Security & Stability Advisory Committee. Update of Activities

Similar documents
Security & Stability Advisory Committee Public Meeting. 15 March 2012

Security & Stability Advisory Committee Public Meeting. 28 June 2012

Security and Stability Advisory Committee!! Activities Update! ICANN Beijing Meeting! April 2013!

SSAC Activities Update. Patrik Fältström, SSAC Chair ICANN58 March 2017

SSAC Activities Update. Patrik Fältström, SSAC Chair ICANN56 June 2016

SSAC Activities Update. Patrik Fältström, SSAC Chair ICANN-53 June 2015

SAC 047 SSAC Comment on the ICANN gtld Registry Transition Processes Model

SAC089: SSAC Response to ccnso Comments on SAC084. Bart Boswinkel (ccnso support staff), Chris Disspain, Ram Mohan (ICANN Board)

SAC102 SSAC Comment on the Updated Plan for Continuing the Root KSK Rollover

SSAC Comment Concerning JAS Phase One Report on Mitigating the Risk of DNS Namespace Collisions

SSAC Improvements Implementation Plan. SSAC Improvements Implementation Plan

Summary Report of Public Comment Proceeding

Wisconsin Department of Transportation Inter-Tribal Task Force Bylaws

University of Victoria Campus Cycling Plan Terms of Reference. 1.0 Project Description

Cisco SIP Proxy Server (CSPS) Compliance Information

City of Ann Arbor Pedestrian Safety & Access Task Force

BIKE PLAN CONTENTS GATEWAY

APNIC Update. Tom Do Friday, 20 November 2015 RIPE 71 (Bucharest, Romania) Issue Date: Revision:

MSC United, Incorporated Operating Guidelines and Procedures

DRAFT FOR DISCUSSION Water Forum Terms of reference: September 2016

Exhibit 1 PLANNING COMMISSION AGENDA ITEM

US Youth Soccer National League Charter as of October 25, 2017

TABLE OF CONTENTS. Executive Summary

Stakeholder Communication and Public Involvement Plan

Chapter 2.7 Bylaw sport governance and management

Discussion Paper Men s and Boy s Competition Review 26 May 2017

USTA NORTH CAROLINACOMMITTEES DESCRIPTIONS & NAMES

We want to thank you for all that you are doing for Ohio Swimming. If you have any questions, please do not hesitate to reach out to any one of us.

Operating Committee Strategic Plan

OVA Privacy Policy. a) Arranges and encourages volleyball matches and competitions within Ontario;

2014 Review/2015 Business Plan

5. Pedestrian System. Accomplishments Over the Past Five Years

3 FRAMEWORK FOR IMPLEMENTATION OF LAKE-TO-LAKE CYCLING ROUTE

Safety assessments for Aerodromes (Chapter 3 of the PANS-Aerodromes, 1 st ed)

MnDOT Implementation of Complete Streets Policy. January 2014

ICC RELATIONSHIPS, ROLES AND RESPONSIBILITIES

VOLLEYBALL ALBERTA - WEB PRIVACY POLICY

CONTACT: Robert A. Stein, acting chair, NCAA Infractions Appeals Committee

Academic Policy Proposal: Policy on Course Scheduling for the Charles River Campus ( )

REGULAR MEETING of the San Mateo County Bicycle and Pedestrian Advisory Committee (SMCBPAC) Thursday, October 20, 2016

CONTINUITY OF SERVICE PLAN FOR THE LRIT SYSTEM

Vision Zero in Canada. 9 th International Conference on Urban Traffic Safety August 2017

Opening remarks for the International Forum for Sports Integrity. 15 February Check against delivery-

Australian Volleyball Federation

USOC ATHLETE ADVERTISING WAIVER SYSTEM. User Guide October 2015

RESOLUTIONS TO AMEND THE CONSTITUTION, BYLAWS AND REGULATIONS Annual General Meeting

City of San Diego Vision Zero Draft Strategic Plan FY 2017

AGENDA REPORT SUMMARY. Ordinance : Amending the Los Altos Municipal Code Reassigning Commission Responsibility for Transportation Issues

Planning for tennis in your Local Government Area. A resource from Tennis Australia

Chapter PERFORMANCE MEASURES AND ACCOUNTABILITY. Introduction

ICC REGULATIONS ON SANCTIONING OF EVENTS

Marion Marlins Masters Swimming Club Strategic Plan

Olympic Movement Medical Code:

BEST EVER GOLF ASSOCIATION (BEGA) BY-LAWS

Eugene s Strategic Pedestrian and Bicycle Plan

DOCKYARD PORT OF PLYMOUTH HARBOUR SAFETY PLAN. Issue 2 Jun 13

Paddle Clean Anti-Doping Education Strategy

APNIC Update. LACNIC 25 La Habana, May Paul Wilson

RYA British Youth Sailing Safety Policy

DATE: January 13, 2014 REPORT NO. CD TYPE OF REPORT: CONSENT ITEM [ ] ITEM FOR CONSIDERATION [ X ]

Local Government Road Safety Summit - 9 April 2018

WALKNBIKE DRAFT PLAN NASHVILLE, TENNESSEE EXECUTIVE SUMMARY NASHVILLE, TENNESSEE

Systems of Accounting for and Control of Nuclear Material

Southwest Power Pool REGIONAL STATE COMMITTEE BYLAWS

Staff Report City of Manhattan Beach

IAAF ADVISORY NOTE USE OF PERSONAL INFORMATION (ANTI-DOPING AND INTEGRITY PROGRAMMES)

NONCOMPLIANCE. 1. Overview

PUBLIC MINUTES TRAFFIC SAFETY COMMITTEE

WORLD HEALTH ASSEMBLY (WHA) POLICY SCRUM

Pedestrian, Bicycle and Traffic Calming Strategic Implementation Plan. January 18, 2011

Special Olympics General Rules 2012 Amendment. 16 th November 2012

Policy #102 - Team Staff/Officials Certification

QLDC Council 29 October Report for Agenda Item: 3

Service Business Plan

CTDOT Pedestrian and Bicycle Safety Initiatives

Agenda. 7:00 pm Welcome Charles Monfort, Chair 7:05 pm Upcoming Schedule Park Master Plan Area Plan

CLEAR COLLISION LEAD EVALUATE ACT RE-OPEN KEEPING TRAFFIC MOVING. CFOATechRescue ConfJuly2013v0.1

At each type of conflict location, the risk is affected by certain parameters:

Organising the National Technology Needs Assessment (TNA) Process: An Explanatory Note

MEETING DATE: DECEMBER 9, SUBJECT: Use Of Cameras To Enforce Transit Lanes RECOMMENDATIONS. It is recommended that the Commission:

Durham Vision Zero: Strategic Road Safety Action Plan

FHWA s Strategic Agenda for Pedestrian and Bicycle Transportation. Purdue Road School March 8, 2017

Signature Date Date First Effective: Signature Date Revision Date:

Traffic Calming Policy

LISP-DDT implementation status and deployment considerations

INTERNATIONAL COUNCIL OF MUSEUMS (ICOM) INTERNATIONAL COMMITTEE FOR EXHIBITION EXCHANGE (ICEE)

Lima 2019 Pan American Games Internal Nomination Process: Triathlon

Welsh Triathlon. National Championship and National Series Events. Tender Process for 2018 season

14. PROPOSED PEDESTRIAN CROSSING IMPROVEMENTS IN MOORHOUSE AVENUE

CITY OF ANN ARBOR TRAFFIC CALMING PROGRAM PROCESS OVERVIEW. Petitioner defines the project area limits and gathers petition signatures.

Citizens Advisory Committee March 26, 2014

Minneapolis Hockey. Executive Summary: Board Composition and Job Descriptions

ICC Dispute Resolution Services

TOWN OF PARADISE VALLEY

Safety Resource Pack For Coaching Events

Monocacy Youth Basketball Association Organization Documents and Bylaws Effective September 1, 2017

Scottsdale Road/Rural Road Alternatives Analysis (AA) Study. Arizona ITE/IMSA Spring Conference March 7, 2012

Resident Services Committee

SR 161 Corridor Study Collaboration Strategies for Multi-Jurisdiction Projects. OTEC 2017 Session 17

Regional Bicycle System Master Study. Preliminary Results Update

Transcription:

Security & Stability Advisory Committee Update of Activities 1

Topics 1. Overview of the SSAC and Activities -- Patrik Fältström, SSAC Chair 2. Public Comments on SAC053: SSAC Report on Dotless Domains 3. SAC056: SSAC Advisory on the Impacts of DNS Blocking 4. SAC055: SSAC Comment on WHOIS Review Team Final Report Jim Galvin, SSAC Vice Chair 2

Security and Stability Advisory Committee (SSAC) Overview Formed in 2001-2002 Decision to start: late 2001 First Operation: early 2002 Provides guidance to ICANN Board, Supporting Organizations and Advisory Committees, staff and general community Charter: To advise the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems. 3

SSAC Members Members: 38 Changes in 2012: 4 New Members and 3 Departing Members Changes in 2011: 4 New Members and 4 Departing Members Changes in 2010: 5 New Members and 5 Departing Members ICANN Bylaws change appointing members to staggered terms of 1, 2, and 3 years, which necessitates an Annual Review Process to reappoint members when their terms end 4

2012 Activity Overview Internal SSAC Work Committees/Work Parties SSAC Membership Committee Registration Data Validation Work Party Identifier Abuse Metrics Work Party Root Key Rollover Work Party SSAC Community Committees/Working Groups DNSSEC Program Committee to Plan Workshops and Beginners Sessions Domain Name System (DNS) Security and Stability Analysis Working Group (DSSA-WG) Board DNS Risk Management Framework Working Group 5

2012 Activities Overview, Cont. Public Meetings and Collaboration at ICANN Meetings Regular meetings with law enforcement agency representatives Briefings to Supporting Organizations and Advisory Committees Briefings with other community groups as requested 6

2012 Publications [SAC056] SSAC Advisory on the Impacts of Content Blocking via the Domain Name System [SAC055] SSAC Comment on the WHOIS Review Team Final Report [SAC054] SSAC Report on the Domain Name Registration Data Model [SAC053] SSAC Report on Dotless Domains [SAC052] SSAC Advisory on Delegation of Single-Character Internationalized Domain Name Top-Level Domains SSAC Comment on the ICANN FY13 Budget: Impact on SSAC Productivity SSAC Comment on the ICANN Draft Roadmap to Implement SAC051 7

Public Comments on SAC53: SSAC Report on Dotless Domains

Background A frequently asked question by new gtld applicants is: If I register "dot BRAND", will I be able to use the label BRAND alone in a URL (http://brand) or an email address (user@brand)? What will happen if I do? The SSAC calls a domain name that consists of a single label a dotless domain.

SSAC Findings The resolution of dotless domain names is not consistent or universal Web Browsers Local Area Network issues DNS Stub Resolvers Email

SSAC Findings cont. Dotless hosting violates a longstanding assumption that a dotless hostname is within an organization's trust sphere, and could present further problems to security and the ability to route traffic.

Recommendations Dotless domains will not be universally reachable, and the SSAC recommends strongly against their use. The SSAC also recommends that the use of DNS resource records such as A, AAAA, and MX in the apex of a Top-Level Domain (TLD) be contractually prohibited where appropriate and strongly discouraged in all cases.

Next Steps The Board passed a resolution that requests staff to: Consult with the relevant communities regarding the implementation of SAC053 recommendations. Provide a briefing paper by 9/31/2012 detailing the technical, policy and legal issues that may arise as a result of implementing SAC053 recommendations, listing the options, if any, for mitigating such issues.

Next Steps, Continued The ICANN staff opened a Public Forum on 24 August 2012 to request community input on the SSAC s recommendations. The Comment Period closed on 23 September. The Reply Period closes on 05 November. The SSAC is reviewing the comments.

SAC056: SSAC Advisory on the Impacts of Content Blocking via the Domain Name System

Background In June 2011 the SSAC published a paper on DNS blocking in response to questions from the GAC: SAC051: DNS Blocking: Benefits Versus Harms An Advisory from the Security and Stability Advisory Committee on Blocking of Top Level Domains at the Domain Name System (14 June 2011) In 2012 the SSAC formed a Work Party to develop a broader Advisory on the Impacts of DNS Blocking. In October 2012 the SSAC published SAC056: SSAC Advisory on the Impacts of Content Blocking via the Domain Name System

Executive Summary DNS Blocking is a topic of interest in numerous Internet governance venues. Several governments have implemented it or are considering it. It can be easily bypassed, is likely to be largely ineffective, and is fraught with unanticipated consequences in the near term. It can present conflicts with the adoption of DNSSEC and could promote the subdivision of the Internet into separate enclaves.

Executive Summary, Cont. Focus of the Advisory: Exploration of technical impacts related to DNS blocking including domain blocking via: A registry or registrar; An authoritative server; In a recursive resolver via redirection, nonexistent domain name, a query refused response code, other response codes, or a query nonresponse.

Executive Summary, Cont. Also, technical impacts related to DNS blocking in recursive resolvers and conflicts with DNSSEC; Conditioning end users toward more end-to-end encryption; Over-blocking; Typographical errors; Routing DNS traffic away from a nation that imposes blocking; Impacts of users switching resolvers; and Breaking Content Distribution Network (CDN) localization if users switch resolvers.

Illustration 20

Conclusions DNS Blocking carries a number of technical issues. Blocking at the DNS registry level (either directly or via a registrar) has The fewest technical implications; Can work with DNSSEC; but may Run afoul of jurisdictional problems; or Trigger long-term segmentation of the Internet name space.

Conclusions, Cont. Blocking at the resolver level is Problematic in the face of DNSSEC; and At worst could impede the deployment of DNSSEC. Governments and others should: Take these issues into consideration; and Fully understand the technical implications of developing policies and implementations using the DNS to block or otherwise filter Internet content.

SAC055: SSAC Comment on the WHOIS Policy Review Team Final Report

Background 11 May 2012: WHOIS Policy Review Team submits its Final Report and Recommendations to the ICANN Board. 23 June 2012: ICANN Board resolution encourages public input on the Final Report and requests that the ICANN Supporting Organizations and Advisory Committees provide input. 14 September 2012: SSAC publishes Comment on the WHOIS Review Team Report as its input to the Board.

SSAC Findings The foundational problem facing all WHOIS discussions is understanding the purpose of domain name registration data Why is data collected? What purpose will the data serve? Who collects the data? Where is the data stored? Where is the data escrowed? Who needs the data and why? Who needs access to logs of access to the data and why?

SSAC Findings, Cont. SSAC believes that the formation of a properly authorized committee to drive solutions to these questions first, and derive a universal policy from those answers is the appropriate first step to address the WHOIS Review Team s report

SSAC Recommendations ICANN Board Should: Clearly state that the development of a registration data policy asserting the purpose of domain name registration data is a critical priority; and Direct the CEO to create a registration data policy committee that includes the highest levels of executive engagement to develop the registration data policy that asserts the purpose of domain name registration data; Explicitly defer any other activity (within ICANN s remit) directed at finding a solution to the WHOIS problem until the registration data policy identified in (1) and (2) has been developed and accepted by the community. 27

Review Team Recommendation SSAC Priority SSAC Recommendation(s) on implementation options 1: Strategic Priority High CEO to create a domain name policy committee that includes the highest level of executive management. 2: Single WHOIS Policy High The Board to clearly states that the development of a single policy is a critical priority. 3: Outreach Low 4: Compliance High The Domain name Whois policy committee should develop clear targets for compliance with respects to registration data accuracy; performance provisions such as SLA must be considered as part of the compliance function. 28

Review Team Recommendation SSAC Priority SSAC Recommendation(s) on implementation options 5-9: Data Accuracy Medium An accuracy policy should define each data element and require that it be examined and indicate for each element a method for determining the accuracy of the data. 10: Data Access: Privacy & Proxy Services 11: Data Access: Common Interface Medium Low No specific recommendation not already covered elsewhere. 29

Review Team Recommendation 12-13: Internationalized Domain Names 14: Internationalized Domain Names SSAC Priority Medium Low 15: Detailed and Low Comprehensive Plan 16: Annual Status Reports Low SSAC Recommendation(s) on implementation options Internationalization MUST be supported by default, not called out separately. The focus should be on Recommendation 2 from the IRD-WG final report: Policies with respect to the accuracy of registration data should apply equally to all registration data without regard to whether it is internationalized or ASCII registration data. 30

Public Comments on SAC53: SSAC Report on Dotless Domains

Background A frequently asked question by new gtld applicants is: If I register "dot BRAND", will I be able to use the label BRAND alone in a URL (http://brand) or an email address (user@brand)? What will happen if I do? The SSAC calls a domain name that consists of a single label a dotless domain.

SSAC Findings The resolution of dotless domain names is not consistent or universal Web Browsers Local Area Network issues DNS Stub Resolvers Email

SSAC Findings cont. Dotless hosting violates a longstanding assumption that a dotless hostname is within an organization's trust sphere, and could present further problems to security and the ability to route traffic.

Recommendations Dotless domains will not be universally reachable, and the SSAC recommends strongly against their use. The SSAC also recommends that the use of DNS resource records such as A, AAAA, and MX in the apex of a Top-Level Domain (TLD) be contractually prohibited where appropriate and strongly discouraged in all cases.

Next Steps The Board passed a resolution that requests staff to: Consult with the relevant communities regarding the implementation of SAC053 recommendations. Provide a briefing paper by 9/31/2012 detailing the technical, policy and legal issues that may arise as a result of implementing SAC053 recommendations, listing the options, if any, for mitigating such issues.

Next Steps, Continued The ICANN staff opened a Public Forum on 24 August 2012 to request community input on the SSAC s recommendations. The Comment Period closed on 23 September. The Reply Period closed on 14 October. The SSAC is reviewing the comments and preparing a Reply

Questions and Discussion

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback