RE: [ga] Most Popular Invalid TLDs Should Be Reserved

[George Kirikos <gkirikos@xxxxxxxxx>]

Hi Ram,

Thanks for your reply. The link you provided:

http://www.icann.org/en/committees/security/sac041.pdf

goes to an error page at this time, so I'm not sure to which advisory you refer.

The only other document listed at:

http://www.icann.org/en/committees/security/ssac-documents.htm

(which only goes up to 38 advisories, not 41) which might be relevant is #15,

http://www.icann.org/en/committees/security/sac015.htm

In any event, what matters ultimately is what's in the gTLD registry contracts, 
the actual legal language, and not just an "advisory" that is not legally 
binding. The drafters of the new gTLD guidebooks have been extremely sloppy, as 
you are likely aware, since gTLD registry operators are known for pushing the 
boundaries of what their contracts might allow (e.g. SiteFinder) and the 
drafters have not closed off all loopholes. Even though the tiered-pricing 
issue, for example, was decided years ago back when .biz/info/org attempted to 
eliminate price caps (and failed due to public outrage), ICANN staff once again 
put in language in both versions of the guidebooks with unrestricted pricing 
(which ultimately permits tiered pricing). And even when something is not 
allowed, registries have no problems asking for one-sided amendments to their 
contracts which ICANN routinely rubberstamps:

http://www.icann.org/en/registries/rsep/

So, I look forward to reviewing the advisory, once it is published, and 
hopefully the SSAC agrees that this is an issue that needs to be studied and 
incorporated into new gTLDs, and ultimately into existing TLDs too (to close 
any potential loopholes). If those TLDs are not put on reserve, then they open 
an avenue not just for the monetization via PPC pages, but obviously for 
criminal activity (e.g. phishing of credentials, if criminals register a 
2nd-level domain corresponding to a domain that previously "resolved" only 
within a corporate internal network/LAN, but then later resolves to the 
internet on a new gTLD; or criminals create their own software/router firmware 
updates that previously used a non-existent TLD; to name just two possible 
attacks).

Sincerely,

George Kirikos
http://www.leap.com/

--- On Fri, 6/19/09, Ram Mohan wrote:
> George,
> I write as SSAC's Liaison to the Board.  I will take
> your suggestion forward
> regarding a study on invalid TLDs into the SSAC's planning
> session at the
> Sydney meeting.
> 
> Regarding lack of prohibition for wildcarding for new
> gTLDs, may I refer you
> to SSAC's recent publication of an advisory regarding the
> prohibition of
> redirection and synthesis of DNS responses[SAC041 -
> http://www.icann.org/en/committees/security/sac041.pdf].
> 
> It may also interest you that SSAC has requested that this
> topic & SSAC's
> recommendations on the matter be executed via a formal
> Board resolution at
> the upcoming Sydney board meeting.
> 
> Regards,
> Ram
> --------------------------------------------------------------------------
> Ram Mohan
> e: rmohan@xxxxxxxxxxxx
> | m: +1.215.431.0958
> --------------------------------------------------------------------------
> 
> 
> -----Original Message-----
> From: George Kirikos [mailto:gkirikos@xxxxxxxxx]
> 
> Sent: Thursday, June 18, 2009 2:21 PM
> To: GNSO GA Mailing List
> Cc: dave.piscitello@xxxxxxxxx;
> steve@xxxxxxxxxxxxxxxx
> Subject: [ga] Most Popular Invalid TLDs Should Be Reserved
> 
> 
> 
> Hi folks,
> 
> Some of the root server operators post public statistics
> for their domain
> name traffic at the top-level. For example, the graph
> (which can take a bit
> of time to generate, given ICANN's slow servers) for the
> L-root server's
> most popular TLD queries:
> 
> http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl?window=604800&plot=qt
> ype_vs_valid_tld&server=L-root
> 
> demonstrates, to no one's surprise, that .com is king.
> What's more
> interesting, though, especially given the new gTLD debate,
> is to look at the
> most popular invalid (non-existent) TLDs:
> 
> "http://stats.l.root-servers.org/cgi-bin/dsc-grapher.pl?window=604800&plot=q
> type_vs_invalid_tld&server=L-root
> 
> This list will vary depending on caching and the
> geographical location of
> the root server, but for the L-root, .local, .belkin,
> .home, .lan, .invalid
> .domain, .localdomain, .wpad, .corp, .maps, .html, .router,
> .host, .mshome,
> .htm and so on show popularity in the past week.
> 
> Given what transpired with the wildcarding of .cm
> 
> http://www.circleid.com/posts/nation_of_cameroon_typosquats_com_space/
> 
> and the current lack of a prohibition of wildcarding for
> new gTLDs (despite
> our own input into the public comment periods), it's clear
> that these TLDs
> will be in demand by those who hope to take advantage of
> the built-in DNS
> traffic hardcoded into routers, LANs and other private
> networks, and from
> typos of existing TLDs.
> 
> I recommend that the Security and Stability Advisory
> Committee compile
> statistics on invalid TLD queries across all root servers,
> and from popular
> ISP-run DNS servers, in order to create a Reserve List. The
> list of at least
> the top 1000 invalid TLDs should be made public to ensure
> transparency, and
> be pruned only with the consensus support of the
> community.
> 
> Sincerely,
> 
> George Kirikos
> http://www.leap.com/
> 
>