Skip to main content

Minutes | Board Technical Committee Meeting

Board Member and Liaison Attendees: Avri Doria, Rafael Lito Ibarra, Akinori Maemura, Ram Mohan, Kaveh Ranjbar (Chair), George Sadowsky, Matthew Shears, and Jonne Soininen.

ICANN Organization Attendees: Adiel Akplogan (VP Technical Engagement), Susanna Bennett (Chief Operating Officer), David Conrad (Senior Vice President and Chief Technology Officer), Steve Conte (Office of the CTO Programs Director), John Crain (Chief Security, Stability & Resiliency Office), Dan Halloran (Deputy General Counsel), Aaron Jimenez (Board Operations Senior Coordinator), Vinciane Koenigsfeld (Director Board Operations), Matt Larson (VP Research, Office of the CTO), Cathy Petersen (Manager, Office of the CTO), Wendy Profit (Manager, Board Operations), Erika Randall (Associate General Counsel), Ashwin Rangan (SVP Engineering & Chief Information Officer), Lisa Saulino (Board Operations Senior Coordinator),and Samuel Suh (VP, IT ICANN Organization & Board Solutions Delivery).

The following is a summary of discussions, actions taken, and actions identified:

  1. Agenda – The Chair established the agenda for the meeting and gave an overview of items to be discussed.
  2. Update on Board Recommendation to SSAC Regarding Name Collision Study – The Committee received an update on the Security and Stability Advisory Committee's progress to undertake a name collision study outlined in the Board's resolutions from 2 November 2017. The update included progress on forming the work party, and assigning a project manager from ICANN Org. The SSAC anticipates providing the Board a preliminary budget estimate and timeline with project milestones in early February 2018. To make the process open and inclusive, the SSAC plans to have an open workshop session during ICANN61, which will begin to set the framework to decide what kinds of questions should be asked and what type of research to be done.
  3. Technology Threats to the Root Server System – The Committee began initial discussions about possible threats to the Root Server system and was provided with a briefing about the current landscape of potential threats to the system. It was noted that DDoS attacks to roots ervers and the DNS are well known issues, but in the past 12 -18 months, there has been a significant change in the landscape with the proliferation of "Internet of Things" (IoT) devices.

    The Committee began discussing possible scenarios of what could happen in the event of such an attack, and what role, if any, would ICANN have to deal with an attack. Some Committee members suggested that the Board Risk Committee consider this risk and help prepare mitigation plans for the risk. Other Committee members suggested that the Board needs additional briefing on this topic so that it has an appropriate understanding of the potential threats, and the extent to which this issue fits into ICANN's mission. The Committee agreed to continue to discuss this matter further during subsequent meetings.

  4. Status Update on RSSAC – The Committee received an updated on RSSAC's progress and their plans on publishing the result of its work following an RSSAC workshop in May. The report will address RSSAC's position on the root operators' role as a participant and contributor rather than as a decision-maker.
  5. Update from IT regarding Technical Support to the Board – The Committee was provided a briefing about the technical services that ICANN Org provides to support the work of the Board, including the suite of tools available to the Board to help it carry out its work. The briefing provided a discussion of the current approach to providing IT support services and plans for revamping how support is delivered to the Board. The new approach includes leveraging ICANN Org's end-user support team. Some benefits noted of this approach is that the Board would have access to end-user support on a 24 hours per day, 7 days per week, and 365 days per year basis, it offers better tracking of Board requests through a ticketing system, and cost savings.

    Committee members asked questions about next steps for implementing the proposed changes to how end-user support is delivered to the Board, and ICANN Org members noted it planned to prepare a written briefing for the Committee with the details of the plan. If the Committee approves of the plan, it would be submitted to the full Board for its consideration.

    • Action Items:

      • ICANN Chief Information Officer to prepare written briefing for the Committee about the proposed new approach to deliver end-user support to Board members.
  6. Update from the Chief Technology Officer (Open to the community) – The Committee received a briefing from the Chief Technology Officer (CTO) about its technical engagement, research, and security, stability and resiliency activities. Some of technical engagement activities included: (1) working with the ICANN Org Government Engagement Team on a GAC capacity-building plan for 2018, (2) co-hosting the IETF 101 in London with Google, (3) rolling out "ICANN Think Tank", which will research and develop position papers and white papers for the community, (4) supporting the Registry Operations Workshop in Vancouver, and (5) supporting the revised KSK roll plan with outreach and engagement.

    The briefing to the Committee also included an update from the Office of the CTO research team and their key activities. Some of the activities highlighted in the update included the Open Data Initiative, the Internet Technologies Health Initiative, and the DNS Object Exchange. The team reported that the Open Data Initiative continues to make progress on compiling the internal data census and creating a catalog of data sets. The Internet Technologies Health Initiative (ITHI) has refined its ITHI metrics and are in the process of defining a measurement framework with tools. The DNS Object Exchange (formerly DOA over DNS) was demonstrated at ICANN60 with an Internet of Things (IoT) device updating itself via the Object Exchange Resource Record (OX RR) type. The research team is looking to continue to refine the concepts and specification for the OX type as there appear to be interest within the community about the functionality that OX provides.

    On the security stability and resiliency side, the office of the CTO noted recent support it provided in the form of subject-matter expertise to assist in the takedown of a botnet called Andromeda. The office of the CTO also noted its active participation in the Anti-Phishing Working Group, Malware, and Mail Anti-abuse Working Group related to DNS issues. Additionally, the team reported on its work with ICANN Contractual Compliance on their use of data that is derived from the Domain Abuse Activity Reporting (DAAR) system. Externally, the office of the CTO noted that it had been fairly active within the second Security, Stability, and Resiliency (SSR2) review.

  7. Root Zone KSK Rollover (Open to the community) – The Committee was provided with a briefing about the current status of the work to support the Root Zone Key Signing Key (KSK) rollover. The Root Zone KSK rollover was postponed last September due to many resolvers reporting an old trust anchor. In an effort to track down the reason for such reports, the Office of the Chief Technology Officer engaged a contractor to track down a list of 500 IP addresses that only reported the old trust anchor (KSK 2010). The contractor was only able to contact 100 of the 500 IP addresses, and of the 100 IP addresses, 60 were dynamic with no means of initiating contact. As a result, OCTO looked to the community for input; specifically, on some acceptable criteria to proceed with the KSK rollover.

    In mid-January, OCTO solicited feedback from the community. The consensus from the comments was that ICANN should set a date and perform the rollover and accept that there is going to be inevitable "breakage". As a next step, OCTO plans on publishing a draft high-level plan on 1 February 2018 to the community for public comment. At ICANN61, a session will be held to get further feedback from the community. When the public comment period ends, the plan will be revised to address the public comments received. At the Board workshop in May, OCTO will ask the Board if they are willing to have SSAC review the plan. If this occurs, following SSAC's review, OCTO will plan a session for ICANN62 to facilitate formal conversation with SSAC. The goal is to have SSAC's feedback by August 2018, with the goal that the Board will request a resolution in September and direct the ICANN Org to roll the KSK on 11 October 2018.

  8. Domain Abuse Activity Reporting (DAAR) System Status Report (Open to the community) – The Committee received a status update on the DAAR system and related reports generated by the system. Currently, the Office of the Chief Technology Officer is looking to finalize its engagement with a prominent security expert to review the DAAR methodology.

    The development of the DAAR continues with version 2.0, adding a number of improvements, particularly, in the mechanism that allows for a focus on specific elements of abuse. Currently, two sets of analysis are being conducted on the DAAR data sets. The first analysis will study a spike in abuse domains over a short time frame. The second analysis will study a set of abuse domains that appear more prone to attack than other TLDs. The Office of the CTO intends on publishing an article or journal piece on its findings.

  9. The Chair called the meeting to a close.

    Published on 21 March 2018

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."