SSAC Briefing on Routing Security (R1)

Date IssuedDocumentReference IDCurrent Phase

  

SSAC Briefing on Routing Security (R1)SAC121

CLOSED


Description:

The routing system today is subject to a continuous stream of routing anomalies that affect its integrity and that sometimes cause large DNS outages. For example, in April of 2018 attackers were able to “hijack” routes to Amazon’s Route53 DNS services, which resulted in DNS traffic for domains hosted on this service ending up at a different destination network where it was served by malicious DNS servers.

In this report, the SSAC discusses events like these and what impact similar incidents can have on the DNS, surveys the pros and cons of various solutions, and discusses future security extensions of the routing system (e.g., path validation). The main focus of this report is on the security and stability implications for the DNS, although most of it also applies to other types of Internet applications (e.g., email, web, media streaming).


STATUS UPDATES

DatePhaseTypeStatus Updates

 

ClosedPhase ChangeThis Advice Item is now Closed

 

Phase 1Phase UpdateICANN org acknowledged receipt of SAC121 and notified SSAC it will be closed immediately.

 

Phase 1Phase UpdateICANN understands SAC121 is the SSAC's briefing report on routing security of the DNS. As there is no action for the ICANN Board, this item will be considered closed.

 

Phase 1Phase ChangeNow in Phase 1: Receive & Acknowledge

 

Phase 1Phase UpdateSSAC published SAC121: SSAC Briefing on Routing Security. Link: https://www.icann.org/en/system/files/files/sac-121-en.pdf.