Skip to main content

Minutes | Board Risk Committee (BRC) Meeting

BRC Attendees: Harald Alvestrand, Lito Ibarra (Chair), Kaveh Ranjbar, Nigel Roberts, and Matthew Shears

BRC Apologies: Merike Käo and Akinori Maemura

Other Board Member Attendees: León Sánchez

ICANN Org Attendees: Franco Carrasco (Board Operations Specialist), James Caulfield (VP, Risk Management), Jennifer Scott (Senior Counsel), and Amy Stathos (Deputy General Counsel)

The following is a summary of discussions, actions taken and actions identified:

  1. Review of Threat Landscape Monitoring Update – The BRC received an update from ICANN org on threat landscape monitoring. The existing threat monitoring process is being enhanced to include existential threats. ICANN org executives and each function's risk liaisons have been briefed on the updated approach and have been asked to identify any potential existential risks and evaluate any existing risks to determine if they might be categorized as potentially existential. The results will be reported to the BRC at its April meeting.

    • Action: ICANN org to report at the BRC's April meeting any proposed updates to the Risk Register identifying existential threats.
  2. Review of Risk Appetite Statement Proposed Draft – The BRC received a presentation from ICANN org on the proposed draft of the ICANN Risk Appetite Statement. The Risk Appetite Statement is informed by the Risk Register and identifies the types of risks that ICANN is managing, their risk profiles and ICANN's appetite for each. ICANN org requested the BRC's feedback on the statement with the intention of finalizing the proposed draft at the BRC's April meeting. Upon finalizing the draft, the statement will be shared with the Board for review and adoption, with the intended eventual publication on ICANN org's website. As part of the presentation, the BRC discussed the statement, including suggestions to add language about how the Risk Appetite Statement can be leveraged when facing risks in the future and to align the Risk Register, Risk Appetite Statement and the risks addressed in ICANN's Strategic Plan.

    • Actions:

      • BRC members to review draft Risk Appetite Statement and provide any suggested revisions via email.
      • ICANN org to follow up with individual BRC members, including those who were unable to attend today's meeting, to answer any specific questions or provide more information about the draft Risk Appetite Statement.
      • ICANN org to send current version of Risk Register to BRC members to support their review of the proposed draft Risk Appetite Statement.
      • ICANN org to update the draft Risk Appetite Statement with BRC suggestions for further discussion and finalization at the BRC's April meeting.

Published on 18 March 2020

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."