Skip to main content

Minutes – Board Risk Committee (RC) Meeting

RC Attendees: Steve Crocker (Chair), Rajasekhar Ramaraj, Bruce Tonkin and Suzanne Woolf

Apologies: Mike Silber

Staff Attendees: Akram Atallah – Chief Operating Officer; John Jeffrey – General Counsel and Secretary; Patrick Jones, Diane Schroeder and Amy Stathos

The following is a summary of discussions, actions taken and actions identified:

  1. The Committee discussed the meeting schedule for the upcoming year, which includes five face to face meetings, and three or four telephonic meetings, if needed.

    • Action: Committee members to email comments on proposed schedule.

  2. The Committee discussed the proposed work plan for the year. The committee members made some additional suggestions relating to adding to the risk presentation for the Board, including risks relating to the new gTLD Program and ICM’s proposed Registry Agreement for a .XXX sTLD. Staff confirmed that risk mitigation is included in the operational planning for project implementation.

    • Action: Staff to enhance risk analysis for presentation to the Board, in SV/SF meeting and distribute to committee via email before Risk Committee meeting in March 2011.

  3. Staff provided a report on the past enterprise risk assessment and the ongoing risk reassessment, including schedule for upcoming events relating to the reassessment.

    • Action: Staff to provide to committee chair a copy of risk assessment validation report by 25 February.

  4. Staff provided a report on the formation of the community working group intending to do a gap analysis of the actual threats to the DNS. This is the DNS Security & Stability Analysis Working Group (DSSA-WG). Staff reported that there is staff support for the DSSA-WG and that the working group members, and members of ALAC, SSAC, GNSO, ccNSO, and NRO will meet in SV/SF. Staff further reported on the status of interplay between DSSA-WG and the Affirmation of Commitments (AoC) Security, Stability and resiliency (SSR) Review Team.

    • Action: Committee chair to informally talk with SSR Review Team chair and DSSA-WG chair to determine status of both.

  5. The Committee discussed the appropriate scope and range of comments relating to the DNS infrastructure in various jurisdictions around the globe.

  6. The Committee discussed the need to develop risk analysis relating to the Affirmation and Commitments and reviews called for therein.

  7. The Committee discussed risks with respect to the IDN program.

  8. The Committee discussed the status of the process document relating to re-delegation of ccTLDs.

    • Action: Staff to put this project on the work plan.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."