!""#$%&' )* +,-. /*01 2 34!55 6$7#' 5&8 9:;< =#$9#7> 4$>>?

@@&&
A&B$-,@?$C /*01D*ED)*D5F*0
NANE C0LLISI0N 0CC0RRENCE NANAuENENT
FRANEW0RK
! #$%&$'(') $* )+( ,(- ./01 2$33454$' 6##788('#( 9:':.(%(') ;3:'


1. INTR0B0CTI0N
A name collision occuis when a usei unknowingly accesses a name that has been uelegateu in the
public BNS when the usei's intent is to access a iesouice iuentifieu by the same name in a piivate
netwoik. Ciicumstances like these, wheie the auministiative bounuaiies of piivate anu public
namespaces oveilap anu name iesolution yielus unintenueu iesults, piesent conceins anu shoulu be
avoiueu if possible.
0n 7 0ctobei 2u1S the ICANN Boaiu's New gTLB Piogiam Committee passeu a iesolution auopting
the New gTLB Collision 0ccuiience Nanagement Plan
1
aimeu at mitigating the iisk of name collisions
in new gTLBs. Among othei elements, the Plan calls foi ICANN to commission a stuuy to uevelop a
name collision occuiience management fiamewoik. The fiamewoik will specify a set of name
collision occuiience assessments anu coiiesponuing mitigation measuies foi ICANN anuoi TLB
applicants to implement. 0n Novembei 2u1S ICANN engageu }AS ulobal Auvisois ("}AS") to uevelop a
uiaft fiamewoik as a iecommenuation to ICANN on this iegaiu. }AS uevelopeu a uiaft iepoit that
unueiwent public comment fiom 26 Febiuaiy to 21 Apiil 2u14. The final veision of the iepoit ("the
}AS iepoit") was publisheu on 6 }une 2u14
2
.
ICANN has consiueieu the iecommenuations in the }AS iepoit, the public comment foium, anu SSAC
auvice in SAC u62
S
anu SAC u66
4
. This papei uesciibes a pioposal foi the Name Collision 0ccuiience
Nanagement Fiamewoik iequesteu in the Plan. Foi full uetail on the measuies, the ieauei is iefeiieu
to the }AS iepoit. This Fiamewoik contains measuies to be implementeu by ICANN anu new gTLB
iegistiy opeiatois. Neasuies uiiecteu at iegistiy opeiatois aie legally binuing pei the new gTLB
iegistiy agieement, Specification 6, Section 6.2.1.

1
https:featuies.icann.oignew-gtlu-collision-occuiience-management

2
https:www.icann.oigensystemfilesfilesname-collision-mitigation-stuuy-u6jun14-en.puf
2
https:www.icann.oigensystemfilesfilesname-collision-mitigation-stuuy-u6jun14-en.puf

S
https:www.icann.oigengioupsssacuocumentssac-u62-en.puf
4
https:www.icann.oigensystemfilesfilessac-u66-en.puf
Su }uly 2u14 Name Collision 0ccuiience Nanagement Fiamewoik 2
PART A - NEAS0RES T0 BE INPLENENTEB BY REuISTRIES
0nless otheiwise inuicateu in this section, all iegistiy obligations iemain (e.g., pioviue WB0IS anu
web-baseu Biiectoiy seivices).
2. NANE C0LLISI0N REP0RT BANBLINu
Regaiuing the name collision iepoit hanuling piovision uesciibeu in Section 6.S of Specification 6 of
the new gTLB Registiy Agieement, Registiy 0peiatoi shall act on iequests fiom ICANN within 2
houis of ieceipt.
S. C0NTR0LLEB INTERR0PTI0N
ICANN is inteiesteu in maintaining the ieliability, secuiity anu stability of the BNS anu the Inteinet.
As such, ICANN is inteiesteu in pioviuing a goou notification measuie foi those paities that may be
leaking queiies intenueu foi piivate namespaces to the public BNS. Bowevei, ICANN is also awaie of
the piivacy anu legal iisks associateu with the honeypot appioach uesciibeu in SAC u62 anu u66 anu
the }AS iepoit. ICANN has ueciueu on balancing the goou notification featuies offeieu by using the
loopback auuiess option with its supeiioi piivacy piotection vs. the use of a honeypot.
SSAC iecommenus an inteimittent contiolleu inteiiuption, but also acknowleuges that eveiy
appioach to contiolleu inteiiuption involves balancing tiaue-offs anu exeicising juugment. Fiom an
opeiational peispective the inteimittent appioach piesents moie iisk foi iegistiies anu ICANN to
implement anu ensuie coiiect functioning. 0n the othei hanu, continuous contiolleu inteiiuption
piesents a simplei appioach opeiationally anu pioviues foi an easiei way to uiagnose anu
tioubleshoot, it is also a bettei way to inuicate the neeu foi changes in an affecteu paity's netwoik
configuiation. Auuitionally, anu inteimittent contiolleu inteiiuption appioach in theoiy woulu allow
an affecteu paity to have tempoiaiy ielief while the contiolleu inteiiuption is in the "off" cycle. It
shoulu be noteu that theie is alieauy a mechanism in place (name collision iepoiting) foi affecteu
paities to finu tempoiaiy ielief fiom name collision haim, if neeueu, making the inteimittent
appioach an unnecessaiy buiuen.
Registiy 0peiatois will implement a peiiou of, at least, 9u uays of continuous contiolleu inteiiuption.
ICANN will monitoi anu time the implementation of the measuie, piimaiily using the zone files that
aie tiansfeiieu to ICANN fiom new gTLB iegistiies once they aie uelegateu (pei Specification 4 of
the new gTLB Registiy Agieement).
If at some point in the futuie a solution is founu foi IPv6 that has similai piopeities to the loopback
auuiess useu foi IPv4, iegistiies will incluue the auuitional BNS iecoiu(s) as instiucteu by ICANN.
This auuition will not inciease the uuiation of the contiolleu inteiiuption peiiou.
Su }uly 2u14 Name Collision 0ccuiience Nanagement Fiamewoik S
S.1. WILBCARBEB C0NTR0LLEB INTERR0PTI0N
Foi new gTLBs that aie uelegateu on a uay to be specifieu by ICANN ("the cutoff uate") anu latei, the
Registiy 0peiatoi will implement contiolleu inteiiuption foi 9u uays by inseiting the following
iecoius in its TLB zone file (substituting "<TLB>" with its iespective TLB):
!"#$%& ()** +, -. /* 0123456746885749::859;<84;<<86<916&!"#$%&
= ()** +, -. /* 0123456746885749::859;<84;<<86<916&!"#$%&
!"#$%& ()** +, >?@ /* /* * 0123456746885749::859;<84;<<86<916&!"#$%&
= ()** +, >?@ /* /* * 0123456746885749::859;<84;<<86<916&!"#$%&
!"#$%& ()** +, "." AB123 $,> C16D9E23;<916 68857 9::859;<8 ;<<86<916 788
F<<G7HII9C;66&13EI6;:8C1JJ97916A
= ()** +, "." AB123 $,> C16D9E23;<916 68857 9::859;<8 ;<<86<916 788
F<<G7HII9C;66&13EI6;:8C1JJ97916A
!"#$%& ()** +, K /LM&*&N(&N(
= ()** +, K /LM&*&N(&N(
Buiing this peiiou, ICANN heieby extenus a tempoiaiy waivei to the Registiy 0peiatoi with iespect
to Section 2.2 of Specification 6 of the new gTLB Registiy Agieement (e.g., to allow the use of
wilucaiu iecoius). ICANN also extenus a tempoiaiy waivei to the Registiy 0peiatoi with iespect to
Section 1 of Exhibit A of the new gTLB Registiy Agieement (e.g., to allow the use of TXT, SRv, anu NX
iecoius). The waiveis aie only foi puiposes of implementing the contiolleu inteiiuption measuie
anu will cease upon teimination of the contiolleu inteiiuption measuie in the TLB.
Registiy 0peiatoi is peimitteu to uelegate the seconu level uomain name "nic" uuiing the contiolleu
inteiiuption peiiou. Pei the new gTLB iegistiy agieement, Registiy 0peiatoi is expecteu, among
othei things, to offei RBBS seivices at "whois.nic.<TLB>", wheie "<TLB>" is the iegistiy's TLB.
Buiing this peiiou Registiy 0peiatoi will not activate any othei names unuei the TLB.
Registiy 0peiatois foi TLBs that have been uelegateu piioi to "the cutoff uay" may implement this
option only if they have not activateu names unuei the TLB with the exception of "nic". Inteiesteu
Registiy 0peiatois that meet these ciiteiia must notify anu obtain ICANN consent thiough the uBB
poital befoie implementing the measuie.
S.2. RELEASINu NANES IN TBE SLB BL0CK LIST
Foi new gTLBs that have been uelegateu piioi to "the cutoff uay" anu have activateu names unuei
the TLB othei than "nic", the Registiy 0peiatoi will implement contiolleu inteiiuption foi 9u uays by
inseiting A, NX, TXT anu SRv iecoius foi each of the names in its SLB block list that it wishes to
ielease fiom its SLB Block List. Registiy 0peiatoi will inseit the following iecoius in its TLB zone file
foi each label in the List of SLBs to Block (substituting "<TLB>" with its iespective TLB anu "<label>"
appiopiiately):
!J;O8J%&!"#$%& ()** +, K /LM&*&N(&N(
!J;O8J%&!"#$%& ()** +, >?@ /* /* * 0123456746885749::859;<84;<<86<916&!"#$%&
!J;O8J%&!"#$%& ()** +, -. /* 0123456746885749::859;<84;<<86<916&!"#$%&
!J;O8J%&!"#$%& ()** +, "." AB123 $,> C16D9E23;<916 68857 9::859;<8 ;<<86<916 788
F<<G7HII9C;66&13EI6;:8C1JJ97916A
0123456746885749::859;<84;<<86<916&!"#$%& ()** +, K /LM&*&N(&N(
ICANN extenus a tempoiaiy waivei to the Registiy 0peiatoi with iespect to Section 1 of Exhibit A of
the new gTLB Registiy Agieement (e.g., to allow the use of SRv, TXT, anu NX iecoius). The waiveis
aie only foi puiposes of implementing the contiolleu inteiiuption measuie anu will cease upon
teimination of the contiolleu inteiiuption measuie in the TLB.
Su }uly 2u14 Name Collision 0ccuiience Nanagement Fiamewoik 4
4. INTERIN ENERuENCY BACK-ENB REuISTRY 0PERAT0R
Registiy 0peiatoi agiees that ICANN may uesignate an inteiim emeigency back-enu iegistiy
opeiatoi foi its TLB in case the Registiy 0peiatoi is unable oi unwilling to comply with a measuie to
avoiu haim fiom name collision in a timely mannei as uesciibeu in Section 2 above.
PART B - NEAS0RES T0 BE INPLENENTEB BY ICANN
S. BIuB-RISK STRINuS (NAIL)
Following the iecommenuation fiom SSAC to iuentify stiings that shoulu be ieseiveu foi piivate use
anu the pioposal in the }AS iepoit, ICANN will tieat >7?- the same as G$>& anu H$#", i.e., uefei
uelegating this stiing inuefinitely. The }AS iepoit iuentifies >7?- as exhibiting "!"#$%&#'() +,-#.!"#%-
/.# %( % &#$#& 0%(#",%&&1 2"#%(#" (3%' %&& 4(3#" %!!&,#-564" 789.".
ICANN will collaboiate with the technical anu secuiity community to iuentify the best way to hanule
these stiings, e.g., ieseive them peimanently thiough IETF piocess.
6. INF0RNATI0NAL NATERIALS
ICANN will piouuce infoimational mateiials as neeueu anu link to existing infoimation iegaiuing
name collision. ICANN will woik to make this infoimation available to paities potentially affecteu by
name collision. Paiticulaily, ICANN will woik to ensuie that web seaich engine iesults foi name
collision key teims (e.g., 127.u.SS.SS) pioviue useful infoimation to potentially affecteu paities.
7. ENERuENCY RESP0NSE
ICANN will limit emeigency iesponse foi name collision iepoits to situations wheie theie is a
ieasonable belief that the name collision piesents a cleai anu piesent uangei to human life. ICANN
acknowleuges SSAC auvice with iespect to expanuing the iange of situations that woulu tiiggei an
emeigency iesponse. Bowevei, ICANN notes that the seveiity of this iisk (as in othei cases) can be
measuieu fiom multiple points of view; necessaiily, theie will be a uecision between vaiious
impacteu paities (i.e., the paity that was using the uomain name befoie it was uelegateu in the public
BNS anu the paity that iegisteieu the name). Commeicial inteiests coulu attempt to "game" a
bioauei mechanism foi competitive auvantage. Concepts like "national secuiity," "law anu oiuei",
anu "key economic piocesses" aie not easily agieeable on a global basis. 0n the othei hanu, focusing
on uangei to human life is a moie objective stanuaiu.
In the unlikely case that a newly uelegateu gTLB cieates a cleai anu piesent uangei to human life as a
iesult of colliuing use as a uotless name, ICANN woulu woik with the iegistiy opeiatoi anu ICANN's
ioot zone management paitneis to ieveise the new uelegation. This woulu only happen uuiing the
9u-uay wilucaiueu contiolleu inteiiuption, uuiing which theie woulu be no names active (except
"nic") unuei the TLB. 0nce the haim is mitigateu, the gTLB iegistiy opeiatoi may iequest again
uelegation.
Su }uly 2u14 Name Collision 0ccuiience Nanagement Fiamewoik S
8. IPv6 S0PP0RT IN C0NTR0LLEB INTERR0PTI0N
ICANN will woik within the IETF anu with othei ielevant technical communities to iuentify a
mechanism foi IPv6 that pioviues similai functionality to that available in IPv4's "Loopback"
ieseiveu piefix.
9. R00T SERvER NEAS0RENENTS
The }AS iepoit contains two iecommenuations (11 anu 12) with iespect to measuiements anu
stoiage of ioot-seivei uata tiaffic. ICANN notes that the Boaiu alieauy instiucteu ICANN to woik on
this on a iesolution on 21 Novembei 2u1S
S
. ICANN will consiuei }AS iecommenuations when
implementing the afoiementioneu iesolution.
1u. C0NCL0SI0N
ICANN's mission anu coie values call on ICANN to pieseive anu enhance the opeiational stability,
ieliability, secuiity, anu global inteiopeiability of the Inteinet's system of unique iuentifieis (names,
IP numbeis, anu piotocol paiameteis). ICANN is fully committeu to the uelegation of new gTLBs in
accoiuance with its mission anu coie values. ICANN appieciates the community's involvement in the
piocess anu looks foiwaiu to fuithei collaboiation on the iemaining woik.


S
https:featuies.icann.oigssac-auvisoiy-anu-ngpc-iecommenuations-name-collision