SSAC Advisory on Internal Name Certificates (R-2)

Date IssuedDocumentReference IDCurrent Phase

  

SSAC Advisory on Internal Name Certificates (R-2)SAC057

CLOSED



  1. Phase 1 Receive
  2. Phase 2 Understand
  3. Phase 3 Evaluate
  4. Phase 4 Implement
  5. Phase 5 Close
  6. Closed



Description:

A Disclosure Policy as informed by industry best practices for vulnerability disclosure (e.g. CERT / CC vulnerability disclosure. Such a policy should take into consideration that once the disclosure is public, it is trivial to exploit the vulnerability.


STATUS UPDATES

DatePhaseTypeStatus Updates

 

ClosedPhase ChangeThis Advice Item is now closed

 

Phase 5Board UpdateStatus provided in 19 October 2016 letter from ICANN Board Chair to SSAC Chair (https://www.icann.org/en/system/files/correspondence/crocker-to-faltstrom-19oct16-en.pdf). This work was undertaken by ICANN staff including the Security Team. ICANN has coordinated mitigation efforts with the CA/Browser forum. Specifically, ICANN worked with the Certificate Authority Browser Forum (CA/B Forum), which passed Ballot 96.

 

Phase 5Phase ChangeNow in Phase 5: Close

 

Phase 1Phase UpdateSSAC published SAC057: SSAC Advisory on Internal Name Certificates: https://www.icann.org/en/system/files/files/sac-057-en.pdf.