On Mon, Jan 26, 2015 at 06:45:24PM -0600, Nico Williams wrote: > On Mon, Jan 26, 2015 at 06:08:40PM -0500, John C Klensin wrote: > > While I'm certainly in favor of shaming evildoers, keep two > > things in mind. First, while the number of distinct registry > > operators is much smaller, the number of TLDs may soon exceed > > the number of active CAs. The total number of zones and zone > > administrators probably deserves terms like "astronomical". > > Meh. There may be many new TLDs, but they are looking rather empty and > insignificant. We'll see how it goes for them, but I'm betting on > 'badly'. In any case: it doesn't matter. What matters isn't how many > of these there are, but that the number of unconstrained CAs be low > (which DNS achieves, while the WebPKI does not). As a corollary: more competition by [constrained] TLDs is good because if -say- com. allows too many embarrassing confusable domains to be registered, leading to noticeable and noticed phishing attacks, then perhaps more [new] business will move off it and onto new TLDs. I'm not concerned with this. I'm concerned with making sure that registries have the tools they need to detect and prevent confusable domain registrations [by different owners], and that would-be registrants have the tools they need to determine the confusable risk of their would-be domainnames. As to this, is UTR#39 enough, yes or no? Nico --