Security and Stability Advisory Committee (SSAC)

The SSAC is a volunteer group of specialists in the technical security field that provides advice and insight to the ICANN community and the Board.

Archived SSAC Work Plans

This page describes projects and issues in SSAC's archived work plans.

SSAC advisories and reports may be related to data and events which cannot be disclosed at the time of occurrence or while SSAC is studying an issue. For this reason, SSAC may not always be able to list all of its current work in the Work Plan. The remainder of this page identifies projects and issues SSAC is currently studying.

Phishing Attacks against Domain Name Registrants

Originated By: APWG Internet Policy Forum
Project Steward: Dave Piscitello

SSAC is studying phishing attacks that focus on domain name registrants and in particular, attackers who attempt to gain control over domain name portfolios of high value targets by inducing the account administrators into disclosing domain name account credentials (e.g., a username and password). The purpose of this study is to identify the forms of attack and to describe measures registrars and registrants can take to reduce their risk of attack.

Deliverable: An Advisory
Delivery Date: May 2008

DNSSEC Deployment

Originated By: SSAC Chairman
SSAC Project Steward: Dave Piscitello

On 28 January 2008, SSAC published a Statement to ICANN and the community on the deployment of DNSSEC (SAC 028). In the statement, SSAC identifies protocol design and deployment issues recently revealed in controlled (test) environments, expressed its intention to review the readiness and completeness of DNSSEC and identified several activities the committee would begin. SSAC is currently studying several of these issues, including protocol completeness, availability of DNSSEC on commonly used DNS server platforms, and implementation and testing of broadband access devices that have embedded DNS functionality (which must be able to process security extensions for DNSSEC).

Future of WHOIS Services

Originated By: GNSO call for public comment
SSAC Project Steward: Dave Piscitello

On 07 February 2008, SSAC submitted comments to the GNSO regarding future WHOIS studies (SAC 027). SSAC continues to study the future of WHOIS and the applicability of the IETF's Cross Registry Information Service Protocol (CRISP) as a successor Internet "domain" directory service.

WHOIS and IDNs

Originated By: APWG Internet Policy Forum
SSAC Project Steward: Ram Mohan

IETF standards and ICANN policies focus on the implementation and composition of Internationalized Domain Names (IDNs) and their inclusion at the top level of the DNS. SSAC notes that RFC 4260, Review and Recommendations for Internationalized Domain Names (IDNs), states that, "IDNs introduce issues in other contexts in which domain names are used.  In particular, the design and content of databases that bind registered names to information about the registrant (commonly described as "whois" databases) will require review and updating." Members of the APWG IPF have asked that SSAC study issues that may arise in both the representation and recording of registration information associated with Internationalized Domain Names (IDN).

Deliverables: <to be specified>
Delivery date: <to be specified>

Registrar Impersonation in Phishing Attacks

Originated By: APWG Internet Policy Forum
SSAC Project Steward: Dave Piscitello

SSAC is studying a form of phishing attack that targets domain name registrants. The attacker impersonates a domain name registrar and sends an expected or anticipated correspondence to a registrar’s customer (a registrant) regarding a domain name related matter. Examples of expected correspondence include a notice of pending expiration of a domain name registration, a promotional email, a notice informing the registrant of an account management issue, or generally, any correspondence that requires or encourages a customer’s immediate attention. The correspondence, however, is bogus. The phisher creates a web site that is convincing similar to the registrar’s site to induce the registrar’s customer into accessing his account and unwittingly disclose his account credentials to the phisher. The phisher will then use the registrant’s captured credentials to access the customer’s domain name portfolio and use the domain name(s) for additional attacks.

Deliverables: An Advisory
Delivery date: May 2008-03-27

Fast Flux Hosting and DNS

SSAC published an Advisory, SAC 025 [PDF] on 28 January 2008. Members of the committee are currently collaborating with ICANN staff, registry and registrar staff, and interested parties to complete an Issues report requested by the GNSO.

Domain Name Front Running

SSAC has published an Advisory (SAC022, PDF) describing Domain Name Front Running and a subsequent report of its findings based on domain name front running claims submitted by Internet users (SAC024, PDF), in which the committee concludes the following:

"SSAC has insufficient information to conclude that domain name front running is practiced in any appreciable measure by parties who provide query services. We base this assertion on the claims submitted to SSAC and from our own statistical analyses. The claims we reviewed do not disprove the possibility of domain name front running entirely, and alternate, plausible explanations can be found for all the cases studied. Domain name front running may exist, but it is very difficult to prove the act or pinpoint the party who performed the act, even in cases that seem suspicious to the point of being "obvious" to complainants. Whether domain name front running exists or not, it has become one of several rallying flags that parts of the community wave to express dissatisfaction the domain name registration process."

Members of the community, the At Large Advisory Committee, and attendees to the ICANN Delhi Meeting continue to express concerns that front running exists. SSAC continues to study this subject.

Contact the Committee

Comments and other communications to the committee should be sent by e-mail to Steve Crocker (Chair), Dave Piscitello (Fellow), or Jim Galvin (Support).