wireless-enabled medical devices. “Right now, we don’t know what could go wrong. All we know is this needs to be studied and its a severe enough issue for us to take the time to study it adequately.” Mushahwar also urged ICANN to do a better job of publicizing its new gTLD program so enterprises would be aware of and understand the potential problem with using certain terms on internal servers. It’s ICANN’s duty to publicize these issues within the community, she said, and “ICANN has done a horrible job.”
But “the DNS isn’t so fragile it’s going to come apart on the basis of a minor technical issue,” said a spokesman for Donuts, which has applied for the .home and .corp TLDs. “To the extent a problem exists, it relates to one or two TLDs, and can be addressed through existing ICANN processes without any need to slow down the program,” he said.