Versions Compared

Old Version 27

changes.mady.by.user Jennifer Bryce

Saved on

compared with

New Version Current

changes.mady.by.user Evin Erdogdu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Briefings 

  1. Complete list of briefings delivered to the Review Team inc. briefing materials, questions & answers.

  2. Watch a brief video by ICANN's CTO, as he discusses the 2nd SecurityStability, and Resiliency of the DNS Review Team.

ICANN Specific Review Reports

  1. Competition, Consumer Choice, and Consumer Trust (CCT) 
    1. Draft report published for public comment (7 March 2017)
    2. New sections added to draft report for public comment (27 November 2017)
    3. Final report (08 September 2018)

  2. Registration Directory Service (RDS-WHOIS2) 

    1. Draft report published for public comment (4 September 2018)

Mitigating unique identifier abuse

  1. New gTLD Program Safeguards Against DNS Abuse, Revised Report on DNS Abuse, July 2016
  2. Identifier System Attack Mitigation Methodology

  3. ICANN Security Awareness Resource Locator

  4. Coordinated Vulnerability Disclosure Reporting at ICANN"Mitigating Malicious Conduct," ICANN, New gTLD Program Explanatory Memorandum, 3 October 2009.pdf

  5. Mitigating the Risk of DNS Namespace Collisions Final Report by JAS Global Advisors, 30 Nov 2015Phase 1 Report June 2014

  6. Mitigating the Risk of DNS Namespace Collisions Final Report November 2015 

  7. Security Terminology

  8. SSR Relationships

  9. Identifier Systems Security, Stability and Resiliency Framework – FY 15-16 

  10. SSAC Reports and Advisories

  11. Complete version of the report previously published in June 2014

  12. “Reviewing New gTLD Program Safeguards Against DNS Abuse,” 28 January 2016"Mitigating Malicious Conduct," ICANN, New gTLD Program Explanatory Memorandum, 3 October 2009.pdf 
  13. Illumintel, "Potential for Phishing in Sensitive-String Top-Level Domains, study for the ICANN Board of Directors New TLD Program Committee, 21 May 2015

  14. Security Terminology

  15. Identifier Systems Security, Stability and Resiliency Framework – FY 15-16 
  16. ICANN Office of the CTO - Investigating Identifier Systems Abuse or Misuse: Training Metrics
  17. Statistical Analysis of DNS Abuse in gTLDs Final Report

Threat mitigation

  1. http://www.g20portal.com/accelerating-cybercrime-response-and-mitigation/
  2. https://insights.sei.cmu.edu/sei_blog/2017/02/six-best-practices-for-securing-a-robust-domain-name-system-dns-infrastructure.html
  3. http://www.securityskeptic.com/2015/03/can-we-extend-trust-based-collaboration-beyond-handshakes-and-face-to-face.html

 Classification of Threats

  1.  http://www.securityskeptic.com/2016/02/lending-clarity-to-security-risk-definitions-for-icann-community-and-beyond.html
  2. https://www.spamhaus.org/news/article/713/changes-in-spamhaus-dbl-dnsbl-return-codes
  3. http://www.surbl.org/lists (see multi.surbl.org section)

Registry and registration security and abuse

  1. “Registration Abuse Policies Working Group Final Report,” May 2010 

  2. ERSR or Expedited Registry Security Request

  3. Framework for Registry Operators to Respond to Security Threats

Operation of the DNS root name system

  1. The 12 Root Server Operators
  2. Continuous Data-driven Analysis of Root Stability (CDAR) Deliverable D2: Root Stability Report, Revision: Final, 8 March 2017

  3. “Reviewing New gTLD Program Safeguards Against DNS Abuse,” 28 January 2016

  4. OCTO Research
  5. Root Zone KSK Roll
  6. DNSSEC One-Pager

Risk assessment and management

  1. ICANN KPI Dashboard

  2. ICANN Vulnerability Disclosure

  3. ICANN Security Awareness Resource Locator

  4. DNSSECOnePager
  5. ERSR or Expedited Registry Security Request
  6. ICANN Vulnerabilty Disclosure

  7. Security, Stability & Resiliency Threat Awareness
  8. Security, Stability, Resiliency Collaboration
  9. Security, Stability, Resiliency Trust-Based Collaboration
  10. Security, Stability & Resiliency Analytics
  11. Security, Stability & Resiliency Capability Building
  12. The 12 Root Server Operators

  14. ICANN Releases Identifier Systems SSR Activities Report

Incident response 

  1. Coordinated Vulnerability Disclosure Reporting at ICANN

Public Technical Identifiers (PTI) materials

  1. ICANN-IANA Naming Functions Contract (30 September 2016)
  2. Service Level Agreement for the IANA Numbering Services (29 June 2016)
    1. ICANN-PTI Subcontract Agreement 
  3. IETF-ICANN Memorandum of Understanding Concerning the Technical Work of IANA (March 2000)
    1. 2017 IETF MoU Supplemental Agreement (28 March 2017)
    2. ICANN-PTI Subcontract Agreement (30 September 2017)
  4. Root Zone Maintainer Service Agreement (28 September 2016)
    1. ICANN-PTI Subcontract Agreement (30 September 2016)
  5. ICANN-PTI Services Agreement (30 September 2016)

Other materials 

  1. Technology @ ICANN (ICANN technical portal)

  2. ICANN DNS Symposium presentations (13 May 2017)

  3. SSAC Reports and Advisories

  4. RSSAC Publications 
  5. SSR2 Plenary 1: Background info and questions raised (2 March 2017)

  6. OCTO Research

  7. OCTO Roadmap (ICANN MSSI Retreat January 2017)

  8. ICANN Strategic Plan for fiscal years 2016 - 2020

  9. ICANN Five-Year Operating Plan FY2016 - FY2020

  10. ICANN OCTO SSR Request Types: April 2017
  11. SSR1 Open Recommendations - 24 March 2017
  12. SSR1 Implementation Home & Final Report

  13. ICANN Identifier Technology Innovation Report (May 2014)

  14. SSR Relationships
  15. Continuous Data-driven Analysis of Root Stability (CDAR) Deliverable D2: Root Stability Report, Revision: Final, 8 March 2017
  16. ICANN58: Emerging Identifiers Technology session
    1. Multimedia Session Recording 
    2. Audio Session Recording (EN)
  17. ICANN KPI Dashboard
  18. ICANN Strategic Plan for fiscal years 2016 - 2020  
  19. ICANN58: ICANN Org SSR Definitions 

  20. ICANN Blog: Ways of Trusting Internet Identifiers 

  21. gTLD Marketplace Health IndexICANN Releases Identifier Systems SSR Activities Report