Versions Compared

Old Version 1

changes.mady.by.user Hope Shafer

Saved on

compared with

New Version Current

changes.mady.by.user Charla K. Shambley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SAC121 SAC123 was published on 9 June 202220 Dec 2023. All SSAC publications can be found at https://www.icann.org/groupsen/ssac/documentspublications.


View file
namesac-121123-en.pdfpageSAC123: SSAC Report on the Evolution of Internet Name ResolutionSAC121: SSAC Briefing on Routing Security
spaceBA
height400


Closed
Recommendation DescriptionCurrent Phase
Recommendation 1The routing system today is subject to a continuous stream of routing anomalies that affect its integrity and that sometimes cause large DNS outages. For example, in April of 2018 attackers were able to “hijack” routes to Amazon’s Route53 DNS services, which resulted in DNS traffic for domains hosted on this service ending up at a different destination network where it was served by malicious DNS servers.
In this report, the SSAC discusses events like these and what impact similar incidents can have on the DNS, surveys the pros and cons of various solutions, and discusses future security extensions of the routing system (e.g., path validation). The main focus of this report is on the security and stability implications for the DNS, although most of it also applies to other types of Internet applications (e.g., email, web, media streaming)New technologies are changing how name resolution happens on the Internet. The DNS remains the prominent, or default, naming system for the Internet, but alternative naming systems are in use as well. This is nothing particularly new, as there have always been naming systems besides the DNS in use throughout the Internet’s history. These alternative naming systems use the same syntax as the DNS, dot-separated labels. There are many motivations for copying this syntax, but the primary reason is because designers of these alternative naming systems wish to benefit from the existence of software applications built to receive DNS names as input.

This has the potential to create situations where the same name exists in DNS and in an alternative system, potentially causing name collisions. However, there is only one domain namespace and its referential integrity is important for Internet users and for the stability and security of Internet names. Thus, as alternative naming systems increase in popularity their use threatens to increase ambiguity in the shared single domain namespace. This increased ambiguity in Internet naming threatens to undermine the trust that users have in Internet identifiers and the services that rely on them.
Status
colourGreen
title
CLOSED