On August 28, SSAC has been informed about ALAC Chair elections result.
SAC 121: Briefing on Routing Security (9 June 2022) English [PDF]
Brief summary: Like all other Internet applications, the Domain Name System (DNS) depends on the Internet’s routing system, which controls the data paths across the Internet’s more than 70,000 autonomously managed networks. A longstanding problem with the routing system is that its key protocol, the border gateway protocol (BGP), does not protect against incorrect routing information. The routing system today is subject to a continuous stream of routing anomalies that affect its integrity and that sometimes cause large DNS outages.
In this report, the SSAC discusses events like these and what impact similar incidents can have on the DNS, surveys the pros and cons of various solutions, and discusses future security extensions of the routing system (e.g., path validation). The main focus of this report is on the security and stability implications for the DNS, although most of it also applies to other types of Internet applications (e.g., email, web, media streaming).
This report provides a tutorial-style discussion accessible to non-technical members of the ICANN community and elsewhere (e.g., policy makers and legal experts). It does not contain any recommendations to the ICANN Board. Because this report is intended to be understandable to a non-technical audience, it sometimes simplifies technical details that are not relevant to the discussion.
SAC 120: Input to GNSO IDN EPDP on Internationalized Domain Name Variants (28 April 2022)
The advice concerns the management of internationalized domain name variants. SSAC reviews a variant management mechanism as service with 2 purposes: to enhance security and stability of IDNs that have variants, and to promote an acceptable experience that meets the user expectations for those IDNs. SSAC calls for a conservative approach in the delegation and management of variant domain names. The advice stated that an IDN and its variants must be treated as a single package from a domain provisioning and life cycle management perspective. Otherwise, users of IDNs that have variants would be susceptible to phishing and other impersonation attacks.
To promote an acceptable experience that meets the user expectations for those IDNs that have variants, variants of an IDN that are in actual use can be delegated. However in defining rules for such delegations, policy makers need to be aware of two very important limitations.
- The first limitation is that there is no protocol solution in DNS to enforce equivalence of variant domains throughout the DNS hierarchy. In addition, there are no protocol solutions for applications such as HTTP, SMTP, or TLS to ensure equivalence of variant domains in their operations.
- The second limitation is that management of variants can introduce a combinatorial explosion at registries, registrars, and registrants. If not handled well, such variants would create operational problems for these entities.
SSAC2022-04: 20 May 2022 Notice of Appointment of SSAC Liaison to the Nominating Committee of ICANN.
SSAC has appointed Ram Mohan as its non-voting liaison to the 2023 Nominating Committee.
SSAC2022-05: 23 June 2022 SSAC’s Participation in the Customer Standing Committee
The SSAC further advised that it would not send a liaison to the CSC.
SSAC2022-06: 19 July 2022 SSAC Input to the GNSO Transfer Policy Review PDP WG on DNSSEC
In SAC119 the SSAC highlighted a specific risk related to DNSSEC: A registrant’s domain name is at risk of experiencing a discontinuity of DNS resolution, and when DNSSEC is in use, a discontinuity of validation, during a
registration transfer if the transfer of DNS services is not considered during the process.
GNSO Transfer Policy Review Policy Development Process Working Group published their “Initial Report on the Transfer Policy Review - Phase 1(a)” for
public comment. That initial report does not include any mention of the risk highlighted above.
If the Working Group has determined, or will determine, that this risk is not within its scope, then the SSAC requests that this determination and its rationale be recorded in the final work product of the Working Group.