<<<
Chronological Index
>>> <<<
Thread Index
>>>
[council] Security Studies on the Use of Non-Delegated TLDs, and Dotless Names
- To: GNSO Council List <council@xxxxxxxxxxxxxx>
- Subject: [council] Security Studies on the Use of Non-Delegated TLDs, and Dotless Names
- From: Glen de Saint Géry <Glen@xxxxxxxxx>
- Date: Thu, 30 May 2013 14:49:31 -0700
- Accept-language: fr-FR, en-US
- Acceptlanguage: fr-FR, en-US
- List-id: council@xxxxxxxxxxxxxx
- Sender: owner-council@xxxxxxxxxxxxxx
- Thread-index: Ac5df4uRuUBzJF+ERJ+61EUoatD/IA==
- Thread-topic: Security Studies on the Use of Non-Delegated TLDs, and Dotless Names
https://www.icann.org/en/news/announcements/announcement-28may13-en.htm
Security Studies on the Use of Non-Delegated TLDs, and Dotless Names
28 May 2013
ICANN's mission and core values call to preserve and enhance the operational
stability, reliability, security, and global interoperability of the Internet.
In pursuing these goals and following the direction of its Board of Directors
as well as the advice of the Security and Stability Advisory Committee, ICANN
is announcing two studies regarding: 1) the use of non-delegated TLDs and 2)
potential risks related to dotless domain names.
On 31 January 2013, ICANN security team received the SAC 057: SSAC Advisory on
Internal Name Certificates. On 18 May, the ICANN Board directed staff to
commission a study on the use of TLDs that are not currently delegated at the
root level of the public DNS in enterprises.
Today, ICANN is announcing that a study has been commissioned on the potential
security impacts of the applied-for new-gTLD strings in relation to namespace
collisions with non-delegated TLDs that may be in use in private namespaces
including their use in X.509 digital certificates. As part of this study, the
expert study team will develop a framework for assessing the risk level and
classify the risk level for the strings as identified in the study. The report
will also provide options for ICANN as to how to mitigate the various risks and
will describe the pros and cons of the options.
On 23 February 2012, the SSAC published the SAC 053: SSAC Report on Dotless
Domains. A domain name that consists of a single label is referred to as a
"dotless domain name". Use of dotless names could provide potential innovations
to the domain name industry and new gTLD applicants, but their use also raises
usability, functionality, security and stability concerns as described in the
SSAC report. On 23 June 2012, the ICANN Board directed staff to consult with
the relevant communities regarding implementation of the recommendations in SAC
053 and to provide a briefing paper for the Board, detailing the issues and
options available to mitigate such issues. During the period of August to
September 2012, a public comment period was held regarding the SAC 053 report.
The public comment period made clear that dotless domain names are a subject of
active discussion in the ICANN community, that no clear conclusion could be
drawn, and that a greater effort to identify and explore solutions to the
concerns raised before implementing SAC 053 recommendations could be useful.
Today, ICANN is announcing that it has commissioned a study on the potential
risks related to dotless domain names based on SAC 053 report. The study report
will identify and describe the potential risks that dotless names raise with
particular focus on those related to security and stability. The report will
also provide options for ICANN as to how to mitigate the various risks and will
describe the pros and cons of the options.
In both cases ICANN intends to deliver the study teams findings before the
ICANN 47th meeting in Durban, South Africa.
Glen de Saint Géry
GNSO Secretariat
gnso.secretariat@xxxxxxxxxxxxxx
http://gnso.icann.org
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|