Just to clarify my point about same entity principle on registrants I made during the call: Assume someone gets .muller and .müller and wants to give mark.muller and mark.müller to different people. The rule proposed would require a single registrant, but it would be easy enough to work around: simply form a legal entity that acts as the registrant and lets Mark Muller and Mark Müller have their own domains without being official registrants. Mark Müller and Mark Muller could do it by themselves if they agree, but more likely the registrar would simply offer it as a service, with a subsidiary that acts as the registrant. Or an independent company could do it. If we'd insist on matching DNS records too it could still be worked around, then you'd just have to have common hosting at least as a redirector. Thus the same entity principle would not be really effective on registrants, it would just cause extra complications and cost for people it affects. Of course this could be seen as a positive, creating new business opportunities, but on general principles I would not like to see a situation where actual users of domains are hidden behind yet another layer of obfuscation, and especially not an ICANN policy that in effect forces them to. So while I like the same entity principle for registries and registrars, I would leave it on registrant level up to the registry or registrar, possibly with a policy to be specified in the registry agreement. -- Tapani Tarvainen
Hi Tapani, thanks for your input. I understand your points and agree your suggested scenario is possible. I'll comment inline. Am 09.07.2025 um 17:11 schrieb Tapani Tarvainen via Gnso-latin-diacritics:
Just to clarify my point about same entity principle on registrants I made during the call:
Assume someone gets .muller and .müller and wants to give mark.muller and mark.müller to different people.
The rule proposed would require a single registrant, but it would be easy enough to work around: simply form a legal entity that acts as the registrant and lets Mark Muller and Mark Müller have their own domains without being official registrants.
Mark Müller and Mark Muller could do it by themselves if they agree, but more likely the registrar would simply offer it as a service, with a subsidiary that acts as the registrant. Or an independent company could do it.
If we'd insist on matching DNS records too it could still be worked around, then you'd just have to have common hosting at least as a redirector.
As a side note: With the same entity requirement, there is not requirement to use the same DNS records. Different records are fine.
Thus the same entity principle would not be really effective on registrants, it would just cause extra complications and cost for people it affects.
But now to your main argument: In your case, both mark.muller and mark.müller behave well. Then of course there's no problem. Neither one is pretending to be the other. As you said, one could register both and hand one to the other person, or some intermediary could register both and hand them out to two people. Everything is fine. It's also not violating our same entity rule. Because what that same entity does with their bundled domains, is up to them. However, imagine mark.muller is a bad person and tries to impersonate mark.müller. Then it gets interesting. With the same entity requirement, the domains mark.müller and mark.mueller belong to the same registrant ... company, whatever. They are then responsible to solve and issues with abuse and they easily can, because they own both domains and have a direct customer relationship with both Marks. The company selling those domains further on, would want to make sure, there is no abuse, because legally, they are still responsible for both domains, they have a contract with the registrar. They have a high interest, neither of the two Marks is doing anything bad with their domains. However, without the same entity principle, mark.müller could get his domain and somebody totally different, using a different registrar, can get mark.muller and pretend to be mark.müller. That evil person could be living in some country, where the law is different and they don't care about abuse. Now Mark Müller would need to use international lawyers or whatever to get the evil domain taken down. It could cost him money, would take time, during which the evil person could to much harm (e.g., if there is a shop on the domain). With the same entity principle, we want to avoid such situations as much as possible. Of course there is always some way around and there is never 100% safety, but this is much safer for Mark Müller than if the same entity principle is not required. Hope that explains a bit of the background reasoning, why it's important (for the variant case, and I think also for our case). Cheers, Michael -- ____________________________________________________________________ | | | knipp | Knipp Medien und Kommunikation GmbH ------- Technologiepark Martin-Schmeißer-Weg 9 44227 Dortmund Deutschland Dipl.-Informatiker Tel: +49 231 9703-0 Fax: +49 231 9703-200 Dr. Michael Bauland SIP: Michael.Bauland@knipp.de Software-Entwicklung E-Mail: Michael.Bauland@knipp.de Registereintrag: Amtsgericht Dortmund, HRB 13728 Geschäftsführer: Dietmar Knipp, Elmar Knipp Zertifiziert nach DIN ISO/IEC 27001:2017
I'd like to second Michael's points. In my experience, it's almost impossible to write a rule that nobody can possibly work around. If one is determined to only make rules that are impossible to game, one basically ends up with no rules at all. As Michael noted, the same entity principle gives the actual registrant strong incentives to police the situation, rather than leaving ICANN to try to do so. That definitely seems preferable to me. Bill Jouris Yahoo Mail: Search, Organize, Conquer On Wed, Jul 9, 2025 at 8:35 AM, Michael Bauland via Gnso-latin-diacritics<gnso-latin-diacritics@icann.org> wrote: Hi Tapani, thanks for your input. I understand your points and agree your suggested scenario is possible. I'll comment inline. Am 09.07.2025 um 17:11 schrieb Tapani Tarvainen via Gnso-latin-diacritics:
Just to clarify my point about same entity principle on registrants I made during the call:
Assume someone gets .muller and .müller and wants to give mark.muller and mark.müller to different people.
The rule proposed would require a single registrant, but it would be easy enough to work around: simply form a legal entity that acts as the registrant and lets Mark Muller and Mark Müller have their own domains without being official registrants.
Mark Müller and Mark Muller could do it by themselves if they agree, but more likely the registrar would simply offer it as a service, with a subsidiary that acts as the registrant. Or an independent company could do it.
If we'd insist on matching DNS records too it could still be worked around, then you'd just have to have common hosting at least as a redirector.
As a side note: With the same entity requirement, there is not requirement to use the same DNS records. Different records are fine.
Thus the same entity principle would not be really effective on registrants, it would just cause extra complications and cost for people it affects.
But now to your main argument: In your case, both mark.muller and mark.müller behave well. Then of course there's no problem. Neither one is pretending to be the other. As you said, one could register both and hand one to the other person, or some intermediary could register both and hand them out to two people. Everything is fine. It's also not violating our same entity rule. Because what that same entity does with their bundled domains, is up to them. However, imagine mark.muller is a bad person and tries to impersonate mark.müller. Then it gets interesting. With the same entity requirement, the domains mark.müller and mark.mueller belong to the same registrant ... company, whatever. They are then responsible to solve and issues with abuse and they easily can, because they own both domains and have a direct customer relationship with both Marks. The company selling those domains further on, would want to make sure, there is no abuse, because legally, they are still responsible for both domains, they have a contract with the registrar. They have a high interest, neither of the two Marks is doing anything bad with their domains. However, without the same entity principle, mark.müller could get his domain and somebody totally different, using a different registrar, can get mark.muller and pretend to be mark.müller. That evil person could be living in some country, where the law is different and they don't care about abuse. Now Mark Müller would need to use international lawyers or whatever to get the evil domain taken down. It could cost him money, would take time, during which the evil person could to much harm (e.g., if there is a shop on the domain). With the same entity principle, we want to avoid such situations as much as possible. Of course there is always some way around and there is never 100% safety, but this is much safer for Mark Müller than if the same entity principle is not required. Hope that explains a bit of the background reasoning, why it's important (for the variant case, and I think also for our case). Cheers, Michael -- ____________________________________________________________________ | | | knipp | Knipp Medien und Kommunikation GmbH ------- Technologiepark Martin-Schmeißer-Weg 9 44227 Dortmund Deutschland Dipl.-Informatiker Tel: +49 231 9703-0 Fax: +49 231 9703-200 Dr. Michael Bauland SIP: Michael.Bauland@knipp.de Software-Entwicklung E-Mail: Michael.Bauland@knipp.de Registereintrag: Amtsgericht Dortmund, HRB 13728 Geschäftsführer: Dietmar Knipp, Elmar Knipp Zertifiziert nach DIN ISO/IEC 27001:2017 _______________________________________________ Gnso-latin-diacritics mailing list -- gnso-latin-diacritics@icann.org To unsubscribe send an email to gnso-latin-diacritics-leave@icann.org
Hi Michael, Thank you for the explanation. There is, however, still something I don't understand. On Wed, Jul 09, 2025 at 05:35:19PM +0200, Michael Bauland via Gnso-latin-diacritics (gnso-latin-diacritics@icann.org) wrote: [clip]
However, imagine mark.muller is a bad person and tries to impersonate mark.müller. Then it gets interesting.
With the same entity requirement, the domains mark.müller and mark.mueller belong to the same registrant ... company, whatever. They are then responsible to solve and issues with abuse and they easily can, because they own both domains and have a direct customer relationship with both Marks. The company selling those domains further on, would want to make sure, there is no abuse, because legally, they are still responsible for both domains, they have a contract with the registrar. They have a high interest, neither of the two Marks is doing anything bad with their domains.
However, without the same entity principle, mark.müller could get his domain and somebody totally different, using a different registrar, can get mark.muller and pretend to be mark.müller.
That is why I thought it'd be good to have same entity principle down to registrar level, but I don't see it on registrant level. Even as independent registrants, both Marks would have a relationship with the same registrar, no international law issues &c. It is not clear to me why this would be worse than having the intermediary between the registrar and the two Marks. -- Tapani Tarvainen
Hial. I missed today’s call due to a last-minute conflict, so I am stepping into the discussion without knowing all the context from which it arises. So my apologies in advance. 2Tapani: In my experience of managing secnd-level IDns treatng ASCII and the “corresponding” (sic) versions with diacritics as pseudo-variants, whcih range from 19 years for .cat to 11 years for .barcelona, .swiss, .radio, .sport, .eus, .gal, .madrid, .quebec… I have NEVER seen a situation like the one you describe. I am not saying it is not possible: certainly it is. I am just saying it is exrtremely rare, close to something that would only happen as a test by someone interested in ehcking the limits ;-) Now, let’s keep in mind how efficeint rules should be desinged. Inthis means, most often “rule for the statistically relevant cases; handle rare, extreme cases via compliance”. In other terms, the vast majority of drivers tend to stop with a red light. Yes, even in Naples ;-) What you seem to tell us is that some drivers don’t or jsut may not doso. So… let0s forget traffic lights altogether, as it is possible to burn a red light. Well, good luckwith the results ;-) The point is not that the Same entityu rule *may* have some (statistically irrelevant) holes. The point is that it is clearly the most efficent, and eaiset to enforce, solution to prevent he overwhleming majority of the situations we are trying to prevent which is user confusion. Not all? No, but it also simplifies compliance. As those cases are not jsut accients but cleverly and consxiously built to bypass the rule. Onthe contrary, if we stop at Registrar (Registrar meaning Registrar or Regiistrar + reseller? probably 50% of all domains are handled by resellers…), then you are not facing just some fringe, cleaverly designed cases, but a singnificant amount of “accidents” and non-intentional disparities of registrants for confusingly similar domains. Inthe same entity principle the “same registran” is BY FAR the most relevant part to minimize all the problems we are supposed to deal with. Amadeu
El 9 jul. 2025, a les 18:24, Tapani Tarvainen via Gnso-latin-diacritics <gnso-latin-diacritics@icann.org> va escriure:
Hi Michael,
Thank you for the explanation. There is, however, still something I don't understand.
On Wed, Jul 09, 2025 at 05:35:19PM +0200, Michael Bauland via Gnso-latin-diacritics (gnso-latin-diacritics@icann.org) wrote:
[clip]
However, imagine mark.muller is a bad person and tries to impersonate mark.müller. Then it gets interesting.
With the same entity requirement, the domains mark.müller and mark.mueller belong to the same registrant ... company, whatever. They are then responsible to solve and issues with abuse and they easily can, because they own both domains and have a direct customer relationship with both Marks. The company selling those domains further on, would want to make sure, there is no abuse, because legally, they are still responsible for both domains, they have a contract with the registrar. They have a high interest, neither of the two Marks is doing anything bad with their domains.
However, without the same entity principle, mark.müller could get his domain and somebody totally different, using a different registrar, can get mark.muller and pretend to be mark.müller.
That is why I thought it'd be good to have same entity principle down to registrar level, but I don't see it on registrant level.
Even as independent registrants, both Marks would have a relationship with the same registrar, no international law issues &c.
It is not clear to me why this would be worse than having the intermediary between the registrar and the two Marks.
-- Tapani Tarvainen _______________________________________________ Gnso-latin-diacritics mailing list -- gnso-latin-diacritics@icann.org To unsubscribe send an email to gnso-latin-diacritics-leave@icann.org
On Wed, Jul 09, 2025 at 07:02:46PM +0200, Amadeu Abril i Abril (CORE) (amadeu.abril@corenic.org) wrote:
2Tapani: In my experience of managing secnd-level IDns treatng ASCII and the “corresponding” (sic) versions with diacritics as pseudo-variants, whcih range from 19 years for .cat to 11 years for .barcelona, .swiss, .radio, .sport, .eus, .gal, .madrid, .quebec… I have NEVER seen a situation like the one you describe. I am not saying it is not possible: certainly it is. I am just saying it is exrtremely rare, close to something that would only happen as a test by someone interested in ehcking the limits ;-)
I suspect most people still don't know non-ASCII domains are even possible. But that is likely to change, and then such situations are also going to be more likely. And of course some people do like testing the limits. :-) There already are some domains that only differ by diacritics in the 2nd level and belong to different owners and have nothing in common. I expect there to be more such in the future. That said, I concede it's not likely to be a big problem at TLD level in the immediate future, as the number of people who might consider getting a vanity gTLD is going to be pretty small given what they cost. Should the cost drop by three orders of magnitude or so it'd be different, but I guess there'll be time for several new PDPs before that happens. :-) And I guess I must confess to a tendency of treating laws and the like as if they were security-critical computer programs, where all possible loopholes are security risks. Which occasionally does result in picking up too small nits. Apologies if you find it annoying. So, perhaps imposing the same entity rule all the way down is a reasonable compromise between abuse potential and cost. No further objections, let's move on. -- Tapani Tarvainen
Hi Tapani, thanks for your understanding and please don't ever think your comments or opinions are annoying. On the contrary, if everybody is always having the same opinion there wouldn't be any discussion at all. I think discussion is important, because it shows people a different view they may not have thought about before. So, as long as a discussion does not go in circles and takes on for ever, it's very valuable to have it. Kiitos. Cheers, Michael -- ____________________________________________________________________ | | | knipp | Knipp Medien und Kommunikation GmbH ------- Technologiepark Martin-Schmeisser-Weg 9 44227 Dortmund Germany Dipl.-Informatiker Fon: +49 231 9703-0 Fax: +49 231 9703-200 Dr. Michael Bauland SIP: Michael.Bauland@knipp.de Software Development E-mail: Michael.Bauland@knipp.de Register Court: Amtsgericht Dortmund, HRB 13728 Chief Executive Officers: Dietmar Knipp, Elmar Knipp Certified according DIN ISO/IEC 27001:2017
Hi Tapani, Just to add to what Michael said, it's extremely valuable to have people with different views and experiences in the discussion. And I say this as one who was, I think, disagreeing with you a lot during the discussion. I, for one, appreciate someone pointing out things I never thought of on my own. I'm going thru this same kind of brainstorming in my day job. And it's very helpful in both. So please, keep it up. Bill Jouris Sent from Yahoo Mail on Android On Thu, Jul 10, 2025 at 1:31 AM, Michael Bauland via Gnso-latin-diacritics<gnso-latin-diacritics@icann.org> wrote: Hi Tapani, thanks for your understanding and please don't ever think your comments or opinions are annoying. On the contrary, if everybody is always having the same opinion there wouldn't be any discussion at all. I think discussion is important, because it shows people a different view they may not have thought about before. So, as long as a discussion does not go in circles and takes on for ever, it's very valuable to have it. Kiitos. Cheers, Michael -- ____________________________________________________________________ | | | knipp | Knipp Medien und Kommunikation GmbH ------- Technologiepark Martin-Schmeisser-Weg 9 44227 Dortmund Germany Dipl.-Informatiker Fon: +49 231 9703-0 Fax: +49 231 9703-200 Dr. Michael Bauland SIP: Michael.Bauland@knipp.de Software Development E-mail: Michael.Bauland@knipp.de Register Court: Amtsgericht Dortmund, HRB 13728 Chief Executive Officers: Dietmar Knipp, Elmar Knipp Certified according DIN ISO/IEC 27001:2017 _______________________________________________ Gnso-latin-diacritics mailing list -- gnso-latin-diacritics@icann.org To unsubscribe send an email to gnso-latin-diacritics-leave@icann.org
Speaking as a group member. ascii.ascii and ascii.idn being bundled makes sense because it's a simple end user protection that we can add within the remit our work. We get to protect users while taking away minimal amounts of freedom. idn.ascii and idn.idn is a different matter, because even supposing we want it them bundled, it both seems outside of our remit and feels like it might take away a more significant amount of freedom. So I definitely understand Tapani's point, but I feel this is a good balance between security and freedom. Best, On 9 Jul 2025 12:11, Tapani Tarvainen via Gnso-latin-diacritics wrote:
Just to clarify my point about same entity principle on registrants I made during the call:
Assume someone gets .muller and .müller and wants to give mark.muller and mark.müller to different people.
The rule proposed would require a single registrant, but it would be easy enough to work around: simply form a legal entity that acts as the registrant and lets Mark Muller and Mark Müller have their own domains without being official registrants.
Mark Müller and Mark Muller could do it by themselves if they agree, but more likely the registrar would simply offer it as a service, with a subsidiary that acts as the registrant. Or an independent company could do it.
If we'd insist on matching DNS records too it could still be worked around, then you'd just have to have common hosting at least as a redirector.
Thus the same entity principle would not be really effective on registrants, it would just cause extra complications and cost for people it affects.
Of course this could be seen as a positive, creating new business opportunities, but on general principles I would not like to see a situation where actual users of domains are hidden behind yet another layer of obfuscation, and especially not an ICANN policy that in effect forces them to.
So while I like the same entity principle for registries and registrars, I would leave it on registrant level up to the registry or registrar, possibly with a policy to be specified in the registry agreement.
-- Mark W. Datysgeld Director at Governance Primer [governanceprimer.com <https://governanceprimer.com>] Project Lead Developer at ICANNWiki [icannwiki.org <https://icannwiki.org/>]
participants (6)
-
Amadeu Abril i Abril (CORE) -
Bill Jouris -
Mark W. Datysgeld -
Michael Bauland -
Tapani Tarvainen -
Tarvainen Tapani