On Fri, Jun 27, 2008 at 01:32:05PM -0700, Roger Marquis <marquis@roble.com> wrote a message of 22 lines which said:
Security-aware programmers will now be unable to apply even cursory tests for domain name validity.
I am very curious of what tests a "security-aware programmer" can do, based on the domain name, which will not be possible tomorrow, should ICANN allow a few more TLDs. If you test that the TLD exists... it will still work. If you test that the name matches (com|net|org|[a-z]{2}), then you are not what I would call a "security-aware programmer".
requiring valid domain contacts.
ICANN does require valid contacts. And it requires them to be published and sold. So, people lie to protect their privacy. In the world of security, stupid ideas often backfire.
I have to conclude that ICANN has failed, simply failed, and should be returned to the US government.
It never leaved it.