Skip to main content

ICANN 系统控制得到 IANA 年度职能审计的验证


洛杉矶——2020 年 4 月 22 日——互联网名称与数字地址分配机构 (Internet Corporation for Assigned Names and Numbers, ICANN) 现已针对提供互联网号码分配机构 (Internet Assigned Numbers Authority, IANA) 职能的关键系统完成了年度审计工作。罗申美国际会计师事务所 (RSM US LLP) 对注册分配和维护系统 (Registry Assignment and Maintenance Systems, RAMS) 和根区域名系统安全扩展 (Domain Name System Security Extensions, DNSSEC) 在 2018 年 12 月 1 日至 2019 年 11 月 30 日期间所提供的服务进行了审计。

针对注册分配和维护系统 (RAMS) 进行的服务性机构控制体系 (Service Organization Control, SOC) 2 级认证审计工作连续七年显示 ICANN 组织拥有适当的控制措施,以确保 IANA 请求处理的安全性、可用性和完整性。

并且,我们连续十年针对 DNSSEC 根区密钥签名密钥 (key signing key, KSK)(即域名系统的信任锚)的管理工作展开了无例外审计。本轮审计采用了 SOC 3 级认证框架,展示了本组织拥有有效、安全、可用和流程完整的控制体系,用以管理根区的 KSK。这份报告现已公开发布:

今年的审计期间包括审核 KSK 资源再生相关的最终里程碑事项。本轮审计期间在 2018 年首次进行 KSK 轮转之后进行,因而涉及首个 KSK 的删除,和对可追溯到 2010 年的相关设备和资源的销毁等事项。

"自我们执行了首次 KSK 仪式和启动了第三方审计项目后,十年来,我们取得了长足的发展。本团队开发了强有力的控制系统,确保流程的全面透明,从而达到美国注册会计师协会 (American Institute of Certified Public Accountants, AICPA) 每年设定的审计标准。我为实现这一成就的每位成员由衷地感到自豪,"公共技术标识符 (Public Technical Identifiers, PTI) 总裁兼 ICANN IANA 部门副总裁金·戴维斯 (Kim Davies) 表示。

服务性机构控制体系 (SOC) 审计旨在评估一个组织在"可信赖服务原则和标准"方面的控制工作,由美国注册会计师协会 (AICPA) 负责管理。


ICANN 的使命在于确保全球互联网的稳定、安全与统一。在互联网上寻找另一个人的信息,您必须在您的电脑或其他设备中键入一个地址——可以是一个名称或是一串数字。这一地址必须是独一无二的,只有这样电脑之间才能互相识别。ICANN 则负责协调这些分布在全球各地的唯一标识符。ICANN 成立于 1998 年,是一家非营利公益型企业,其社群成员遍布全球各地。

More Announcements
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."