<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:999505830;
mso-list-template-ids:-440362080;}
@list l1
{mso-list-id:1777946991;
mso-list-template-ids:-1754873508;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:2092851236;
mso-list-template-ids:870206372;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:black">Dear all, <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Please find below the notes and action items from today’s meeting on Friday, 26 August 2022 at 13:30 UTC.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Kind regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Ariel, Emily, and Steve<o:p></o:p></span></p>
<div style="mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;padding:0in 0in 1.0pt 0in">
<p class="MsoNormal" style="border:none;padding:0in"><span style="color:black"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><b><u><span style="color:black">Notes and Action Items - IDNs EPDP Call – 26 August 2022</span></u></b><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><b><span style="color:black"> </span></b><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="color:black">Welcome & Chair Updates</span></b><span style="color:black"><o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Reminder to review Group 3 text (31 August)<span style="font-size:12.0pt"><o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Acknowledgment of input from RySG, expressing concerns and suggested edits to Group 2 text.<span style="font-size:12.0pt"><o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Team will not be meeting the week before and after the ICANN meeting.<span style="font-size:12.0pt"><o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Leadership team giving thought to how to utilize sessions at ICANN75. Considering utilizing a process flow/process map to help understand context of recommendations and potentially stress test
them.<span style="font-size:12.0pt"><o:p></o:p></span></li></ul>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="color:black">Continued discussion of small group outputs on String Similarity Review and objection processes<o:p></o:p></span></b></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Slides were developed to help provide the rationale for why the hybrid model was determined to be the most appropriate to mitigate misconnection risks.<span style="font-size:12.0pt"><o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Slide 3 – reminder of hybrid model.<span style="font-size:12.0pt"><o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Slide 4 – background papers that help provide rationale for mitigating risk as much as possible. Includes RFC 5891, RFC 6921, SAC089, and the staff paper.<span style="font-size:12.0pt"><o:p></o:p></span></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Slide 5 – recap of the small team’s discussions. Notes reservations about including non-requested allocatable and blocked variant labels. Also notes that the hybrid model is identified to meet
the singular goal of risk mitigation of failure modes which are 1) denial of service and 2) misconnection. The small team did not consider implementation complexity and deferred to EPDP Team.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Slide 6 – real world example of “denial of service” risk<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Suggestion the denial of service in this context is misleading and should be something like “no expected service provided”. However, notes that the phrase is a known term and used in SAC060.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Slide 7 – real world example of “misconnection” risk.
<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1"><a href="https://www.icann.org/en/system/files/files/sac-060-en.pdf">https://www.icann.org/en/system/files/files/sac-060-en.pdf</a> - “Recommendation 7: Should ICANN decide to implement safeguards,
it should distinguish two types of failure modes when a user expects a variant to work, but it is not implemented: denial of service versus misconnection.”<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Notes that the misconnection risk in SAC060 is in the context of variant set but misconnection risk described here seems to be in the context of crossing variant sets/name spaces.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">String similarity evaluation and objections are determined by people/evaluation panels, not strictly a technical perspective. Essentially, the hybrid model allows for identifying the misconnection
risks but does no guarantee a certain outcome. Relying on a less restrictive model ensures that the risk will never be identified.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Misconnection risk can be motivated by string similarity. The end-user ending up at the wrong web site can potentially be exploited.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Reiterates that use of denial of service in SAC060 could be confusing versus distributed denial of service in SAC008.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Confirms that terms used by this EPDP will be included in a glossary. And the term does seem to express what happens to the end-user – the user cannot access the service.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Slide 8 – potential consequences of misconnection. Arriving at the wrong site can result in credential compromise and accidental exposure of information. And if the confusability is known by
bad actors, it can be maliciously leveraged. <o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Slide 9 – Why should blocked variants be part of the string similarity review? Notes that while the blocked variants cannot be delegated, they do exist as words or terms in real life. End-users
may not understand the distinction between a blocked variant versus a real world.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Slide 10 – Misconnection involving blocked variants. A blocked variant served as a bridge to misconnection in this scenario.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Slide 11 – Next steps are risk analysis (e.g., likelihood and impact of failure modes, especially the misconnection risk); operational impact of the hybrid model; cost/benefit of the hybrid model.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Slide 12 – 2012 New gTLD Program Implementation Review, which provides ICANN Org review of the program (including the String Similarity review). Helps to illustrate the scope of review in 2012,
which did not have to contend with the hybrid model. This included two non-exact match IDN contention sets that were identified as a result of simplified and traditional Chinese characters. The volume of unique strings resulted in over a million combinations
requiring evaluation.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Assumption that SubPro should have mitigated timing issue (e.g., results published only two weeks prior to objections deadline). Helps to consider impacts from the increased complexity that would
come from the hybrid model.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">IDN variants should be introduced successfully. Notes that cost and complexity are passed on to applicants based on the revenue neutral approach to the program.
<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Confusability, or lack thereof, is certainly a factor in potential success. The String Sim process will exist again, but perhaps IDN variants can be evaluated in a different manner – keep an
open mind.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Question - Noting there were concerns from members on the hybrid model previously, do those concerns still exist?<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">The question may need to be considered in the context of the “next steps”.
<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">At a minimum, could compare complexity of the hybrid model versus level 2 (primary TLD and requested allocatable variants).<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Confirmation that the presentation helped illustrate why the “blocked variants matter”. Need to understand if impact to cost would be prohibitive.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Notes that comparing blocked variants versus blocked variants would be the most conservative and would result in exponential complexity. The hybrid model is intended to catch most cases, but
lessen the complexity. The small team considered the hybrid model to be a compromise.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Notes that the hybrid model requires human analysis, which is where the operational impact comes from. Highlights that not all blocked variants are well formed.
<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Added that there are also mixed script blocked variants. Perhaps a hybrid model 2 would only include blocked variants that are valid labels.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Confirms that the tool could produce sets that remove ill formed and mixed script variants.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">If two applicants apply for TLDs that are variants of each other, they would automatically be put in a contention set.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Notes that fully mitigating risks introduces a risk in itself, by preventing opportunity.
<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Important to consider the operational impact even of just level 2. Could the recommendation be that the evaluation be done in a layered way? Start preliminarily with just the primary labels,
then work your way downward through allocatable and blocked variants.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Points out that once something is blocked, it can end up being blocked for a long time. Therefore, should be careful what this group blocks.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">On the other hand, need to be sure not to block too little as there is little to no way to remedy that situation.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Suggestion that recommendation could concentrate on the goal to be achieved rather than the “how” (e.g., the hybrid model).
<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">Seems that there appears to be comments leaning towards the hybrid model. Reminder that the policy level recommendations and/or hybrid model (e.g., the implementation, or the how) can be included
in the initial report, which allows for course correction based on comments and potentially new information.<o:p></o:p></li><li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">For now, we’ll set aside the risk analysis or cost/benefit analysis.<o:p></o:p></li></ul>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="color:black">AOB<o:p></o:p></span></b></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;mso-list:l1 level1 lfo1">None<span style="font-size:12.0pt"><o:p></o:p></span></li></ul>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;color:black">Steven Chan</span></b><b><span style="font-size:10.0pt;font-family:"MS Gothic";color:black">
</span></b><span style="font-size:10.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black">Senior Director, Policy Development Support & GNSO Relations<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black">Internet Corporation for Assigned Names and Numbers (ICANN) <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black">12025 Waterfront Drive, Suite 300<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black">Los Angeles, CA 90094-2536</span><span style="font-size:10.0pt;font-family:"MS Gothic";color:black">
</span><span style="font-size:10.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black">Email: <a href="mailto:steve.chan@icann.org" title="mailto:steve.chan@icann.org"><span style="color:#0563C1">steve.chan@icann.org</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black">Skype: steve.chan55<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black">Mobile: +1.310.339.4410<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black">Find out more about the GNSO by visiting: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__learn.icann.org_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=DRa2dXAvSFpCIgmkXhFzL7ar9Qfqa0AIgn-H4xR2EBk&m=jLNFXvpu9gNdUeHi-G6sjWNCF9w4_AwhzzUDFZy2elE&s=o7Auz997kA-HPv9PHJCjFVZw7Pgo8krw4MxfqCwBrIU&e=" title="https://urldefense.proofpoint.com/v2/url?u=https-3A__learn.icann.org_&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=DRa2dXAvSFpCIgmkXhFzL7ar9Qfqa0AIgn-H4xR2EBk&m=jLNFXvpu9gNdUeHi-G6sjWNCF9w4_AwhzzUDFZy2elE&s=o7Auz997kA-HPv9PHJCjFVZw7Pgo8krw4Mxf"><span style="color:#0563C1">https://learn.icann.org/</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black">Follow @GNSO on Twitter: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_ICANN-5FGNSO&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=DRa2dXAvSFpCIgmkXhFzL7ar9Qfqa0AIgn-H4xR2EBk&m=jLNFXvpu9gNdUeHi-G6sjWNCF9w4_AwhzzUDFZy2elE&s=kWw4fQPNjw2lVKy1UjTxS2F0BmjEAzaDFWNmsYywbmE&e=" title="https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_ICANN-5FGNSO&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=DRa2dXAvSFpCIgmkXhFzL7ar9Qfqa0AIgn-H4xR2EBk&m=jLNFXvpu9gNdUeHi-G6sjWNCF9w4_AwhzzUDFZy2elE&s=kWw4fQPNjw2lVKy1UjTxS2F0BmjE"><span style="color:#0563C1">https://twitter.com/ICANN_GNSO</span></a><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black">Transcripts and recordings of GNSO Working Group and Council events are located on the <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__gnso.icann.org_en_group-2Dactivities_calendar&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=DRa2dXAvSFpCIgmkXhFzL7ar9Qfqa0AIgn-H4xR2EBk&m=jLNFXvpu9gNdUeHi-G6sjWNCF9w4_AwhzzUDFZy2elE&s=-L6chFfv0OperrXHHpTF722WnH3FZIutn4cS16IvpOg&e=" title="https://urldefense.proofpoint.com/v2/url?u=https-3A__gnso.icann.org_en_group-2Dactivities_calendar&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=DRa2dXAvSFpCIgmkXhFzL7ar9Qfqa0AIgn-H4xR2EBk&m=jLNFXvpu9gNdUeHi-G6sjWNCF9w4_AwhzzUDFZy2elE&s=-L6chFf"><span style="color:#0563C1">GNSO
Master Calendar</span><span style="color:#954F72"> </span></a></span><o:p></o:p></p>
</div>
</body>
</html>