Summary

Board approves the PIR proposal to implement DNSSEC in .ORG, with the understanding that PIR will continue to cooperate and consult with ICANN on details of the implementation; and authorizes the President and General Counsel to enter the associated amendment to the .ORG Registry Agreement and to take other actions to enable the deployment of DNSSEC in .ORG.

Text

Whereas, Public Interest Registry has submitted a proposal to implement DNS Security Extensions (DNSSEC) in .ORG. <http://icann.org/registries/rsep/pir-request-03apr08.pdf>

Whereas, staff has evaluated the .ORG DNSSEC proposal as a new registry service via the Registry Services Evaluation Policy <http://icann.org/registries/rsep/>, and the proposal included a requested amendment to Section 3.1(c)(i) of the .ORG Registry Agreement <http://icann.org/tlds/agreements/org/proposed-org-amendment-23apr08.pdf> which was posted for public comment along with the PIR proposal.

Whereas, the evaluation under the threshold test of the Registry Services Evaluation Policy <http://icann.org/registries/rsep/rsep.html> found a likelihood of security and stability issues associated with the proposed implementation. The RSTEP Review Team considered the proposal and found that there was a risk of a meaningful adverse effect on security and stability, which could be effectively mitigated by policies, decisions and actions to which PIR has expressly committed in its proposal or could be reasonably required to commit. <http://icann.org/registries/rsep/rstep-report-pir-dnssec-04jun08.pdf>

Whereas, the Chair of the SSAC has advised that RSTEP's thorough investigation of every issue that has been raised concerning the security and stability effects of DNSSEC deployment concludes that effective measures to deal with all of them can be taken by PIR, and that this conclusion after exhaustive review greatly increases the confidence with which DNSSEC deployment in .ORG can be undertaken.

Whereas, PIR intends to implement DNSSEC only after extended testing and consultation.

Resolved (2008.06.26.08), that PIR's proposal to implement DNSSEC in .ORG is approved, with the understanding that PIR will continue to cooperate and consult with ICANN on details of the implementation. The President and the General Counsel are authorized to enter the associated amendment to the .ORG Registry Agreement, and to take other actions as appropriate to enable the deployment of DNSSEC in .ORG.

Implementation Actions

  • Execute .ORG agreement amendments with PIR.
    • Responsible entity: ICANN Staff
    • Due date: None provided
    • Completion date: 16 July 2008, amendment to registry agreement; 2 June 2010, amendment to data escrow specifications appendix

Other Related Resolutions

Additional Information

  • The PIR request was the third request since the implementation of the Registry Services Evaluation Policy (RSEP) (Effective Date of the Policy is 15 August 2006) that was referred to the Registry Services Technical Evaluation Panel (RSTEP) for review and assessment. The RSEP provides that in the event that ICANN reasonably determines during the 15 calendar day "preliminary determination" period that the proposed Registry Service might raise significant Stability or Security issues, ICANN will refer the proposal to the Registry Services Technical Evaluation Panel within five business days of making its determination.  Information on the RSEP process is located at http://www.icann.org/en/registries/rsep/
  • The RSTEP conducted their evaluation of the proposed service and in their report dated 4 June 2008 stated, "Our technical evaluation of this proposed registry service with respect to the likelihood and materiality of effects on security and stability concludes that it does create a reasonable risk of a meaningful adverse effect on security and stability, which can be effectively mitigated by policies, decisions, and actions to which PIR either has expressly committed in its proposal or could reasonably be required to commit."
  • The RSEP also provides that following receipt of the RSTEP report, which will be posted and available for public comment, the ICANN Board will have 30 days to reach a decision. In the event the ICANN Board reasonably determines that the proposed Registry Service creates a reasonable risk of a meaningful adverse effect on Stability or Security, Registry Operator will not offer the proposed Registry Service.
  • A copy of the ORG Registry Agreement is available at: http://www.icann.org/en/tlds/agreements/org/.

Explanatory text does not modify or override Resolutions.  See Board Resolutions Page for more information.

Note: The "Add Comment" box below is for sharing information about implementation of this resolution. Off-topic comments will be removed.