Page History
SAC057 was published on 15 March 2013. All SSAC publications can be found at https://www.icann.org/groups/ssac/documents.
SAC057 was published on 15 March 2013. All SSAC publications can be found at https://www.icann.org/groups/ssac/documents.
View file | ||||
---|---|---|---|---|
|
Recommendation | Description | Current Phase | ||||||
---|---|---|---|---|---|---|---|---|
Outreach to the CA/B forum and CAs, requesting that they treat applied for new gTLDs as if they were delegated TLDs as soon as possible, as well as discussing the broader implications and mitigation steps. (conducted confidentially) |
| |||||||
Recommendation 2 | A Disclosure Policy as informed by industry best practices for vulnerability disclosure (e.g. CERT / CC vulnerability disclosure. Such a policy should take into consideration that once the disclosure is public, it is trivial to exploit the vulnerability. |
| ||||||
Recommendation 3 | A communication plan on informing affected parties as determined by the disclosure policy. |
| ||||||
Recommendation 4 | A contingency plan to be executed if the vulnerability is leaked to the public prematurely, as well as a proactive vulnerability disclosure plan. |
|