On 5 November 2016 at 01:14, Karl Auerbach <karl@cavebear.com> wrote:

For that purpose they need not come to ICANN for protection; they already have the tools they need - digital certificates from the established certificate authorities around the world.

​Funny, that doesn't appear to be sufficient for trademark holders.​ ​If it was simple as that we wouldn't need clearing houses and adjudication procedures whose resolution isn't done just by algorithm. Yet ICANN has seemed fit to bestow this myriad of non-technical protection measures to trademarks, but is satisfied to stop short of offering similar protection to non-commercial trustworthy names. So *this* is the place to draw the line and say "no more protections"? Good luck with that.

any consumer can walk up the certificate chain to check that they are chatting with the IGO itself and not a fake.

​This is the point at which I stopped reading.​ ​To expect Internet end-users -- especially newcomers -- to understand (let alone trace and discern legitimate certificates from fakes) Internet digital signatures is a recipe for utter failure. Unless and until that process is seamless globally, it is a wholly unsatisfactory solution. Maybe the answer is not completely within ICANN's remit but it absolutely within mandate to maintain trust in the DNS. So perhaps partnership with other bodies is in order, to strengthen and simplify the infrastructure and to engage in public education on self-defence. ICANN has traditionaly avoided such alliances, perhaps it is time to re-think. But really? It's up to Internet end-users to "walk up the certificate chain" else they deserve to be scammed? And trademark holders get preferential treatment over names created by international treaty? If that's the best ICANN can do in response to this kind of challenge, you might as well start prepping for another transition. - Evan