Internet Corporation for Assigned Names and Numbers

Draft Statement of ICANN's Role and Remit in Security, Stability and Resiliency of the Internet's Unique Identifier Systems

Comment/Reply Periods (*) Important Information Links
Comment Open: 17 May 2012
Comment Close: 16 June 2012
Close Time (UTC): 23:59 UTC Public Comment Announcement
Reply Open: 17 June 2012 To Submit Your Comments (Forum Closed)
Reply Close: 16 July 2012; Extended to 31 August 2012; Extended to 11 September 2012 View Comments Submitted
Close Time (UTC): 23:59 UTC Report of Public Comments
Brief Overview
Originating Organization: ICANN Security Team
Categories/Tags: Security/Stability
Purpose (Brief): ICANN is seeking community feedback on a draft statement of ICANN's Role and Remit in Security, Stability & Resiliency of the Internet's Unique Identifier Systems. This is intended to provide a clear and enduring explanation of ICANN's role and remit in this area, and also will inform ICANN's consideration of the Security, Stability & Resiliency of the DNS Review Team's draft Recommendations #1 and #3.
Current Status: Open for public comment
Next Steps: Comments will be collected and incorporated into a final statement, which would then become ICANN's clear and enduring statement of ICANN's role and remit in relation to the security, stability and resiliency of the Internet's unique identifier systems.
Staff Contact: Patrick Jones Email: patrick.jones@icann.org
Detailed Information
Section I: Description, Explanation, and Purpose

17 May 2012

ICANN is seeking community feedback on its draft response to Recommendations #1 and #3 from the Security, Stability & Resiliency Review Team (SSR RT). The response is intended to provide a clear and enduring statement of ICANN's role and remit in relation to the security, stability and resiliency of the Internet's unique identifier systems.

Recommendation 1 of the draft report from the SSR RT states that ICANN should "publish a single, clear and consistent statement of its SSR remit and limited technical mission." (15 Mar 2012).

Specific guidance is sought on:

  1. What does it mean "to coordinate at the overall level the global Internet's system of unique identifiers"?
  2. What are the limits of that coordination role?
  3. What does it mean to ensure the security and stability of the global Internet's unique identifier systems?

Recommendation 3 states "ICANN should document and clearly define the nature of the SSR relationships it has within the ICANN community in order to provide a single focal point for understanding the interdependencies within the organizations."

Consistent with this recommendation, it would be helpful to receive community feedback on ICANN's SSR relationships with others in the Internet ecosystem, including groups such as the root server operators, RIRs, Registrars, standards bodies, law enforcement, CERTs, and operational security communities such as the Conficker Working Group, MAAWG, etc.

Open questions include:

  1. What is ICANN's coordination role with root server operators? This relates to Recommendation 1, question 1.
  2. Should ICANN develop a process for transitioning a root server should a root server operator cease that role?
  3. What is ICANN's scope of responsibility for addressing an attack against root servers, or "against the DNS" in general?

Community input on this draft statement of role and remit in SSR is encouraged, and comments may be submitted on this statement and the FY 13 SSR Framework through 16 June 2012 23:59 UTC (with a Reply Comment Period open from 17 June to 16 July 2012 23:59 UTC).

Further community consultations will occur at the upcoming ICANN meeting in Prague, Czech Republic in June 2012.

Section II: Background

Draft Statement of ICANN's Role and Remit in Security, Stability and Resiliency of the Internet's Unique Identifier Systems

ICANN acts within its Bylaws to support a multi-stakeholder model collaborating to ensure the security, stability and resiliency of the Internet's unique identifiers.

ICANN's Security Stability and Resiliency (SSR) role and remit is based on the following terminology:

Security – the capacity to protect and prevent misuse of Internet unique identifiers.

Stability – the capacity to ensure that the system operates as expected, and that users of the unique identifiers have confidence that the system operates as expected.

Resiliency – the capacity of the unique identifier system to effectively withstand/tolerate/survive malicious attacks and other disruptive events without disruption or cessation of service.

To coordinate means to actively engage with stakeholders in the global Internet ecosystem to ensure

  • allocation of the Internet's unique identifiers,
  • security, stability and resiliency of the Internet's unique identifiers, and
  • operational and policy development functions of the Internet's unique identifiers is conducted in an open, accountable and transparent manner and inclusive of the diversity of stakeholders in the ecosystem.

This is a shared responsibility among the community of multi-stakeholder participants in the Internet ecosystem and not one borne alone by ICANN as a singular entity.

ICANN's SSR role encompasses three categories of responsibilities:

  1. ICANN's operational responsibilities (internal operations including L-root, DNS operations, DNSSEC key signing operations, IANA functions, new TLD operations, etc);
  2. ICANN's involvement as a coordinator, collaborator and facilitator with the global community in policy and technical matters related to the Internet's unique identifiers;
  3. ICANN's engagement with others in the global Internet ecosystem.

ICANN's technical mission includes

  • coordinating the allocation of the Internet's unique identifier systems [domain names, Internet Protocol (IP) addresses, autonomous system (AS) numbers and protocol port and parameter numbers];
  • coordinating and facilitating the stability, security and resiliency and policy of these systems;
  • collaborating in the technical protocol development of these systems;
  • maintaining and operating the L-root as a steward for the community;
  • managing ICANN's operations and internal systems; and
  • providing a publicly accessible information resource on these functions for the greater Internet community as a whole to enable it to function as an organization.

Responsibilities that lie outside ICANN's role in SSR include:

  • ICANN does not play a role in policing the Internet or operationally combatting criminal behaviour;
  • ICANN does not have a role in the use of the Internet related to cyber-espionage and cyber-war;
  • ICANN does not have a role in determining what constitutes illicit conduct on the Internet.

ICANN is not a law enforcement agency, a court of law or government agency. ICANN cannot unilaterally suspend or terminate domain names. ICANN is able to enforce its contracts with third parties, including domain name registration providers. Furthermore, ICANN does play a role in supporting the work of law enforcement or government agencies in carrying out legitimate actions at their request.

ICANN plays the same part as any interested stakeholder with regards to Internet protocols; evolution of Internet protocols and related standards are not under the purview of ICANN.

Section III: Document and Resource Links

Learn more about ICANN's SSR role and remit

Specific information in support of this technical mission is described in ICANN's Security, Stability and Resiliency Framework (https://www.icann.org/en/about/staff/security). This annual document explains the connection between ICANN's role and remit in DNS Security, Stability and Resiliency, ICANN's Strategic and Operational Planning and its related SSR programs and initiatives for each fiscal year.

Translations of the draft statement, and links to the FY 13 SSR Framework will be posted as soon as possible.

Draft Statement of ICANN's Role and Remit in Security, Stability and Resiliency of the Internet's Unique Identifier Systems [PDF, 71 KB]

Section IV: Additional Information

Appendix – Background

ICANN was founded in 1998 to coordinate the Internet's unique identifier systems for worldwide public benefit to enable a single, global interoperable Internet [United States Department of Commerce, Statement of Policy, Management of Internet Names and Addresses, 5 June 1998, 63 Fed. Reg. 31741 (commonly known as the White Paper), http://www.icann.org/en/about/agreements/white-paper]. ICANN operates in an open, accountable and transparent multi-stakeholder model that reflects the diversity of all Internet users as a whole.

Since its formation, stability of the Internet has been a central priority for ICANN [ICANN Articles of Incorporation, 21 November 1998, http://www.icann.org/en/about/governance/articles]. Security and reliability of the Internet's unique identifiers are important parts of stability.

According to ICANN's Bylaws (most recently updated on 16 March 2012) [ICANN Bylaws, dated 16 March 2012, Mission & Core Values, http://www.icann.org/en/about/governance/bylaws#I], ICANN's mission is "to coordinate, at the overall level, the global Internet's systems of unique identifiers, and in particular to ensure the stable and secure operation of the Internet's unique identifier systems. In particular, ICANN:

  1. Coordinates the allocation and assignment of three sets of unique identifiers for the Internet, which are
    1. Domain names (forming a system referred to as DNS);
    2. Internet protocol ("IP") addressees and autonomous system ("AS") numbers; and
    3. Protocol port and parameter numbers.
  2. Coordinates the operation and evolution of the DNS root name server system.
  3. Coordinates policy development reasonably and appropriately related to these technical functions."

ICANN acknowledges responsibility in its core values for "preserving and enhancing the operational stability, reliability, security, and global interoperability of the Internet."

From 1998 to 2009, ICANN operated under a set of transition agreements with the United States Department of Commerce, known as the Memorandum of Understanding [Memorandum of Understanding between the US Department of Commerce and ICANN, 25 November 1998, http://www.icann.org/en/about/agreements/mou-jpa/icann-mou-25nov98-en.htm] (and later Joint Project Agreement) [Joint Project Agreement, dated 29 September 2006, http://www.icann.org/en/about/agreements]. Collaboration by ICANN in technical coordination of the Internet's unique identifiers was a central theme in these agreements.

On 30 September 2009, ICANN and the United States Department of Commerce entered into the Affirmation of Commitments [http://www.icann.org/en/about/agreements/aoc/affirmation-of-commitments-30sep09-en.htm]. The Affirmation of Commitments "institutionalized and memorialized the technical coordination of the Internet's domain name and addressing system (DNS), globally by a private sector led organization."

The Affirmation of Commitments requires periodic reviews of ICANN's execution on its plans and processes related to operational stability, reliability, resiliency, security and global interoperability of the DNS [Affirmation of Commitments, Section 9.2]. A Security, Stability and Resiliency Review Team commenced its work in October 2010, and published its initial report for public comment on 15 March 2012 [http://www.icann.org/en/news/public-comment/ssrt-draft-report-15mar12-en.htm].

The Security, Stability and Resiliency Review Team recommended that ICANN "publish a single, clear and consistent statement of its SSR remit and limited technical mission." (See Recommendation 1, draft report dated 15 Mar 2012).

Consistent with this recommendation, this draft statement of ICANN's SSR role and remit has been developed based on its foundational documents, previous SSR Plans and Frameworks, and the SSR Review Team draft report. This statement is being published for community consultation along with ICANN's FY 13 Security, Stability and Resiliency Framework.


(*) Comments submitted after the posted Close Date/Time are not guaranteed to be considered in any final summary, analysis, reporting, or decision-making that takes place once this period lapses.

Stay Connected

  • News Alerts:
  • Newsletter:
  • Compliance Newsletter:
  • Policy Update: