Dear Prof. Kim, All,

Here is the relevant text from SSAC’s SAC 60 report (https://www.icann.org/en/system/files/files/sac-060-en.pdf), as mentioned during the call today:

Recommendation 7: Should ICANN decide to implement safeguards it should seek

to distinguish the following two types of failure modes when a user expects a variant

to work but it is not implemented:

• Denial of service: the user attempts to visit http://example.Y, reading it as

being the same Uniform Resource Identifier (URI) as the http://example.X

that, for example, he or she saw in an advertisement, but the connection does

not work (lookup fails) because Y is either blocked, withheld, or X has no

variant at all, and example.Y is not registered.

• Misconnection: the user attempts to visit http://example.Y, reading it as being

the same URI as the http://example.X that, for example, he or she saw in an

advertisement, but arrives at a site controlled by a registrant different to that of

example.X.

The second case is much more dangerous than the first one. In the first case, the user is

frustrated and may conclude that “the Internet does not work,” but no serious harm has

arisen. The second case is problematic even if this effect is not the result of malicious

work on the part of Y’s operator or example.Y registrant. Misconnections to a perfectly

legitimate site operating at example.Y present issues of possible credential compromise

or other accidental disclosure of information in addition to user confusion and frustration.

Regards,
Sarmad