Hi Gavin, Thanks for the prompt reply. I think we need to understand better what are the potential "associated risks" of publishing Mitigation Plans (including malicious interference). What is that risk exactly? And what are any other perceived risks? Further, what documented criteria would ICANN and the Applicant use to decide this question, and how would that decision be reviewed by anyone else? Thanks, Mike [image: Logo] Mike Rodenbaugh *Rodenbaugh Law LLC* email: mike@rodenbaugh.com phone: +1 (415) 738-8087 On Fri, Jan 10, 2025 at 6:41 AM Gavin Brown <gavin.brown@icann.org> wrote:
Hi Mike,
On 8 Jan 2025, at 16:01, Mike Rodenbaugh via SubPro-IRT < subpro-irt@icann.org> wrote:
We also need to know what documents will be made public, and when, wrt mitigation requirements for particular strings, proposed mitigation plans, ICANN comments on plans, and approved plans.
ICANN org plans to publish the findings of the initial assessment, as was the case in the last round. If a string which undergoes temporary delegation is classified as high-risk as a result, the Technical Review Team (TRT) will produce a report which will be published.
ICANN org’s preference would be for Mitigation Plans to be published by default, but there are risks associated with doing so (such as malicious interference) which must be acknowledged. Our current thinking is that, if approved, Mitigation Plans will be published unless the applicant and ICANN agree that doing so would jeopardize the effectiveness of such plans, in which case, publication would be delayed until after those mitigations have been implemented, and their effectiveness has been confirmed.
Regards,
-- Gavin Brown Principal Engineer, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN)