<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><br><div><div><div><div style="color: rgb(0, 0, 0); font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; word-wrap: break-word; "><div style="word-wrap: break-word; ">Sarah, thanks for forwarding this. there are several other similar examples where an applicant doesn't have the breadth of contacts, or expertise to address the 'issue' raised by risks.</div><div style="word-wrap: break-word; "><br></div><div style="word-wrap: break-word; ">I had asked for stronger language in voicing concerns. </div><div style="word-wrap: break-word; "><br></div><div style="word-wrap: break-word; ">Citing the Verisign study as an example of the importance of further study, before proceeding with the staff recommendation to leave all things and all responsibility to applicants, is one possible addition to the comments.</div><div style="word-wrap: break-word; "><br></div><div style="word-wrap: break-word; ">Another issue though, is the point I made about just assuming that calls to identify an IP address will lead automatically to a single contact within an organization/company, and that it is a direct line of then ability to understand the question, take action, and actually get authorization internally to take action is simply false. Even if that were a direct path, As Sarah points out, as documented in the Verisign study, it is not a single point of concern, but a 'number' yet to be determined and yet to be contacted and notified. </div><div style="word-wrap: break-word; "><br></div><div style="word-wrap: break-word; ">I fully support Sarah's suggestions, and went a little farther.</div><div style="word-wrap: break-word; "><br></div><div style="word-wrap: break-word; ">Marilyn Cade</div></div>
</div>
<br><div><div>Le 16 sept. 2013 à 05:36, "Deutsch, Sarah B" <<a href="mailto:sarah.b.deutsch@verizon.com">sarah.b.deutsch@verizon.com</a>> a écrit :</div><br class="ecxApple-interchange-newline"><blockquote><div lang="EN-US" style="font-family:Helvetica;font-size:medium;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;orphans:2;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;"><div class="ecxWordSection1" style=""><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);">Steve, All:</span></div><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);"> </span></div><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);">Thanks so much for circulating the BC comments and for adding your edits. The BC concerns are confirmed by a report Verisign just released today (attached). </span></div><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);"> </span></div><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);">Verisign did a deep dive into just one of the new gTLDs -- .CBA, which was applied for by the Commonwealth Bank of Australia. The bank wrote a letter to ICANN complaining that .cba had been improperly categorized by ICANN as “uncalculated risk” and asked to be changed to the “low risk” category. They said that any name collision that the Interisle report reported as coming from this string was their own traffic and they could remediate it.</span></div><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);"><br>In fact, the Verisign report showed that Commonwealth Bank of Australia at best controls 6% of the root server traffic associated with the .cba string. The rest of the traffic, which, presents numerous risks of collision, was coming from over 170 countries including a significant portion of traffic from Japan. The traffic comes from a variety of servers, smart home devices, offices, residences, etc. </span></div><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);"><br>This small snapshot of one new gTLD shouts out for ICANN to do a deeper dive into the new gTLDs to really understand these risks. The .cba string (unlike. .corp or .home) is not one that anyone would intuitively think could result in collisions. But in a global environment, it highlights that we really have no idea what different cultures have previously named their internal servers and devices. How many of these enterprises even know ICANN and the new gTLD launch exists? Also, the study shows ICANN cannot rely (as they are intending to do today) solely on their applicants to provide evidence of “acceptable” risk. </span></div><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);"> </span></div><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);">I hope the BC comments can add a line or two about this report to flag the risks to large and small BC members and our customers.</span></div><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);"><br>Thanks,</span></div><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);"><br>Sarah</span></div><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);"> </span></div><div style="font-size:12pt;font-family:'Times New Roman', serif;"><span style="font-size:11pt;font-family:Calibri, sans-serif;color:rgb(31, 73, 125);"> </span></div></div><span><Verisign CBA Name Collision Study and Letter to ICANN Board (2).pdf></span></div></blockquote></div><br></div></div> </div></body>
</html>