ALAC Statement to the Board Regarding Security and Stability Implications of New gTLDs Workspace

FINAL VERSION TO BE SUBMITTED IF RATIFIED

Please click here to download the PDF below.

FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

The recent ICANN 46 Meeting in Beijing gave visibility to a number of issues of concern related to security and stability of the DNS in the context of the rollout of new gTLDs.  The majority of these issues have been highlighted in past SAC Reports, specifically: 

• SAC042 – SSAC Comment on the Root Scaling Study Team Report and the TNO Report
• SAC045 – Invalid Top Level Domain Queries at the Root Level in the Domain Name System
• SAC046 – Report of the Security and Stability Advisory Committee on Root Scaling
• SAC057 – SSAC Advisory on Internal Name Certificates

The ALAC notes that expressions of concern have also been raised by PayPal on 15 March 2013 in a letter to the CEO and by Verisign on 28 March 2013 in a letter to the Chairman and CEO.

Following on from SAC057, the ALAC recognizes the achievements of the ICANN Security Team working in conjunction with the CAB Forum to limit the period of vulnerability of internal networks holding certificates which conflict with new gTLDs.  The ALAC urges the Board to closely monitor the work being done by the ICANN Security Team with the CAB Forum and ensure the Board’s decisions are informed by the progress of this work to reduce risk. 

The ALAC also recognizes that the Board, in making decisions related to the rollout of new gTLDs, must take into account factors other than security and stability, including commitments made to new gTLD applicants.  However, the ALAC urges the Board to take full consideration of relevant SSAC advice and recommendations to ensure that residual risk is minimized and specifically that residual risk is not transferred to third parties such as current registry operators, new gTLD applicants, registrants, consumers and individual end users. 

FIRST DRAFT SUBMITTED

The recent ICANN 46 Meeting in Beijing gave visibility to a number of issues of concern related to security and stability of the DNS in the context of the rollout of new gTLDs.  The majority of these issues have been highlighted in past SAC Reports, specifically: 

• SAC042 – SSAC Comment on the Root Scaling Study Team Report and the TNO Report
• SAC045 – Invalid Top Level Domain Queries at the Root Level in the Domain Name System
• SAC046 – Report of the Security and Stability Advisory Committee on Root Scaling
• SAC057 – SSAC Advisory on Internal Name Certificates

The ALAC notes that expressions of concern have also been raised by PayPal on 15 March 2013 in a letter to the CEO and by Verisign on 28 March 2013 in a letter to the Chairman and CEO.

Following on from SAC057, the ALAC recognizes the achievements of the ICANN Security Team working in conjunction with the CAB Forum to limit the period of vulnerability of internal networks holding certificates which conflict with new gTLDs.  The ALAC urges the Board to closely monitor the work being done by the ICANN Security Team with the CAB Forum and ensure the Board’s decisions are informed by the progress of this work to reduce risk. 

The ALAC also recognizes that the Board, in making decisions related to the rollout of new gTLDs, must take into account factors other than security and stability, including commitments made to new gTLD applicants.  However, the ALAC urges the Board to take full consideration of relevant SSAC advice and recommendations to ensure that residual risk is minimized and specifically that residual risk is not transferred to third parties such as current registry operators, new gTLD applicants, registrants, consumers and individual end users.