SAC101 was published on 12 June 2018. All SSAC publications can be found at https://www.icann.org/groups/ssac/documents.


Recommendation DescriptionCurrent Phase
Recommendation 1The SSAC welcomes this opportunity to provide input on the issues related to root scaling. The SSAC understands the working group’s request on 14 September 2017 to be:

1. whether the limitations on delegations per annum (1000 / year) could be revisited given the results of the Continuous Data-driven Analysis of Root Stability (CDAR) study and if so, what guidance can the SSAC provide to maintain the security and stability of the root;

2. suggestions on ways that might mitigate potential issues in the event the working group recommends to increase the maximum annual delegation rate; and

3. inputs on the total number of TLDs that could be delegated without negative impact to root server performance.

RETIRED

Recommendation 2The ICANN Board should direct the ICANN Organization to incorporate the following principle into its contracts with gTLD RDDS service providers: Legitimate users must be able to gain operational access to the registration data that policy says they are authorized to access, and must not be rate-limited unless the user poses a demonstrable threat to a properly resourced system. This recommendation is also made to policy-makers participating in the EPDP.

RETIRED

Recommendation 3The ICANN Board and EPDP policy-makers should ensure that security practitioners and law enforcement authorities have access to domain name contact data, via RDDS, to the full extent allowed by applicable law.

RETIRED

Recommendation 4The ICANN Board and the ICANN Organization should not allow a fee to be imposed for RDDS access unless such a decision is made via a formal Policy Development Process (PDP).

RETIRED

Recommendation 5The SSAC reiterates recommendation 2 from SAC061: "The ICANN Board should ensure that a formal security risk assessment of the registration data policy be conducted as an input into the Policy Development Process. A separate security risk assessment should also be conducted regarding the implementation of the policy." These assessments should be incorporated in PDP plans at the GNSO.

RETIRED

Recommendation 6The ICANN Board should direct the ICANN Organization to amend registry and registrar contracts to clarify that if a data field is required to be published, the registry or registrar must publish it in RDDS server output, not just in Web-based output.

RETIRED

Recommendation 7The ICANN Board should direct the ICANN Organization to amend registry and registrar contracts to ensure that RDDS access is provided in a more measurable and enforceable fashion, which can be understood by all parties.

RETIRED