Skip to main content
Resources

Security and Stability Advisory Committee (SSAC)

What is the SSAC?

In accordance with Section 12.2 (b) of the ICANN Bylaws, the Security and Stability Advisory Committee advises the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems. This includes operational matters (e.g., matters pertaining to the correct and reliable operation of the root name system), administrative matters (e.g., matters pertaining to address allocation and Internet number assignment), and registration matters (e.g., matters pertaining to registry and registrar services such as WHOIS). The SSAC engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly.

How does the SSAC Operate?

SSAC members are skilled and experienced technical professionals who volunteer their time and expertise to improve the security and integrity of the Internet's naming and addressing system. The SSAC produces Reports, Advisories, Comments and Correspondence on a range of topics. Reports are longer, substantive documents, which usually take a few or several months to develop. Advisories are shorter documents produced more quickly to provide timely advice to the community. Comments are responses to reports or other documents prepared by others, i.e. ICANN staff, SOs, other ACs, or, perhaps, by other groups outside of ICANN. Correspondence is on topics of an administrative, governance or community-related nature.

The SSAC undertakes ongoing risk analysis to identify a prioritized list of topics for SSAC work. However, the ICANN Board, Advisory Committees (ACs), Supporting Organizations (SOs) or other bodies within ICANN may request that the SSAC review, comment, or give feedback on a specific topic or issue at any time.

How do I participate in the SSAC?

Technical professionals who are interested in joining as an SSAC member and contributing to SSAC work are encouraged to review the SSAC Skills Survey, read Section 2.3 of the SSAC Operational Procedures [PDF, 404 KB], see the SSAC Introduction [PDF, 298 KB] and contact SSAC Support Staff at ssac-staff@icann.org.

How does SSAC document its work?

SSAC documents its findings and recommendations in one of following forms.

  • Reports provide in-depth analyses of a topic and may recommend specific actions and policy recommendations for ICANN's consideration.
  • Advisories address a security or stability matter in a timely manner, with sufficient background information to appraise the community of the issue or threat. Advisories typically include recommended actions to remedy a problem, or reduce a threat. Advisories may also recommend subsequent action by SSAC, ICANN, or a broader community involved with Internet security.
  • Correspondence comprises those documents which are on topics of an administrative, governance or community-related nature and are normally signed by the SSAC Chair. They may take the form of a letter or a response submitted to a public comment forum.
  • Comments are responses to public calls for comments by ICANN, the ICANN Board of Directors, ICANN committees, and committee task forces.

A goal of the SSAC is to ensure that its work results in specific actions whenever possible. In order to measure progress towards this goal, the SSAC tracks any effects of each recommendation. For documents that contain recommendations for the ICANN Board, the Board Action Request Register (ARR) captures the information required to understand the status of advice and tracks it from when it is given through implementation.

Tell me about the history of the SSAC

At its November 2001 meeting, which focused on security issues, the ICANN Board directed the President "to appoint a President's standing committee on the security and stability of the Internet's naming and address allocation systems. The President is directed to develop a proposed charter, with at least a focus on risk analysis and auditing thereof, in consultation with the President's standing committee, and to submit it to the Board for its approval."

At its meeting on 14 March 2002, the ICANN Board approved the charter of the ICANN Committee on Security and Stability.

On 13 May 2002, the ICANN Board converted the President's Committee on Security and Stability to the Security and Stability Advisory Committee.

Improving the SSAC

The SSAC has undergone two organizational reviews since it was established:

  • The first organizational review was conducted by JAS Communications whose Final Report was delivered in May 2009. In response, SSAC conducted a self‐review exercise, which resulted in a coherent and comprehensive SSAC report to the Working Group, delivered in June, 2009. Subsequently, SSAC Support staff and the ICANN Board's Structural Improvements Committee (SIC) produced an Improvements Implementation Plan to implement the 33 recommendations outlined in the January 2010 Final report of the ICANN Board SSAC Review Working Group. This plan conforms to all guidance contained in the ICANN Board's Resolution 2010.06.25.05 that the SIC will, in coordination with staff, provide the Board with final implementation plans to conform with the measures recommended by the SIC to address the conclusions and recommendations in the final report of the Board Security and Stability Advisory Committee review Working Group. All elements of the plan were completed as of 18 March 2011.
  • The second organizational review was conducted by Analysis Group whose Final Report was delivered in December 2018. The ICANN Board accepted the Final Report and the SSAC's Feasibility Assessment and Initial Implementation Plan in June 2019 (Resolutions 2019.06.23.15 – 2019.06.23.20). Implementation is well progressed and expected to be completed by December 2020.

Who are the Members of the Committee?

Rod Rasmussen is the Chair of the Security and Stability Advisory Committee.

  • Greg Aaron
  • Joe Abley
  • Benedict Addis
  • Jaap Akkerhuis
  • Tim April
  • Jeffrey Bedser
  • Ben Butler
  • Lyman Chapin
  • KC Claffy
  • Andrew de la Haje
  • Paul Ebersman
  • Patrik Fältström
  • Ondrej Filip
  • Bobby Flaim
  • James Galvin
  • Robert Guerra
  • Julie Hammer
  • Cristian Hesselman
  • Geoff Huston
  • Merike Kaeo
  • Andrei Kolesnikov
  • Warren Kumari
  • Jacques Latour
  • Barry Leiba
  • John R. Levine
  • Danny McPherson
  • Ram Mohan
  • Russ Mundy
  • Rod Rasmussen
  • Chris Roosenraad
  • Mark Seiden
  • Doron Shikmoni
  • Tara Whalen
  • Suzanne Woolf

SSAC Support staff:

Support for the committee is provided by:

  • Andrew McConachie, Policy and Technology Senior Manager
  • Danielle Rutherford, SSAC and RSSAC Policy and Technology Analyst
  • Kathy Schnitt, SSAC and RSSAC Support Lead Administrator
  • Steve Sheng, Sr. Director, Policy Development Support

SSAC Member and ICANN Staff Biographies

How do I Contact the Committee?

Comments and other communications to the committee should be sent to ssac-staff@icann.org.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."