SSAC Activities Update. Patrik Fältström, SSAC Chair ICANN-53 June 2015

Similar documents
SSAC Activities Update. Patrik Fältström, SSAC Chair ICANN58 March 2017

SSAC Activities Update. Patrik Fältström, SSAC Chair ICANN56 June 2016

Security and Stability Advisory Committee!! Activities Update! ICANN Beijing Meeting! April 2013!

Security & Stability Advisory Committee. Update of Activities

Security & Stability Advisory Committee Public Meeting. 15 March 2012

Security & Stability Advisory Committee Public Meeting. 28 June 2012

SAC089: SSAC Response to ccnso Comments on SAC084. Bart Boswinkel (ccnso support staff), Chris Disspain, Ram Mohan (ICANN Board)

SAC 047 SSAC Comment on the ICANN gtld Registry Transition Processes Model

SAC102 SSAC Comment on the Updated Plan for Continuing the Root KSK Rollover

Summary Report of Public Comment Proceeding

SSAC Improvements Implementation Plan. SSAC Improvements Implementation Plan

APNIC Update. Tom Do Friday, 20 November 2015 RIPE 71 (Bucharest, Romania) Issue Date: Revision:

ITF SCORER ONLINE TRAINING SETUP

SCW Web Portal Instructions

SSAC Comment Concerning JAS Phase One Report on Mitigating the Risk of DNS Namespace Collisions

Operating Committee Strategic Plan

Australian Ice Hockey League Limited Privacy Policy

University of Victoria Campus Cycling Plan Terms of Reference. 1.0 Project Description

Agenda. 7:00 pm Welcome Charles Monfort, Chair 7:05 pm Upcoming Schedule Park Master Plan Area Plan

GULF ANGLER FOCUS GROUP INITIATIVE PROCESS OVERVIEW AND PHASES SUMMARY

Eugene s Strategic Pedestrian and Bicycle Plan

September 2016 Financial Results

Pepperdine University eprotocol - IRB Student Investigator User Guide

5. Pedestrian System. Accomplishments Over the Past Five Years

Bicycle Master Plan Goals, Strategies, and Policies

APNIC Update. LACNIC 25 La Habana, May Paul Wilson

LISP-DDT implementation status and deployment considerations

Stakeholder Communication and Public Involvement Plan

Assessment of Student Learning Outcomes How To Quick Reference Guide for

County Donegal Public Participation Network Work Plan

Marlow FC Youth Standing Orders

BIKE PLAN CONTENTS GATEWAY

Staff Report City of Manhattan Beach

PROJECT BACKGROUND/DESCRIPTION

CONTINUITY OF SERVICE PLAN FOR THE LRIT SYSTEM

USGA Tournament Management - Club

TRB/AASHTO Geometric Design Research Efforts Supplemental Information

BC GAMES SOCIETY 2014/15 ANNUAL SERVICE PLAN REPORT

MINUTES FROM NDP MEETING 7pm CHURCH HOUSE 19 th JULY 2018

ICC RELATIONSHIPS, ROLES AND RESPONSIBILITIES

Overall governance information about the RDA Board is available on a page of the RSC website ( rsc.org/rdaboard).

Arkansas Tech University Institutional Review Board

VIRGINIA 4-H CHARTERING INSTRUCTIONS

City of Ann Arbor Pedestrian Safety & Access Task Force

FAQs GOLF CANADA KIOSK

Cycling Master Plan Community Engagement Session WELCOME

DRAFT FOR DISCUSSION Water Forum Terms of reference: September 2016

IRB COMPOSITION AND IRB MEMBER ROLES AND RESPONSIBILITIES

University of Iowa External/Central IRB Reliance Process Standard Operating Procedure (SOP)

REGULAR MEETING of the San Mateo County Bicycle and Pedestrian Advisory Committee (SMCBPAC) Thursday, October 20, 2016

The MQ Console and REST API

Category Description This policy and procedure applies to the Sparrow research community.

Service Business Plan

Level 3 Diploma in Moving Loads in Construction. Qualification Specification

Statutes of the International Young Physicists Tournament. International Young Physicists Tournament Association IYPT. Statutes TABLE OF CONTENTS

Fitbit Pay. Terms and Conditions

The approach of CanoeKayak BC Whitewater (CKBC-WW) to River Access issues is driven by the organizational Mission Statement:

Portland International Airport Public Involvement. Chris White Community Affairs Manager June 7, 2012

Chapter PERFORMANCE MEASURES AND ACCOUNTABILITY. Introduction

Caltrain Bicycle Parking Management Plan

Review of the Changes to the Fisheries Act Process Overview

FHWA Resources for Pedestrian and Bicycle Professionals

MASTER BICYCLE AND PEDESTRIAN PLAN

WEALTH MANAGEMENT: ON YOUR TERMS

Resource Sharing Protocol

ALPINE OFFICIALS' MANUAL CHAPTER X COACHES AS OFFICIALS

Town of Roseland. Americans with Disabilities Act Transition Plan: Pedestrian Facilities in the Public Right-of-Way

Regional Bicycle System Master Study. Preliminary Results Update

Global Certifying Authority for Scrum and Agile Professionals

USA Swimming Background Check Program Frequently Asked Questions

Castro Valley Municipal Advisory Council March 19, 2018

Global Certifying Authority for Scrum and Agile Professionals. Authorized Training Partner

Cisco SIP Proxy Server (CSPS) Compliance Information

TRANSPORTATION STUDY REPORT DRAFT - APRIL 2015 A BLUEPRINT FOR HOW WE CAN GET AROUND GREATER SUDBURY, FROM NOW UNTIL 2031

IMPLEMENTATION STRATEGIES

ECHA s support to BPR helpdesks: state of play

Making Phoenix Streets Complete. City of Phoenix Complete Streets Initiative

2 November WSI Hubcast VERSION 3.5 RELEASE NOTES

ALPINE OFFICIALS' MANUAL CHAPTER X COACHES AS OFFICIALS

Urs Meier David Mirfin (Vice-President) Gautier de Montmollin Ian Ross

Goals, Objectives, and Policies

Hazard Training Guide

Inter-Club Council Constitution Student Life Office, Mt. San Antonio College

New Chapter Guide. Contents. 2 Organizing a Chapter. 3 General Guidelines. 4 ICF Chapter Requirements. 5 ICF Charter Chapter Requirements

Why walk? Introducing Heart Foundation Walking! What is Heart Foundation Walking? Your role. Host Organisation

Actualtests ASF 45q. Number: ASF Passing Score: 800 Time Limit: 120 min File Version: 15.5 ASF. Agile Scrum Foundation

PUBLIC MINUTES TRAFFIC SAFETY COMMITTEE

Overview of Recovery and Rescue Validation, Verification and Extrapolation

Twin Cities Regional Bicycle System Study

Town of Wakarusa. Americans with Disabilities Act Transition Plan: Pedestrian Facilities in the Public Right-of-Way

Swedish IT Policy with a new regime

NATIONAL PLAYER TRANSFER REGULATIONS

MASTER BICYCLE AND PEDESTRIAN PLAN

Beach Cities Living Streets Design Manual and Aviation Boulevard Multimodal Corridor Plan

MnDOT Implementation of Complete Streets Policy. January 2014

3 FRAMEWORK FOR IMPLEMENTATION OF LAKE-TO-LAKE CYCLING ROUTE

Shared Space/ Shared Zone in Private Estates and the Public Domain - what it means for pedestrians?

Ann Arbor Downtown Street Plan

Paper for Consideration by HSSC8 Development of an Additional Bathymetry Layer standard based on S-57/S-52

BERKELEY BICYCLE PLAN UPDATE

Transcription:

SSAC Activities Update Patrik Fältström, SSAC Chair ICANN-53 June 2015

Agenda 1 2 3 Overview Recent Achievements Work in Progress and Future Milestones 4 5 6 SAC070 and SAC071 Registrant Protection/ Credential Management Community Interaction 2

Security and Stability Advisory Committee (SSAC) WHO WE ARE 35 Members Appointed by the ICANN Board WHO WE ADVISE ICANN Board & Staff WHAT WE DO Charter: Advise the ICANN community and Board on matters relating to the security and integrity of the Internet s naming and address allocation systems. HOW WE ADVISE 71 Publications since 2002 v SSAC Reports Advisories Comments SOs & ACs and Community OUTREACH June 2015 3

Security and Stability Advisory Committee (SSAC) PUBLICATIONS PROCESS Form Work Party Research & Writing Review & Approve Publish CURRENT WORK PARTIES New gtlds Program Review Registrant Protection DNSSEC Workshops Document Management Solutions Tracking Board Advice Membership Committee RECENT PUBLICATIONS [SAC071]: SSAC Comments on Cross Community Working Group Proposal on ICANN Accountability Enhancements (08 June 2015) [SAC070]: SSAC Advisory on the Use of Static TLD / Public Suffix Lists (29 May 2015) [SAC069]: SSAC Advisory on Maintaining the Security and Stability of the IANA Functions Through the Stewardship Transition (10 Dec 2014) OUTREACH https://ssac.icann.org https://www.facebook.com/pages/ssac/432173130235645 SSAC Intro: https://www.icann.org/news/multimedia/621 SAC067 & 68: https://www.icann.org/news/multimedia/729 June 2015 4

Work in Progress and Future Milestones Patrik Fältström

Current Work in Progress New gtlds: Mid-Course Correction, Collisions, Timing of Next Round Registrant Protection/Credential Management Cross-Community Working Group on Auction Proceeds (with GNSO) DNSSEC Sessions at ICANN Meetings (Ongoing) Document Management Tools (Internal Guidance) Board Advice Tracking (Ongoing) Membership Committee (Ongoing) 6

Future Milestones Q2 2015 Q3 2015 Q4 2015 Ø DNSSEC Workshop at ICANN 53 ü SAC070: SSAC Advisory on the Use of Static TLD/Suffix Lists ü SAC071: Comments on Cross Community Working Group Proposal on ICANN Accountability Enhancements Ø Advisory on Registrant Protection/ Credential Management Ø Advisory on New gtlds Program Review Ø DNSSEC Workshop at ICANN 54 7

SAC070: SSAC Advisory on the Use of Static TLD / Public Suffix Lists Patrik Fältström

What is Public Suffix List? Public suffix: a domain under which multiple parties that are unaffiliated with the owner of the Public Suffix domain may register subdomains. Examples: www.icann.org www.bbc.co.uk www.pps.k12.pa.us No programmatic way to determine the boundary where a Domain Name System (DNS) label changes stewardship from a public suffix. Tracking the boundary accurately is critically important for security, privacy, and usability issues in many systems and applications, such as web browsers. 9

Why Are Public Suffix Lists Important? Use Case Descriptions Applications Cookie Setting SSL Certificates Navigability TLD Validation Decide whether a cookie should be allowed to set for a suffix of a given domain Decide whether to issue or accept an SSL wildcard certificate for *.public.suffix. Decide whether a browser should attempt to navigate to a given URL without consulting DNS Determine the validity of TLDs in a domain name Mozilla Firefox, Google Chrome, Safari, Opera Certificate Authorities Google Chrome Web forms, programming language libraries Domain Highlighting Decide which part of a domain to highlight Mozilla Firefox 10

Inconsistent Suffix Lists Usage Google Chrome 37.0.2062.124 Apple Safari 7.0.6 9537.78.2 11

SAC070 Findings PSL is a design compromise between convenience of use and accuracy of its contents No consensus definition of public suffix and associated terms and PSL is used for several purposes having to do with administrative boundaries in the DNS Lack of accountability mechanisms for ensuring PSLs are produced in a consistent, fair, unbiased manner with recourse for individuals or organizations that may have an issue Knowledge gap exists between registries and maintainers of the public suffix lists regarding the processes and responsibilities for changes and additions to the Mozilla PSL and other PSLs No universal library, framework, tool, etc. for PSL use and implementers do not use PSL entries consistently in software or other services 12

SAC070 Findings, Cont. No universal library, framework, tool, etc. for PSL use and implementers do not use PSL entries consistently in software or other services Great variation of latency for implementing PSL changes in software applications and Internet services General lack of authentication and other standard security controls for the content and transmission of PSLs from maintainers to users Due to the wide variety of use cases for PSLs, it may be difficult to create a one-size-fits-all PSL for all audiences covering any application or usage If new gtlds use public suffixes similarly to some cctlds, which may include more than one public subdomain, the impact to any PSL could be significant 13

SAC070 Recommendations Parties to take Action Recommendation IETF Standardize PSL alternatives (IETF DBOUND WG) IETF ICANN & Mozilla Foundation ICANN Develop consensus definition of public suffix and other associated terminology Collaboratively create informational materials that can be given to TLD registry operators about Mozilla PSL Encourage the software development community to develop and distribute programming and operating system libraries for PSL. 14

SAC070 Recommendations, cont. Parties to take Action Recommendation Application developers Application developers IANA ICANN Use canonical file format and modern authentication protocols as specifications Replace proprietary PSLs with Mozilla PSL and the proposed IANA PSL Host a PSL containing information about the domain within the registries with which IANA has direct information Explicitly include the use and actions related to the PSL as part of the work related to universal acceptance 15

SAC071: SSAC Comments on Cross Community Working Group Proposal on ICANN Accountability Enchancements Patrik Fältström

SSAC Comments SSAC Charter: The SSAC advises the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems. The SSAC: Has neither been given nor sought any standing for its advice other than that it be evaluated on its merits and adopted (or not) according to that evaluation by the affected parties. 17

SSAC Comments, Cont. The SSAC: Has no comment at this time on whether or not a legal structure is required or desirable to compel ICANN and the Board to respond to the SSAC s advice. Is concerned about the way in which the proposed new SO/AC Membership Model might affect the way in which the SSAC operates, considering its narrow focus on security and stability matters and its reluctance to become involved in issues outside that remit. 18

SSAC Comments, Cont. The SSAC: Expects that the community will adopt an organizational structure that recognizes the role and importance of high quality expert advice on security and stability. Notes the relatively short time available for consideration of the draft proposal and reserves the right to make additional comments as further details are developed. 19

Registrant Protection/ Credential Management Ben Butler and Merike Kaeo

Charter Augment previous work done in SAC040 and SAC044 by defining best practice guidelines for comprehensive credential lifecycle management of domain names. Target audience: Wider ICANN community; Registrars, registries, registrants; Software developers of applications/tools; DNS service providers; and Webhosting and email service providers. 21

Charter, Continued Will address: Credential lifecycle best practices for creating, distributing, storing, renewing, transferring, revoking and recovering name credentials; All credentials used to provide authentication of an identity (registrant or authorized administrator of registrar or registry); and Any relevant policy issues that can support or hinder credential management. 22

Document Content What is the problem? Recent attack issues Credential types Credential use: Entity using credential; Credential validator; Purpose of credential. Credential management life cycle today Practical checklist/credential management life cycle best current practices Recommendations 23

Timeline Q1 & Q2 2015 Q3 2015 Ø Develop first draft Ø Consult with community at ICANN 52 Ø Consult with community at ICANN 53 Ø Develop Final draft Ø Possible further consultation Ø Publish Advisory 24

Ongoing Validation Review of Sections 4 and 5 (use of credentials and how current lifecycle is managed) What issues or problems do you encounter? Successes/challenges with password requirements and 2FA Successes/challenges with registrant engagement Successes/challenges with storage and backups of credentials Successes/challenges with distribution of credentials Successes/challenges of re-issuing/renewing/revoking credentials Are there areas where tools or software development would aid in credential security/management? What are the challenges for small registrars? 25

Community Interaction Patrik Fältström

Questions from the Community How does the SSAC prioritize new work? How does the SSAC address requests from the ICANN Board and the community? How does the SSAC track the Board s response to SSAC advice? How does the SSAC inform the community of its work? 27

Questions to the Community Are the SSAC publications accessible and understandable: How is the length (long, short, just right?) How is the level of detail? Do the publications reach their audience? How can the SSAC do a better job for the community? What can the SSAC do differently? What topics are missing from the current list of work parties? 28

Thank you

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback