Technical Advice Needed 1. How to deal with new applications that may present high risk strings in an orderly fashion that does not subject applicants and others to investment of time and money that is wasted. (This should include advice as to how to coordinate evaluation of special names with IETF.) 2. Updated technical advice on DITL as the most valuable measure of name collision issues (as per “off the cuff” advice from JAS recently received.) Are you saying that we use DITL, but don’t use any apd information? Or are you saying use apd information, but apply controlled interruption to those names? If so, does controlled interruption answer the concerns of brands where brand names are purchased during Sunrise and then subject to controlled interruption procedures? 3. Updated technical advice on the period of controlled interruption – can and should it be shortened? (RySG comments mention Interisle and talk about seeking additional technical advice. RySG notes that Advisors should not have any conflicts of interest.) 4. Technical advice on individual label review. 5. Technical advice on the overall restructuring of the current version of the Name Collision Framework to the extent we believe changes should be considered. (Please note the existing Name Collision Framework does not contain a process for identifying high risk strings). The existing Name Collision Framework should be submitted to technical experts along with any recommendations and questions we may have for the purpose of getting expert advice on the best methods for updating the Framework for the next round. Put more bluntly, if we do not obtain more updated expert technical advice on name collision issues and how to handle them going forward, we are the ones “guessing”. Anne E. Aikman-Scalese Of Counsel 520.629.4428 office 520.879.4725 fax AAikman@lrrc.com<mailto:AAikman@lrrc.com> _____________________________ [cid:image003.png@01D2E006.DA988560] Lewis Roca Rothgerber Christie LLP One South Church Avenue, Suite 700 Tucson, Arizona 85701-1611 lrrc.com<http://lrrc.com/> From: Rubens Kuhl [mailto:rubensk@nic.br] Sent: Wednesday, June 07, 2017 5:53 PM To: Aikman-Scalese, Anne Cc: gnso-newgtld-wg-wt4@icann.org Subject: Re: [Gnso-newgtld-wg-wt4] WT4 Call Agenda Hi Anne. Responses inline. Rubens et al, Looks as though my attachment of a zip file with apd reports caused some problems in delivery. Resending without apd reports attached. Anne Just another anecdotal evidence of the size of APD files, I believe... to add another, some DNS zones we provisioned for back-end registry customers were larger than most of the DNS zones we ever provisioned. Rubens, Regarding Items 4 and 5 of the agenda for Thursday’s call, I note that SSAC Advice as to name collisions is still in the “open” phase at the ICANN Board. The advice includes SSAC 062 - Phase 2 – “Evaluate and Consider” and SSAC 90 – Phase 1 “Request Understood” by the Board. Open advice from SSAC to the Board should not be lumped in with other CC2 comments. After all, this is the Security and Stability Advisory Committee to ICANN. SAC 90 is more of the "Conflicting TLD Allocations" theme than name collisions per se. One possible conflict that a possible name collision could cause is that if two organisations decide differently how to handle a TLD that is said to be prone to collisions, that would be in the realm of the SAC 90 SSAC advice. Regarding SAC 62, it has two recommendations, one regarding high risk strings and the other regarding trial delegations; the final Name Collision Framework ended up not having trial delegations, so this part was fully accepted by the board. The one regarding strings still remains to be seen, since there is no closure on that yet... so that might be why it's listed as open. And since the 2012-round high-risk strings are not in scope for this PDP, we don't have to address directly that part of the advice, although being recognisant of the possibility of high-risk strings. There are also a number of comments to CC2 which express frustration at the process followed in the 2012 round given that application fees were paid and “unicorn” high collision risks were not identified until much later. Considering that SSAC advice, Internet-Drafts, CircleID articles and Root Server information public information already mentioned .home and .corp, I don't agree with them being identified until much later. On the other hand, .mail, or more properly dotless mail, fits the description, IMHO. To put it mildly, this was not an orderly process. Thus, I would say that this issue of “high risk” strings needs to be given priority by our Track 4 Team since it is a “threshold” issue for any applicant. If we don’t have individual string review, how can these high risk strings be identified in new applications? Did we learn anything from the 2012 round? (Put another way, this WG cannot afford to take the “ostrich” approach to the “unicorn” high risk TLD strings.) I think we did learn a few things. Stay tuned for the call. ;-) Although Jeff indicates the 2012 high risk TLDs (.home, .corp, .mail) are subject to “separate processes”, I believe that given the open SSAC Advice to the Board, these high risk “unicorn” applications (whether old or new) will likely all be considered by the Board on the same basis once a policy for the next round is determined based on policy recommendations provided by the GNSO and the Advisory Committees. That's a guess, and while that might become true or not, since it's not in our charter we can only considerer subsequent procedures for this specific topic. If the Board later uses a paradigm the PDP suggests, it's up to them. The only case we know for sure that will happen is closed generics. Separately, both Interisle and JAS Advisors indicated that DITL (Day in the Life) statistics were the most valuable measures for assessing name collision risk. I think both also endorsed the 90 day Controlled Interruption period. I'm not sure Interisle mentioned the duration of the CI period, it would be interesting to add their views on that as well if they are published somewhere. Lastly, I note that the International Trademark Association has filed comments related to the fact that due to the Alternate Path to Delegation (“apd”) lists generated by the 2012 round, a number of brand names were blocked and were not subject to a second Sunrise when released. This is a significant issue for brand owners which also needs to be addressed as a policy matter. (See attached apd reports by TLD as of 12 November 2013.) The APD lists were a shortcut to be used while the framework was being developed, but I'm sure no one would suggest it to be done again. For instance, after ICANN approved the framework, registries were forbidden to use APD lists and would instead obliged to use wildcard controlled interruption. So while this was a source of anguish and sorrow for both registries and trademark owners, it's now just a bad memory, like Digital Archery, TAS bugs etc. I am hopeful that leadership for Sub Pro and for this Work Track will recognize that expert advice on these questions is needed. Accordingly, we should be soliciting estimates from qualified technical advisors and seeking funds in relation to obtaining advice on these highly technical questions. I'm not sure we need advice beyond what we already got from SSAC, JAS, INTA and RySG, considering our scope. I believe we could require such advice if we were to deal with .home, .corp, and .mail, but that is not in our plate... besides that, what reasons do you see to need to such an advice during the PDP ? There might be, so if you could elaborate (either on the list or during the call)... Best, Rubens ________________________________ This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521.

Thanks Rubens. There is nothing about what you say below that persuades me that updated technical advice on the existing framework is not needed. In fact, the existing framework does not even address evaluation of high risk “unicorn” strings at all and some of the CC2 comments suggest per label review is not needed. I believe that we are merely slowing the work of this group by not going to the next step in procuring the needed technical advice in a formal manner. I don’t see any way the members of this group could possibly be comfortable proceeding without it. If we want timely results in relation to concluding Sub Pro work, we should formulate questions for technical experts and get estimates right now. Anne Anne E. Aikman-Scalese Of Counsel 520.629.4428 office 520.879.4725 fax AAikman@lrrc.com<mailto:AAikman@lrrc.com> _____________________________ [cid:image003.png@01D2E040.0FF48EA0] Lewis Roca Rothgerber Christie LLP One South Church Avenue, Suite 700 Tucson, Arizona 85701-1611 lrrc.com<http://lrrc.com/> From: Rubens Kuhl [mailto:rubensk@nic.br] Sent: Thursday, June 08, 2017 5:00 AM To: Aikman-Scalese, Anne Cc: gnso-newgtld-wg-wt4@icann.org Subject: Re: [Gnso-newgtld-wg-wt4] WT4 Call Agenda On Jun 8, 2017, at 7:25 AM, Aikman-Scalese, Anne <AAikman@lrrc.com<mailto:AAikman@lrrc.com>> wrote: Technical Advice Needed 1. How to deal with new applications that may present high risk strings in an orderly fashion that does not subject applicants and others to investment of time and money that is wasted. Fortunately SSAC had already thought of that in SAC045, and reminded us of it in SAC094. What was clear from the 2012 round is that ICANN simply saying "do your own due diligence" doesn't cut it for this particular topic. We should also note that this discussion is strongly correlated to the predictability discussions we are having in the WG. (This should include advice as to how to coordinate evaluation of special names with IETF.) This has one more nuance: it's not only IETF, but software development community in general. For instance. while .bit was proposed in IETF special names process for NameCoin, but never got traction there, there is actual software out there that intercepts any request for .bit and makes a NameCoin request instead of a DNS request. As Prof. Lawrence Lessig reminds us, "code is law". 2. Updated technical advice on DITL as the most valuable measure of name collision issues (as per “off the cuff” advice from JAS recently received.) Are you saying that we use DITL, but don’t use any apd information? Or are you saying use apd information, but apply controlled interruption to those names? If so, does controlled interruption answer the concerns of brands where brand names are purchased during Sunrise and then subject to controlled interruption procedures? What ICANN Org already mentioned is to not do a per-label proceeding of any kind, and I fully agree with that. So even DITL being a solid data source for research, using it blindly (as happened with APD) leads to suffering. 3. Updated technical advice on the period of controlled interruption – can and should it be shortened? (RySG comments mention Interisle and talk about seeking additional technical advice. RySG notes that Advisors should not have any conflicts of interest.) I believe the ground rule of this PDP of by default keeping the current policies should be taken into consideration as well. 4. Technical advice on individual label review. Isn't that part of the evaluation process ? 5. Technical advice on the overall restructuring of the current version of the Name Collision Framework to the extent we believe changes should be considered. (Please note the existing Name Collision Framework does not contain a process for identifying high risk strings). The existing Name Collision Framework should be submitted to technical experts along with any recommendations and questions we may have for the purpose of getting expert advice on the best methods for updating the Framework for the next round. We do have a suggestion from ICANN's CTO to do some outreach on that. Will talk of it later today. Put more bluntly, if we do not obtain more updated expert technical advice on name collision issues and how to handle them going forward, we are the ones “guessing”. While some knowledge in this area may have evolved, most of it is pretty known for a long time. I believe the single factor that was new in this area was the internal certificates issue, which was dealt with for the 2012-round and is now gone due to new certificate authority practices. Note both SSAC and JAS advice are of last month, so they look pretty "fresh" to me. Rubens ________________________________ This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521.

Martin, I don’t think the call starts for another hour. From: gnso-newgtld-wg-wt4-bounces@icann.org [mailto:gnso-newgtld-wg-wt4-bounces@icann.org] On Behalf Of Martin Sutton Sent: Thursday, June 08, 2017 12:08 PM To: Rubens Kuhl <rubensk@nic.br> Cc: gnso-newgtld-wg-wt4@icann.org Subject: [EXTERNAL] Re: [Gnso-newgtld-wg-wt4] WT4 Call Agenda Hi Rubens, Trying to get into Adobe for the call, yet another add-on is being installed, will join in few minutes. Sorry fro the delay. Martin Sutton Executive Director Brand Registry Group martin@brandregistrygroup.org<mailto:martin@brandregistrygroup.org> On 8 Jun 2017, at 18:14, Aikman-Scalese, Anne <AAikman@lrrc.com<mailto:AAikman@lrrc.com>> wrote: Thanks Rubens. There is nothing about what you say below that persuades me that updated technical advice on the existing framework is not needed. In fact, the existing framework does not even address evaluation of high risk “unicorn” strings at all and some of the CC2 comments suggest per label review is not needed. I believe that we are merely slowing the work of this group by not going to the next step in procuring the needed technical advice in a formal manner. I don’t see any way the members of this group could possibly be comfortable proceeding without it. If we want timely results in relation to concluding Sub Pro work, we should formulate questions for technical experts and get estimates right now. Anne Anne E. Aikman-Scalese Of Counsel 520.629.4428 office 520.879.4725 fax AAikman@lrrc.com<mailto:AAikman@lrrc.com> _____________________________ <image003.png> Lewis Roca Rothgerber Christie LLP One South Church Avenue, Suite 700 Tucson, Arizona 85701-1611 lrrc.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__lrrc.com_&d=DwMGaQ&c=MOp...> From: Rubens Kuhl [mailto:rubensk@nic.br] Sent: Thursday, June 08, 2017 5:00 AM To: Aikman-Scalese, Anne Cc: gnso-newgtld-wg-wt4@icann.org<mailto:gnso-newgtld-wg-wt4@icann.org> Subject: Re: [Gnso-newgtld-wg-wt4] WT4 Call Agenda On Jun 8, 2017, at 7:25 AM, Aikman-Scalese, Anne <AAikman@lrrc.com<mailto:AAikman@lrrc.com>> wrote: Technical Advice Needed 1. How to deal with new applications that may present high risk strings in an orderly fashion that does not subject applicants and others to investment of time and money that is wasted. Fortunately SSAC had already thought of that in SAC045, and reminded us of it in SAC094. What was clear from the 2012 round is that ICANN simply saying "do your own due diligence" doesn't cut it for this particular topic. We should also note that this discussion is strongly correlated to the predictability discussions we are having in the WG. (This should include advice as to how to coordinate evaluation of special names with IETF.) This has one more nuance: it's not only IETF, but software development community in general. For instance. while .bit was proposed in IETF special names process for NameCoin, but never got traction there, there is actual software out there that intercepts any request for .bit and makes a NameCoin request instead of a DNS request. As Prof. Lawrence Lessig reminds us, "code is law". 2. Updated technical advice on DITL as the most valuable measure of name collision issues (as per “off the cuff” advice from JAS recently received.) Are you saying that we use DITL, but don’t use any apd information? Or are you saying use apd information, but apply controlled interruption to those names? If so, does controlled interruption answer the concerns of brands where brand names are purchased during Sunrise and then subject to controlled interruption procedures? What ICANN Org already mentioned is to not do a per-label proceeding of any kind, and I fully agree with that. So even DITL being a solid data source for research, using it blindly (as happened with APD) leads to suffering. 3. Updated technical advice on the period of controlled interruption – can and should it be shortened? (RySG comments mention Interisle and talk about seeking additional technical advice. RySG notes that Advisors should not have any conflicts of interest.) I believe the ground rule of this PDP of by default keeping the current policies should be taken into consideration as well. 4. Technical advice on individual label review. Isn't that part of the evaluation process ? 5. Technical advice on the overall restructuring of the current version of the Name Collision Framework to the extent we believe changes should be considered. (Please note the existing Name Collision Framework does not contain a process for identifying high risk strings). The existing Name Collision Framework should be submitted to technical experts along with any recommendations and questions we may have for the purpose of getting expert advice on the best methods for updating the Framework for the next round. We do have a suggestion from ICANN's CTO to do some outreach on that. Will talk of it later today. Put more bluntly, if we do not obtain more updated expert technical advice on name collision issues and how to handle them going forward, we are the ones “guessing”. While some knowledge in this area may have evolved, most of it is pretty known for a long time. I believe the single factor that was new in this area was the internal certificates issue, which was dealt with for the 2012-round and is now gone due to new certificate authority practices. Note both SSAC and JAS advice are of last month, so they look pretty "fresh" to me. Rubens ________________________________ This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521. _______________________________________________ Gnso-newgtld-wg-wt4 mailing list Gnso-newgtld-wg-wt4@icann.org<mailto:Gnso-newgtld-wg-wt4@icann.org> https://mm.icann.org/mailman/listinfo/gnso-newgtld-wg-wt4<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Dnewgtld-2Dwg-2Dwt4&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=4A3LwUUER9_CePZ11QJsr56eryGQiPHEqv4TL7JH87w&m=qrSgDScR04CCcGyWHXZicvwYqnQyrDOL1g7toOdz55w&s=l3LAy7RuRwWfljnAZDYCeCmELTDX5NsYGykP4QHX5yU&e=>

Oh good, I’m early :-) Thanks Donna. Martin Sutton Executive Director Brand Registry Group martin@brandregistrygroup.org<mailto:martin@brandregistrygroup.org> On 8 Jun 2017, at 11:25, Aikman-Scalese, Anne <AAikman@lrrc.com<mailto:AAikman@lrrc.com>> wrote: Technical Advice Needed 1. How to deal with new applications that may present high risk strings in an orderly fashion that does not subject applicants and others to investment of time and money that is wasted. (This should include advice as to how to coordinate evaluation of special names with IETF.) 2. Updated technical advice on DITL as the most valuable measure of name collision issues (as per “off the cuff” advice from JAS recently received.) Are you saying that we use DITL, but don’t use any apd information? Or are you saying use apd information, but apply controlled interruption to those names? If so, does controlled interruption answer the concerns of brands where brand names are purchased during Sunrise and then subject to controlled interruption procedures? 3. Updated technical advice on the period of controlled interruption – can and should it be shortened? (RySG comments mention Interisle and talk about seeking additional technical advice. RySG notes that Advisors should not have any conflicts of interest.) 4. Technical advice on individual label review. 5. Technical advice on the overall restructuring of the current version of the Name Collision Framework to the extent we believe changes should be considered. (Please note the existing Name Collision Framework does not contain a process for identifying high risk strings). The existing Name Collision Framework should be submitted to technical experts along with any recommendations and questions we may have for the purpose of getting expert advice on the best methods for updating the Framework for the next round. Put more bluntly, if we do not obtain more updated expert technical advice on name collision issues and how to handle them going forward, we are the ones “guessing”. Anne E. Aikman-Scalese Of Counsel 520.629.4428 office 520.879.4725 fax AAikman@lrrc.com<mailto:AAikman@lrrc.com> _____________________________ <image003.png> Lewis Roca Rothgerber Christie LLP One South Church Avenue, Suite 700 Tucson, Arizona 85701-1611 lrrc.com<http://lrrc.com/> From: Rubens Kuhl [mailto:rubensk@nic.br] Sent: Wednesday, June 07, 2017 5:53 PM To: Aikman-Scalese, Anne Cc: gnso-newgtld-wg-wt4@icann.org<mailto:gnso-newgtld-wg-wt4@icann.org> Subject: Re: [Gnso-newgtld-wg-wt4] WT4 Call Agenda Hi Anne. Responses inline. Rubens et al, Looks as though my attachment of a zip file with apd reports caused some problems in delivery. Resending without apd reports attached. Anne Just another anecdotal evidence of the size of APD files, I believe... to add another, some DNS zones we provisioned for back-end registry customers were larger than most of the DNS zones we ever provisioned. Rubens, Regarding Items 4 and 5 of the agenda for Thursday’s call, I note that SSAC Advice as to name collisions is still in the “open” phase at the ICANN Board. The advice includes SSAC 062 - Phase 2 – “Evaluate and Consider” and SSAC 90 – Phase 1 “Request Understood” by the Board. Open advice from SSAC to the Board should not be lumped in with other CC2 comments. After all, this is the Security and Stability Advisory Committee to ICANN. SAC 90 is more of the "Conflicting TLD Allocations" theme than name collisions per se. One possible conflict that a possible name collision could cause is that if two organisations decide differently how to handle a TLD that is said to be prone to collisions, that would be in the realm of the SAC 90 SSAC advice. Regarding SAC 62, it has two recommendations, one regarding high risk strings and the other regarding trial delegations; the final Name Collision Framework ended up not having trial delegations, so this part was fully accepted by the board. The one regarding strings still remains to be seen, since there is no closure on that yet... so that might be why it's listed as open. And since the 2012-round high-risk strings are not in scope for this PDP, we don't have to address directly that part of the advice, although being recognisant of the possibility of high-risk strings. There are also a number of comments to CC2 which express frustration at the process followed in the 2012 round given that application fees were paid and “unicorn” high collision risks were not identified until much later. Considering that SSAC advice, Internet-Drafts, CircleID articles and Root Server information public information already mentioned .home and .corp, I don't agree with them being identified until much later. On the other hand, .mail, or more properly dotless mail, fits the description, IMHO. To put it mildly, this was not an orderly process. Thus, I would say that this issue of “high risk” strings needs to be given priority by our Track 4 Team since it is a “threshold” issue for any applicant. If we don’t have individual string review, how can these high risk strings be identified in new applications? Did we learn anything from the 2012 round? (Put another way, this WG cannot afford to take the “ostrich” approach to the “unicorn” high risk TLD strings.) I think we did learn a few things. Stay tuned for the call. ;-) Although Jeff indicates the 2012 high risk TLDs (.home, .corp, .mail) are subject to “separate processes”, I believe that given the open SSAC Advice to the Board, these high risk “unicorn” applications (whether old or new) will likely all be considered by the Board on the same basis once a policy for the next round is determined based on policy recommendations provided by the GNSO and the Advisory Committees. That's a guess, and while that might become true or not, since it's not in our charter we can only considerer subsequent procedures for this specific topic. If the Board later uses a paradigm the PDP suggests, it's up to them. The only case we know for sure that will happen is closed generics. Separately, both Interisle and JAS Advisors indicated that DITL (Day in the Life) statistics were the most valuable measures for assessing name collision risk. I think both also endorsed the 90 day Controlled Interruption period. I'm not sure Interisle mentioned the duration of the CI period, it would be interesting to add their views on that as well if they are published somewhere. Lastly, I note that the International Trademark Association has filed comments related to the fact that due to the Alternate Path to Delegation (“apd”) lists generated by the 2012 round, a number of brand names were blocked and were not subject to a second Sunrise when released. This is a significant issue for brand owners which also needs to be addressed as a policy matter. (See attached apd reports by TLD as of 12 November 2013.) The APD lists were a shortcut to be used while the framework was being developed, but I'm sure no one would suggest it to be done again. For instance, after ICANN approved the framework, registries were forbidden to use APD lists and would instead obliged to use wildcard controlled interruption. So while this was a source of anguish and sorrow for both registries and trademark owners, it's now just a bad memory, like Digital Archery, TAS bugs etc. I am hopeful that leadership for Sub Pro and for this Work Track will recognize that expert advice on these questions is needed. Accordingly, we should be soliciting estimates from qualified technical advisors and seeking funds in relation to obtaining advice on these highly technical questions. I'm not sure we need advice beyond what we already got from SSAC, JAS, INTA and RySG, considering our scope. I believe we could require such advice if we were to deal with .home, .corp, and .mail, but that is not in our plate... besides that, what reasons do you see to need to such an advice during the PDP ? There might be, so if you could elaborate (either on the list or during the call)... Best, Rubens ________________________________ This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521. _______________________________________________ Gnso-newgtld-wg-wt4 mailing list Gnso-newgtld-wg-wt4@icann.org<mailto:Gnso-newgtld-wg-wt4@icann.org> https://mm.icann.org/mailman/listinfo/gnso-newgtld-wg-wt4