Skip to main content

Introducing the DNS Security Facilitation Initiative Technical Study Group

Attacks on the Domain Name System (DNS) rarely impact only one actor in the Internet ecosystem. With significant recent attacks such as the Sea Turtle hijacking and the DNSpionage, we see an urgent need to come together and respond. The solution, or solutions, that would best improve the security and stability of the DNS ecosystem are not yet clear. However, it is clear that a new level of collaboration and understanding is required.

In alignment with the FY21-FY25 Strategic Plan, ICANN org will work with stakeholders to investigate mechanisms to strengthen collaboration and communication on security and stability issues. To begin this effort, I’m pleased to introduce the DNS Security Facilitation Initiative Technical Study Group. This Technical Study Group will explore ideas around what ICANN can and should be doing to increase the level of collaboration and engagement with DNS ecosystem stakeholders to improve the security profile for the DNS. The group aims to recommend next steps by May 2021.

Merike Käo, Security & Stability Advisory Committee (SSAC) Liaison to the ICANN Board and Chief Security Strategist for Double Shot Security, has agreed to serve as coordinator for this group. She is well-qualified for the role, having more than 25 years of experience in leading and developing global security initiatives and enabling interdisciplinary cooperation.

The Technical Study Group will be made up of invited members with expertise in handling emergency response coordination, DNS security, large-scale DNS operations, network architecture and design, DNS policy, and more. This group is being supported by members of the ICANN org.

Over the next few weeks, the composition of the group will be finalized, and they will begin the work of creating the charter. Merike will share an update once this planning phase has been completed. If you have questions or comments about this initiative, please post them below in the comment section.


    Malick A.  18:46 UTC on 08 May 2020

    How to join this Technical Study Group ?

    Jana Juginovic  16:03 UTC on 12 May 2020

    Replying to Malick A. on behalf of Göran Marby. Thank you for your question. The membership will be formed in a similar manner to the previous Technical Study Group (TSG), where the TSG Coordinator will invite a small number of members, based on the technical skills and experience required to formulate and execute on the remit of this new TSG. As with the previous TSG there is not expected to be a call for volunteers. We expect to hear from the TSG’s lead in the coming weeks as the group is formulated.

    Austin Tyler Arnold  23:29 UTC on 14 May 2020

    Add me

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."