Donna Good morning; thank you this was very useful; look forward to Call later Best Nigel On Tue, 23 Aug 2022 at 16:10, Donna@registry.godaddy <Donna@registry.godaddy> wrote:
Dear EPDP Team,
During our calls in the past two weeks, the team has reviewed the String Similarity Small Group’s work outcome and subsequently, EPDP team members were asked to consult with their appointing organization on the proposed hybrid model for the string similarity review. The team is expected to have a follow-up discussion and share more feedback / input during this week’s meeting, on Friday, 26 August at 13:30-15:00 UTC.
To this end, the leadership team and staff would like to quickly recap the discussion and remind the team of the scope and remit of the small group’s work.
Comparing primary labels and requested allocatable variants in the String Similarity Review is generally supported by the EPDP Team. However, some EPDP Team members have expressed reservations about including non-requested allocatable variants and blocked variants in a String Similarity Review.
The small group’s recommendation for including all variants is due to its key consideration of the failure models, which are “denial of service” and “misconnection”. The small group believes that misconnection, in particular, is more problematic. Arriving at the wrong site, for example, can result in credential compromise and accidental exposure of information. If the confusing similarity is maliciously leveraged, it can be a DNS abuse vector.
The small group also believes that failure modes require mitigation as much as possible, and that the string similarity review provides an opportunity to do so. *To meet the singular goal of risk mitigation*, the small group agreed that the hybrid model was the most appropriate.
Nevertheless, the small group did not consider the implementation complexity of the hybrid model and deferred this to the EPDP Team to deliberate. As a next step, the EPDP team is to determine if the hybrid model is the appropriate path forward, taking into account factors such as:
- Likelihood and impact of the failure modes, especially the misconnection risk - Operational impact of the hybrid model - Cost and benefit of hybrid model
We hope this framing would be useful for your consideration of the small group’s recommendation. We look forward to further discussion during this week’s call.
Best Regards,
Donna
*Donna Austin*
GoDaddy Registry | Head of Registry Policy
[image: A picture containing text, clipart Description automatically generated]
+1 310 890 9655
Los Angeles, California
www.registry.godaddy | donna@registry.godaddy
_______________________________________________ Gnso-epdp-idn-team mailing list Gnso-epdp-idn-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-idn-team
