[Gnso-ssr] Broken TMCH?
Mike O'Connor
mike at haven2.com
Sun Feb 23 16:25:14 UTC 2014
hi all,
as *I* am the one that chopped that snippet out of the chat transcript of the call, let me take the blame for launching a discussion that really had several completely different topics all in one. thanks to Kal and Patrik for putting up with that.
i have an almost-sure recollection that there’s a review of the new-gTLD rollout that is supposed to happen some time (1-year, 2-years?) after launch. from a policy-making standpoint, which things in this discussion can wait for that review and which (if any) are more urgent and might require policy attention — again, keeping the focus on SSR if possible.
mikey
On Feb 21, 2014, at 1:53 AM, Patrik Fältström <paf at frobbit.se> wrote:
> On 2014-02-21 07:55, Kal Feher wrote:
>> Comments in line.
>>
>> KF - point taken, but vague assertions to dire consequences in any
>> stakeholder forum are of little use to the community and should be
>> discouraged.
>
> Once again, if comments are taken out of context, they will be out of
> context. So that the assertions are vague I blame whoever did copy the
> subset of the discussion (that also was via voice, not only text).
>
>> KF - Frustration at a lack of progress should not automatically
>> translate to advice not to adhere to your Registry Agreement. I think
>> some perspective is required.
>
> There have not been any such advice that I know of.
>
>> Please see the SSAC report.
>>
>> KF - I reiterate that it is generic and lacking any actual detail,
>> especially with regards to security or stability issues. There's a
>> suggestion (recommendation 10) to clarify roles, which is certainly a
>> good idea, but hardly catastrophic if not implemented and has little
>> value in preventing homographic attacks.
>
> A clarification of the roles now exists.
>
> The Registry Agreement (RPM Requirements) says that registries must
> check all names in a variant set during the TM Claims period.
>
> This is _not_ updated in the scorecard.
>
>> KF - I think the TMCH should certainly be improved, I have a list of
>> gripes that would keep IBM busy for years, but we should be clear
>> about risks and impact. I see plenty situations in which TMCH clients
>> will not receive the result they expect. But there doesn't appear to
>> be any security or stability risks that can be coherently described.
>> Certainly none in the report.
>
> SSAC has as a role do detect stability risks which include cases where
> the functionality of a system is not according to the claims.
>
> TMCH is well defined for the latin script, but not for non-latin
> scripts. Specifically when you have cases where different LGR is used
> for the same script in two different TLDs.
>
> Now, whether we will get different LGR for different TLDs is something
> only the integration panel can say anything about.
>
>> The SSAC document point out that the matching rules used in the TMCH
>> are not the same as the combination of matching rules plus variant
>> rules, specifically for non-ascii scripts.
>>
>> KF - Irrelevant. Homographic attacks require an actual registration.
>> Either a registry's LGR's prevent it or they don't. for the TMCH it is
>> more a failure of user expectations, which should not be conflated with
>> an attack. It is important, but should be addressed separately.
>
> SSAC disagree with this conclusion of yours. But it is perfectly ok of
> course for you to draw the conclusion that you do not think the issues
> with IDN and variants in TMCH is a problem. That is your choice.
>
> SSAC do think it is a problem that the TMCH does not have any well
> defined rules for non-latin script. YMMV.
>
>> KF - What of the registries that should be EBERO'd? If true it is of
>> serious concern, if not true we really need to tone down the hyperbole.
>
> The EBERO is an issue separate from TMCH and the question was whether a
> zone that is not signed correctly is according to the EBERO
> specification "broken" in such a way that EBERO can be invoked.
>
> That question is not answered and not clear in the EBERO specification
> or elsewhere. It would be sad if it is the case it will only be resolved
> in court or arbitration when a real case is on the table.
>
> Patrik
>
>
>
PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
More information about the Gnso-ssr
mailing list