ICANN Resolutions » SAC070: Security and Stability Advisory Committee (SSAC) Advisory on the Use of Static TLD / Suffix Lists

Important note: The Board Resolutions are as reported in the Board Meeting Transcripts, Minutes & Resolutions portion of ICANN's website. Only the words contained in the Resolutions themselves represent the official acts of the Board. The explanatory text provided through this database (including the summary, implementation actions, identification of related resolutions, and additional information) is an interpretation or an explanation that has no official authority and does not represent the purpose behind the Board actions, nor does any explanations or interpretations modify or override the Resolutions themselves. Resolutions can only be modified through further act of the ICANN Board.

SAC070: Security and Stability Advisory Committee (SSAC) Advisory on the Use of Static TLD / Suffix Lists


Resolution of the ICANN Board
Meeting Date: 
Wed, 12 May 2021
Resolution Number: 
2021.05.12.10
Resolution Text: 

Whereas, on 28 May 2015, SSAC published SAC070: SSAC Advisory on the Use of Static TLD / Suffix Lists.

Whereas, on 1 June 2016 the ICANN org and SSAC agreed through a Statement of Understanding that Recommendations 1, 2, 4b, and 4c had no actions for the Board.

Whereas, on 24 June 2017, in Resolution 2017.06.24.19, the ICANN Board accepted this advice and directed the ICANN org to implement per the ICANN org's recommendation.

Whereas, on 18 May 2020, ICANN org published "The Public Suffix List: A Guide for TLD Administrators" (OCTO-011) which completed Recommendation 3.

Whereas, on 8 August 2017, the Universal Acceptance Steering Group (UASG) considered the SSAC advice in its document UASG007, and ICANN org notified SSAC of the completion of the actions called for in Recommendation 4a.

Whereas, on 1 December 2019, the IANA team started hosting an authoritative PSL for all TLDs in the root zone, completing Recommendation 5.

Whereas, on 8 August 2017, the UASG considered SAC070's Recommendation 6 advice in UASG007, and ICANN org notified SSAC of Recommendation's 6 completion.

Resolved (2021.05.12.10), the Board finds that the actions called for by the recommendations from SAC070 advising action for ICANN org, specifically Recommendations 3, 4a, 5, and 6, have been completed by ICANN org.

Rationale for Resolution: 

1. Why is the Board addressing the issue?

On 24 June 2017, the ICANN Board accepted SAC070's advice and directed the ICANN org to implement the advice per the ICANN org's recommendation.

This advisory concerns the use of static TLD / suffix lists. Software that processes domain names, such web browsers, sometimes needs to know whether a domain name ends in a "public suffix", i.e., a domain typically open for registration, such as .com or .co.uk. "Public suffix lists" (PSLs), most notably the one maintained by Mozilla, attempt to list all such public suffix domains. Software uses this list for various purposes, such as quickly validating a TLD without requiring a DNS query, highlighting the public portion of a domain name in a browser's address bar, or determining if one domain is able to set a cookie for another (which is not allowed if the domains are unrelated, which is the case if they are peers under the same public suffix).

As of May 2020, all recommendations from SAC070 calling for action by ICANN org had been completed.

The Board briefings on this matter demonstrates ICANN org's completion of work on SAC062's recommendations. As a result, the Board is now directing that the remaining items related to SAC070 being tracked in the ICANN org Action Request Registry may be closed, at the recommendation of the Board Technical Committee (BTC).

2. What is the proposal being considered?

The Board is considering a recommendation from the BTC that the ICANN Board direct that the remaining items related to SAC070 being tracked in the ICANN org Action Request Registry may be closed.

3. Which stakeholders or others were consulted?

The SSAC agreed that ICANN org has fulfilled its role in implementing the Recommendations of this Advisory.

4. What concerns or issues were raised by the community?

None.

5. What significant materials did the Board review?

In determining that the remaining items related to SAC070 being tracked in the ICANN org Action Request Registry may be closed, the Board considered the recommendation of the BTC and the rationale from ICANN org demonstrating that work on these remaining items is now complete.

BACKGROUND

Recommendations 1 and 2: No Action Required by ICANN org

Recommendations 1 and 2 addressed the IETF and the applications community and on 1 June 2016, SSAC approved a statement of understanding acknowledging that no action was required from ICANN org.

Recommendation 3

SAC070 Recommendation #3 advised that ICANN org, in concert with the Mozilla Foundation, prepare educational materials on the Mozilla PSL covering the meaning of the resource and the impact of the resource.

ICANN org hired a contractor to provide the materials and on 18 May 2020, "The Public Suffix List: A Guide for TLD Administrators" (OCTO-011) was published. This document about the Mozilla PSL can be given to TLD registry operators and is designed to close the knowledge gap between registries and popular PSL maintainers.

Recommendation 4 which has three (3) parts:

4a advised that ICANN org should request that the UASG encourage the development of software resources enabling or enhancing the effective use of the Mozilla PSL, with attention toward software developers. As the UASG considered the SSAC advice in its document UASG007, ICANN org notified SSAC of this recommendation's closure on 8 August 2017.

4b advised that application developers should use a canonical file format and modern authentication protocols as specifications to this work. On 30 August 2016, ICANN org received SSAC's approval of understanding acknowledging there is no action for the Board.

4c advised that application developers should also replace proprietary PSLs with well-known and widely accepted PSL implementations such as the Mozilla PSL and the proposed IANA PSL (part of Recommendation 5). On 30 August 2016, ICANN org received SSAC's approval of understanding acknowledging there is no action for the Board.

Recommendation 5

Recommendation 5 advised that IANA should host a Public Suffix List (PSL) containing information about the domains within the registries with which IANA has direct communication. Such a PSL would be authoritative for those domains. Such a list should include, at a minimum, all Top Level Domains (TLDs) in the IANA root zone.

As of 1 December 2019, the IANA team is now hosting an authoritative PSL for all TLDs in the root zone as stated in recommendation 5 of SAC070. On 12 February 2020, SSAC agreed that SAC070, Recommendation 5 had been completed.

Recommendation 6

Recommendation 6 encouraged those parties working on universal acceptance such as the UASG to explicitly include the use of a PSL and actions related to a PSL as part of their work. As the UASG considered the SSAC advice in its document UASG007, ICANN org notified SSAC of this recommendation's closure on 8 August 2017.

6. Are there positive or negative community impacts?

This Board resolution confirms that the Advisory's recommendations were completed by ICANN org and does not assess the impacts of the implementation of the recommendations.

7. Are there fiscal impacts or ramifications on ICANN (strategic plan, operating plan, budget); the community; and/or the public?

No fiscal impacts or ramifications on ICANN, the community, or the public are expected as a result of closing these remaining SAC070 items.

8. Are there any security, stability or resiliency issues relating to the DNS?

No security, stability, or resiliency issues relating to the DNS are expected as a result of closing these remaining SAC070 items.

9. Is this decision in the public interest and within ICANN's mission?

Yes. Confirming the completion of the implementation of an Advisory provides an accountability mechanism for ICANN's work, which is in the public interest and within ICANN's mission.

10. Is this either a defined policy process within ICANN's Supporting Organizations or ICANN's Organizational Administrative Function decision requiring public comment or not requiring public comment?

This action does not require public comment.