Fwd: ICANN News Alert -- Security Studies on the Use of Non-Delegated TLDs, and Dotless Names

• Previous message (by thread): Paraguay International Connectivity Questions
• Next message (by thread): why does dail-up or pppoe access always has session-timeout ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI, since this has been a topic here.



---------- Forwarded message ----------


http://www.icann.org/en/news/announcements/announcement-28may13-en.htm

________________________________
Security Studies on the Use of Non-Delegated TLDs, and Dotless Names

28 May 2013

ICANN's mission and core values call to preserve and enhance the
operational stability, reliability, security, and global interoperability
of the Internet. In pursuing these goals and following the direction of its
Board of Directors as well as the advice of the Security and Stability
Advisory Committee, ICANN is announcing two studies regarding: 1) the use
of non-delegated TLDs and 2) potential risks related to dotless domain
names.

On 31 January 2013, ICANN security team received the SAC 057: SSAC Advisory
on Internal Name Certificates. On 18 May, the ICANN Board directed staff to
commission a study on the use of TLDs that are not currently delegated at
the root level of the public DNS in enterprises.

Today, ICANN is announcing that a study has been commissioned on the
potential security impacts of the applied-for new-gTLD strings in relation
to namespace collisions with non-delegated TLDs that may be in use in
private namespaces including their use in X.509 digital certificates. As
part of this study, the expert study team will develop a framework for
assessing the risk level and classify the risk level for the strings as
identified in the study. The report will also provide options for ICANN as
to how to mitigate the various risks and will describe the pros and cons of
the options.

On 23 February 2012, the SSAC published the SAC 053: SSAC Report on Dotless
Domains. A domain name that consists of a single label is referred to as a
"dotless domain name". Use of dotless names could provide potential
innovations to the domain name industry and new gTLD applicants, but their
use also raises usability, functionality, security and stability concerns
as described in the SSAC report. On 23 June 2012, the ICANN Board directed
staff to consult with the relevant communities regarding implementation of
the recommendations in SAC 053 and to provide a briefing paper for the
Board, detailing the issues and options available to mitigate such issues.
During the period of August to September 2012, a public comment period was
held regarding the SAC 053 report. The public comment period made clear
that dotless domain names are a subject of active discussion in the ICANN
community, that no clear conclusion could be drawn, and that a greater
effort to identify and explore solutions to the concerns raised before
implementing SAC 053 recommendations could be useful.

Today, ICANN is announcing that it has commissioned a study on the
potential risks related to dotless domain names based on SAC 053 report.
The study report will identify and describe the potential risks that
dotless names raise with particular focus on those related to security and
stability. The report will also provide options for ICANN as to how to
mitigate the various risks and will describe the pros and cons of the
options.

In both cases ICANN intends to deliver the study teams findings before the
ICANN 47th meeting in Durban, South Africa.


-- 
---------------------------------------------------------------
Joly MacFie  218 565 9365 Skype:punkcast
WWWhatsup NYC - http://wwwhatsup.com
 http://pinstand.com - http://punkcast.com
 VP (Admin) - ISOC-NY - http://isoc-ny.org
--------------------------------------------------------------
-

• Previous message (by thread): Paraguay International Connectivity Questions
• Next message (by thread): why does dail-up or pppoe access always has session-timeout ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]