Skip to main content

Security and Stability Advisory Committee (SSAC)

What is the SSAC?

The Security and Stability Advisory Committee advises the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems. This includes operational matters (e.g., matters pertaining to the correct and reliable operation of the root name system), administrative matters (e.g., matters pertaining to address allocation and Internet number assignment), and registration matters (e.g., matters pertaining to registry and registrar services such as WHOIS). SSAC engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly.

How does the SSAC Operate?

The SSAC produces Reports, Advisories, and Comments on a range of topics. Reports are longer, substantive documents, which usually take a few or several months to develop. Advisories are shorter documents produced more quickly to provide timely advice to the community. Comments are responses to reports or other documents prepared by others, i.e. ICANN staff, SOs, other ACs, or, perhaps, by other groups outside of ICANN. The SSAC considers matters pertaining to the correct and reliable operation of the root name system, to address allocation and Internet number assignment, and to registry and registrar services such as WHOIS. The SSAC also tracks and assesses threats and risks to the Internet naming and address allocation services.

How do I participate in the SSAC?

For information on how to participate in the SSAC, see the SSAC Operational Procedures [PDF, 403 KB] and the SSAC Introduction [PDF, 298 KB].

How does SSAC report its findings and recommendations?

SSAC documents its findings and recommendations in one of three forms.

  • Advisories address a security or stability matter in a timely manner, with sufficient background information to appraise the community of the issue or threat. Advisories typically include recommended actions to remedy a problem, or reduce a threat. Advisories may also recommend subsequent action by SSAC, ICANN, or a broader community involved with Internet security.
  • Comments are responses to public calls for comments by ICANN, the ICANN Board of Directors, ICANN committees, and committee task forces.
  • Reports provide in-depth analyses of a topic and may recommend specific actions and policy recommendations for ICANN's consideration.

Tell me about the history of the SSAC

At its November 2001 meeting, which focused on security issues, the ICANN Board directed the President "to appoint a President's standing committee on the security and stability of the Internet's naming and address allocation systems. The President is directed to develop a proposed charter, with at least a focus on risk analysis and auditing thereof, in consultation with the President's standing committee, and to submit it to the Board for its approval."

At its meeting on 14 March 2002, the ICANN Board approved the charter of the ICANN Committee on Security and Stability.

On 13 May 2002, the ICANN Board converted the President's Committee on Security and Stability to the Security and Stability Advisory Committee.

Improving the SSAC

On 18 March 2011, the SSAC completed an Improvements Implementation Plan [PDF, 248 KB]. This plan outlines the approach developed jointly by the SSAC Support staff and the ICANN Board's Structural Improvements Committee (SIC) to implement the 33 recommendations outlined in the January 2010 Final report of the ICANN Board SSAC Review Working Group. This plan conforms to all guidance contained in the ICANN Board's Resolution 2010.06.25.05 that the SIC will, in coordination with staff, provide the Board with final implementation plans to conform with the measures recommended by the SIC to address the conclusions and recommendations in the final report of the Board Security and Stability Advisory Committee review Working Group. All elements of the plan were completed as of 18 March 2011.

Who are the Members of the Committee?

Rod Rasmussen is the Chair of the Security and Stability Advisory Committee.

  • Greg Aaron
  • Joe Abley
  • Benedict Addis
  • Jaap Akkerhuis
  • Tim April
  • Jeffrey Bedser
  • Ben Butler
  • Lyman Chapin
  • KC Claffy
  • Paul Ebersman
  • Patrik Fältström
  • Ondrej Filip
  • James Galvin
  • Robert Guerra
  • Julie Hammer
  • Cristian Hesselman
  • Geoff Huston
  • Merike Kaeo
  • Andrei Kolesnikov
  • Warren Kumari
  • Jacques Latour
  • Barry Leiba
  • John R. Levine
  • Danny McPherson
  • Ram Mohan
  • Russ Mundy
  • Rod Rasmussen
  • Chris Roosenraad
  • Mark Seiden
  • Doron Shikmoni
  • Tara Whalen
  • Suzanne Woolf

SSAC Support staff:

Support for the committee is provided by:

  • Andrew McConachie, Senior Manager
  • Kathy Schnitt, SSAC and RSSAC Support Lead Administrator
  • Steve Sheng, Sr. Director, Policy Development Support
  • Danielle Rutherford, Policy and Technology Analyst

SSAC Member and ICANN Staff Biographies

How do I Contact the Committee?

Comments and other communications to the committee should be sent to

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."