I've been watching this conversation. And it strikes me that we have a hammer and thus we have become locked into a tunnel vision in which we perceive the issue only as a nail. But there are other approaches that have not been raised. Let me begin with an aside and note the assumptions by Barry S and others that IGO names are somehow "trademarks". Notice the structure of that word, "trademark" - "trade" "mark". A trademark is something used by those in commerce. IGO's are not normally in commerce and thus not in "trade". However this is but a distraction of historical interest and not the main thrust of this e-mail. Rather, I am asserting that trademark principles, even if we wanted to use them, are not the best vehicle through which IGOs can obtain the ends they desire. The purpose of a trademark arose from a need of buyers (not sellers) of goods (and services) to have solid assurances of the source of those goods and services. The system of trade and service marks is to benefit consumers by allowing vendors to place trustworthy marks on their products and to have means to remove counterfeit or confusingly similar goods and services. But that was then and this is now, and we are dealing with digital matters. And for digital matters a whole new technology has grown over the last few decades - digital signatures. With this technology there is no need of trademarks. Rather a consumer can test a digital signature on a digital product to be assured not only of its source but also that the product has not been modified. That means that digital signatures do what trademarks do and more. So what do IGO's want? They want some way to assure the world of consumers that the electronic materials they publish and their electronic interfaces to accept input are actually published by those IGOs. For that purpose they need not come to ICANN for protection; they already have the tools they need - digital certificates from the established certificate authorities around the world. They can use TLS to identify their web offerings - and any consumer can walk up the certificate chain to check that they are chatting with the IGO itself and not a fake. And they can use digital signatures on individual documents so that even outside the web and HTTPS those documents can be validated for integrity of source and content. And they can use DNSSEC to assure that the domain name records they publish have not been altered or usurped. So ICANN could be blunt and tell the IGO's that ICANN has done enough already, that ICANN refuses to undertake yet another expansion of its non-technical role as internet name policeman, and that the IGOs already possess, and should use, the tools they need to reach the actual goals to which they aspire. --karl--