The Online Trust Alliance‘s (OTA) held a new gTLD Domain Collisions Workshop yesterday in Herndon, VA over what “many stakeholders believe there are significant risks of “domain collisions” occurring with the introduction of the new gTLD’s
The workshop ran well over 7 hours and the overriding theme is that the domain collision issue is a lot like Y2K.
Domain collisions are the result of a long-standing practice of network administrators setting up intranets (internal networks) using top level domains such as .CORP, .HOME and .HOST such that client software (browsers, email, custom software) that reaches to the DNS on the internet can be used to access internal resources and services. The implications may be far reaching. Internal resources and services might become unavailable and sensitive requests will “leak” to the internet with the potential to be intercepted by malicious actors, the media and competitors.”
The speakers included, Former ICANN Board ChairmanPeter Dengate Thrush, Former head of new gTLD program Kurt Pritz, Steve DelBianco, of NetChoice
Colin Strutt and Lyman Chapin of Interisle the company that prepared the collision report, Andy Simpson and Burt Kaliski, of Verisign; Sean Baseri of Neustar and Don Blumenthal of the Public Interest Registry.
The Keynote was : Lessons Learned from Y2K Risk Mitigation, by Tony Keyes
Having listened to the 7 hours on the topic I do think the domain collision issue is a lot like Y2K
Y2K you might recall, was a problem computer programmers identified that they thought would cause computers to stop working once the clock changed on January 1, 2000. Companies and organizations worldwide checked, fixed, and upgraded their computer systems and the Y2K wound up being largely a non-event/
The authors of the collision report clearly indicated the results of the study cited the possible occurrence of collisions.
“We do not have, and do not represent that we have, any real data what will actually happen in the real world when collisions happen.”
So the collision issue and all of the discussion around it is a theoretical issue, basically answering what could happen if new gTLD’s caused a collision at the network level at the root or with Internal company servers.
“We have determined what the collisions could be, but we don’t know what the consequences will be if any, which is different than going out in the real world to see what happens when they actually occur.
We are trying to develop a policy to prevent collisions that might happen from happening and mitigate any damage from collisions if they do occur
The reference to Y2K is relevant since companies were generally unaware of the potential problems from Y2K until the alarm was sounded by computer programmers, which got the tech community and the public aware of the potential problem and then they were able to address the problem ahead of time, which made Y2K a non-event when the clock struck midnight
“Like Y2K we were’t sure anything was going to happen it might, it could, but people were made aware of it and companies jumped on it to provide fixes for it.”
“Make them understand the problem and giving them solutions for the problem are key so companies and networks take action.”
Paul Rosenzweig, Esq from the law firm of Chertoff Group & David Fagan, Covington was on hand to tell everyone the consequences and potential liability that ICANN, new gTLD’s registries, backend providers and even registrars might face if all new gTLD’s are allowed to go to delegation without any attempted mitigation for collisions and collisions actually occur resulting in large corporate networks to go down or existing domains to stop resolving.
To summarize Mr.Rosenzweig comments now that the collision report is out ICANN and everyone else in the food chain of likely defendants are on notice that this issue may cause damage to companies, ICANN cannot sit by without taking some action.
In the event a Fortune 500 company network infrastructure fails to work because of collision, the damages that just one company could suffer could easily exceed all of ICANN assets.
Its a complicated issue of course which should have been addressed when ICANN first started talking about opening up the Top Level Domain space.
Obviously its a fundamental issue that should have been studied by ICANN many years ago when considering whether this new gTLD thing a good idea and well before they accepted $185,000 from companies who applied for gTLD’s like .home and .corp which are dead in the water based on the collision report.