Skip to main content

Minutes | Board Risk Committee (BRC) Meeting

BRC Attendees: Harald Alverstrand, Rafael Lito Ibarra (Chair), Merike Kaeo, Akinori Maemura, Kaveh Ranjbar, Matthew Shears, and Tripti Sinha

ICANN organization Attendees: Michelle Bright (Director, Board Operations Content), Xavier Calvez (SVP, Chief Financial Officer), Franco Carrasco (Board Operations Specialist), James Caulfield (Vice President, Risk Management), John Jeffrey (General Counsel & Secretary), Aaron Jimenez (Senior Coordinator, Board Operations), Sarmad Hussain (IDN Programs Director), Elizabeth Le (Associate General Counsel), Cyrus Namazi (SVP, Global Domains Division), Amy Stathos (Deputy General Counsel), and Christine Willett (VP, gTLD Operations)

The following is a summary of discussions, actions taken and actions identified:

  1. Internationalized Domain Names (IDN) Update on Variant TLDs – The BRC received a briefing on the status of the IDN variant top-level domains (TLDs) implementation and potential associated risks. In September 2010, the Board directed ICANN org to develop a report identifying what needs to be done with the evaluation, possible delegation, allocation and operation of IDN generic top-level domains (gTLDs) containing variants. Thereafter, ICANN org and the community undertook multiple studies of various scripts to understand the variant phenomenon. Based on the studies, integrated into a report titled A Study of Issues Related to the Management of IDN Variant TLDs (Report), ICANN org and the community identified two areas that needed to be addressed: the first thing needed was a definition of IDN variant TLDs, and second was an IDN variant TLD management mechanism. With respect to the definition, following community development of how to define variants, in April 2013 the Board resolved to define the variants using Root Zone Language General Rules (RZ-LGR) Procedure. The RZ-LGR Procedure has been implemented to incrementally develop the RZ-LGR to address the definition of variants. With respect to the management mechanism, ICANN org developed the Recommendations for Managing IDN Variant TLDs (Recommendations), a collection of six documents finalized after incorporating the public comment feedback. The Recommendations will be presented to the Board for consideration and approval at ICANN64. The Board will also be asked to request that the country code Names Supporting Organization and Generic Names Supporting Organization take into account the Recommendations while developing their respective policies to define and manage current and future IDN variant TLDs. Following the briefing on the status of the IDN variant TLDs implementation, the BRC discussed the possible risks and mitigation associated with the implementation efforts. There are nine risks that have been identified and documented by IDN WG, as well as their mitigation measures.
  2. New gTLD Risk Assessment – The BRC received an update on the risk assessment associated with the 2012 round of the new gTLD Program. In 2018, ICANN org underwent a process of reviewing the risks previously identified for the 2012 round. For the risks that were either resolved or no longer relevant, they were removed from the Organization Risk Register. The BRC discussed the analysis of possible costs associated with the remaining risks and the assumptions upon which the cost assessments are based. The BRC also noted that risk mitigation for the subsequent round would be partially leveraged on the knowledge and experience base in the organization from the 2012 round. The specific information that was presented around this topic is considered sensible and privileged.
  3. Organization Risk Register – The BRC reviewed the Organization Risk Register, which has been updated since 31 December 2018. Two risks were removed this quarter due to either successful completion or more embedded policies and procedures and increased control effectiveness. One additional emerging risk was added relating to certain root service methods and the BRC requested additional information on the emerging risk.
    • Action: ICANN org to provide BRC with additional information regarding the emerging risk relating to certain root service methods.

Published on 04 July 2019

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."