[jig] SSAC report on Single Character IDN TLDs

["Edmon Chung" <edmon@xxxxxxxxxxxxx>]

Hi everyone,

Please find the SSAC report on Single Character IDN TLDs: 
http://www.icann.org/en/committees/security/sac052.pdf

The summary of findings are:
Finding 1: Single-character TLDs are more likely to cause user confusion than 
TLDs with more than one character.
Finding 2: No other significant security concerns are apparent with the 
delegation of single-character TLDs.
Finding 3: Current work on string similarity and variant issues has not been 
completed.

Recommendations:
1. Given the potential for user confusion and the currently unfinished work on 
string similarity and IDN variants, the SSAC recommends a very conservative 
approach to the delegation of single-character IDN top-level domains. In 
particular, ICANN should disallow by default the delegation of all 
single-character IDN TLDs in all scripts; exceptions are possible, but only 
after careful consideration of each individual case.
2. Because important relevant work on string similarity, IDN variant issues, 
and TLD label syntax is currently underway within ICANN, the Internet 
Engineering Task Force (IETF), and other bodies, ICANN should review the 
Findings of this report, and any policies that it adopts in response to 
recommendations made in this document, no later than one year after the three 
work items mentioned above
have been completed.


Think the report is a good read.  However, the logic of the report seems 
confusing:
- If possible user confusion is the only concern
- Then the issue comes down to work on string similarity
- If the SSAC believes that the work on string similarity is not complete
- Then the whole new gTLD process should be called to stop

The report explains that in cases of 2 or more characters, where one character 
is non-similar, then the string can be considered non-confusing.  The logical 
conclusion for cases of 1 character should be the same, where one character is 
non-similar, then the string can be considered non-confusing.

In cases of 2 or more characters, there exists cases where both (or all) 
characters are similar, then the string is considered confusing. In such cases, 
the string contention process or the first-come-first-served rule comes into 
effect.

The conclusion of the SSAC report seems to be in conflict with such contention 
and FCFS rule. i.e. if the SSAC findings and recommendations hold for single 
characters, there is no reason why the same conclusions and recommendations 
will not hold for 2 or more character strings (which was in effect the 
conclusion of the JIG report).

More specifically:
- the result of 2 TLD strings considered confusing is that they go through 
contention process (and FCFS rule by round)
- that should be the same regardless of whether the TLD strings are 1 or 2 or 3 
characters or more

The SSAC findings simply states that there may be more likelihood of strings 
that may be considered similar/confusing, but does not explain why when such 
similarity/confusability occurs the same process as 2 or more characters could 
not be applied.  The logical conclusion should be simply to warn the applicant 
that there may be more cases which may require contention process than for 
multi-character TLD applications.

I believe we have some SSAC members on this list as well.  It would be good to 
hear from them what the logic is behind the recommendation and why it believes 
it does not impact 2 or more character strings.

Edmon