Security and Stability Advisory Committee (SSAC) Advice Status

Board Advice Home | ALAC Advice Status | RSSAC Advice Status | GAC Advice Status


Latest Advice to the ICANN Board

As of 30 April 2020

Date Advice Document
19 March 2020 SAC110 SSAC Comments on the Second Security, Stability, and Resiliency (SSR2) Review Team Draft Report
12 March 2020 SAC109: The Implications of DNS over HTTPS and DNS over TLS

Board Advice Register Phases and Descriptions

Board Advice Register Phases and Descriptions

Advice Items by Phase

Phase SSAC
Phase 1 | Receive & Acknowledge -
Phase 2 | Understand 4
Phase 3 | Evaluate & Consider -
Phase 3 | Deferred -
Phase 4 | Implement 13
Phase 4 | Deferred 9
Phase 5 | Close 21
Total Open Items 47
Total Items Closed in Past 12 Months 6

Open Advice Items

See also "Advice Status Reports" on Board Advice Home for PDF/Excel versions of the information below.

Advice Item Phase Action(s) Taken

SAC059: R-1 Interdisciplinary studies of security and stability implications from expanding the root zone

(18 Apr 2013)

Phase 2 | Understand Request

Issues related to the expansion of the root zone have been/are being considered through other means, including Name Collision and DNSSEC roll over. Other reports on the expansion of the root zone include: – Scaling the Root Report on the Impact on the DNS Root System of Increasing the Size and Volatility of the Root Zone: https://www.icann.org/en/system/files/files/root-scaling-study-report-31... – Summary of the Impact of Root Zone Scaling: https://archive.icann.org/en/topics/new-gtlds/summary-of-impact-root-zon... – Impact on Root Server Operations and Provisioning Due to New gTLDs: http://newgtlds.icann.org/en/about/historical-documentation/root-scaling... – Continuous Data Driven Analysis of Root Server System Stability Study Plan (Public Comment): https://www.icann.org/public-comments/cdar-study-plan-2015-12-02-en ICANN continues to work to address the issues identified in SAC059.

SAC059: R-2 Interdisciplinary studies of security and stability implications from expanding the root zone

(18 Apr 2013)

Phase 2 | Understand Request

Issues related to the expansion of the root zone have been/are being considered through other means, including Name Collision and DNSSEC roll over. Other reports on the expansion of the root zone include: – Scaling the Root Report on the Impact on the DNS Root System of Increasing the Size and Volatility of the Root Zone: https://www.icann.org/en/system/files/files/root-scaling-study-report-31... – Summary of the Impact of Root Zone Scaling: https://archive.icann.org/en/topics/new-gtlds/summary-of-impact-root-zon... – Impact on Root Server Operations and Provisioning Due to New gTLDs: http://newgtlds.icann.org/en/about/historical-documentation/root-scaling... – Continuous Data Driven Analysis of Root Server System Stability Study Plan (Public Comment): https://www.icann.org/public-comments/cdar-study-plan-2015-12-02-en ICANN continues to work to address the issues identified in SAC059.

SAC064: SSAC Advisory on DNS "Search List" Processing (R-2)

(13 Feb 2014)

Phase 2 | Understand Request

The ICANN organization understands that SAC064 R-2 means that the SSAC recommends that ICANN organization work with the DNS community and the IETF to encourage the standardization of search list processing behavior, beginning with the submission of an Internet-Draft to the IETF and advocating for its standardization within the IETF process. Updates to RFC 1535 and other RFCs related to this topic should be included within the Internet-Draft. On 24 June 2017, the ICANN Board accepted this advice and directed the ICANN organization to implement per the ICANN organization's recommendation (https://www.icann.org/resources/board-material/resolutions-2017-06-24-en...).

SSAC2020-06: SSAC Public Comment on the Initial Report of the New gTLD Auction Proceeds Cross-Community Working Group

(14 Feb 2020)

Phase 2 | Understand Request

ICANN received SSAC2020-06 on 21 February 2020 and is currently reviewing.

SAC046: Report of the Security and Stability Advisory Committee on Root Scaling (R-4)

(6 Dec 2010)

Phase 4 | Deferred

The plan will be updated to include actual measurement, monitoring, and data sharing capability of root zone performance, in cooperation with RSSAC and other root zone management participants to define the specific measurements, monitoring, and data sharing framework. Further implementation of this item is deferred as of 04 December 2019 pending external activity. ICANN org will take up further action once the implementation of RSSAC037-038 and the work of the Root Server System Governance Working Group is complete.

SAC060: Active Variant TLDs (2 of 14)

(23 Jul 2013)

Phase 4 | Deferred

RZ-LGR-3 integrating 16 scripts is being released in July 2019. The inclusion of RZ-LGR to validate TLD labels and their variant labels has also been recommended as part of managing IDN variant TLDs. GNSO and ccNSO are currently considering this recommendation. The Study Group on Technical Utilization of Root Zone Label Generation Rules took up this item to discuss. Recommendation four (4) of their report suggests a way forward. This work has been released for public comment and will be finalized afterwards for further consideration of the ICANN Board. See report at https://www.icann.org/en/system/files/files/recommendations-rz-lgr-14may... and public comment at https://www.icann.org/public-comments/technical-rz-lgr-2019-05-15-en. Further implementation of this item is deferred as of 30 June 2019 pending external activity. ICANN org will take up further work once the GNSO and ccNSO have considered these items as part of their policy development work.

SAC060: Active Variant TLDs (8 of 14)

(23 Jul 2013)

Phase 4 | Deferred

ICANN org recently developed the Recommendations for Managing IDN Variant TLDs, published at https://www.icann.org/resources/pages/idn-variant-tld-implementation-201.... These have been adopted by ICANN Board at their meeting at ICANN64, where the Board asked the GNSO and ccNSO to consider these in their policy and procedures. Further implementation of this item is deferred as of 30 June 2019 pending external activity. ICANN org will take up further work once the GNSO and ccNSO have considered these items as part of their policy development work.

SAC060: Active Variant TLDs (9 of 14)

(23 Jul 2013)

Phase 4 | Deferred

A detailed analysis has been publised as part of recommendations for managing IDN variant TLDs, which has been approved by ICANN Board at ICANN64. The analysis has been forwarded to the GNSO and ccNSO for their consideration for relevant policy and procedure development. The analysis is avaialble at https://www.icann.org/resources/pages/idn-variant-tld-implementation-201.... Specifically see section 3 of the report at https://www.icann.org/en/system/files/files/idn-variant-tld-recommendati....

SAC064: SSAC Advisory on DNS "Search List" Processing (R-3)

(13 Feb 2014)

Phase 4 | Deferred

The ICANN organization understands that SAC064 R-3 means that the SSAC recommends that in the context of mitigating name collisions, ICANN should consider the following steps to address search list processing behavior: a. ICANN should consider whether to commission additional studies to further understand the cause of invalid queries to the root zone and the significance of search list processing as a contributor to those queries. b. ICANN should communicate to system administrators that search list behaviors currently implemented in some operating systems will cause collision with names delegated as new gTLDs from the 2012 application round for the New gTLD Program.  On 24 June 2017, the ICANN Board accepted this advice and directed the ICANN organization to implement per the ICANN organization's recommendation (https://www.icann.org/resources/board-material/resolutions-2017-06-24-en...). Further implementation of this item is deferred as of 23 September 2019 pending external activity. ICANN org will take up further action once the NCAP's work on analyzing the causes of queries for non-existent TLDs to the root is complete.

SAC095: SSAC Advisory on the Use of Emoji in Domain Names R-1

(25 May 2017)

Phase 4 | Deferred

On 2 Nov 2017, the ICANN Board directed the ICANN org to engage with gTLD and ccTLD communities on the findings and recommendations in SAC095 in addition to requesting that the ccNSO and GNSO integrate conformance with IDNA2008 and its successor into their relevant policies so as to safeguard security, stability, resiliency and interoperability of domain names (see: https://www.icann.org/resources/board-material/resolutions-2017-11-02-en...). IDN ccTLD Fast Track process already limits labels at top level to IDNA2008 which does not allow for emojis (see https://www.icann.org/en/system/files/files/idn-cctld-implementation-pla...). Further, GNSO is considering limiting the TLDs to IDNA2008 (through the use of Root Zone Label Generation Rules) for the subsequent procedures for the gTLDs. The policy work is still under development by the community. Limiting TLDs to Root Zone LGRs is also recommended in the recent recommendations for IDN variant TLDs published at https://www.icann.org/resources/pages/idn-variant-tld-implementation-201... and adopted by the ICANN Board at ICANN64 for further consideration by GNSO and ccNSO. Finally the recent work on technical use of Root Zone LGR by the study group also recommends the same: see recommendations 1 and 2 in the report at https://www.icann.org/en/system/files/files/recommendations-rz-lgr-14may.... Further implementation of this item is deferred as of 30 June 2019 pending external activity. ICANN org will take up further work once the GNSO and ccNSO have considered these items as part of their policy development work.

SAC101v2: SSAC Advisory Regarding Access to Domain Name Registration Data (R-4)

(11 Dec 2018)

Phase 4 | Deferred

On 23 June 2019 the ICANN Board considered SAC101v2 and noted advice items 2A and three through seven in SAC101 version 2 and referred them to the GNSO Council for consideration for inclusion in the EPDP Phase 2 work (https://www.icann.org/resources/board-material/resolutions-2019-06-23-en...). In its rationale the Board states "Advice item four suggests that 'initiation of charges for RDS access, or any significant future changes in fees for RDDS access, must include a formal assessment of user impacts and the security and stability impacts, and be conducted as part of a formal Policy Development Process (PDP).' As this is a policy matter and the topic is in the work plan for the EPDP Phase 2, the Board notes this advice and refers to the GNSO Council as the manager of PDPs."

SAC101v2: SSAC Advisory Regarding Access to Domain Name Registration Data (R-6)

(11 Dec 2018)

Phase 4 | Deferred

On 23 June 2019 the ICANN Board considered SAC101v2 and noted advice items 2A and three through seven in SAC101 version 2 and referred them to the GNSO Council for consideration for inclusion in the EPDP Phase 2 work (https://www.icann.org/resources/board-material/resolutions-2019-06-23-en...). In its rationale the Board states "Advice item six suggests that the 'ICANN Board should direct the ICANN Organization to work to ensure that all methods of access to RDDS data provide an equivalent response to the same query.' As this is a policy matter and the topic is in the work plan for the EPDP Phase 2, the Board notes this advice and refers to the GNSO Council as the manager of PDPs."

SAC101v2: SSAC Advisory Regarding Access to Domain Name Registration Data (R-7)

(11 Dec 2018)

Phase 4 | Deferred

On 23 June 2019 the ICANN Board considered SAC101v2 and noted advice items 2A and three through seven in SAC101 version 2 and referred them to the GNSO Council for consideration for inclusion in the EPDP Phase 2 work (https://www.icann.org/resources/board-material/resolutions-2019-06-23-en...). In its rationale the Board states "Advice item seven suggests that the 'ICANN Board should direct the ICANN Organization to work to ensure that RDDS access is provided in a measurable and enforceable framework, which can be understood by all parties.' As this is a policy matter and the topic is in the work plan for the EPDP Phase 2, the Board notes this advice and refers to the GNSO Council as the manager of PDPs."

SAC060: Active Variant TLDs (4 of 14)

(23 Jul 2013)

Phase 4 | Implement

The IDN Guidelines have been updated to encourage the use reference LGRs which allow for consistent set of rules between top-level and second level. See recommendations eight (8) and nine (9) of the guidelines: https://www.icann.org/en/system/files/files/idn-guidelines-10may18-en.pdf. The Guidelines are being considered by the ICANN Board. GNSO recently requested deferring their approval by the Board as it considers if some of these guidelines come under their policy remit. The reference second LGRs are posted at https://www.icann.org/resources/pages/second-level-lgr-2015-06-21-en. The root zone LGR is posted at https://www.icann.org/resources/pages/root-zone-lgr-2015-06-21-en. IANA also maintains a central repository for IDN tables for all TLDs.

SAC070: SSAC Advisory on the Use of Static TLD/Suffix Lists (R-3)

(28 May 2015)

Phase 4 | Implement

The ICANN organization understands this recommendation to mean that ICANN, in concert with the Mozilla Foundation, prepare educational materials on the Mozilla PSL covering the meaning of the resource and the impact of the resource. ICANN org hired a contractor to provide the materials. Estimated time to completion is end of December 2019. On 24 June 2017, the ICANN Board accepted this advice and directed the ICANN organization to implement per the ICANN organization's recommendation (https://www.icann.org/resources/board-material/resolutions-2017-06-24-en...).

SAC074: SSAC Advisory on Registrant Protection: Best Practices for Preserving Security and Stability in the Credential Management Lifecycle – Item 4

(3 Nov 2015)

Phase 4 | Implement

At GDD Industry Summit 2019 in Bangkok in May 2019 (https://www.icann.org/gddsummit), a session on Credential Management Lifecycle was conducted. A team of community experts presented an educational material that was shared with the SSAC prior to the session for input and guidance. A community wiki space has been established for the community to share good practices in credential management. The sharing of the good practices and community awareness will continue with the participation of the community.

SAC095: SSAC Advisory on the Use of Emoji in Domain Names R-2

(25 May 2017)

Phase 4 | Implement

On 2 Nov 2017, the ICANN Board directed the ICANN org to engage with gTLD and ccTLD communities on the findings and recommendations in SAC095 in addition to requesting that the ccNSO and GNSO integrate conformance with IDNA2008 and its successor into their relevant policies so as to safeguard security, stability, resiliency and interoperability of domain names (see: https://www.icann.org/resources/board-material/resolutions-2017-11-02-en...). Registrations under gTLDs are limited to IDNA2008 under the new gTLDs program. So registrations for such gTLDs do not permit emojis. The same restrictions are also also extended for contracts for other gTLDs. There is active outreach to the ccTLDs for following the same practice, and not register emojis, by ICANN org's GSE team and the IDN program team. ICANN org has also translated the advice from SSAC to training materials, e.g. see the flyer and its translations at the bottom of the webpage www.icann.org/idn – which is being disseminated by the GSE team.

SAC097: SSAC Advisory Regarding the Centralized Zone Data Service (CZDS) and Registry Operator Monthly Activity Reports, R-1

(12 Jun 2017)

Phase 4 | Implement

On 23 June 2018, the Board accepted this advice and directed the ICANN President and CEO or his designee to implement an auto-renew feature in the CZDS system (https://www.icann.org/resources/board-material/resolutions-2018-06-23-en...). CZDS platform migration is complete, making it possible to add new features to address the problem of gaps in user access to zone files. The feature has been scoped and is in the process of being added to the next product road map for future system enhancements. Due to additional updates to the roadmap, substantial updates for new features on CZDS is expected to be available in 2QFY20.

SAC097: SSAC Advisory Regarding the Centralized Zone Data Service (CZDS) and Registry Operator Monthly Activity Reports, R-2

(12 Jun 2017)

Phase 4 | Implement

On 23 June 2018, the Board accepted this advice and directed the ICANN President and CEO or his designee to adjust the zone file access subscription agreement to the extent necessary to accommodate the implementation of Recommendation 1 (https://www.icann.org/resources/board-material/resolutions-2018-06-23-en...). ICANN org continues to work with the Policy team to inform the community to have the recommendation to be considered for the subsequent rounds of new gTLDs.

SAC097: SSAC Advisory Regarding the Centralized Zone Data Service (CZDS) and Registry Operator Monthly Activity Reports, R-3

(12 Jun 2017)

Phase 4 | Implement

On 23 June 2018, the Board accepted this advice and directed the ICANN President and CEO or his designee to produce educational materials for registry operators to increase their awareness of ICANN's expectations with respect to zone file access (https://www.icann.org/resources/board-material/resolutions-2018-06-23-en...). The number of complaints requiring Contractual Compliance follow-up is decreasing. The adoption rate of the new auto-approve feature increased to 45% from 40% in June 2019. The number of TLDs that approve requests for a period longer than 2 years is increasing.

SAC097: SSAC Advisory Regarding the Centralized Zone Data Service (CZDS) and Registry Operator Monthly Activity Reports, R-4

(12 Jun 2017)

Phase 4 | Implement

On 23 June 2018, the Board accepted this advice and directed the ICANN President and CEO or his designee to clarify the Zone File Access (ZFA) metric and to support registry operators to increase the accuracy of the public reporting for Webbased WHOIS query statistics (https://www.icann.org/resources/board-material/resolutions-2018-06-23-en...). ICANN org continues to facilitate the conversation between SSAC and RySG. The SSAC and RySG met to discuss observations of SSAC during ICANN 65 where RySG members raised concerns.

SAC101v2: SSAC Advisory Regarding Access to Domain Name Registration Data (R-1)

(11 Dec 2018)

Phase 4 | Implement

On 23 June 2019 the ICANN Board considered SAC101v2 and accepted Recommendation 1 and directed the ICANN President and CEO, or his designee(s), to create a plan that reports on ICANN org's and the community's progress toward the four objectives identified in the advice (https://www.icann.org/resources/board-material/resolutions-2019-06-23-en...). In its rationale the Board states "In accepting advice item one, the Board further notes that the creation of an "accredited RDDS access program," is a topic under discussion in the EPDP Phase 2. The Board cannot dictate outcomes of PDPs. Once the EPDP delivers its final Phase 2 report, the Board will consider the policy recommendations."

SAC101v2: SSAC Advisory Regarding Access to Domain Name Registration Data (R-2B)

(11 Dec 2018)

Phase 4 | Implement

On 23 June 2019 the ICANN Board considered SAC101v2 and accepted Recommendation 1 and directed the ICANN President and CEO, or his designee(s), to work with the community to clarify existing contractual obligations relating to rate limits (https://www.icann.org/resources/board-material/resolutions-2019-06-23-en...). In its rationale the Board state "Advice item 2B suggests that the Board direct ICANN org to work with the community to 'clarify current expectations for the use of rate limiting under existing policy and agreements.' In accepting advice item 2B, the Board notes that the community should be involved in the discussion to clarify existing contractual obligations relating to rate limits."

SAC106: SSAC Comments on Evolving the Governance of the Root Server System (R-2)

(8 Aug 2019)

Phase 4 | Implement

The ICANN organization understands SAC106 Recommendation 2 to mean that the SSAC recommends to the Root Server System Governance Working Group (GWG) that the SSAC not be given any operational roles in any standing committees, operational committees, or other bodies that emerge from the deliberations of the GWG. The ICANN org also understands the SSAC is open to invitations from the bodies that emerge from the deliberations of the GWG to participate in an advisory capacity, consistent with SSAC's charter, experience and capabilities. ICANN sent this understanding to the SSAC for review on 15 August 2019. SAC106 Recommendation 2 through 4 will be provided to the Root Server System Governance Working Group (GWG) as input for consideration.

SAC106: SSAC Comments on Evolving the Governance of the Root Server System (R-3)

(8 Aug 2019)

Phase 4 | Implement

The ICANN organization understands SAC106 Recommendation 3 to mean that the SSAC recommends to the Root Server System Governance Working Group (GWG) that decisions of the GWG be made on the basis of consensus, and that votes only be taken when formality is required or consensus is not achievable. ICANN sent this understanding to the SSAC for review on 15 August 2019. SAC106 Recommendation 2 through 4 will be provided to the Root Server System Governance Working Group (GWG) as input for consideration.

SAC106: SSAC Comments on Evolving the Governance of the Root Server System (R-4)

(8 Aug 2019)

Phase 4 | Implement

The ICANN organization understands SAC106 Recommendation 4 to mean that the SSAC recommends the SSAC recommends to the Root Server System Governance Working Group (GWG) that bodies involved in the ongoing oversight of the Root Server System (RSS) be reviewed regularly to ensure that the RSS is both meeting its commitments and that it remains responsive to evolutionary needs and changing environmental factors as appropriate. ICANN sent this understanding to the SSAC for review on 15 August 2019. SAC106 Recommendation 2 through 4 will be provided to the Root Server System Governance Working Group (GWG) as input for consideration.

SAC045: Invalid Top Level Domain Queries at the Root Level of the Domain Name System (R-6)

(15 Nov 2010)

Phase 5 | Close Request

This advice item requires further policy determination. ICANN will refer this advice to the GNSO for consideration.

SAC047: SSAC Comment on the ICANN gTLD Registry Transition Processes Model (2 of 7)

(15 Apr 2011)

Phase 5 | Close Request

On 23 June 2018, the Board accepted this advice and directed the CEO or his designee to implement the advice (https://www.icann.org/resources/board-material/resolutions-2018-06-23-en...).

SAC051: SSAC Report on WHOIS Terminology and Structure (R-2)

(14 Jun 2011)

Phase 5 | Close Request

The Board accepted this advice in October 2011 and requested that a roadmap to implementation of SAC051 be developed (https://www.icann.org/resources/board-material/minutes-2011-10-28-en#5). A roadmap to implementing SAC051 was published for public comment in February 2012: https://www.icann.org/news/announcement-6-2012-06-04-en. As of 26 August 2019 all contracted parties are required to provide an RDAP service in addition to the WHOIS service. ICANN org expects to initiate the formal process for amending the Base gTLD Registry Agreement and 2013 Registrar Accreditation Agreement respectively to incorporate robust requirements for RDAP and define a smooth transition from WHOIS to RDAP including a sunset of the obligations for the WHOIS service.

SAC058: R-3 SSAC Report on Domain Name Registration Data Validation

(27 Mar 2013)

Phase 5 | Close Request

The ICANN organization understands SAC058 Recommendation 3 to mean that the ICANN community should seek to identify validation techniques to be used by registrars and registries for validating registration data. On 23 June 2018, the Board accepted this advice and directed the CEO or his designee to implement the advice (https://www.icann.org/resources/board-material/resolutions-2018-06-23-en...).

SAC061: R-2 SSAC Comment on ICANN's Initial Report from the Expert Working Group on gTLD Directory Services

(6 Sep 2013)

Phase 5 | Close Request

On 23 June 2018, the Board accepted this advice and noted that implementation has been completed (https://www.icann.org/resources/board-material/resolutions-2018-06-23-en...). Subsequently, on 2 August 2018 the SSAC contacted the ICANN org to oppose this determination and requested the ICANN org change SAC061 Recommendation 2's status from 'Closed' to 'Open." Upon review of SAC061 and SAC101v2, the ICANN org has returned SAC061 to Phase 2 | Understand. SAC061 Recommendation 2 will be considered in conjunction with SAC101v2. On 23 June 2019 the ICANN Board considered SAC101v2 and noted advice items 2A and three through seven in SAC101 version 2 and referred them to the GNSO Council for consideration for inclusion in the EPDP Phase 2 work (https://www.icann.org/resources/board-material/resolutions-2019-06-23-en...). In its rationale the Board states "Advice item five reiterates Recommendation 2 from SAC061 and suggests that 'The ICANN Board should ensure that a formal security risk assessment of the registration data policy be conducted as an input into the Policy Development Process. A separate security risk assessment should also be conducted regarding the implementation of the policy.' The advice further suggests that 'These assessments should be incorporated in PDP plans at the GNSO.' As the advice suggests that the assessments be incorporated into PDP plans and the GNSO is the manager of PDPs, the Board notes and refers this advice to the GNSO Council."

SAC062: SSAC Advisory Concerning the Mitigation of Name Collision Risk (R-1)

(7 Nov 2013)

Phase 5 | Close Request

On 24 June 2017, the ICANN Board accepted this advice and directed the ICANN organization to implement per the ICANN organization's recommendation (https://www.icann.org/resources/board-material/resolutions-2017-06-24-en...).

SAC063: SSAC Advisory on DNSSEC Key Rollover in the Root Zone – Item 1

(7 Nov 2013)

Phase 5 | Close Request

On 15 October 2018 ICANN org determined that the first-ever changing of the cryptographic key that helps protect the DNS has been completed with minimal disruption of the global Internet (https://www.icann.org/news/announcement-2018-10-15-en). The communication plan is part of the overall KSK Rollover Project. See: https://www.icann.org/resources/pages/ksk-rollover.

SAC063: SSAC Advisory on DNSSEC Key Rollover in the Root Zone – Item 2

(7 Nov 2013)

Phase 5 | Close Request

On 15 October 2018 ICANN org determined that the first-ever changing of the cryptographic key that helps protect the DNS has been completed with minimal disruption of the global Internet (https://www.icann.org/news/announcement-2018-10-15-en). The test pass is part of the overall KSK Rollover Project. See: https://www.icann.org/resources/pages/ksk-rollover.

SAC063: SSAC Advisory on DNSSEC Key Rollover in the Root Zone – Item 5

(7 Nov 2013)

Phase 5 | Close Request

On 15 October 2018 ICANN org determined that the first-ever changing of the cryptographic key that helps protect the DNS has been completed with minimal disruption of the global Internet (https://www.icann.org/news/announcement-2018-10-15-en). The data collection program is part of the overall KSK Rollover Project. See: https://www.icann.org/resources/pages/ksk-rollover.

SAC065: SSAC Advisory on DDoS Attacks Leveraging DNS Infrastructure (R-1)

(18 Feb 2014)

Phase 5 | Close Request

The ICANN organization understands that SAC065 R-1 means that ICANN should help to facilitate an Internet-wide community effort to reduce the number of open resolvers and networks that allow network spoofing. This initiative, which should involve measurement efforts and outreach, should be supported by ICANN with appropriate staffing and funding to promote the recommendations made in SAC065 Recommendations 2-5.  On 24 June 2017, the ICANN Board accepted this advice and directed the ICANN organization to implement per the ICANN organization's recommendation (https://www.icann.org/resources/board-material/resolutions-2017-06-24-en...).

SAC070: Advisory on the Use of Static TLD / Suffix Lists (R-5)

(28 May 2015)

Phase 5 | Close Request

The ICANN organization understands recommendation 5 of SAC070 as directing IANA staff to host an authoritative PSL containing information about the domains within the registries with which IANA has direct communication. This list should at least include all TLDs in the root zone. ICANN org hired a contractor to provide the materials. Estimated time to completion is end of November 2019. On 24 June 2017, the ICANN Board accepted this advice and directed the ICANN organization to implement per the ICANN organization's recommendation (https://www.icann.org/resources/board-material/resolutions-2017-06-24-en...). As of 01 December 2019, IANA staff is now hosting an authoritative PSL for all TLDs in the root zone as stated in recommendation 5 of SAC070.

SAC073: SSAC Comments on Root Zone Key Signing Key Rollover Plan

(5 Oct 2015)

Phase 5 | Close Request

On 15 October 2018 ICANN org determined that the first-ever changing of the cryptographic key that helps protect the DNS has been completed with minimal disruption of the global Internet (https://www.icann.org/news/announcement-2018-10-15-en). See: https://www.icann.org/resources/pages/ksk-rollover.

SAC090: SSAC Advisory on the Stability of the Domain Namespace, R-1

(22 Dec 2016)

Phase 5 | Close Request

On 23 June 2018, the Board accepted this advice and will ask the GNSO Subsequent Procedures PDP to include this recommendation in its work (https://www.icann.org/resources/board-material/resolutions-2018-06-23-en...).

SAC090: SSAC Advisory on the Stability of the Domain Namespace, R-2

(22 Dec 2016)

Phase 5 | Close Request

On 23 June 2018, the Board accepted this advice and will ask the GNSO Subsequent Procedures PDP to include this recommendation in its work (https://www.icann.org/resources/board-material/resolutions-2018-06-23-en...).

SAC090: SSAC Advisory on the Stability of the Domain Namespace, R-3

(22 Dec 2016)

Phase 5 | Close Request

On 23 June 2018, the Board accepted this advice and will ask the GNSO Subsequent Procedures PDP to include this recommendation in its work (https://www.icann.org/resources/board-material/resolutions-2018-06-23-en...).

SAC090: SSAC Advisory on the Stability of the Domain Namespace, R-4

(22 Dec 2016)

Phase 5 | Close Request

On 23 June 2018, the Board accepted this advice and will ask the GNSO Subsequent Procedures PDP to include this recommendation in its work (https://www.icann.org/resources/board-material/resolutions-2018-06-23-en...).

SAC098: The Security, Stability and Resiliency of the DNS Review (SSR2)

(4 Oct 2017)

Phase 5 | Close Request

On 28 October 2017, the Board issued a letter to the SSR2 Review Team instructing the team to pause all work related to the review, excepting only planned engagement meetings at ICANN 60 (https://www.icann.org/en/system/files/correspondence/crocker-to-ssr2-28o...). On 7 June 2018 ICANN Org announced the formal restart of the SSR2 Review with four additional Review Team members (https://www.icann.org/news/announcement-2-2018-06-07-en).

SAC101v2: SSAC Advisory Regarding Access to Domain Name Registration Data (R-2A)

(11 Dec 2018)

Phase 5 | Close Request

On 23 June 2019 the ICANN Board considered SAC101v2 and noted advice items 2A and three through seven in SAC101 version 2 and referred them to the GNSO Council for consideration for inclusion in the EPDP Phase 2 work (https://www.icann.org/resources/board-material/resolutions-2019-06-23-en...). In its rationale the Board states "Advice item 2A suggests that the Board direct ICANN org to work with the community to 'develop policy with clearly defined uniform purposes for RDDS rate-limiting and corresponding service level agreement requirements.' As policy is developed by the community and this topic is in the work plan for the EPDP Phase 2, the Board notes this advice and refers to the GNSO Council as the manager of PDPs. In taking this action, the Board also notes that in the Annex to the Temporary Specification for gTLD Registration Data, the Board asked that the topic of rate limit be discussed and resolved by the community as quickly as possible."

SAC101v2: SSAC Advisory Regarding Access to Domain Name Registration Data (R-3)

(11 Dec 2018)

Phase 5 | Close Request

On 23 June 2019 the ICANN Board considered SAC101v2 and noted advice items 2A and three through seven in SAC101 version 2 and referred them to the GNSO Council for consideration for inclusion in the EPDP Phase 2 work (https://www.icann.org/resources/board-material/resolutions-2019-06-23-en...). In its rationale the Board states "Advice item three suggests that the 'Board and EPDP policy-makers should ensure that security practitioners and law enforcement authorities have access to domain name contact data, via RDDS, to the full extent allowed by applicable law.' As this is a policy matter and the topic is in the work plan for the EPDP Phase 2, the Board notes this advice and refers to the GNSO Council as the manager of PDPs."

SAC101v2: SSAC Advisory Regarding Access to Domain Name Registration Data (R-5)

(11 Dec 2018)

Phase 5 | Close Request

On 23 June 2019 the ICANN Board considered SAC101v2 and noted advice items 2A and three through seven in SAC101 version 2 and referred them to the GNSO Council for consideration for inclusion in the EPDP Phase 2 work (https://www.icann.org/resources/board-material/resolutions-2019-06-23-en...). In its rationale the Board states "Advice item five reiterates Recommendation 2 from SAC061 and suggests that 'The ICANN Board should ensure that a formal security risk assessment of the registration data policy be conducted as an input into the Policy Development Process. A separate security risk assessment should also be conducted regarding the implementation of the policy.' The advice further suggests that 'These assessments should be incorporated in PDP plans at the GNSO.' As the advice suggests that the assessments be incorporated into PDP plans and the GNSO is the manager of PDPs, the Board notes and refers this advice to the GNSO Council."

SAC102: SSAC Comment on the Updated Plan for Continuing the Root KSK Rollover

(20 Aug 2018)

Phase 5 | Close Request

The ICANN org understands SAC102 is the SSAC's response to ICANN Board Resolution 2018.05.13.09. ICANN org understands the SSAC had not identified any reason within the SSAC's scope why the October 2018 root zone KSK rollover should have not proceeded as it was planned. The ICANN org also understands that the SSAC would like the ICANN org to establish a framework for scheduling further rolls of the root KSK based on analysis of the outcomes of this initial roll of the KSK. This is an updated understanding of SAC102 based on feedback provided by the SSAC on 16 July 2019. ICANN sent this updated understanding to the SSAC for review on 15 August 2019. As of 07 November 2019, a proposed framework requested in the SSAC advice has been put up for public comment and communicated to the community in various sessions in ICANN 66 and on the customary DNSSEC-related mailing lists.

Advice Items Closed in the Last 12 Months

Advice Item Close Date Action(s) Taken

SAC110: SSAC Comments on the Second Security, Stability, and Resiliency (SSR2) Review Team Draft Report

(19 Mar 2020)

3/23/20

The ICANN organization understands this is the SSAC's comment on the Second Security, Stability, and Resiliency (SSR2) Review Team Draft Report. The respective public comment period closed on 20 March 2020. A Report of Public Comments will be published on 03 April 2020 and this comment will be included in that consideration https://www.icann.org/public-comments/ssr2-rt-draft-report-2020-01-24-en. There is no action for the ICANN Board. This understanding was sent to the SSAC on 23 March 2020.

SAC109: The Implications of DNS over HTTPS and DNS over TLS

(12 Mar 2020)

3/19/20

The ICANN organization understands that this report is SAC109: The Implications of DNS over HTTPS and DNS over TLS. As this item is purely informational and there is no specific action for the ICANN Board, this item will be considered closed. This understanding was sent to the SSAC on 19 March 2020.

SAC106: SSAC Comments on Evolving the Governance of the Root Server System (R-1)

(8 Aug 2019)

2/25/20

The ICANN organization understands SAC106 Recommendation 1 to mean that the SSAC recommends to the ICANN Board that the SSAC be included as a voting member in the Root Server System Governance Working Group. ICANN sent this understanding to the SSAC for review on 15 August 2019. As of December 2019 SSAC is appointed a member to the GWG. This advice item will now be closed.

SAC108: SSAC Comments on the IANA Proposal for Future Root Zone KSK Rollovers

(29 Jan 2020)

2/5/20

The ICANN organization understands this is the SSAC's comment on IANA's Proposal for Future Root Zone KSK Rollovers. The respective public comment period closed on 31 January 2020. A Report of Public Comments will be published on 21 February 2020 and this comment will be included in that consideration (https://www.icann.org/public-comments/proposal-future-rz-ksk-rollovers-2...). There is no action for the ICANN Board. This understanding was sent to the SSAC on 05 February 2020.

SSAC107: SSAC Comment to NIST on Quantum Cryptography Algorithms

(3 Dec 2019)

12/10/19

The ICANN org understands that this statement is SAC107: SSAC Comment to NIST on Quantum Cryptography Algorithms. As this item is input to the NIST on its post-quantum cryptography second round candidate algorithms, there is no action for the ICANN Board, and the item will be considered closed. This understanding was sent to the SSAC on 10 December 2019.

SAC105: The DNS and the Internet of Things: Opportunities, Risks, and Challenges

(3 Jun 2019)

6/3/19

The ICANN org understands that the aim of SAC105: The DNS and the Internet of Things: Opportunities, Risks, and Challenges is to trigger and facilitate dialogue in the broader ICANN community. The ICANN org understands that SAC105 does not contain any recommendations nor does it solicit any actions from the ICANN Community or Board and therefore the item will be considered closed. This understanding was sent to the SSAC on 3 June 2019.