SSAC

media.giphy.com

media.giphy.com

www.icann.org

SSAC just released SAC-101 "SSAC Advisory Regarding Access to Domain Name Registration Data"

This is an advisory from the ICANN Security and Stability Advisory Committee (SSAC) about access to domain name registration data and Registration Data Directory Services (RDDS).

Reliable, consistent, and predictable access to domain name registration data (via Registration Data Directory Services, or RDDS) is essential for a variety of legitimate purposes, especially the identification and mitigation of various types of Internet abuse and technical problems. In recent years, access to the data by those who have a legitimate need for it has been diminished, and availability is more constrained and more restricted than ever. This has happened for two main reasons: new legal and policy developments, and an operational practice known as rate limiting. These developments represent a shift in the abuse detection and mitigation landscape. The ability of security practitioners and law enforcement to detect and mitigate cybercrime and DNS abuse has been negatively affected, and the current situation is imposing greater operational and administrative burdens on those defenders. This in turn impairs the general usability and trustworthiness of the Domain Name System (DNS) and the Internet. This document describes the results of SSAC’s extended deliberation on RDDS access issues and offers recommendations for how to move forward.

https://www.icann.org/en/system/files/files/sac-101-en.pdf

www.icann.org

Draft Project Plan for the Proposed Name Collision Analysis Project (NCAP) - ICANN

The Draft Project Plan for the Proposed Name Collision Analysis Project (NCAP) was just made public.

The proposed Name Collision Analysis Project (NCAP) project plan has been drafted by the ICANN Security and Stability Advisory Committee (SSAC). It details their proposed approach for studying name collision in response to the ICANN Board's request in resolutions 2017.11.02.29 - 2017.11.02.31. The proposed SSAC study is intended to facilitate the development of policy on Collision Strings to mitigate potential harm to the stability and security of the DNS posed by delegation of such strings. The SSAC seeks community input on the project plan before it is finalized and SSAC consensus is reached for submission to the Board for approval and project kick-off.

The comment period closes on March 16.

https://www.icann.org/public-comments/ncap-project-plan-2018-03-02-en

Draft Project Plan for the Proposed Name Collision Analysis Project (NCAP) - ICANN Draft Project Plan for the Proposed Name Collision Analysis Project (NCAP)Open Date2 Mar 2018 23:59 UTCClose Date18 Apr 2018 23:59 UTCStaff Report Due16 May 2018 23:59 UTCComments close in 46 DaysFollow UpdatesView CommentsSubmit CommentOriginating OrganizationSecurity and Stability Advisory Commit....

www.icann.org

SSAC just released SAC-100, "SSAC Response to the New gTLD Subsequent Procedures Policy Development Process Working Group Request Regarding Root Scaling".

It is a response to a number of questions from the Policy Development Process Working Group on New gTLD Subsequent Procedures.

The SSAC recommendations in this document are:

Recommendation (1) : ICANN should continue developing the monitoring and early warning capability with respect to root zone scaling.

Recommendation (2): ICANN should focus on the rate of change for the root zone, rather than the total number of delegated strings for a given calendar year.

Recommendation (3): ICANN should structure its obligations to new gTLD registries so that it can delay their addition to the root zone in case of DNS service instabilities.

Recommendation (4): ICANN should investigate and catalog the long term obligations of maintaining a larger root zone.

https://www.icann.org/en/system/files/files/sac-100-en.pdf

www.icann.org

www.icann.org

SSAC Released SAC-097 "SSAC Advisory Regarding the Centralized Zone Data Service (CZDS) and Registry Operator Monthly Activity Reports"

Top level domain (TLD) zone files are vital resources for performing Domain Name System (DNS) research, security research, and anti-abuse operations. The stated goals of the Centralized Zone Data Service (CZDS) program were standardization and easy, reliable operations for participants who have a requirement to access these zone files.

This advisory recommends improvements of the CZDS Program.

https://www.icann.org/en/system/files/files/sac-097-en.pdf

www.icann.org

www.icann.org

SSAC releases SAC-095 - SSAC Advisory on the Use of Emoji in Domain Names

In summary:

- Because the risks identified in the Advisory cannot be adequately mitigated without significant changes to Unicode or IDNA (or both), the SSAC recommends that the ICANN Board reject any TLD (root zone label) that includes emoji.

- Because the risks identified in the Advisory cannot be adequately mitigated without significant changes to Unicode or IDNA (or both), the SSAC strongly discourages the registration of any domain name that includes emoji in any of its labels. The SSAC also advises registrants of domain names with emoji that such domains may not function consistently or may not be universally accessible as expected.

https://www.icann.org/en/system/files/files/sac-095-en.pdf

www.icann.org

SSAC releases SAC-092 « stupid.domain.name

SSAC just sent a letter to the CCWG WS 2, working group on human rights. The document is SAC-092, but will not be on the SSAC web page until after the ICANN meeting in Copenhagen. You can though access the document here in the mean time.

https://stupid.domain.name/node/1948

SSAC releases SAC-092 « stupid.domain.name I am employed by Netnod as head of engineering, research and development and am among other things chair of the Security and Stability Advisory Committee at ICANN. You can find CV and photos of me at this page.

SSAC have reappointed Russ Mundy as liaison to the RSSAC.

SSAC has released SAC-091, SSAC Comment on Identifier Technology Health Indicators.

The SSAC has reviewed the presentation on Identifier Technology Health Indicators (ITHI) and provides this response to the Call for Public Comments on “the description of five diseases that could affect the health of the name part of the system of unique Internet
identifiers.

The advice is 1,5 pages long and because of that it will not be summarized here.

https://www.icann.org/en/system/files/files/sac-091-en.pdf

SSAC has released SAC-090: "SSAC Advisory on the Stability of the Domain Namespace (22 December 2016)"

This advisory is concerned only with the risks to security and stability that arise from ambiguity in the use of the domain namespace. Because no one owns (or can own) the domain namespace, and programmers and network managers cannot be prevented from creating their own names and naming scopes, these risks arise regardless of how policy debates about authority or oversight are resolved. Therefore, the observations and recommendations in this advisory are directed at mitigating clearly identified risks and developing policies that provide practical guidance to software and system developers, rather than debating whether or not private network operators should use the domain namespace, or who (if anyone) should have the authority to declare and enforce exclusive uses for specific individual domain name labels or categories of labels.

https://www.icann.org/en/system/files/files/sac-090-en.pdf

SSAC has released SAC-088 ("SSAC Response to ccNSO Comments on SAC-084 (06 November 2016)") and SAC-089 (SSAC Response to ccNSO Comments on SAC-084 (12 December 2016)")

Both are responses to a letter SSAC received from CCNSO that contained a number of questions related to SAC-084.

The first response SAC-088 was created within a few days during the ICANN meeting in Hyderabad, and in that SSAC asked for a 4 week period to write a complete response. Later SSAC asked for an additional week for a response. The final response can be found as SAC-089.

https://www.icann.org/en/system/files/files/sac-088-en.pdf
https://www.icann.org/en/system/files/files/sac-089-en.pdf

Steve Crocker, Patrik Fältström and I just wrote a piece that pushes back strongly against the inaccurate and misleading article posted on The Hill magazine earlier today regarding , and the Transition.

http://thehill.com/blogs/congress-blog/technology/297035-opposition-gets-facts-wrong-on-icanns-security-committee-and?__prclt=JFbI3iNS

SSAC has released SAC-084: "SSAC Comments on Guidelines for the Extended Process Similarity Review Panel for the IDN ccTLD Fast Track Process"

The recommendation in the report reads: "The SSAC recommends that the ICANN Board not accept the proposed guidelines for the EPSRP, as those guidelines represent a threat to the security and stability of the DNS. The Board should request a review of the EPSRP to determine why its proposed guidelines do not respect the principles of conservativism, inclusion, and stability."

www.icann.org

SSAC has released SAC-083: "SSAC Comment on Proposed Amendments to Base New gTLD Registry Agreement".

At the end of this short document SSAC says:

"The SSAC strongly believes that the current relevant text in Exhibit A under “Approved Services” should be deleted to remove this unintended ambiguity and replaced with a straight-forward declaration that dotless domains are prohibited in new gTLDs. It would seem appropriate that the prohibition of dotless domains be as explicit as the “Wildcarding Prohibition” in Specification 6 Section 2.2,9 perhaps by creating a Section 2.3 that explicitly details the “Dotless Domain Prohibition” with the same level of attention as wildcarding. This change would properly memorialize the issue, and would be both consistent with ICANN statements on the matter and precisely in line with the NGPC Resolution on this matter."

Read the full text here:https://www.icann.org/en/system/files/files/sac-083-en.pdf

www.icann.org

www.icann.org

SSAC has released SAC-082: " SSAC Response to the Request for Advice Relating to the 2012 New Generic Top Level Domain (gTLD) Round", and the very short letter which is the response to a question by the New gTLD Subsequent Procedures PDP WG (lead by Avri Doria, Jeff Neuman and Stephen Coates -- hope I got the links right) ends with:

Several SSAC reports and advisories consider topics or issues related to new TLDs, such as SAC045, SAC062, and SAC066 in relation to domain collision issues. You can review a list of our publications here as an indexed list and also by category.

The SSAC is looking forward to reviewing Working Group documents as the work progresses and also is prepared to answer specific questions as needed for the Working Group’s deliberations.

https://www.icann.org/en/system/files/files/sac-082-en.pdf

www.icann.org

www.icann.org

SSAC has released SAC-081: "SSAC Response to Request for Input on Next Generation gTLD RDS to Replace WHOIS Policy Development Process (PDP)"

On May 11 2016, the working group requested input to better inform the policy development process. In SAC-081 you find SSAC's response.

https://www.icann.org/en/system/files/files/sac-081-en.pdf

www.icann.org

www.icann.org

SSAC has released SAC-080: "SSAC Approval of CCWG-Accountability Supplemental Final Proposal on Work Stream 1 Recommendations"

The document only consists of the following statement:

The Security and Stability Advisory Committee (SSAC), in its capacity as a Chartering Organization of the ICANN Cross-Community Working Group on Accountability, received an invitation on 23 February 2016 to consider and approve the Working Group’s Supplemental Final Proposal on Work Stream 1 Recommendations.

The SSAC, having duly considered it, hereby approves the Supplemental Final Proposal and congratulates the Working Group on its accomplishment.


https://www.icann.org/en/system/files/files/sac-080-en.pdf

www.icann.org

www.icann.org

SSAC has released SAC-079: "SSAC Advisory on the Changing Nature of IPv4 Address Semantics".

In this advisory, the SSAC considers the changing role of Internet Protocol Version 4 (IPv4) addresses caused by the increasing scarcity, and subsequent exhaustion, of IPv4 addresses. The exhaustion of the IPv4 address supply has been predicted since the end of the 1980s. However, the large scale adoption of mobile devices and their associated IPv4 addressing needs accelerated the exhaustion timetable, and placed increased pressure on network operators to conserve IPv4 addresses. This pressure has resulted in a marked increase in the use of Network Address Translation (NAT) technologies, altering the attributability characteristics of IPv4 addresses, and requiring changes to their interpretation by parties wishing to use them as endpoint identifiers.

The report include three implications and two recommendations.

https://www.icann.org/en/system/files/files/sac-079-en.pdf

www.icann.org

www.icann.org

SSAC has released SAC-078: "SSAC Advisory on Uses of the Shared Global Domain Name Space".

Summary is at the end of this one-page advisory: "The purpose of this Advisory is to inform the ICANN Board and Community that SSAC has formed a work party to investigate the implications of this work as it pertains to the security and stability of the DNS. This work party will study the security and stability issues associated with multiple uses of the domain name space, including those outlined above."

https://www.icann.org/en/system/files/files/sac-078-en.pdf

www.icann.org

www.icann.org

SSAC has released SAC-077: "SSAC Comment on gTLD Marketplace Health Index Proposal"

SSAC in this document comments on the gTLD Marketplace Health Index Proposal that was in the Public Comment Forum that opened on 17 November 2015 and was scheduled to close on 22 January 2016.

SSAC bring up five different issues and concludes:

"We encourage ICANN to take a step back from what existing data is available and consider how best to inform the larger community, especially consumers, with respect to the security and stability of the DNS marketplace."

https://www.icann.org/en/system/files/files/sac-077-en.pdf

www.icann.org

forum.icann.org

SSAC just released SAC-076 "SSAC Comment on the CCWG-Accountability 3rd Draft Proposal"

It is so fresh it is not yet available on the web page with SSAC documents, but it can be found in the list of submitted comments on the CCWG report:

http://forum.icann.org/lists/comments-draft-ccwg-accountability-proposal-30nov15/pdf3aiAu94RjR.pdf

forum.icann.org

www.icann.org

SSAC just released SAC-075 "SSAC Comments to ITU-D on Establishing New Certification Authorities" which is a response on a liaison SSAC received from ITU-D.

It is a short letter, 1.5 pages long, which everyone interested in CA's and related issues should read as a whole.

As a teaser (to make you interested in reading the 1.5 pages) I give you the conclusion which is:

We see a future in global trust tethered to the global name space and secured with DNSSEC as a better approach than solely secured with the multitude of root CAs that exist today. Thus, the SSAC believes standards based on DANE, possibly in combination with independent industry-developed solutions such as Certificate Transparency, are the future.

As such, we encourage interested parties to cooperate closely with the CA/Browser (CAB) Forum6 and Internet Engineering Task Force (IETF).

https://www.icann.org/en/system/files/files/sac-075-en.pdf

www.icann.org

www.icann.org

SSAC just released SAC-074 "SSAC Advisory on Registrant Protection: Best Practices for Preserving Security and Stability in the Credential Management Lifecycle".

Recommendations:

Recommendation 1: As part of regular reports, the ICANN Compliance Department should publish data about the security breaches that registrars have reported in accordance with the 2013 Registration Accreditation Agreement (RAA), paragraph 3.20.

Recommendation 2: A provision similar to 2013 RAA paragraph 3.20 should be incorporated into all future registry contracts, with similar statistics published as per Recommendation 1 above.

Recommendation 3: Future RAA deliberations should encourage stronger authentication practices, specifically the use of multi-factor authentication.

Recommendation 4: The ICANN Board should direct ICANN staff to facilitate global hands-on training programs for registrars and registries based on the best practices outlined in Section 6 of this document, with the goal to enable parties to learn practical operational practices for preserving security and stability of the credential management lifecycle. We would welcome the opportunity to advise training staff in the creation of a curriculum.


https://www.icann.org/en/system/files/files/sac-074-en.pdf

www.icann.org

"...Notice is hereby given to the Secretary that the Security and Stability Advisory Committee appointed Ram Mohan as its non-voting liaison to ICANN Board to a term that begins at the conclusion of the 2015 annual meeting..."

www.icann.org

SSAC has released SAC-073: "SSAC Comments on Root Zone Key Signing Key Rollover Plan"

https://www.icann.org/en/system/files/files/sac-073-en.pdf

www.icann.org

ICANN Email Archives: [comments-ccwg-accountability-03aug15]

ICANN Security and Stability Advisory Committee has sent in comments to CCWG because we can not be present on site at the meeting Sep 25-26 2015.

http://forum.icann.org/lists/comments-ccwg-accountability-03aug15/msg00102.html

ICANN Email Archives: [comments-ccwg-accountability-03aug15] Attachment: SSAC Comments Related to the CCWG Meeting on Enhancing ICANN Accountability 24 September 2015.pdfDescription: SSAC Comments Related to the CCWG Meeting on Enhancing ICANN Accountability 24 September 2015.pdf

www.icann.org

ICANN Security and Stability Advisory Committee released SAC-072: "SSAC Comment on the Cross Community Working Group on Naming Relating Functions Proposal"

https://www.icann.org/en/system/files/files/sac-072-en.pdf

www.icann.org

SAC-071: "SSAC Comments on Cross Community Working Group Proposal on ICANN Accountability Enhancements", was just made available.

In this document SSAC State among other things: According to its Charter, the role of the SSAC is to “advise the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems.”

Based on this, SSAC draw a few conclusions which together end up being the SSAC Comments on the CCWG proposal.

www.icann.org

SSAC Advisory on the Use of Static TLD / Suffix Lists is released.

In this report SSAC give six recommendations:

1. Recognizing that alternatives to the PSL have been discussed (see Appendix A), the SSAC recommends the IETF and the applications community consider them for further specification and standardization through the IETF process.

2. The IETF should develop a consensus definition of “public suffix” and other associated terminology (e.g. “private suffix”).

3. To close the knowledge gap between registry operators and popular PSL maintainers, ICANN and the Mozilla Foundation should collaboratively create informational material that can be given to TLD registry operators about the Mozilla PSL.

4. The Internet Community should standardize the current approach to PSLs.

5. IANA should host a PSL containing information about the domains within the registries with which IANA has direct communication. Such a PSL at a minimum should include all TLDs in the IANA root zone and would be authoritative for those domains.

6. ICANN should explicitly include use and actions related to a PSL as part of the work related to universal acceptance of domain names.

There are of course more details in the report, including the findings that lead to these recommendations.

Can be found here:https://www.icann.org/en/system/files/files/sac-070-en.pdf

www.icann.org

SSAC2

Russ, Suzanne and Lyman explain SSAC view on IANA Transition, which SSAC explained in SAC-067, SAC-068 and SAC-069.

https://www.youtube.com/watch?v=-xY97MR_ono

SSAC2

Creative Commons — Attribution 2.0 Generic — CC BY 2.0

SSAC Facebook Terms of Use

The SSAC page is open to users around the world and is intended to provide a place for individuals to have open and productive discussions around security stability and resilience. Please understand that the content posted by individuals on this site does not reflect SSAC or ICANN’s views or opinions.

We reserve the right to review all comments and remove any that are inappropriate, offensive, or do not relate to subjects covered on this Page. We are not responsible for anything contained in links on this site to third party content or websites.

You should treat information on this page as CC-BY unless the individual posting have requested something else. For information about CC-BY, see . Nothing you post on this page can or will be treated as confidential, and you agree that SSAC will be free to use any feedback or comments without limitation according to the same rules, CC-BY.

Feel free to share, talk and debate in a constructive manner. However, remember to acknowledge differences of opinion and treat others with respect. By using or accessing this page, you agree to comply with Facebook's Terms and Conditions, which can be found at .

Please do not post content that is:

- Abusive, threatening, defamatory or obscene

- Fraudulent, deceptive or misleading

- Vulgar or racist

- In violation of law, regulation or intellectual property right of another

- Spam or overtly promotional

- Otherwise inappropriate

Please keep in mind that violating these Terms of Use or Facebook’s Terms and Conditions can result in content removal. If posted content is found in violation of the Terms of Use, it is cause for immediate removal from the page.

If you have any questions, see a comment that violates these policies or believe your comment has been deleted without cause, please contact SSAC, at: .

Creative Commons — Attribution 2.0 Generic — CC BY 2.0 This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Resources - ICANN

As with the related documents SAC067 and SAC068, staff requested that ICANN Language Services should translate SAC069 SSAC Advisory on Maintaining the Security and Stability of the IANA Functions Through the Stewardship Transition (10 December 2014) into the 6 UN languages. As the source document is in English, translations were requested for Chinese, French, Spanish, Russian, and Arabic. As a bonus, Language Services also translated the document into Turkish and Portuguese. You will find the documents posted at: https://www.icann.org/resources/pages/documents-2012-02-25-en.

Resources - ICANN [SAC069]: SSAC Advisory on Maintaining the Security and Stability of the IANA Functions Through the Stewardship Transition (10 December 2014)

This page will include statements officially made by SSAC in the form of announcements of its published documents. It may include statements by individuals that comment on those documents. It may be used to discuss any topic within the scope of the charter of SSAC (i.e. related to the security and integrity of the Internet's naming and address allocation systems).