ICANN
has unveiled the publication on the Dotless Domain Name Security and
Stability Study Report by IT Security firm, Carve Systems LLC
(Carve Systems) as prepared by the trio: Mike Zusman, Jeremy Allen, Rajendra
Umadas.
Dotless
domain names are those that consist of a single label (e.g., http://example,
or mail@example). Dotless names would require the inclusion of, for
example, an A, AAAA, or MX, record in the apex of a Top Level Domain (TLD) zone
in the Domain Name System (DNS), that is the record relates to the TLD-string
itself.
DigitalSENSE Business News
recalls that on 23 February 2012,
the ICANN Security and Stability Advisory Committee (SSAC) published SAC 053: SSAC Report on Dotless
Domains, stressing that that
dotless domains would not be universally reachable and recommended strongly
against their use.
As
a result, the SSAC recommended that the use of DNS resource records such as A,
AAAA, and MX in the apex of a Top-Level Domain (TLD) should be contractually
prohibited where appropriate, and strongly discouraged in all cases.
Also,
on 23 June 2012, the ICANN Board adopted resolution 2012.06.23.09 tasking
ICANN to consult with the relevant communities regarding implementation of the
recommendations in SAC053.
August
24, 2012 saw ICANN staff publishing the SAC053 Report for public comment which
requested input to consider in relation to implementing the recommendations of
the SSAC report. Hence, public comment period was opened and subsequently closed
on 5 November 2012.
On
27 November 2012 the staff posted a report of the public comments that
showed a substantial number of comments both in favor of adopting the SSAC
recommendations as well in opposition to the recommendations.
In
May of 2013 ICANN commissioned a study on the
stability and security implications of dotless domain name functionality to
help ICANN prepare an Implementation plan for the SAC053 recommendations.
The
Internet Architecture Board (IAB) on July 10, 2013 released a statement on dotless domain names,
recommending against the use of dotless domain names for TLDs.
However,
on 29 July 2013 Carve Systems delivered their report to ICANN, which seem consistent
with the SSAC report; the Carve Systems report identifies security and
stability issues that require mitigation before gTLDs can safely implement
dotless domain names.
The
Carve Systems report identifies several risks, ten (10) of which are considered
key risks that dotless domain names pose.
DigitalSENSE
Business News recalls that in consistent with SSAC's SAC 053 recommendation, a contracted gTLD
wishing to operate as dotless domain name must submit a proposal to be
evaluated as part of the standard Registry Services Evaluation Process (RSEP).
Just
as Section 2.2.3.3 of the Applicant Guidebook (AGB) prohibits the use of
dotless domain names prior to approval by ICANN, stating that the only
permissible DNS Resource Records for the apex in a TLD zone are: Start of
Authority (SOA), Name Server (NS), and related DNSSEC records.
The
same section also states: "An applicant wishing to place any other record
types into its TLD zone should describe in detail its proposal in the registry
services section of the application. This will be evaluated and could result in
an extended evaluation to determine whether the service would create a risk of
a meaningful adverse impact on security or stability of the DNS."
DigitalSENSE
Business News further gathered that the ICANN Board New gTLD Program Committee (NGPC) will consider
dotless domain names and an appropriate risk mitigation approach at its
upcoming meeting in August.
... Making SENSE of digital revolution!
No comments:
Post a Comment