Dear Prof. Kim, All, Here is the relevant text from SSAC's SAC 60 report (https://www.icann.org/en/system/files/files/sac-060-en.pdf), as mentioned during the call today: Recommendation 7: Should ICANN decide to implement safeguards it should seek to distinguish the following two types of failure modes when a user expects a variant to work but it is not implemented: . Denial of service: the user attempts to visit http://example.Y, reading it as being the same Uniform Resource Identifier (URI) as the http://example.X that, for example, he or she saw in an advertisement, but the connection does not work (lookup fails) because Y is either blocked, withheld, or X has no variant at all, and example.Y is not registered. . Misconnection: the user attempts to visit http://example.Y, reading it as being the same URI as the http://example.X that, for example, he or she saw in an advertisement, but arrives at a site controlled by a registrant different to that of example.X. The second case is much more dangerous than the first one. In the first case, the user is frustrated and may conclude that "the Internet does not work," but no serious harm has arisen. The second case is problematic even if this effect is not the result of malicious work on the part of Y's operator or example.Y registrant. Misconnections to a perfectly legitimate site operating at example.Y present issues of possible credential compromise or other accidental disclosure of information in addition to user confusion and frustration. Regards, Sarmad