[Gnso-epdp-idn-team] String Similarity Review discussion
Nigel Hickson
nigel.hickson at dcms.gov.uk
Fri Aug 26 10:26:43 UTC 2022
Donna
Good morning; thank you this was very useful; look forward to Call later
Best
Nigel
On Tue, 23 Aug 2022 at 16:10, Donna at registry.godaddy <Donna at registry.godaddy>
wrote:
> Dear EPDP Team,
>
>
>
> During our calls in the past two weeks, the team has reviewed the String
> Similarity Small Group’s work outcome and subsequently, EPDP team members
> were asked to consult with their appointing organization on the proposed
> hybrid model for the string similarity review. The team is expected to have
> a follow-up discussion and share more feedback / input during this week’s
> meeting, on Friday, 26 August at 13:30-15:00 UTC.
>
>
>
> To this end, the leadership team and staff would like to quickly recap the
> discussion and remind the team of the scope and remit of the small group’s
> work.
>
>
>
> Comparing primary labels and requested allocatable variants in the String
> Similarity Review is generally supported by the EPDP Team. However, some
> EPDP Team members have expressed reservations about including non-requested
> allocatable variants and blocked variants in a String Similarity Review.
>
>
>
> The small group’s recommendation for including all variants is due to its
> key consideration of the failure models, which are “denial of service” and
> “misconnection”. The small group believes that misconnection, in
> particular, is more problematic. Arriving at the wrong site, for example,
> can result in credential compromise and accidental exposure of information.
> If the confusing similarity is maliciously leveraged, it can be a DNS abuse
> vector.
>
>
>
> The small group also believes that failure modes require mitigation as
> much as possible, and that the string similarity review provides an
> opportunity to do so. *To meet the singular goal of risk mitigation*, the
> small group agreed that the hybrid model was the most appropriate.
>
>
>
> Nevertheless, the small group did not consider the implementation
> complexity of the hybrid model and deferred this to the EPDP Team to
> deliberate. As a next step, the EPDP team is to determine if the hybrid
> model is the appropriate path forward, taking into account factors such as:
>
> - Likelihood and impact of the failure modes, especially the
> misconnection risk
> - Operational impact of the hybrid model
> - Cost and benefit of hybrid model
>
>
>
> We hope this framing would be useful for your consideration of the small
> group’s recommendation. We look forward to further discussion during this
> week’s call.
>
>
>
> Best Regards,
>
> Donna
>
>
>
>
>
> *Donna Austin*
>
> GoDaddy Registry | Head of Registry Policy
>
> [image: A picture containing text, clipart Description automatically
> generated]
>
> +1 310 890 9655
>
> Los Angeles, California
>
> www.registry.godaddy | donna at registry.godaddy
>
>
> _______________________________________________
> Gnso-epdp-idn-team mailing list
> Gnso-epdp-idn-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-idn-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/gnso-epdp-idn-team/attachments/20220826/608a5af4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 8139 bytes
Desc: not available
URL: <https://mm.icann.org/pipermail/gnso-epdp-idn-team/attachments/20220826/608a5af4/image001.png>
More information about the Gnso-epdp-idn-team
mailing list