[NA-Discuss] Protecting the public interest: dot-zip

[David Mackey]

Evan,

Thank you for bringing up the topic of TLD and File Extension namespace
collisions. I had not considered this topic before, but I believe it merits
attention.

The ZIP domain is only one example of the more general problem where TLD
and File Extension namespaces. Other examples coming from ccTLD namespace
are .PL (Poland vs Perl Script) and .SH (Saint Helena and Shell Script). An
interesting detailed discussion on this complexity can be found here
<https://news.ycombinator.com/item?id=35930160>. The fact there are already
namespace collisions, does not diminish the need for us to pay attention to
it when expanding TLD namespace.

>From a strictly end user's perspective, I think it's safe to conclude that
TLD and File Extension namespace collisions do have the potential to add
cognitive load to an end user's ability to safely navigate domain name
space.

ICANN's policy development takes into account a number of different
stakeholders. It appears that some ICANN stakeholders feel they can make
money from an expanded TLD namespace and potentially add value to end users
too. As with many things in life, there are tradeoffs to be made.

I don't have a strong opinion about ICANN policy at the moment, but it does
seem wise for those stakeholders that wish to make money from a new TLD
namespace asset (e.g. ZIP), to be aware of end user harms that can result
from their new asset.

An end user market that does not trust a new domain name because of abuse
due to File Extension confusion will diminish the value of the new TLD
asset for any business which chooses to purchase this asset.  Yes,
marketing can cover up DNS abuse problems, but it may be wise for business
stakeholders to avoid the use of high risk new domain names to achieve
their business goals. This type of feedback is not directly connected to
ICANN policy of course, but market forces can be useful. The ICANN End User
community can help raise awareness, which you have started with your email,
even if we don't have effective policy mechanisms in place to avoid
potential future problems.

By the way, is NA-Discuss the right mailing list for this discussion? Would
this thread be better in the CPWG mailing list?

Cheers,
David




On Mon, May 29, 2023 at 7:34 AM Louis Houle via NA-Discuss <
na-discuss at atlarge-lists.icann.org> wrote:

> Indeed. And as Ross pointed it, I can't see the real benefits of such a
> TLD but I do see the risks it brings!
>
> Louis Houle
>
> Le 2023-05-28 à 20:12, Jonathan Zuck via NA-Discuss a écrit :
>
> Certainly seems worthwhile to me and outweighs the value of having a .zip
> domain
>
> *Jonathan Zuck*
> *Director*, Future of Work Project
> Innovators Network Foundation
> www.InnovatorsNetwork.org
>
> ------------------------------
> *From:* Evan Leibovitch <evan at telly.org> <evan at telly.org>
> *Sent:* Sunday, May 28, 2023 8:09:11 PM
> *To:* Jonathan Zuck <JZuck at innovatorsnetwork.org>
> <JZuck at innovatorsnetwork.org>
> *Cc:* NARALO Discussion List <na-discuss at atlarge-lists.icann.org>
> <na-discuss at atlarge-lists.icann.org>
> *Subject:* Re: [NA-Discuss] Protecting the public interest: dot-zip
>
> Very likely the name collision assessment came up clean -- against other
> domains.
> But that's not the issue here.
> Is there any requirement for applicants to do due diligence regarding
> collisions with other common non-DNS computer uses of the applied string?
>
> There are some precedents, notably dot-onion being unavailable to reduce
> collision with the TOR network (which is certainly out of ICANN's
> jurisdiction).
> But I don't know if, for instance, there would be any inherent ICANN-based
> opposition to anyone applying for, say, dot-exe or dot-bat (which, like
> zip, is also a dictionary word).
>
> Perhaps there is room to develop advice to have a mechanism that measures
> evaluates conflict not just with other domains, but also common computer
> uses that could if implemented cause pubic confusion or harm.
> There are a LOT of file extensions and not all need to be protected, but
> surely the most common file extensions (and perhaps also command-line
> utilities) need protections.
> I see that dot-run is delegated, which could affect Linux systems (which
> run a lot of the Internet's infrastructure).
> So is dot-mov which is a popular Apple file extension for videos.
>
> Anyway, I leave it with NARALO's ALAC reps to determine if this issue is
> sufficiently end-user to care about and investigate.
>
> Evan Leibovitch, Toronto Canada
> @evanleibovitch / @el56
>
>
> On Sun, May 28, 2023 at 7:35 PM Jonathan Zuck <JZuck at innovatorsnetwork.org>
> wrote:
>
> I wonder what sort of risk assessment .ZIP has for the name collision
> study.
>
> *Jonathan Zuck*
> *Director*, Future of Work Project
> Innovators Network Foundation
> www.InnovatorsNetwork.org
>
> ------------------------------
> *From:* NA-Discuss <na-discuss-bounces at atlarge-lists.icann.org> on behalf
> of Evan Leibovitch via NA-Discuss <na-discuss at atlarge-lists.icann.org>
> *Sent:* Saturday, May 27, 2023 4:18:34 PM
> *To:* NARALO Discussion List <na-discuss at atlarge-lists.icann.org>
> *Subject:* [NA-Discuss] Protecting the public interest: dot-zip
>
> While my hopes that ALAC will champion this are dim, and ICANN itself is
> even less likely to act, I draw your attention to a policy goof that is
> already causing public harm and is likely to cause far more.
>
> Now anyone can buy a dot-zip second-level domain, ie evan.zip or naralo.zip
>
> As anyone who works with computers should know, long before dot-zip was a
> domain it was a very popular computer-file extension to denote something
> that contained a file (or collection of files) in compressed form. Such a
> collection could easily contain malicious data or code.
>
> Is anyone seeing the problem? People could be sent "attachments" that are
> really URLs and URLs that are really attachments. The potential for
> end-user confusion and harm is immense.
>
> Here are two videos that explain the situation well:
> https://www.youtube.com/watch?v=GCVJsz7EODA
> https://www.youtube.com/watch?v=V82lHNsSPww
>
> Is anyone in domain-world looking at this?
>
> Evan Leibovitch, Toronto Canada
> @evanleibovitch / @el56
>
>
> ------
> NA-Discuss mailing listNA-Discuss at atlarge-lists.icann.orghttps://atlarge-lists.icann.org/mailman/listinfo/na-discuss
>
> Visit the NARALO online at http://www.naralo.org
> ------
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
>
>
> ------
> NA-Discuss mailing list
> NA-Discuss at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/na-discuss
>
> Visit the NARALO online at http://www.naralo.org
> ------
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://atlarge-lists.icann.org/pipermail/na-discuss/attachments/20230529/38967152/attachment-0001.html>