RE: [ga] Most Popular Invalid TLDs Should Be Reserved/SSAC not secure

[Hugh Dierker <hdierker2204@xxxxxxxxx>]

Ram,
 
You stated interest is very hopeful here.  Is SSAC really interested in the 
policies regarding curtailing corporate abuse by insiders in the industry?  In 
this case we are talking reserving, in another you addressed corporate 
frontrunning.  http://www.icann.org/en/committees/security/sac022.pdf ;
 
Here were your major contributors to the research and conclusions;
 
Bruce Tonkin, Chief Technology Officer, Melbourne IT
Ross Rader, Director, Innovation & Research Company, Tucows
Steve Miholovich, Director of Product Marketing, Network Solutions
Tim Ruiz Vice President of Corporate Development and Policy, GoDaddy
Jay Westerdal, CEO and President, Name Intelligence
Jonathan Nevett, Vice President and Chief Policy Counsel, Network Solutions
Paul Stahura, President & COO, Demand Media
 
But after all the evidence your committee could not determine if corporate 
insider trading on names was a good or bad thing. Clearly SSAC should be honest 
and disclose that they are there for the security and stability of the large 
entrenched multinational corporations and not users.
 
Call for Policy Consideration
SSAC suggests that the domain name community (including registries, registrars,
registrants, civil society and academic study groups) examine the existing 
rules to
determine if the practice of domain name front running is consistent with the 
core values
of the community, and if not, to consider implementing measures (including new
policies, regulations and codes) to restrict domain name front running It would 
be useful
if other organizations such as the ccNSO, APTLD, LACTLD, RALOs, and others were
able to conduct surveys of their members, and contribute to the SSAC analysis.


--- On Fri, 6/19/09, Ram Mohan <rmohan@xxxxxxxxxxxx> wrote:


From: Ram Mohan <rmohan@xxxxxxxxxxxx>
Subject: RE: [ga] Most Popular Invalid TLDs Should Be Reserved
To: "'George Kirikos'" <gkirikos@xxxxxxxxx>, "'GNSO GA Mailing List'" 
<ga@xxxxxxxxxxxxxx>
Cc: dave.piscitello@xxxxxxxxx, steve@xxxxxxxxxxxxxxxx, "Ram Mohan" 
<rmohan@xxxxxxxxxxxx>
Date: Friday, June 19, 2009, 3:15 PM



George,
I write as SSAC's Liaison to the Board.  I will take your suggestion forward
regarding a study on invalid TLDs into the SSAC's planning session at the
Sydney meeting.

Regarding lack of prohibition for wildcarding for new gTLDs, may I refer you
to SSAC's recent publication of an advisory regarding the prohibition of
redirection and synthesis of DNS responses[SAC041 -
http://www.icann.org/en/committees/security/sac041.pdf].

It may also interest you that SSAC has requested that this topic & SSAC's
recommendations on the matter be executed via a formal Board resolution at
the upcoming Sydney board meeting.

Regards,
Ram
--------------------------------------------------------------------------
Ram Mohan
e: rmohan@xxxxxxxxxxxx | m: +1.215.431.0958
--------------------------------------------------------------------------


-----Original Message-----
From: George Kirikos [mailto:gkirikos@xxxxxxxxx] 
Sent: Thursday, June 18, 2009 2:21 PM
To: GNSO GA Mailing List
Cc: dave.piscitello@xxxxxxxxx; steve@xxxxxxxxxxxxxxxx
Subject: [ga] Most Popular Invalid TLDs Should Be Reserved



Hi folks,

Some of the root server operators post public statistics for their domain
name traffic at the top-level. For example, the graph (which can take a bit
of time to generate, given ICANN's slow servers) for the L-root server's
most popular TLD queries:

http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl?window=604800&plot=qt
ype_vs_valid_tld&server=L-root

demonstrates, to no one's surprise, that .com is king. What's more
interesting, though, especially given the new gTLD debate, is to look at the
most popular invalid (non-existent) TLDs:

"http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl?window=604800&plot=q
type_vs_invalid_tld&server=L-root

This list will vary depending on caching and the geographical location of
the root server, but for the L-root, .local, .belkin, .home, .lan, .invalid
.domain, .localdomain, .wpad, .corp, .maps, .html, .router, .host, .mshome,
.htm and so on show popularity in the past week.

Given what transpired with the wildcarding of .cm

http://www.circleid.com/posts/nation_of_cameroon_typosquats_com_space/

and the current lack of a prohibition of wildcarding for new gTLDs (despite
our own input into the public comment periods), it's clear that these TLDs
will be in demand by those who hope to take advantage of the built-in DNS
traffic hardcoded into routers, LANs and other private networks, and from
typos of existing TLDs.

I recommend that the Security and Stability Advisory Committee compile
statistics on invalid TLD queries across all root servers, and from popular
ISP-run DNS servers, in order to create a Reserve List. The list of at least
the top 1000 invalid TLDs should be made public to ensure transparency, and
be pruned only with the consensus support of the community.

Sincerely,

George Kirikos
http://www.leap.com/