[dns-operations] First new gTLD using ICANN's "Name Collision Occurrence Management Framework"

Rubens Kuhl rubensk at nic.br
Fri Aug 29 16:41:57 UTC 2014

Em 29/08/2014, à(s) 12:40:000, David Conrad <drc at virtualized.org> escreveu:

> Hi,
> On Aug 28, 2014, at 11:59 PM, Patrik Fältström <paf at frobbit.se> wrote:
>> On 29 aug 2014, at 07:04, SM <sm at resistor.net> wrote:
>>> At 14:13 28-08-2014, Rod Rasmussen wrote:
>>>> I note that these documents speak to many of the issues being exposed here (and yes, full disclosure, I wrote a small portion of the text/reviewed them):
>>> Was there a response to those issues?
> For details of ICANN’s efforts related to name collisions, please see https://www.icann.org/resources/pages/name-collision-2013-12-06-en.
>> Some, but also referrals to issues still under a disclosure policy not made public.
> For clarification:
> During the analysis associated with name collision, JAS Global Advisors discovered a vulnerability. In keeping with ICANN’s “Coordinated Vulnerability Disclosure Reporting” policy, JAS notified ICANN and the affected vendor(s). The exact nature of the vulnerability has not yet been released as the vendor(s) work to mitigate the potential impact of the vulnerability.
> Full disclosure: I was on contract to JAS during their name collision efforts and have since joined ICANN.


Does the affected vendor(s) have an expected forecast to address the vulnerability so JAS/ICANN can come forward with the issue ? 


More information about the dns-operations mailing list