Skip to main content

Update on DNS Security & Stability Analysis Working Group

During the ICANN meeting in Cartagena, Colombia, the At-Large Advisory Committee (ALAC), Country Code Names Supporting Organization (ccNSO), Generic Names Supporting Organization (GNSO), and Number Resource Organization (NRO) adopted the charter for a joint DNS Security and Stability Analysis (DSSA) Working Group. As an update, the respective Advisory Committees (including the Governmental Advisory Committee and the Security and Stability Advisory Committee), Supporting Organizations, their component constituencies and stakeholder groups, are now identifying volunteers to participate in the working group. A wiki is being established at [link to be provided].

The objective of the DSSA-WG is to draw upon the collective expertise of the participating Supporting Organizations and Advisory Committees, solicit expert input and advice and report:

  1. The actual level, frequency and severity of threats to the DNS;
  2. The current efforts and activities to mitigate these threats to the DNS; and
  3. The gaps (if any) in the current security response to DNS issues.

If considered feasible and appropriate, the DSSA-WG may identify and report on possible additional risk mitigation activities that it believes would assist in closing any gaps identified under item C above.

Each of the participating Supporting Organizations and Advisory Committees has adopted the Charter [PDF, 153 KB] of the Working Group according to its own rules and procedures. There shall be a minimum of one representative from each participating SO and AC. The Working Group shall also approach the technical and security communities, other DNS experts and Computer Emergency Response Teams to seek their participation and expertise. All DSSA-WG participants are expected to be able to:

  • Demonstrate knowledge or expertise of aspects of the objectives of the DSSA-WG; and
  • Commit to actively participate in the activities of the working group on an ongoing and long-term basis.

Interested volunteers are encouraged to contact their respective AC and SO representatives, although staff points of contact listed below can provide more information:


    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."