Recommendation | Description | Current Phase |
---|---|---|
Recommendation 1 | Outreach to the CA/B forum and CAs, requesting that they treat applied for new gTLDs as if they were delegated TLDs as soon as possible, as well as discussing the broader implications and mitigation steps. (conducted confidentially) | CLOSED |
Recommendation 2 | A Disclosure Policy as informed by industry best practices for vulnerability disclosure (e.g. CERT / CC vulnerability disclosure. Such a policy should take into consideration that once the disclosure is public, it is trivial to exploit the vulnerability. | CLOSED |
Recommendation 3 | A communication plan on informing affected parties as determined by the disclosure policy. | CLOSED |
Recommendation 4 | A contingency plan to be executed if the vulnerability is leaked to the public prematurely, as well as a proactive vulnerability disclosure plan. | CLOSED |