Versions Compared

Old Version 1

changes.mady.by.user Hope Shafer

Saved on

compared with

New Version Current

changes.mady.by.user Charla K. Shambley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SSAC

Briefing on Routing Security

Report on the Evolution of Internet Name Resolution (R1)


Date IssuedDocumentReference IDCurrent Phase

09 Jun   

SSAC Briefing on Routing SecurityReport on the Evolution of Internet Name Resolution (R1)SAC121SAC123

Status
colourGreen
title

Closed

CLOSED





Progress Bar Container
step6
Progress Bar - Hyperlink Step
titlePhase 1 Receive
urlAdvice Process
Progress Bar - Hyperlink Step
titlePhase 2 Understand
urlAdvice Process
Progress Bar - Hyperlink Step
titlePhase 3 Evaluate
urlAdvice Process
Progress Bar - Hyperlink Step
titlePhase 4 Implement
urlAdvice Process
Progress Bar - Hyperlink Step
titlePhase 5 Close
urlAdvice Process
Progress Bar - Hyperlink Step
titleClosed
urlAdvice Process




Description:

The routing system today is subject to a continuous stream of routing anomalies that affect its integrity and that sometimes cause large DNS outages. For example, in April of 2018 attackers were able to “hijack” routes to Amazon’s Route53 DNS services, which resulted in DNS traffic for domains hosted on this service ending up at a different destination network where it was served by malicious DNS servers.
In this report, the SSAC discusses events like these and what impact similar incidents can have on the DNS, surveys the pros and cons of various solutions, and discusses future security extensions of the routing system (e.g., path validation). The main focus of this report is on the security and stability implications for the DNS, although most of it also applies to other types of Internet applications (e.g., email, web, media streaming)SSAC recommends that the ICANN organization continue to track and provide regular updates to the ICANN Board and community on both alternative protocols that make use of the domain namespace, and efforts to create mitigations and reduce risks inherent in the coexistence of multiple namespaces and protocols.

The SSAC recommends that the ICANN organization continue to keep the ICANN community abreast of new developments through such means as the Emerging Identifier Technologies panels that have been presented at a number of ICANN meetings.


STATUS UPDATES

30 2022 SAC121 Briefing on Routing Security. www/systemfiles121.
DatePhaseTypeStatus Updates

 

ClosedPhase ChangeThis Advice Item is now Closed

22 2022 

Phase 12Phase UpdateThe ICANN Board sent a letter (https://www.icann.org acknowledged receipt of SAC121 and notified SSAC it will be closed immediately./en/system/files/correspondence/sinha-to-mohan-03jun24-en.pdf) to the SSAC regarding this Advice item.

 

Phase 2Phase UpdateICANN received SAC123, acknowledged, and is currently reviewing

 

Phase 2Phase ChangeNow in Phase 2: Understand

 

Phase 1Phase UpdateICANN understands SAC121 is the SSAC's briefing report on routing security of the DNS. As there is no action for the ICANN Board, this item will be considered closed.acknowledged receipt of Advice SAC123

 

Phase 1Phase ChangeNow in Phase 1: Receive & Acknowledge

 

Phase 1Phase UpdateSSAC published SAC123: SSAC Report on the Evolution of Internet Name Resolution Link: https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee-ssac-reports/sac-123-15-12-2023-en.pdf