ICANN Resolutions » Consideration of Board Advice Register SSAC recommendations from SAC062, SAC063, SAC064, SAC065, SAC070, and SAC073

Important note: The Board Resolutions are as reported in the Board Meeting Transcripts, Minutes & Resolutions portion of ICANN's website. Only the words contained in the Resolutions themselves represent the official acts of the Board. The explanatory text provided through this database (including the summary, implementation actions, identification of related resolutions, and additional information) is an interpretation or an explanation that has no official authority and does not represent the purpose behind the Board actions, nor does any explanations or interpretations modify or override the Resolutions themselves. Resolutions can only be modified through further act of the ICANN Board.

Consideration of Board Advice Register SSAC recommendations from SAC062, SAC063, SAC064, SAC065, SAC070, and SAC073

Resolution of the ICANN Board
Meeting Date: 
Sat, 24 Jun 2017
Resolution Number: 
Resolution Text: 

Whereas, the Security and Stability Advisory Committee (SSAC) submitted recommendations in SAC Documents: SAC062, SAC063, SAC064, SAC065, SAC070 and SAC073.

Whereas, the ICANN organization has evaluated the feasibility of the SSAC's advice and developed implementation recommendations for each.

Whereas, the Board has considered the SSAC Advice and the ICANN organization's implementation recommendations relating to this advice.

Resolved (2017.06.24.19), the Board adopts the SSAC recommendations outlined in the document titled "Implementation Recommendations for SSAC Advice Documents SAC062, SAC063, SAC064, SAC065, SAC070, and SAC073 (08 June 2017) [PDF, 433 KB]", and directs the CEO to implement the advice as described in the document.

Rationale for Resolution: 

The Action Request Register is a framework intended to improve the process for the Board's consideration of recommendations to the ICANN Board, including advice from its Advisory Committees. This framework has been under development since 2015, and as part of the initial effort, the ICANN organization reviewed SSAC Advice issued between 2010 and 2015 to identify items that had not yet received Board consideration. The results of this initial review were communicated to the SSAC Chair in a letter from the Chair of the ICANN Board on 19 October 2016 (see https://www.icann.org/en/system/files/correspondence/crocker-to-faltstro... [PDF, 627 KB]). This resolution is intended to address several of items that were identified as open at that time, as well as two items identified as being part of the "pilot" process.

As part of the Action Request Register process, for each advice item presented with this resolution, the ICANN organization has reviewed the request, confirmed its understanding of the SSAC's request with the SSAC, and evaluated the feasibility of the request. The ICANN organization is presenting its recommendations to the Board so that the Board may formally consider the advice and direct the CEO to address the advice appropriately.

Background information on each advice document is provided below:

SAC062 recommends that ICANN should work with the broader Internet community to identify what strings are appropriate to reserve for private namespace use and what type of private namespace use is appropriate. ICANN's Office of the CTO continues to be active in the IETF Working Group DNSOP on specifying a process to reserve special use names. This effort will update RFC6761 (see https://www.icann.org/en/system/files/files/sac-062-en.pdf [PDF, 375 KB]).

SAC063 recommends that ICANN staff should lead, coordinate and otherwise encourage the creation of a testbed to analyse behaviors of validating resolver implementations that may affect or be affected by the root KSK rollover. As part of the root KSK rollover project, ICANN's Office of the CTO continues its work with the resolver testbed that the research team has created to study the behavior of DNSSEC validators under various operational conditions. (See https://www.icann.org/en/system/files/files/sac-063-en.pdf [PDF, 480 KB])

SAC064 addresses "Search List" processing behavior. In this context, a search list is a list of domains that are appended to a user's input of a partial domain name in order to form a fully qualified domain name. Recommendation 2 suggests that ICANN staff should work with the DNS community and the IETF to encourage the standardization of search list processing behavior. Recommendation 3 suggests ways to consider in which search list behavior could help mitigate name collisions. ICANN staff can facilitate both recommendations though there could be an impact on cost and resources in order to do so. (See https://www.icann.org/en/system/files/files/sac-064-en.pdf [PDF, 931 KB].)

SAC065 is an advisory on DDoS attacks leveraging DNS infrastructure and Recommendation 1 indicates that ICANN should help facilitate an Internet-wide community effort to reduce the number of open resolvers and networks that allow network spoofing. Upon the creation of such a community effort, ICANN should provide measurement and outreach support with appropriate allocation of staff and funding. (See https://www.icann.org/en/system/files/files/sac-065-en.pdf [PDF, 423 KB].)

SAC070 is an advisory about Public Suffix Lists (PSL). Although there is no consensus definition of a PSL, SAC defines it as "a domain in which multiple parties that are unaffiliated with the owner of the public suffix may register subdomains." Although multiple PSLs exist, the Mozilla Foundation's PSL appears to be the most widely accepted. Recommendation 3 suggests that ICANN work with the Mozilla Foundation to create informational material about the Mozilla Foundation's PSL that can be given to registry operators. Recommendation 4a suggests that the Internet community should standardize the approach to PSLs and ICANN and the work being done with universal acceptance should encourage the software development community to support the use of PSLs.

Recommendation 5 suggest that IANA should host a PSL containing information about the domains within the registries with which IANA has direct communication. Recommendation 6 suggests that parties working on universal acceptance such as the UASG include the use of a PSL and actions of a PSL as part of their work. ICANN can consult with the Mozilla Foundation and the larger ICANN community to the desirability of educational materials and, if desirable, ICANN's Office of the CTO would have to consider the prioritization into its project load as well as costs and other factors. The Universal Acceptance Steering Group (UASG) already recommends that TLDs are validated where necessary and makes specific reference to SAC070 in its UA documentation. However, the UASG does not currently recommend the use of the Mozilla Foundation PSL because the UASG does not have confidence that it is authoritative. It is also not clear that there would be a benefit for IANA to create and host a separate PSL as the Mozilla Foundation PSL is already the most widely used PSL. Community consultation would be required. (See https://www.icann.org/en/system/files/files/sac-070-en.pdf [PDF, 955 KB].)

SAC073 contains comments on the Root Zone Key Signing Key (KSK) Rollover Plan, addressing the following topics: Terminology and definitions relating to DNSSEC key rollover in the root zone, Key management in the root zone, motivations for root zone KSK rollover, risks associated with root zone KSK rollover, mechanisms for root zone KSK rollover, quantifying the risk of failed trust anchor update, and DNS response size considerations. ICANN's Office of the CTO and Public Technical Identifiers (PTI) are jointly responsible for the planning and execution of the root zone KSK rollover project and a report as requested in SAC073 should be written to address the comments in SAC073. (See https://www.icann.org/en/system/files/files/sac-073-en.pdf [PDF, 541 KB].)