SSAC Advisory on Uses of the Shared Global Domain Name Space

SAC078 SSAC Advisory on Uses of the Shared Global Domain Name Space



An Advisory from the ICANN Security and Stability Advisory Committee (SSAC) 16 February 2016

SAC078

1

SSAC Advisory on Uses of the Shared Global Domain Name Space

Preface This is an Advisory of the Security and Stability Advisory Committee (SSAC). The SSAC focuses on matters relating to the security and integrity of the Internet’s naming and address allocation systems. This includes operational matters (e.g., pertaining to the correct and reliable operation of the root zone publication system), administrative matters (e.g., pertaining to address allocation and Internet number assignment), and registration matters (e.g., pertaining to registry and registrar services). SSAC engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly. The SSAC has no authority to regulate, enforce, or adjudicate. Those functions belong to other parties, and the advice offered here should be evaluated on its merits.

SAC078

2

SSAC Advisory on Uses of the Shared Global Domain Name Space



Table of Contents 1.

Uses of the Shared Global Domain Name Space ..................................... 4

2.

Acknowledgments, Disclosures of Interest, Dissents, and Withdrawals 2.1 2.2 2.3 2.4

SAC078

Acknowledgments ............................................................................................ 5 Disclosures of Interest ..................................................................................... 6 Dissents ............................................................................................................. 6 Withdrawals ....................................................................................................... 6

3

SSAC Advisory on Uses of the Shared Global Domain Name Space

1. Uses of the Shared Global Domain Name Space It is widely known that the Domain Name System (DNS) includes both a set of rules for constructing syntactically valid domain names (the “domain name space”) and a protocol for associating domain names with data such as IP addresses (“domain name resolution”). It is less widely understood, however, that DNS name resolution coexists with other name resolution systems that also use domain names. In many cases these other name resolution systems deliberately use domain names, rather than some other naming scheme, for compatibility with the widely deployed infrastructure of the DNS. They depend on the ability of DNS name resolution protocols and interface conventions to recognize their domain names but treat them in some special way. Examples of this coexistence include the name resolution systems for domain names that include the top-level labels local (used by the mDNS resolution system1), example (reserved for use in documentation2), and most recently onion (reserved for use by the Tor project3). Other names are also being considered for reservation in the future.4 These names exist in the domain name space, but they use methods of resolution other than the DNS. The name resolution protocols they use are based on Internet Engineering Task Force (IETF) standards, or standards established by other groups, or in various code bases, open source or proprietary. Their common denominator is the expectation that their use of domain names will be compatible with DNS name resolution. The SSAC wishes to ensure that the ICANN Board and ICANN community are aware of discussions and ongoing work in multiple venues to more fully define what a namespace is, and how to avoid potential side effects, including name collisions, across the broad set of name resolution systems and expectations for their use. The purpose of this Advisory is to inform the ICANN Board and Community that SSAC has formed a work party to investigate the implications of this work as it pertains to the security and stability of the DNS. This work party will study the security and stability issues associated with multiple uses of the domain name space, including those outlined above.

1

See https://tools.ietf.org/rfc/rfc6762.txt. See https://tools.ietf.org/rfc/rfc6761.txt. 3 See https://tools.ietf.org/rfc/rfc7686.txt. 4 See https://www.ietf.org/proceedings/93/slides/slides-93-dnsop-5.pdf. 2

SAC078

4

SSAC Advisory on Uses of the Shared Global Domain Name Space

2. Acknowledgments, Disclosures of Interest, Dissents, and Withdrawals In the interest of transparency, these sections provide the reader with information about four aspects of the SSAC process. The Acknowledgments section lists the SSAC members, outside experts, and ICANN staff who contributed directly to this particular document. The Disclosures of Interest section points to the biographies of all SSAC members, which disclose any interests that might represent a conflict—real, apparent, or potential—with a member’s participation in the preparation of this Advisory. The Dissents section provides a place for individual members to describe any disagreement that they may have with the content of this document or the process for preparing it. The Withdrawals section identifies individual members who have recused themselves from discussion of the topic with which this Report is concerned. Except for members listed in the Dissents and Withdrawals sections, this document has the consensus approval of all of the members of SSAC.

2.1 Acknowledgments The committee wishes to thank the following SSAC members and external experts for their time, contributions, and review in producing this Advisory. SSAC members Joe Abley Jaap Akkerhuis Lyman Chapin Patrik Fältström Jim Galvin Geoff Huston Warren Kumari Matt Larson Danny McPherson Ram Mohan Russ Mundy Rod Rasmussen Doron Shikmoni Suzanne Woolf ICANN staff Andrew McConachie (editor) Kathy Schnitt Steve Sheng

SAC078

5

SSAC Advisory on Uses of the Shared Global Domain Name Space

2.2 Disclosures of Interest SSAC member biographical information and Disclosures of Interest are available at: https://www.icann.org/resources/pages/ssac-biographies-2016-02-10-en.

2.3 Dissents There were no dissents.

2.4 Withdrawals There were no withdrawals.

SAC078

6

SAC078 SSAC Advisory on Uses of the Shared Global Domain Name ...

Feb 16, 2016 - SSAC Advisory on Uses of the Shared Global Domain Name Space .... biographical information and Disclosures of Interest are available at:.
Download PDF
183KB Sizes 0 Downloads 194 Views
Report

Recommend Documents

SAC078 SSAC Advisory on Uses of the Shared Global Domain ... - icann
Feb 16, 2016 - ongoing threat assessment and risk analysis of the Internet naming and address ... for associating domain names with data such as IP addresses ... bases, open source or proprietary. ... 1 See https://tools.ietf.org/rfc/rfc6762.txt.
SAC078 SSAC Advisory on Uses of the Shared Global Domain ... - icann
Feb 16, 2016 - ongoing threat assessment and risk analysis of the Internet naming and ... constructing syntactically valid domain names (the “domain name ...
SAC062 SSAC Advisory Concerning the Mitigation of Name ... - icann
Nov 7, 2013 - In the context of top level domains, the term “name collision” refers to the ... Domain (gTLD) Program Committee (NGPC) of the ICANN Board of ...
SAC062 SSAC Advisory Concerning the Mitigation of Name ... - icann
Nov 7, 2013 - pertaining to registry and registrar services). SSAC ... and risk analysis of the Internet naming and address allocation services to assess where.
SAC057 SSAC Advisory on Internal Name Certificates - icann
Mar 15, 2013 - The top 10 certificate authorities that issue internal name certificates are: ... In a web context that subject is the hostname. This functionality provides. SSL-secured communication for servers using multiple domain names and host na
SAC062 SSAC Advisory Concerning the Mitigation of Name ... - icann
Nov 7, 2013 - The purpose of the call center would be to explain what is going on ... communications channels should exist with ICANN and the call center.
SAC079 SSAC Advisory on the Changing Nature of IPv4 ... - icann
Feb 25, 2016 - One half of the address space was dedicated to addressing 8-bit ... momentum to adopt a client server model of application interaction, where ...
SAC079 SSAC Advisory on the Changing Nature of IPv4 ... - icann
Feb 25, 2016 - across all hosts within the local network. ..... 192.168.1.158 is one of the laptops.17 If collected at point B or point C, the source address and port ...
SAC064 SSAC Advisory on DNS “Search List” Processing
Feb 13, 2014 - A list of the contributors to this advisory, references to SSAC members' biographies .... Applications (e.g., web browsers and mail clients) and ...
SAC070 SSAC Advisory on the Use of Static TLD / Suffix Lists - icann
May 28, 2015 - The best-known PSL is operated by volunteers in collaboration .... 5 See http://blogs.msdn.com/b/ie/archive/2014/10/06/interoperable-top-level- ...
SAC063 SSAC Advisory on DNSSEC Key Rollover in the Root ... - icann
Nov 7, 2013 - and Numbers (ICANN) Board of Directors and others who have a basic ..... Verisign employs a dedicated group called Cryptographic Business .... associated with key management, no matter how small, is higher than .... 23 See Recommendatio
SAC 056 SSAC Advisory on Impacts of Content Blocking via ... - icann
Oct 9, 2012 - 10. Acknowledgments, Statements of Interests, and Objections, and .... network but embraces intelligence at the edge (on individual hosts). ... based blocking would include black lists in web browsers and filtering IP traffic ..... not
SAC063 SSAC Advisory on DNSSEC Key Rollover in the Root ... - icann
Nov 7, 2013 - SSAC engages in ongoing threat assessment and risk analysis of the ...... newer root zone TAs are available, these software packages can also ...
SAC064 SSAC Advisory on DNS “Search List ... - Research at Google
Feb 13, 2014 - 9. 3.3. Security Risks From Collisions with Newly Delegated Names ..... Their internal system uses Windows XP for desktop/laptop and Linux for.
Implementation of Domain Name Server System using ...
Today is a world of high speed internet with millions of websites. Hence, in ... system is in true sense the backbone of the secure high speed internet [11]. As the ...
pdf domain name system
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. pdf domain ...
Securing the Domain Name System with BIND By ...
May 8, 2013 - Besides, if you likewise have no time at all to search guide DNSSEC Mastery: Securing The Domain Name. System With BIND By Michael W ...
eBook Télécharger DNS Security: Defending the Domain Name ...
1 I celebrate myself and sing myself And what I assume you shall assume For every atom belonging to me as good belongs to you I loafe and invite my soul.
Global equilibria of EPECs with shared constraints
We show that a global equilibrium of this EPEC exists when a suitably defined modified reaction map ...... for the subgame played by service-providers with firms' strategies as x. ...... Market power and strategic interaction in electricity networks.
white-hat hacking across the domain name system
Domain Name System (DNS) was created to cope with the growing lists of domain ... the configuration problem with the File Transfer Pro- tocol (FTP). ..... ing a security vulnerability (see en.wikipedia.org/wiki/Pwned for more information).
Global equilibria of EPECs with shared constraints
cation of standard fixed point arguments to the reaction map of such games is hindered by the lack ... Here, the solution of a lower level optimization problem is.