Office of the Chief Technology Officer Document Archive
Root Zone KSK Rollover
02 November 2017 – Update on Postponing the Root KSK Roll
17 October 2017 – Postponing the Root KSK Roll
27 September 2017 – ICANN announces a postponement for the KSK Rollover
19 September 2017 – DNSKEY response from the Root Servers is now 1414 bytes
4 September 2017 – Checking the Current Trust Anchors in DNS Validating Resolvers
4 September 2017 – Updating of DNS Validating Resolvers with the Latest Trust Anchor
11 July 2017 – KSK-2017 is published in the DNS
27 April 2017 – First set of Key Signing Requests (KSRs) signed with new key
2 February 2017 – KSK-2017 replicated at the second Key Management Facility
27 October 2016 – The new KSK ("KSK-2017") was successfully generated at the first Key Management Facility
19 September 2016 – First step of 2017 KSK Rollover Test Plan completed
Related information and additional resources can be found at:
- Checking the Current Trust Anchors in DNS Validating Resolvers
- Updating of DNS Validating Resolvers with the Latest Trust Anchor
- DNSSEC Root Zone KSK Recommendations [PDF, 1.1 MB]
- DNSSEC Informational Page
- DNSSEC for Everybody - A Beginner's Guide (ICANN55)
- DNSSEC Workshop (ICANN55)
- IANA - Root Zone Management
- SSAC Advisory on DNSSEC Key Rollover in the Root Zone [PDF, 480 KB]
- Root KSK Roll Update Webinar – Presentation by Matt Larson [PDF, 741 KB]
- A Look at RFC 8145 Trust Anchor Signaling for the 2017 KSK Rollover – Presentation by Duane Wessels of Verisign [PDF, 895 KB]
ICANN Security, Stability and Resiliency Plans & Framework
FY 17
- SSR Relationships
English [PDF, 66 KB] - Identifier System Attack Mitigation Methodology
English [PDF, 876 KB]
FY 15-16 SSR Framework
- English [PDF, 26.3 MB]
FY 14 SSR Framework
- FY 14 SSR Framework English [PDF, 5.9 MB] 中文 [PDF, 2.6 MB] Français [PDF, 1.7 MB] Español [PDF, 1.8 MB] Português [PDF, 1.7 MB] Русский [PDF, 1.8 MB] العربية [PDF, 1.6 MB]
FY 13 SSR Framework
- Part A – ICANN's Role in SSR and the Internet Ecosystem [PDF, 782 KB]
- Part B – FY 13 Module on Operational Priorities and Activities; FY 12 Status Update [PDF, 488 KB]
FY 12 SSR Framework
- Part A – ICANN's role in SSR and the Internet ecosystem English [PDF, 886 KB] 中文 [PDF, 937 KB] Français [PDF, 861 KB] Español [PDF, 1.1 MB] Русский [PDF, 943 KB] العربي [PDF, 1.2 MB]
- Part B – FY 12 Module – Operational Priorities, Collaboration Areas, Awareness English [PDF, 258 KB] 中文 [PDF, 309 KB] Français [PDF, 256 KB] Español [PDF, 287 KB] Русский [PDF, 310 KB] العربية [PDF, 851 KB]
- Combined PDF version (EN) [PDF, 11.1 MB]
FY 11
- 23 Nov 2010 Redline [PDF, 1.33 MB] and FY 11 SSR Plan Final [PDF, 1.49 MB] (23 Nov 2010)
- FY 11 Update to the ICANN Plan for Enhancing Internet Security, Stability & Resiliency: English [PDF, 2.5 MB] 中文 (to be added) Français [PDF, 1.6 MB] Español [PDF, 2.6 MB] Русский [PDF, 1.8 MB] العربية [PDF, 1.8 MB]
FY 10
- FY 09-10 Plan for Enhancing Internet Security, Stability & Resiliency English [PDF, 1.9 MB] 中文 [PDF, 2.0 MB] Français [PDF, 4.3 MB] Español [PDF, 4.4 MB] Русский [PDF, 2.2 MB] العربية [PDF, 2.0 MB]
Papers and Articles
- Top Level Domain Incident Response "Recovery" Checklist September 2015 [PDF, 148 KB]
- Identifier Systems SSR Activities Reporting January 2015
- ICANN Identifier System SSR Update – 2H 2014 21 January 2015 [PDF, 328 KB]
- Identifier Systems SSR Activities Reporting August 2014
- Identifier System SSR Update – 30 June 2014 [PDF, 73 KB]
- Thought Paper on Domain Seizures [PDF, 449 KB] March 2012
Conficker Summary and Review 11 May 2010
The report, Conficker Summary and Review [PDF, 388 KB], provides a chronology of events related to the containment of the Conficker worm. It provides an introduction and brief description of the worm and its evolution, but its primary focus is to piece together the post-discovery and -analysis events, describe the containment measures chronologically, and describe the collaborative effort to contain the spread of the worm. The author captures lessons learned during a containment period spanning nearly a year and describes recent activities that attempt to apply the lessons learned so that the security and DNScommunities can be better prepared for future attacks that exploit the global DNS.
This report represents the work of the author, on behalf of the ICANN Security Team. The author is responsible for errors or omissions. While members of the Conficker Working Group, ICANN SSAC, individual security researchers, and certain ICANN registries were invited to comment or review the report, none of these organizations were asked to formally endorse this work product.
DNS SSR Symposium
- 4th – Report [PDF, 1.90 MB] (event co-hosted with the Anti-Phishing Working Group at Las Croabas, Puerto Rico on 25 October, apwg.org/events/2012_ecrime.html#agendaEcrs)
- 3rd – DNS EASY 2011 Workshop / DNS-SSR 2011 October 2011 Final Report [PDF, 524 KB]
- 2nd – Report of the February 2010 Kyoto DNS Symposium Released 26 April 2010
ICANN is today releasing Measuring the Health of the Domain Name System [PDF, 6.07 MB]. This paper presents the findings from the 2nd Global Annual Symposium on DNS Security, Stability and Resiliency, conducted 1-3 February 2010 at Kyoto University in Kyoto, Japan. Program committee members chose to focus this year's conference on the theme of measuring the health of the DNS. As the entire Internet relies daily on the DNS, understanding its health – both at a given instant and as it changes over time – is critical for being able to reasonably predict the DNS's health outlook and to decide whether to take corrective measures. The Symposium endeavored to analyze the state of understanding DNS health, the key vital signs for the DNS and how the community might approach improving measurement and assessment of DNS health.
Note: This report is a collaborative effort and is intended to be a summation of thoughts, opinions, and ideas expressed at the Symposium; it does not represent any particular individual's or organization's opinion. The Symposium steering committee has validated this report as an accurate representation of the discussions and recommendations for further study from the Symposium.
-
1st - Report of the 1st Global DNS Security, Stability and Resiliency Symposium, conducted in February 2009 at Georgia Tech University, Atlanta, Georgia, United States, is available at https://spinlock.com/wp-content/uploads/2010/02/2009-DNS-SSR-Symposium-Report.pdf [PDF, 507 KB].
Final Report from Global DNS Security, Stability and Resiliency Symposium English [PDF, 502 KB]
Situation Awareness Bulletins:
ICANN-SA-2009-0001: Potential attack against ccTLD Registration Systems (Published 13 July 2009)
ICANN-SA-2009-0002: High volume criminal phishing attack known as Avalanche the delivery method for the Zeus botnet infector (Published 6 October 2009)
Internet Governance & Cybersecurity Documents
US International Strategy for Cyberspace [PDF, 601 KB] (16 May 2011)
G8-G20 Deauville Declaration (26-27 May 2011)
EU Commissioner Neelie Kroes' Compact for the Internet (28 June 2011)
OECD Principles for Internet Policy-Making [PDF, 340 KB] (28-29 June 2011)
Council of Europe Principles for Internet Governance (21 Sept 2011)
London Conference on Cyberspace (1-2 Nov 2011)
World Economic Forum Principles for Cyber Resilience (27 Jan 2012)
Budapest Conference on Cyberspace (October 2012)
OAS CICTE – Declaration Strengthening Cyber Security in the Americas [PDF, 859 KB] (2012)
Brazilian Principles for the Governance and Use of the Internet [PDF, 2.14 MB]
Internet Society – Internet Governance
World Summit on the Information Society – Internet Governance