[At-Large] R: IGO names: is this worth war?

Karl Auerbach karl at cavebear.com
Sat Nov 5 02:08:40 UTC 2016

On 11/4/16 5:48 PM, Evan Leibovitch wrote:
> On 5 November 2016 at 01:14, Karl Auerbach <karl at cavebear.com 
> <mailto:karl at cavebear.com>>wrote:
>     For that purpose they need not come to ICANN for protection; they
>     already have the tools they need - digital certificates from the
>     established certificate authorities around the world.
> ​Funny, that doesn't appear to be sufficient for trademark holders.​
Yeah, I know.  TM lawyers, like most lawyers, are trained to live in the 
past.  Innovation is not something that is favored in the legal profession.

> ​If it was simple as that we wouldn't need clearing houses and 
> adjudication procedures whose resolution isn't done just by algorithm.
It could be.  It is done by our web browsers, often hundreds of times a 
minute, when they track up certificate chains on HTTPS websites and post 
those little colored security status symbols (or complain of self-signed 
>     any consumer can walk up the certificate chain to check that they
>     are chatting with the IGO itself and not a fake.
> ​This is the point at which I stopped reading.​
Yes, walking chains of references is mind numbing, but it what web 
browsers do all the time (as I mentioned, often hundreds of times a 
minute for each separate user's web browser) and also what DNSSEC user 
software can do within milliseconds.

End users, even newcomers, need not deal with this - except to notice 
warning indicators.  This stuff gets built into the software of browsers 
and DNS resolvers.

Far too often that last step of checking is left out - it is a weakness 
of DNSSEC that few users (or the code they use) actually bother to take 
a look at the validity information that the DNSSEC deployment makes 
available.  That's not ICANN's problem; rather it is an example of the 
old notion of bringing the camel to the water but not being able to make 
it drink.

Over the stage at Royce Hall (UCLA) is this saying: "“Education is 
learning to use the /tools/ which the race has found indispensable."

We ought to recognize that in these modern days, public key systems have 
become one of those tools that we have found to be indispensable - and 
we ought to use those tools when they are appropriate.  And when others 
demand that we use weaker, inadequate tools we should say "no".

> Maybe the answer is not completely within ICANN's remit but it 
> absolutely within mandate to maintain trust in the DNS.
IGO name protection is not a DNS issue; it ought to be far outside 
ICANN's scope.  To conclude otherwise is to make ICANN the protector of 
all names, for everyone who expresses a desire for protection - in other 
words the worldwide name cop.  That's would be a massive expansion of an 
already bloated scope.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/at-large/attachments/20161104/49fe7876/attachment.html>

More information about the At-Large mailing list