RE: [bc-gnso] RE: LAST CALL: BC comment on Proposal to Mitigate Name Collision Risks (filing deadline 17-Sep)

[Marilyn Cade <marilynscade@xxxxxxxxxxx>]

Sarah, thanks for forwarding this.  there are several other similar examples 
where an applicant doesn't have the breadth of contacts, or expertise to 
address the 'issue' raised by risks.
I had asked for stronger language in voicing concerns. 
Citing the Verisign study as an example of the importance of further study, 
before proceeding with the staff recommendation to leave all things and all 
responsibility to applicants, is one possible addition to the comments.
Another issue though, is the point I made about just assuming that calls to 
identify an IP address will lead automatically to a single contact within an 
organization/company, and that it is a direct line of then ability to 
understand the question, take action, and actually get authorization internally 
to take action is simply false.  Even if that were a direct path, As Sarah 
points out, as documented in the Verisign study, it is not a single point of 
concern, but a 'number' yet to be determined and yet to be contacted and 
notified. 
I fully support Sarah's suggestions, and went a little farther.
Marilyn Cade


Le 16 sept. 2013 à 05:36, "Deutsch, Sarah B" <sarah.b.deutsch@xxxxxxxxxxx> a 
écrit :Steve, All: Thanks so much for circulating the BC comments and for 
adding your edits.  The BC concerns are confirmed by a report Verisign just 
released today (attached).    Verisign did a deep dive into just one of the new 
gTLDs  -- .CBA, which was applied for by the Commonwealth Bank of Australia.  
The bank wrote a letter to ICANN complaining that .cba had been improperly 
categorized by ICANN as “uncalculated risk” and asked to be changed to the “low 
risk” category.  They said that any name collision that the Interisle report 
reported as coming from this string was their own traffic and they could 
remediate it.
In fact, the Verisign report showed that Commonwealth Bank of Australia at best 
controls 6% of the root server traffic associated with the .cba string.  The 
rest of the traffic, which, presents numerous risks of collision, was coming 
from over 170 countries including a significant portion of traffic from Japan.  
The traffic comes from a variety of servers, smart home devices, offices, 
residences, etc. 
This small snapshot of one new gTLD shouts out for ICANN to do a deeper dive 
into the new gTLDs to really understand these risks.  The .cba string (unlike. 
.corp or .home) is not one that anyone would intuitively think could result in 
collisions.  But in a global environment, it highlights that we really have no 
idea what different cultures have previously named their internal servers and 
devices.  How many of these enterprises even know ICANN and the new gTLD launch 
exists?  Also, the study shows ICANN cannot rely (as they are intending to do 
today) solely on their applicants to provide evidence of “acceptable” risk.  I 
hope the BC comments can add a line or two about this report to flag the risks 
to large and small BC members and our customers.
Thanks,
Sarah  <Verisign CBA Name Collision Study and Letter to ICANN Board (2).pdf>