Security and Stability Advisory Committee!! Activities Update! ICANN Beijing Meeting! April 2013!

Similar documents
Security & Stability Advisory Committee. Update of Activities

SSAC Activities Update. Patrik Fältström, SSAC Chair ICANN56 June 2016

Security & Stability Advisory Committee Public Meeting. 15 March 2012

SSAC Activities Update. Patrik Fältström, SSAC Chair ICANN58 March 2017

Security & Stability Advisory Committee Public Meeting. 28 June 2012

SSAC Activities Update. Patrik Fältström, SSAC Chair ICANN-53 June 2015

SAC 047 SSAC Comment on the ICANN gtld Registry Transition Processes Model

SAC089: SSAC Response to ccnso Comments on SAC084. Bart Boswinkel (ccnso support staff), Chris Disspain, Ram Mohan (ICANN Board)

SAC102 SSAC Comment on the Updated Plan for Continuing the Root KSK Rollover

SSAC Comment Concerning JAS Phase One Report on Mitigating the Risk of DNS Namespace Collisions

SSAC Improvements Implementation Plan. SSAC Improvements Implementation Plan

Summary Report of Public Comment Proceeding

Chapter 2.7 Bylaw sport governance and management

APNIC Update. Tom Do Friday, 20 November 2015 RIPE 71 (Bucharest, Romania) Issue Date: Revision:

September 2016 Financial Results

International One Metre International Class Association (IOM ICA) Special General Meeting Amended Agenda. October 31, 2009

RESOLUTIONS TO AMEND THE CONSTITUTION, BYLAWS AND REGULATIONS Annual General Meeting

Operating Committee Strategic Plan

Guidance Note. NXT Advisors

Accellera Systems Initiative SystemC Standards Update

Project & Task Work Health and Safety Risk Management Procedure

U S Olympic Committee Policy

APNIC Update. LACNIC 25 La Habana, May Paul Wilson

Top Tips to Mitigate. Food Fraud COPYRIGHT ALL RIGHTS RESERVED.

Wisconsin Department of Transportation Inter-Tribal Task Force Bylaws

Last Reviewed 14 th October 2016 HOME COUNTRY CONSTITUTION

Research Involving Human Subjects: AA 110.7

FOREST SERVICE HANDBOOK NATIONAL HEADQUARTERS (WO) WASHINGTON, DC

A protest hearing which may result in a disqualification: this appears to be becoming less common

Open Beef Breeding. Brangus. Premium Offering B $25 $15

The British Hang Gliding and Paragliding Association National Open Paragliding Accuracy Championships 2015 LOCAL REGULATIONS

Accellera Systems Initiative SystemC Standards Update

DOCKYARD PORT OF PLYMOUTH HARBOUR SAFETY PLAN. Issue 2 Jun 13

STAFF REPORT ACTION REQUIRED. Public Works and Infrastructure Committee. General Manager, Transportation Services

Bexar County Environmental Services 233 North Pecos La Trinidad, Suite 420, San Antonio, Texas (210) Office (210) Fax

The British Hang Gliding and Paragliding Association National Open Paragliding Accuracy Championships 2017 LOCAL REGULATIONS

PUBLIC AGENDA STREET ACTIVITY STEERING COMMITTEE

EXAMPLE STATEMENT OF WORK (SOW) SUBMARINE EMERGENCY COMMUNICATION BUOY USER TRAINING

Speed Limit Policy Isle of Wight Council

AFC Futsal Club Licensing Regulations. The AFC Futsal Club Licensing Regulations

THE CONSTITUTION OF THE INTERNATIONAL STUDENTS UNION OF NARVIK

COMMUNITY PARTICIPATION CHAPTER 8

ANSI A Work Zone Safety for Highway Construction. Scott Schneider, CIH and Travis Parsons Laborers Health and Safety Fund of North America

Ski Jumping Canada Internal Nomination Procedures For the XXIII Winter Olympics

Australian Olympic Committee. Athletes Commission CHARTER

Robben Island Museum addresses EPPA concerns

System Flexibility Indicators

Central Oregon Intergovernmental Council

County of Orange Resources and Development Management Department Harbors, Beaches and Parks. Strategic Plan. HBP Strategic Plan Workshop 1.

Premiums to be paid for 1 st and 2 nd place only in classes of 10 or smaller.

Policy Number: 42 Title: Investigational Devices Date of Last Revision: 06/12/2008; 07/22/2010; 05/29/2013; 05/01/2016; 10/16/2018

STECF work on the Landing Obligation. Advising on: The biggest challenge? The biggest puzzle? The biggest risk?

United States Soaring Team Committee

Shropshire Cricket Board Cricket Policy

ICC Women s World T Brand and Content Protection Guidelines. Public Advisory Notice

US YOUTH SOCCER TRAVEL POLICY (Adopted March 20, 2010)

2017 IIHF BID REGULATIONS

Aliso Canyon Gas-Electric Coordination Phase 3 Draft Final Proposal

Swedish IT Policy with a new regime

Alvin Debrief Summary Seven Cruises for 91 dives. Southern California Juan de Fuca Costa Rica Guaymas Basin Galapagos

PRANZ Safety Management Plan

Duties of WAH Competent Persons

Title: INSTRUMENT AND EQUIPMENT DOCUMENTATION AND RECORDS

2018 COM Doc. No. PA4_810 / 2018 November 7, 2018 (11:44 AM)

EUROPEAN COMBINED EVENTS TEAM CHAMPIONSHIPS 701. PROMOTION AND RIGHTS

Hero Indian Super League

PSM I PROFESSIONAL SCRUM MASTER

Iteration: while, for, do while, Reading Input with Sentinels and User-defined Functions

OCTOBER 2018 EXECUTIVE SUMMARY

INTERNATIONAL PITCH and PUTT ASSOCIATION

Briefing on the IWC s Conservation Committee

Annexure 1. State League

Code for the Provision of Chargeable Mobile Content Services

Grand National Curling Club of America, Inc. By-Laws

Roads and public rights of way

City of Wilsonville 5 th Street to Kinsman Road Extension Project

Inter-Club Council Constitution Student Life Office, Mt. San Antonio College

PANEL DECISION. newcastlepaintball.com.au. Panel: Andrew Robertson. Hunter Valley Paintball Pty Ltd. Delta Force Properties Pty Ltd

BASKETBALL AUSTRALIA ANTI-DOPING POLICY

IOTC Agreement Article X. Report of Implementation for the year 2016

University of Iowa External/Central IRB Reliance Process Standard Operating Procedure (SOP)

PROJECT BACKGROUND/DESCRIPTION

Proposed fisheries management measures for English offshore MPAs in the Channel, the Southwest Approaches and the Irish Sea

FedRAMP Plan of Actions and Milestones (POA&M) Template Completion Guide. Version 2.0

a Player is transferring from another Union. For Players at Level 4 and above, evidence of international Clearance must be provided.

SHEDL 23/06/2011. Context. Investigative Study. Scottish Higher Education Digital Library. Scottish HE tradition of co-operation.

OPERATIONS HOW-TO-GUIDE

CONTINUITY OF SERVICE PLAN FOR THE LRIT SYSTEM

Maryland Thoroughbred and Harness Horse Racing Tracks

B S Glass Ltd Safety procedures- outsourced Workplaces

World Cup Conditions of Entry. To be read in conjunction with the General Conditions document.

ICC RELATIONSHIPS, ROLES AND RESPONSIBILITIES

Open Beef Breeding. Brangus. Premium Offering B $25 $15 THE ULTRA BLACK/ULTRA RED PERCENTAGE SHOW WILL FOLLOW THE BLACK/RED BRANGUS SHOW

RACING VICTORIA S EQUINE WELFARE STRATEGY

ANTI-DOPING POLICY OF SINGAPORE

Comparison of Turning Movement Count Data Collection Methods for a Signal Optimization Study. White Paper

MEWP Safety Alert Protocol

(MSW) Process Overview. Introduction Chevron Corporation. All rights reserved.

Guidelines for NOCs regarding Rule 40 of the Olympic Charter

Paper for Consideration by HSSC8 Development of an Additional Bathymetry Layer standard based on S-57/S-52

Transcription:

Security and Stability Advisory Committee Activities Update ICANN Beijing Meeting April 2013

Agenda 1. SSAC Overview and Activities Patrik Fältström 2. SAC057: SSAC Advisory on Internal Name Certificates Patrik Fältström 3. SAC058: SSAC Report on Domain Name Registration Data Validation Don Blumenthal and Jim Galvin 2

Security and Stability Advisory Committee (SSAC) Overview 2001: SSAC initiated; 2002: Began operation. Provides guidance to ICANN Board, Supporting Organizations and Advisory Committees, staff and general community. Charter: To advise the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems. Members: 38; appointed by ICANN Board for 3- year terms. 3

2013 Work Plan: Committees/ Working Groups SSAC Membership DNSSEC Workshop Program Domain Name System (DNS) Security and Stability Analysis Working Group (DSSA-WG) 4

2013 Work Plan: Work Parties Identifier Abuse Metrics Root Key Rollover SSAC Meetings with Law Enforcement IGF Workshop New gtld Success Metrics Abuse of the DNS for DDoS Attacks MDNS, Complexity/Challenges in the DNS 5

2012-2013 Publications by Category Domain Name System (DNS) Security and Abuse [SAC058] SSAC Report on Domain Name Registration Data Validation Taxonomy Mar 2013 [SAC057] SSAC Advisory on Internal Name Certificates Mar 2013 [SAC056]: SSAC Advisory on Impacts of Content Blocking via the Domain Name System (09 October 2012) [SAC053] SSAC Report on Dotless Domains Feb 2012 Internationalized Domain Names (IDNs) [SAC052] SSAC Advisory on Delegation of Single-Character Internationalized Domain Name Top-Level Domains Jan 2012 6

2012-2013 Publications by Category, Cont. Registration Data (WHOIS): [SAC055] SSAC Comment on the WHOIS Review Team Final Report Sep 2012 [SAC054] SSAC Report on the Domain Name Registration Data Model Jun 2012 7

SAC057: SSAC Advisory on Internal Name Certificates Patrik Fältström

Overview 9 Advisory identifies a Certificate Authority (CA) practice that, if widely exploited, could pose a significant risk to the privacy and integrity of secure Internet communications. This CA practice could impact the new gtld program. The SSAC advises that ICANN should take immediate steps to mitigate the risks.

Findings 1. The SSL observatory data shows that at least 157 CAs have issued internal name certificates. 2. The exact number of internal name certificates that end in an applied for new gtld cannot be known unless CAs voluntarily disclose the list. 3. Enterprises use internal name certificates for a variety of reasons. 10

Findings, Cont. 11 4. The practice for issuing internal name certificates allows a person, not related to an applied for TLD, to obtain a certificate for the TLD with little or no validation, and launch a man-in-the-middle attack more effectively. 5. The CA / Browser (CA/B) forum is aware of this issue and requests its members to stop this practice by October 2016. The vulnerability window to new gtlds is at least 3 years.

Recommendation The ICANN Security Team should immediately develop and execute a risk mitigation plan. Outcome Following the SSAC advice, ICANN took immediate mitigation actions to reduce the risk: ICANN alerted the CA/Browser (CA/B) Forum Chairperson (23 Jan 2013) ICANN briefed the CA/B Forum at its annual meeting (5 Feb 2013) Ballot 96 on new gtlds was brought forward and passed by the CA/B Forum (20 Feb 2013), which implies: CAs will stop issuing certificates that end in an applied-for-gtld string within 30 days of ICANN signing the contract with the registry operator. CAs will revoke any existing certificates within 120 days of ICANN signing the contract with the registry operator. 12

SAC058: SSAC Report on Domain Name Registration Data Validation Taxonomy Don Blumenthal and Jim Galvin

Description 14 Various studies that assessed the quality of domain name registration data have collectively shown that the accuracy of the data needs to be improved. In this report, the SSAC examines the feasibility and suitability of improving registration data accuracy through validation. Specifically, the SSAC: Proposes validation taxonomy for community consideration; Explores the suitability and efficacy of various techniques of validating registration data elements in light of the taxonomy.

Findings 1. Data quality is relative to registrants and their purposes. Identify potential providers (customers) of data and purposes. 2. Certain verification measures can be automated, some with only a small amount of investment, and would improve the quality of registration data. Use a formal data structure and strong data typing to reduce unintentional errors. 3. Different contact data elements have different validation cost structures. Large upfront cost. Ongoing costs might be related to the frequency of data revalidation. Economies of scale for validation as more contacts are validated. 15

Recommendations 1. The ICANN community should consider adopting the terminology outlined in this report in documents and discussions. Syntactic Validation - the assessment of data with the intent to ensure that they satisfy specified syntactic constraints, conform to specified data standards, and are transformed and formatted properly for their intended use. Operational Validation - the assessment of data for their intended use in their routine functions. Identity Validation - the assessment that the data corresponds to the real world identity of the entity. 16

Recommendations 2. As the ICANN community discusses validating contact information, the SSAC recommends that the following meta-questions regarding the costs and benefits of registration data validation should be answered: What data elements need to be added or validated to comply with requirements or expectations of different stakeholders? Is additional registration processing overhead and delay an acceptable cost for improving accuracy and quality of registration data? Is higher cost an acceptable outcome for improving accuracy and quality? Would accuracy improve if the registration process were to provide natural persons with privacy protection upon completion of multi-factored validation? 17

Recommendations 3. The SSAC recommends that the ICANN community seek to identify validation techniques that can be automated and to develop policies that incent the development and deployment of those techniques. The use of automated techniques may necessitate an initial investment but the long-term improvement in the quality and accuracy of registration data will be substantial. 18

Thank You & Questions?

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback