Fwd: [Ext] Re: Re: Name Collision

Hi All, Section 3 of this document re Initial Assessment needs to be fleshed out, a lot, please. The prefaces are important: Sec. 1 - The delegation of almost any new generic top-level domain carries some risk of Name Collision... Sec. 2 - Applicants should note that the metrics for an applied-for string are only one of several factors, both quantitative and qualitative in nature, that will be considered when assessing the risk associated with that string. Applicants should not assume that if the datasets indicate a low volume of name collision occurrences that the string will be assessed as safe to be delegated. Then, INITIAL ASSESSMENT: Sec. 3 - Each applied-for string will undergo an initial risk assessment by an expert evaluator using relevant data sets [examples given] ... and additional qualitative evidence data that can help deduce the severity of harm. The purpose of this assessment is to preliminarily identify *high-risk strings*. Strings assessed to be high-risk will be placed on the Collision String List (see Section 5 [docs.google.com] <https://urldefense.com/v3/__https:/docs.google.com/document/d/17VZM1Jx9Waw7q...>) and any applications for these strings will not proceed until a High-Risk String Mitigation Plan has been completed. Initial Assessment will take place following the [String Confirmation Day]. ICANN will publish a report describing the assessment, its methodology, and findings, once completed. ________________ And that's it. This seems incredibly arbitrary on its face, and likely will result in a very significant expense and delay for any application identified as high-risk. So again I have some questions (some repeated, some new)... What specific and objective criteria will be used by the sole "expert evaluator" to decide whether any string is high-risk? How will anyone be a competent expert at this anyway, and how will they be chosen? How will any decision be challenged? How will any Risk Mitigation Plan be monitored if it is kept secret by ICANN? What really is the risk of undetectable malicious interference, which is the only purported reason to keep these Plans secret? Also, 3 months to come up with an acceptable Risk Mitigation Plan may not be enough. There appears to be very few people who understand any of this, much less can competently come up with a plan acceptable to whatever panel of experts ICANN hires, based on who knows what criteria. Those few people are likely to be in very high demand. There needs to be either a longer deadline, or at least an opportunity for an extension if applicant is making reasonable efforts towards developing a Plan. [image: Image removed by sender. Logo] *Mike Rodenbaugh* *Rodenbaugh Law LLC* *email:* mike@rodenbaugh.com *phone:* +1 (415) 738-8087 On Tue, Jan 14, 2025 at 10:15 AM Elisa Busetto via SubPro-IRT < subpro-irt@icann.org> wrote: Hi everybody, We have updated the Name Collision language [docs.google.com] <https://urldefense.com/v3/__https:/docs.google.com/document/d/17VZM1Jx9Waw7q...> based on your feedback and will go through the changes during meeting #104 <https://community.icann.org/x/UACcG>. Best, Elisa *From: *Elisa Busetto <elisa.busetto@icann.org> *Date: *Wednesday, 8 January 2025 at 10:39 *To: *"subpro-irt@icann.org" <subpro-irt@icann.org> *Subject: *Name Collision Dear all, Happy New Year! Please find the proposed language [docs.google.com] <https://urldefense.com/v3/__https:/docs.google.com/document/d/17VZM1Jx9Waw7q...> for Topic 29: Name Collision, which we will discuss today <https://community.icann.org/x/BgBWGQ>, 8 January at 13:00 UTC. Best regards, Elisa _______________________________________________ SubPro-IRT mailing list -- subpro-irt@icann.org To unsubscribe send an email to subpro-irt-leave@icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

Hi Mike, I’ve consolidated answers to your questions into a single email, responses below. From your first email:
Would there not always be a "reasonable likelihood of manipulation"?
The forms of manipulation contemplated by the NCAP Study 2 report are non-trivial to implement, in terms of time, effort and resources, so we expect it to be rare and likely detectable. The burden of proof would be on the applicant.
On 15 Jan 2025, at 14:44, Mike Rodenbaugh via SubPro-IRT <subpro-irt@icann.org> wrote:
Hi All, Section 3 of this document re Initial Assessment needs to be fleshed out, a lot, please. The prefaces are important:
[text from AGB module elided]
And that's it. This seems incredibly arbitrary on its face, and likely will result in a very significant expense and delay for any application identified as high-risk. So again I have some questions (some repeated, some new)... What specific and objective criteria will be used by the sole "expert evaluator" to decide whether any string is high-risk?
ICANN org plans to publish separate documents describing the assessment criteria and methodology for the initial assessment, temporary delegation reviews, and mitigation plan reviews. These documents will be developed in a similar manner as the String Similarity Review Guidelines. We'll update the AGB module to make reference to these documents.
How will anyone be a competent expert at this anyway, and how will they be chosen?
ICANN org plans to issue Request For Proposal(s) to select vendor(s) for the initial assessment and mitigation plan reviews. The RFPs will require that bidders demonstrate the appropriate knowledge and expertise.
How will any decision be challenged?
The revised AGB text includes details on challenges to mitigation plan review decisions that are uniform with the approaches taken in other AGB modules.
How will any Risk Mitigation Plan be monitored if it is kept secret by ICANN? What really is the risk of undetectable malicious interference, which is the only purported reason to keep these Plans secret?
Mitigation Plans won’t be kept secret - their publication will only be postponed. As mentioned above, that postponement will only be agreed if the applicant can demonstrate a reasonable likelihood that there will be manipulation or other reasonable need. The effectiveness of mitigation plans can be determined without them being published, since the technical measurements (such as those that will be available through the Name Collision Observatory) will remain available for review, both by ICANN and the wider community.
Also, 3 months to come up with an acceptable Risk Mitigation Plan may not be enough. There appears to be very few people who understand any of this, much less can competently come up with a plan acceptable to whatever panel of experts ICANN hires, based on who knows what criteria. Those few people are likely to be in very high demand. There needs to be either a longer deadline, or at least an opportunity for an extension if applicant is making reasonable efforts towards developing a Plan.
That’s acknowledged. We had contemplated allowing a 3-month extension. The next update to the AGB module will include this. Gavin. -- Gavin Brown Principal Engineer, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN) https://www.icann.org

Thanks Gavin, this is much appreciated. However, my question -- "How will any decision be challenged?" was referring to the Initial Assessment. If the evaluator finds a high risk, how can that decision be challenged? [image: Logo] Mike Rodenbaugh *Rodenbaugh Law LLC* email: mike@rodenbaugh.com phone: +1 (415) 738-8087 On Fri, Jan 17, 2025 at 7:01 AM Gavin Brown <gavin.brown@icann.org> wrote:
Hi Mike,
I’ve consolidated answers to your questions into a single email, responses below.
From your first email:
Would there not always be a "reasonable likelihood of manipulation"?
The forms of manipulation contemplated by the NCAP Study 2 report are non-trivial to implement, in terms of time, effort and resources, so we expect it to be rare and likely detectable. The burden of proof would be on the applicant.
On 15 Jan 2025, at 14:44, Mike Rodenbaugh via SubPro-IRT < subpro-irt@icann.org> wrote:
Hi All, Section 3 of this document re Initial Assessment needs to be fleshed out, a lot, please. The prefaces are important:
[text from AGB module elided]
And that's it. This seems incredibly arbitrary on its face, and likely will result in a very significant expense and delay for any application identified as high-risk. So again I have some questions (some repeated, some new)... What specific and objective criteria will be used by the sole "expert evaluator" to decide whether any string is high-risk?
ICANN org plans to publish separate documents describing the assessment criteria and methodology for the initial assessment, temporary delegation reviews, and mitigation plan reviews. These documents will be developed in a similar manner as the String Similarity Review Guidelines. We'll update the AGB module to make reference to these documents.
How will anyone be a competent expert at this anyway, and how will they be chosen?
ICANN org plans to issue Request For Proposal(s) to select vendor(s) for the initial assessment and mitigation plan reviews. The RFPs will require that bidders demonstrate the appropriate knowledge and expertise.
How will any decision be challenged?
The revised AGB text includes details on challenges to mitigation plan review decisions that are uniform with the approaches taken in other AGB modules.
How will any Risk Mitigation Plan be monitored if it is kept secret by ICANN? What really is the risk of undetectable malicious interference, which is the only purported reason to keep these Plans secret?
Mitigation Plans won’t be kept secret - their publication will only be postponed. As mentioned above, that postponement will only be agreed if the applicant can demonstrate a reasonable likelihood that there will be manipulation or other reasonable need.
The effectiveness of mitigation plans can be determined without them being published, since the technical measurements (such as those that will be available through the Name Collision Observatory) will remain available for review, both by ICANN and the wider community.
Also, 3 months to come up with an acceptable Risk Mitigation Plan may not be enough. There appears to be very few people who understand any of this, much less can competently come up with a plan acceptable to whatever panel of experts ICANN hires, based on who knows what criteria. Those few people are likely to be in very high demand. There needs to be either a longer deadline, or at least an opportunity for an extension if applicant is making reasonable efforts towards developing a Plan.
That’s acknowledged. We had contemplated allowing a 3-month extension. The next update to the AGB module will include this.
Gavin.
-- Gavin Brown Principal Engineer, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN)

Hi Mike, apologies for the delay in responding.
On 17 Jan 2025, at 17:01, Mike Rodenbaugh <mike@rodenbaugh.com> wrote:
Thanks Gavin, this is much appreciated. However, my question -- "How will any decision be challenged?" was referring to the Initial Assessment. If the evaluator finds a high risk, how can that decision be challenged?
There is no challenge mechanism for individual strings, but the external evaluator will produce a report outlining its methodology and findings, which will undergo Public Comment. Gavin. -- Gavin Brown Principal Engineer, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN) https://www.icann.org

Hi Gavin, thanks for clarifying. Personally I find that answer very unsatisfactory, because the impact on the applicant will be very severe, and there is no clarity at this point as to what criteria the evaluator will consider and what guidelines they will have in applying those criteria. [image: Logo] Mike Rodenbaugh *Rodenbaugh Law LLC* email: mike@rodenbaugh.com phone: +1 (415) 738-8087 On Tue, Jan 28, 2025 at 9:12 AM Gavin Brown <gavin.brown@icann.org> wrote:
Hi Mike, apologies for the delay in responding.
On 17 Jan 2025, at 17:01, Mike Rodenbaugh <mike@rodenbaugh.com> wrote:
Thanks Gavin, this is much appreciated. However, my question -- "How will any decision be challenged?" was referring to the Initial Assessment. If the evaluator finds a high risk, how can that decision be challenged?
There is no challenge mechanism for individual strings, but the external evaluator will produce a report outlining its methodology and findings, which will undergo Public Comment.
Gavin.
-- Gavin Brown Principal Engineer, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN)

Mike, You can look at all the NCAP transcripts for source material beyond what’s already written in the NCAP report, to get a better idea of what is likely to happen at such an evaluation. But in short, what you are asking is unfeasible due to the nature of the phenomenon. While this is not related to the number of devices on the Internet (currently nearing 20 billion), this is related to the number of device types (maker, model, version) and different configurations of such devices. It’s a matrix that easily gets to the millions range. Rubens
Em 28 de jan. de 2025, à(s) 17:31, Mike Rodenbaugh via SubPro-IRT <subpro-irt@icann.org> escreveu:
Hi Gavin, thanks for clarifying. Personally I find that answer very unsatisfactory, because the impact on the applicant will be very severe, and there is no clarity at this point as to what criteria the evaluator will consider and what guidelines they will have in applying those criteria.
Mike Rodenbaugh
Rodenbaugh Law LLC email: mike@rodenbaugh.com <mailto:mike@rodenbaugh.com> phone: +1 (415) 738-8087
On Tue, Jan 28, 2025 at 9:12 AM Gavin Brown <gavin.brown@icann.org <mailto:gavin.brown@icann.org>> wrote:
Hi Mike, apologies for the delay in responding.
On 17 Jan 2025, at 17:01, Mike Rodenbaugh <mike@rodenbaugh.com <mailto:mike@rodenbaugh.com>> wrote:
Thanks Gavin, this is much appreciated. However, my question -- "How will any decision be challenged?" was referring to the Initial Assessment. If the evaluator finds a high risk, how can that decision be challenged?
There is no challenge mechanism for individual strings, but the external evaluator will produce a report outlining its methodology and findings, which will undergo Public Comment.
Gavin.
-- Gavin Brown Principal Engineer, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN)
_______________________________________________ SubPro-IRT mailing list -- subpro-irt@icann.org To unsubscribe send an email to subpro-irt-leave@icann.org
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

Hi Rubens, I do not understand why you think it is unfeasible for an Applicant to be able to challenge the evaluator's decision. No matter how complicated is the analysis or decision, it must be subject to challenge at least under some circumstances, e.g. the evaluator did not apply the criteria correctly, or had a conflict of interest, etc. [image: Logo] Mike Rodenbaugh *Rodenbaugh Law LLC* email: mike@rodenbaugh.com phone: +1 (415) 738-8087 On Tue, Jan 28, 2025 at 12:58 PM Rubens Kuhl via SubPro-IRT < subpro-irt@icann.org> wrote:
Mike,
You can look at all the NCAP transcripts for source material beyond what’s already written in the NCAP report, to get a better idea of what is likely to happen at such an evaluation.
But in short, what you are asking is unfeasible due to the nature of the phenomenon. While this is not related to the number of devices on the Internet (currently nearing 20 billion), this is related to the number of device types (maker, model, version) and different configurations of such devices. It’s a matrix that easily gets to the millions range.
Rubens
Em 28 de jan. de 2025, à(s) 17:31, Mike Rodenbaugh via SubPro-IRT < subpro-irt@icann.org> escreveu:
Hi Gavin, thanks for clarifying. Personally I find that answer very unsatisfactory, because the impact on the applicant will be very severe, and there is no clarity at this point as to what criteria the evaluator will consider and what guidelines they will have in applying those criteria.
[image: Logo] Mike Rodenbaugh
*Rodenbaugh Law LLC*
email: mike@rodenbaugh.com phone: +1 (415) 738-8087
On Tue, Jan 28, 2025 at 9:12 AM Gavin Brown <gavin.brown@icann.org> wrote:
Hi Mike, apologies for the delay in responding.
On 17 Jan 2025, at 17:01, Mike Rodenbaugh <mike@rodenbaugh.com> wrote:
Thanks Gavin, this is much appreciated. However, my question -- "How will any decision be challenged?" was referring to the Initial Assessment. If the evaluator finds a high risk, how can that decision be challenged?
There is no challenge mechanism for individual strings, but the external evaluator will produce a report outlining its methodology and findings, which will undergo Public Comment.
Gavin.
-- Gavin Brown Principal Engineer, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN)
_______________________________________________ SubPro-IRT mailing list -- subpro-irt@icann.org To unsubscribe send an email to subpro-irt-leave@icann.org
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ SubPro-IRT mailing list -- subpro-irt@icann.org To unsubscribe send an email to subpro-irt-leave@icann.org
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

Mike, I was referring to "no clarity at this point as to what criteria the evaluator will consider and what guidelines they will have in applying those criteria.” . Not to whether this specific decision can be challenged with the limited appeal mechanism or not. Rubens
Em 28 de jan. de 2025, à(s) 19:10, Mike Rodenbaugh <mike@rodenbaugh.com> escreveu:
Hi Rubens, I do not understand why you think it is unfeasible for an Applicant to be able to challenge the evaluator's decision. No matter how complicated is the analysis or decision, it must be subject to challenge at least under some circumstances, e.g. the evaluator did not apply the criteria correctly, or had a conflict of interest, etc.
Mike Rodenbaugh
Rodenbaugh Law LLC email: mike@rodenbaugh.com <mailto:mike@rodenbaugh.com> phone: +1 (415) 738-8087
On Tue, Jan 28, 2025 at 12:58 PM Rubens Kuhl via SubPro-IRT <subpro-irt@icann.org <mailto:subpro-irt@icann.org>> wrote:
Mike,
You can look at all the NCAP transcripts for source material beyond what’s already written in the NCAP report, to get a better idea of what is likely to happen at such an evaluation.
But in short, what you are asking is unfeasible due to the nature of the phenomenon. While this is not related to the number of devices on the Internet (currently nearing 20 billion), this is related to the number of device types (maker, model, version) and different configurations of such devices. It’s a matrix that easily gets to the millions range.
Rubens
Em 28 de jan. de 2025, à(s) 17:31, Mike Rodenbaugh via SubPro-IRT <subpro-irt@icann.org <mailto:subpro-irt@icann.org>> escreveu:
Hi Gavin, thanks for clarifying. Personally I find that answer very unsatisfactory, because the impact on the applicant will be very severe, and there is no clarity at this point as to what criteria the evaluator will consider and what guidelines they will have in applying those criteria.
Mike Rodenbaugh
Rodenbaugh Law LLC email: mike@rodenbaugh.com <mailto:mike@rodenbaugh.com> phone: +1 (415) 738-8087
On Tue, Jan 28, 2025 at 9:12 AM Gavin Brown <gavin.brown@icann.org <mailto:gavin.brown@icann.org>> wrote:
Hi Mike, apologies for the delay in responding.
On 17 Jan 2025, at 17:01, Mike Rodenbaugh <mike@rodenbaugh.com <mailto:mike@rodenbaugh.com>> wrote:
Thanks Gavin, this is much appreciated. However, my question -- "How will any decision be challenged?" was referring to the Initial Assessment. If the evaluator finds a high risk, how can that decision be challenged?
There is no challenge mechanism for individual strings, but the external evaluator will produce a report outlining its methodology and findings, which will undergo Public Comment.
Gavin.
-- Gavin Brown Principal Engineer, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN)
_______________________________________________ SubPro-IRT mailing list -- subpro-irt@icann.org <mailto:subpro-irt@icann.org> To unsubscribe send an email to subpro-irt-leave@icann.org <mailto:subpro-irt-leave@icann.org>
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ SubPro-IRT mailing list -- subpro-irt@icann.org <mailto:subpro-irt@icann.org> To unsubscribe send an email to subpro-irt-leave@icann.org <mailto:subpro-irt-leave@icann.org>
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

Hi Mike, The evaluation criteria for the initial assessment will be published as a separate document, in the same way that the criteria for string similarity were (and the criteria for temporary delegation and mitigation plan review will be). This document will be brought to the IRT for review, and will also go through a Public Comment period. Gavin.
On 28 Jan 2025, at 20:31, Mike Rodenbaugh <mike@rodenbaugh.com> wrote:
Hi Gavin, thanks for clarifying. Personally I find that answer very unsatisfactory, because the impact on the applicant will be very severe, and there is no clarity at this point as to what criteria the evaluator will consider and what guidelines they will have in applying those criteria.
Mike Rodenbaugh
Rodenbaugh Law LLC email: mike@rodenbaugh.com phone: +1 (415) 738-8087
On Tue, Jan 28, 2025 at 9:12 AM Gavin Brown <gavin.brown@icann.org> wrote: Hi Mike, apologies for the delay in responding.
On 17 Jan 2025, at 17:01, Mike Rodenbaugh <mike@rodenbaugh.com> wrote:
Thanks Gavin, this is much appreciated. However, my question -- "How will any decision be challenged?" was referring to the Initial Assessment. If the evaluator finds a high risk, how can that decision be challenged?
There is no challenge mechanism for individual strings, but the external evaluator will produce a report outlining its methodology and findings, which will undergo Public Comment.
Gavin.
-- Gavin Brown Principal Engineer, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN)
-- Gavin Brown Principal Engineer, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN) https://www.icann.org

Please help advise what are SubPro recommendations on string listing on the Collision String List. More specifically, would the applicant get a refund at this point (i.e. initial assessment) if it chose not to proceed with developing a mitigation plan ? Following up on the "data sources" of the DITL traffic for non-existing TLDs -- if ICANN chose not to disclose the data sources for any reasons, what about letting the public know the geo-diversity (5 regions or country specific), end-point type (fixed / mobile / browser ) , communication type (TCP / UDP) , etc.. This would help us build higher confidence in the NCO data / mechanism. Thanks! Ching Thanks! "Then, INITIAL ASSESSMENT: Sec. 3 - Each applied-for string will undergo an initial risk assessment by an expert evaluator using relevant data sets [examples given] ... and additional qualitative evidence data that can help deduce the severity of harm. The purpose of this assessment is to preliminarily identify *high-risk strings*. Strings assessed to be high-risk will be placed on the Collision String List (see Section 5 [docs.google.com] <https://urldefense.com/v3/__https:/docs.google.com/document/d/17VZM1Jx9Waw7q...>) and any applications for these strings will not proceed until a High-Risk String Mitigation Plan has been completed." On Wed, Jan 15, 2025 at 9:45 AM Mike Rodenbaugh via SubPro-IRT < subpro-irt@icann.org> wrote:
Hi All,
Section 3 of this document re Initial Assessment needs to be fleshed out, a lot, please.
The prefaces are important:
Sec. 1 - The delegation of almost any new generic top-level domain carries some risk of Name Collision...
Sec. 2 - Applicants should note that the metrics for an applied-for string are only one of several factors, both quantitative and qualitative in nature, that will be considered when assessing the risk associated with that string. Applicants should not assume that if the datasets indicate a low volume of name collision occurrences that the string will be assessed as safe to be delegated.
Then, INITIAL ASSESSMENT:
Sec. 3 - Each applied-for string will undergo an initial risk assessment by an expert evaluator using relevant data sets [examples given] ... and additional qualitative evidence data that can help deduce the severity of harm. The purpose of this assessment is to preliminarily identify *high-risk strings*. Strings assessed to be high-risk will be placed on the Collision String List (see Section 5 [docs.google.com] <https://urldefense.com/v3/__https:/docs.google.com/document/d/17VZM1Jx9Waw7q...>) and any applications for these strings will not proceed until a High-Risk String Mitigation Plan has been completed.
Initial Assessment will take place following the [String Confirmation Day]. ICANN will publish a report describing the assessment, its methodology, and findings, once completed.
________________
And that's it. This seems incredibly arbitrary on its face, and likely will result in a very significant expense and delay for any application identified as high-risk. So again I have some questions (some repeated, some new)...
What specific and objective criteria will be used by the sole "expert evaluator" to decide whether any string is high-risk? How will anyone be a competent expert at this anyway, and how will they be chosen? How will any decision be challenged? How will any Risk Mitigation Plan be monitored if it is kept secret by ICANN? What really is the risk of undetectable malicious interference, which is the only purported reason to keep these Plans secret?
Also, 3 months to come up with an acceptable Risk Mitigation Plan may not be enough. There appears to be very few people who understand any of this, much less can competently come up with a plan acceptable to whatever panel of experts ICANN hires, based on who knows what criteria. Those few people are likely to be in very high demand. There needs to be either a longer deadline, or at least an opportunity for an extension if applicant is making reasonable efforts towards developing a Plan.
[image: Image removed by sender. Logo]
*Mike Rodenbaugh*
*Rodenbaugh Law LLC*
*email:*
mike@rodenbaugh.com
*phone:*
+1 (415) 738-8087
On Tue, Jan 14, 2025 at 10:15 AM Elisa Busetto via SubPro-IRT < subpro-irt@icann.org> wrote:
Hi everybody,
We have updated the Name Collision language [docs.google.com] <https://urldefense.com/v3/__https:/docs.google.com/document/d/17VZM1Jx9Waw7q...> based on your feedback and will go through the changes during meeting #104 <https://community.icann.org/x/UACcG>.
Best,
Elisa
*From: *Elisa Busetto <elisa.busetto@icann.org> *Date: *Wednesday, 8 January 2025 at 10:39 *To: *"subpro-irt@icann.org" <subpro-irt@icann.org> *Subject: *Name Collision
Dear all, Happy New Year!
Please find the proposed language [docs.google.com] <https://urldefense.com/v3/__https:/docs.google.com/document/d/17VZM1Jx9Waw7q...> for Topic 29: Name Collision, which we will discuss today <https://community.icann.org/x/BgBWGQ>, 8 January at 13:00 UTC.
Best regards,
Elisa
_______________________________________________ SubPro-IRT mailing list -- subpro-irt@icann.org To unsubscribe send an email to subpro-irt-leave@icann.org
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ SubPro-IRT mailing list -- subpro-irt@icann.org To unsubscribe send an email to subpro-irt-leave@icann.org
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

Hi Ching, my apologies for the delay in responding.
On 17 Jan 2025, at 15:04, Ching Chiao via SubPro-IRT <subpro-irt@icann.org> wrote:
Please help advise what are SubPro recommendations on string listing on the Collision String List. More specifically, would the applicant get a refund at this point (i.e. initial assessment) if it chose not to proceed with developing a mitigation plan ?
Refunds will be discussed in the module on fees, which I believe is due to be discussed in an upcoming IRT meeting.
Following up on the "data sources" of the DITL traffic for non-existing TLDs -- if ICANN chose not to disclose the data sources for any reasons, what about letting the public know the geo-diversity (5 regions or country specific), end-point type (fixed / mobile / browser ) , communication type (TCP / UDP) , etc.. This would help us build higher confidence in the NCO data / mechanism.
The NCO will not store or generate this sort of data, but it should be noted that the NCO will not be the sole source of data used for the initial assessment. DITL is an example of the sorts of data sources that will be used. DITL could be used to generate statistics on the geographic dispersal of queries, for example, but I don't think it could be used to generate data on end-point type, since that information is not present in (nor can be inferred from) DITL data. Regards. -- Gavin Brown Principal Engineer, Global Domains & Strategy Internet Corporation for Assigned Names and Numbers (ICANN) https://www.icann.org
participants (4)
-
Ching Chiao
-
Gavin Brown
-
Mike Rodenbaugh
-
Rubens Kuhl