[NA-Discuss] Protecting the public interest: dot-zip

Bill Jouris b_jouris at yahoo.com
Mon May 29 21:31:17 UTC 2023 

 
" It appears that some ICANN stakeholders feel they can make money from an expanded TLD namespace and potentially add value to end users too." 

I am struggling to see the potential added value of a TLD like .ZIP.  Well, except for someone desiring to propagate some malware, of course.  How much money from DNS Abusers there may be to be made, I don't know.  But it appears that someone thinks there are enough would-be DNS Abusers out there to make such a TLD profitable. 
I would say that, if someone wants to register a TLD which duplicates a widely used file extension, the burden should be on them to make a very, very persuasive case for why such a TLD is needed.  If ICANN's current procedures do not provide for such a review, well then the procedures are clearly in need of revision.
Bill Jouris
    On Monday, May 29, 2023 at 05:49:44 AM PDT, David Mackey via NA-Discuss <na-discuss at atlarge-lists.icann.org> wrote:  
 
 Evan, 
Thank you for bringing up the topic of TLD and File Extension namespace collisions. I had not considered this topic before, but I believe it merits attention. 
The ZIP domain is only one example of the more general problem where TLD and File Extension namespaces. Other examples coming from ccTLD namespace are .PL (Poland vs Perl Script) and .SH (Saint Helena and Shell Script). An interesting detailed discussion on this complexity can be found here. The fact there are already namespace collisions, does not diminish the need for us to pay attention to it when expanding TLD namespace. 
>From a strictly end user's perspective, I think it's safe to conclude that TLD and File Extension namespace collisions do have the potential to add cognitive load to an end user's ability to safely navigate domain name space. 
ICANN's policy development takes into account a number of different stakeholders. It appears that some ICANN stakeholders feel they can make money from an expanded TLD namespace and potentially add value to end users too. As with many things in life, there are tradeoffs to be made. 
I don't have a strong opinion about ICANN policy at the moment, but it does seem wise for those stakeholders that wish to make money from a new TLD namespace asset (e.g. ZIP), to be aware of end user harms that can result from their new asset. 
An end user market that does not trust a new domain name because of abuse due to File Extension confusion will diminish the value of the new TLD asset for any business which chooses to purchase this asset.  Yes, marketing can cover up DNS abuse problems, but it may be wise for business stakeholders to avoid the use of high risk new domain names to achieve their business goals. This type of feedback is not directly connected to ICANN policy of course, but market forces can be useful. The ICANN End User community can help raise awareness, which you have started with your email, even if we don't have effective policy mechanisms in place to avoid potential future problems. 
By the way, is NA-Discuss the right mailing list for this discussion? Would this thread be better in the CPWG mailing list?
Cheers,David



On Mon, May 29, 2023 at 7:34 AM Louis Houle via NA-Discuss <na-discuss at atlarge-lists.icann.org> wrote:

  Indeed. And as Ross pointed it, I can't see the real benefits of such a TLD but I do see the risks it brings!
 Louis Houle Le 2023-05-28 à 20:12, Jonathan Zuck via NA-Discuss a écrit :
  
 Certainly seems worthwhile to me and outweighs the value of having a .zip domain 
  Jonathan Zuck Director, Future of Work Project Innovators Network Foundation www.InnovatorsNetwork.org 
    From: Evan Leibovitch <evan at telly.org>
 Sent: Sunday, May 28, 2023 8:09:11 PM
 To: Jonathan Zuck <JZuck at innovatorsnetwork.org>
 Cc: NARALO Discussion List <na-discuss at atlarge-lists.icann.org>
 Subject: Re: [NA-Discuss] Protecting the public interest: dot-zip       Very likely the name collision assessment came up clean -- against other domains.  But that's not the issue here.  Is there any requirement for applicants to do due diligence regarding collisions with other common non-DNS computer uses of the applied string?  
   There are some precedents, notably dot-onion being unavailable to reduce collision with the TOR network (which is certainly out of ICANN's jurisdiction).
   But I don't know if, for instance, there would be any inherent ICANN-based opposition to anyone applying for, say, dot-exe or dot-bat (which, like zip, is also a dictionary word).  
   Perhaps there is room to develop advice to have a mechanism that measures evaluates conflict not just with other domains, but also common computer uses that could if implemented cause pubic confusion or harm.
   There are a LOT of file extensions and not all need to be protected, but surely the most common file extensions (and perhaps also command-line utilities) need protections.  I see that dot-run is delegated, which could affect Linux systems (which run a lot of the Internet's infrastructure).  So is dot-mov which is a popular Apple file extension for videos.
   
   Anyway, I leave it with NARALO's ALAC reps to determine if this issue is sufficiently end-user to care about and investigate.
   
         Evan Leibovitch, Toronto Canada @evanleibovitch /  @el56        
  
  On Sun, May 28, 2023 at 7:35 PM Jonathan Zuck <JZuck at innovatorsnetwork.org> wrote:
  
  I wonder what sort of risk assessment .ZIP has for the name collision study.  
  Jonathan Zuck Director, Future of Work Project Innovators Network Foundation www.InnovatorsNetwork.org 
    From: NA-Discuss <na-discuss-bounces at atlarge-lists.icann.org> on behalf of Evan Leibovitch via NA-Discuss <na-discuss at atlarge-lists.icann.org>
 Sent: Saturday, May 27, 2023 4:18:34 PM
 To: NARALO Discussion List <na-discuss at atlarge-lists.icann.org>
 Subject: [NA-Discuss] Protecting the public interest: dot-zip      While my hopes that ALAC will champion this are dim, and ICANN itself is even less likely to act, I draw your attention to a policy goof that is already causing public harm and is likely to cause far more. 
  Now anyone can buy a dot-zip second-level domain, ie evan.zip or naralo.zip
  
  As anyone who works with computers should know, long before dot-zip was a domain it was a very popular computer-file extension to denote something that contained a file (or collection of files) in compressed form. Such a collection could easily contain malicious data or code.
  
  Is anyone seeing the problem? People could be sent "attachments" that are really URLs and URLs that are really attachments. The potential for end-user confusion and harm is immense.
  
  Here are two videos that explain the situation well:
 https://www.youtube.com/watch?v=GCVJsz7EODA
 https://www.youtube.com/watch?v=V82lHNsSPww 
  Is anyone in domain-world looking at this? 
         Evan Leibovitch, Toronto Canada @evanleibovitch /  @el56           
   
  ------
NA-Discuss mailing list
NA-Discuss at atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/na-discuss

Visit the NARALO online at http://www.naralo.org
------
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. 
 
 ------
NA-Discuss mailing list
NA-Discuss at atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/na-discuss

Visit the NARALO online at http://www.naralo.org
------
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
------
NA-Discuss mailing list
NA-Discuss at atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/na-discuss

Visit the NARALO online at http://www.naralo.org
------
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://atlarge-lists.icann.org/pipermail/na-discuss/attachments/20230529/ecb744a9/attachment-0001.html>

More information about the NA-Discuss mailing list