Skip to main content

Board Risk Committee (BRC) – Meeting Minutes

BRC Attendees: Harald Alverstrand, Rafael Lito Ibarra (Chair), Merike Kaeo, Akinori Maemura, Kaveh Ranjbar, Matthew Shears, and Tripti Sinha

Other Board Member Attendees: Cherine Chalaby

ICANN Organization Attendees: Michelle Bright (Director, Board Operations Content), Franco Carrasco (Board Operations Specialist), James Caulfield (Vice President, Risk Management), Samantha Eisner (Deputy General Counsel), Vinciane Koenigsfeld (Director, Board Operations), Elizabeth Le (Associate General Counsel), Cyrus Namazi (SVP, Global Domains Division), Wendy Profit (Senior Manager, Board Operations), Amy Stathos (Deputy General Counsel), and Christine Willett (VP, gTLD Operations)

The following is a summary of discussions, actions taken and actions identified:

  1. Draft Risk Report to the Board – The Committee reviewed and discussed materials prepared for a Risk Report to the Board from the Committee to be presented at the Marrakech ICANN meeting. The agenda items for the draft report are: activities of the Board Risk Committee; the Risk Register; and the New gTLD risk assessment associated with the 2012 round of the New gTLD Program. The BRC discussed, among other things, ICANN org's recommendations on the treatment of application fees and auction proceeds from the 2012 New gTLD Program and the risks associated with the Org's recommendations.

    • Action: ICANN org to revise materials for Board workshop to reflect BRC's discussion.
  2. Discussion of Tracking Risks – ICANN org presented a topic for discussion by the BRC regarding how it prefers ICANN org to track, present and provide follow up to the BRC on identified risks. The BRC is responsible for the assessment and oversight of policies implemented by ICANN org designed to manage ICANN's risk profile. While the existing Organization Risk Register that ICANN org discusses with the BRC includes top risks, it does not currently include granularity for those risks or risks specific to certain areas that the BRC has otherwise identified and discussed. Upon discussion, the BRC provided feedback to ICANN org, including that it would be useful for the Organization Risk Register to include more granularity about the risks already included in the register, as well as to add risks other than the top risks, such as short term risks or risks identified in the strategic plan and elsewhere. During the discussion, the BRC also requested ICANN org to consider providing the BRC with a future walk through of the full process being used by ICANN org to identify, evaluate and rate risks, as well as how it accounts for mitigation techniques for the identified risks. Additionally, there was discussion surrounding the existing assessments related to the security of ICANN org's systems and whether ICANN org should also consider conducting additional security reviews related to areas under ICANN org's remit.

Published on 27 August 2019

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."