Skip to main content

Security and Stability Advisory Committee (SSAC)

What is the SSAC?

In accordance with Section 12.2 (b) of the ICANN Bylaws, the Security and Stability Advisory Committee advises the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems. This includes operational matters (e.g., matters pertaining to the correct and reliable operation of the root name system), administrative matters (e.g., matters pertaining to address allocation and Internet number assignment), and registration matters (e.g., matters pertaining to registry and registrar services such as WHOIS). The SSAC engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly.

How does the SSAC Operate?

SSAC members are skilled and experienced technical professionals who volunteer their time and expertise to improve the security and integrity of the Internet's naming and addressing system. The SSAC produces Reports, Correspondence, and Comments on a range of topics. Reports are focused on providing information, recommendations and advice on technical Security Stability and Reliability (SSR) issues to the ICANN Board, the ICANN community, and/or the broader internet community. Correspondence comprises letters, comments and other documents on administrative, community and other non-SSR issues. Comments are prepared in response to explicit questions posed to or requests made to the SSAC, or as a response to ICANN's public comment forum.

The SSAC undertakes ongoing risk analysis to identify a prioritized list of topics for SSAC work. However, the ICANN Board, Advisory Committees (ACs), Supporting Organizations (SOs) or other bodies within ICANN may request that the SSAC review, comment, or give feedback on a specific topic or issue at any time.

How do I participate in the SSAC?

Technical professionals who are interested in joining as an SSAC member and contributing to SSAC work are encouraged to review the SSAC Skills Survey [PDF, 101 KB], read Section 2.3 of the SSAC Operational Procedures [PDF, 576 KB], see the SSAC Introduction [PDF, 201 KB] and contact SSAC Support Staff at

How does SSAC document its work?

SSAC documents its findings and recommendations in one of the following forms:

  • Reports are focused on technical aspects of Security, Stability, and Reliability (SSR) issue. They can range between a deep analysis or detailed review of an issue to a short discussion on a more specific and narrowly-scoped topic. They may investigate emerging or long-term issues or could be published in response to a security event or incident, where timely notification to the community is a priority concern. They may be informational without any findings or recommendations or they could contain specific recommendations for the ICANN Board or community, and if appropriate, organized according to the groups to which they are most applicable. Specific recommendations for the ICANN Board will be captured in the Board Action Request Register (ARR) and tracked through implementation.
  • Correspondence comprises those documents which are on topics of an administrative, governance or community-related nature and are normally signed by the SSAC Chair. They may take the form of a letter or a response submitted to a public comment forum. They may present recommendations regarding the issue.
  • Comments are prepared in response to explicit questions posed to or requests made to the SSAC, e.g. when the ICANN Board asks the SSAC for an opinion. Comments may also be submitted as a response to ICANN's public comment forum. Comments may be brief or long, depending on the issue and the extent to which the SSAC studies it.

A goal of the SSAC is to ensure that its work results in specific actions whenever possible. In order to measure progress towards this goal, the SSAC tracks any effects of each recommendation. For documents that contain recommendations for the ICANN Board, the Board Action Request Register (ARR) captures the information required to understand the status of advice and tracks it from when it is given through implementation.

Tell me about the history of the SSAC

At its November 2001 meeting, which focused on security issues, the ICANN Board directed the President "to appoint a President's standing committee on the security and stability of the Internet's naming and address allocation systems. The President is directed to develop a proposed charter, with at least a focus on risk analysis and auditing thereof, in consultation with the President's standing committee, and to submit it to the Board for its approval."

At its meeting on 14 March 2002, the ICANN Board approved the charter of the ICANN Committee on Security and Stability.

On 13 May 2002, the ICANN Board converted the President's Committee on Security and Stability to the Security and Stability Advisory Committee.

Improving the SSAC

The SSAC has undergone two organizational reviews since it was established:

  • The first organizational review was conducted by JAS Communications whose Final Report was delivered in May 2009. In response, SSAC conducted a self‐review exercise, which resulted in a coherent and comprehensive SSAC report to the Working Group, delivered in June, 2009. Subsequently, SSAC Support staff and the ICANN Board's Structural Improvements Committee (SIC) produced an Improvements Implementation Plan to implement the 33 recommendations outlined in the January 2010 Final report of the ICANN Board SSAC Review Working Group. This plan conforms to all guidance contained in the ICANN Board's Resolution 2010.06.25.05 that the SIC will, in coordination with staff, provide the Board with final implementation plans to conform with the measures recommended by the SIC to address the conclusions and recommendations in the final report of the Board Security and Stability Advisory Committee review Working Group. All elements of the plan were completed as of 18 March 2011.
  • The second organizational review was conducted by Analysis Group whose Final Report was delivered in December 2018. The ICANN Board accepted the Final Report and the SSAC's Feasibility Assessment and Initial Implementation Plan in June 2019 (Resolutions 2019.06.23.15 – 2019.06.23.20). Implementation is well progressed and expected to be completed by December 2020.

Who are the Members of the Committee?

Rod Rasmussen is the Chair of the SSAC. Julie Hammer is the Vice Chair of the SSAC. James Galvin is the SSAC Liaison to the ICANN Board.

  • Greg Aaron
  • Joe Abley
  • Benedict Addis
  • Jaap Akkerhuis
  • Gabriel Andrews
  • Tim April
  • Jeffrey Bedser
  • Lyman Chapin
  • KC Claffy
  • Steve Crocker
  • Patrik Fältström
  • Ondrej Filip
  • James Galvin
  • Robert Guerra
  • Julie Hammer
  • Russ Housley
  • Geoff Huston
  • Merike Kaeo
  • Andrei Kolesnikov
  • Warren Kumari
  • Jacques Latour
  • Barry Leiba
  • John R. Levine
  • Danny McPherson
  • Ram Mohan
  • Russ Mundy
  • Rod Rasmussen
  • Chris Roosenraad
  • Mark Seiden
  • Doron Shikmoni
  • Matthew Thomas
  • Peter Thomassen
  • Tara Whalen
  • Suzanne Woolf
  • Jiankang Yao

SSAC Support staff:

Support for the committee is provided by:

  • Andrew McConachie, Policy and Technology Senior Manager
  • Danielle Rutherford, Policy and Technology Manager
  • Kathy Schnitt, SSAC Support Specialist
  • Steve Sheng, Sr. Director, Policy Development Support

SSAC Member Biographies and Disclosures of Interests
(Last page update 29 June 2023)

How do I Contact the Committee?

Comments and other communications to the committee should be sent to

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."