Tony Finch wrote:
On Sun, 29 Jun 2008, Stephane Bortzmeyer wrote:
I am very curious of what tests a "security-aware programmer" can do, based on the domain name, which will not be possible tomorrow, should ICANN allow a few more TLDs.
It makes the "public suffix list" project harder, but so long as the list of TLDs changes reasonably slowly, it shouldn't become impossible. http://publicsuffix.org/
Tony.
Assuming O(1k) applications, and the numbers ICANN staff were using in February were 300 to 600, with the determining factors (a) existence of subsequent rounds and their temporal offsets, (b) actual application fee, originally guesstimated in the USD 100k range, now twice that, a sort of "self-imposed auction based on pain", or rumor mill run amok, depending on one point of view, and (c) the number of sunspots in the quarter that ICANN actually accepts applications; and application survival rates of 10% to 50% in the evaluation processes; then the root string insertion frequency may be as bounded above by 24 hours on average and below by 168 hours on average. It will be different. I pointed this out in the Registrar Constituency meeting in Paris Tuesday last, that our assumptions about the size of the registrars was already off by more than an order of magnitude, and our assumption about the size of the registries was about to fail as well, and that there were some additional non-scaling reasons to revisit the EPP design. Eric