|Comment/Reply Periods (*)
|Important Information Links
|17 May 2012
|16 June 2012
|Close Time (UTC):
|Public Comment Announcement
|17 June 2012
|To Submit Your Comments (Forum Closed)
|View Comments Submitted
|Close Time (UTC):
|Report of Public Comments
|ICANN Security Team
|ICANN is seeking community feedback on a draft statement of ICANN's Role and Remit in Security, Stability & Resiliency of the Internet's Unique Identifier Systems. This is intended to provide a clear and enduring explanation of ICANN's role and remit in this area, and also will inform ICANN's consideration of the Security, Stability & Resiliency of the DNS Review Team's draft Recommendations #1 and #3.
|Open for public comment
|Comments will be collected and incorporated into a final statement, which would then become ICANN's clear and enduring statement of ICANN's role and remit in relation to the security, stability and resiliency of the Internet's unique identifier systems.
|Section I: Description, Explanation, and Purpose
17 May 2012
ICANN is seeking community feedback on its draft response to Recommendations #1 and #3 from the Security, Stability & Resiliency Review Team (SSR RT). The response is intended to provide a clear and enduring statement of ICANN's role and remit in relation to the security, stability and resiliency of the Internet's unique identifier systems.
Recommendation 1 of the draft report from the SSR RT states that ICANN should "publish a single, clear and consistent statement of its SSR remit and limited technical mission." (15 Mar 2012).
Specific guidance is sought on:
Recommendation 3 states "ICANN should document and clearly define the nature of the SSR relationships it has within the ICANN community in order to provide a single focal point for understanding the interdependencies within the organizations."
Consistent with this recommendation, it would be helpful to receive community feedback on ICANN's SSR relationships with others in the Internet ecosystem, including groups such as the root server operators, RIRs, Registrars, standards bodies, law enforcement, CERTs, and operational security communities such as the Conficker Working Group, MAAWG, etc.
Open questions include:
Community input on this draft statement of role and remit in SSR is encouraged, and comments may be submitted on this statement and the FY 13 SSR Framework through 16 June 2012 23:59 UTC (with a Reply Comment Period open from 17 June to 16 July 2012 23:59 UTC).
Further community consultations will occur at the upcoming ICANN meeting in Prague, Czech Republic in June 2012.
|Section II: Background
Draft Statement of ICANN's Role and Remit in Security, Stability and Resiliency of the Internet's Unique Identifier Systems
ICANN acts within its Bylaws to support a multi-stakeholder model collaborating to ensure the security, stability and resiliency of the Internet's unique identifiers.
ICANN's Security Stability and Resiliency (SSR) role and remit is based on the following terminology:
To coordinate means to actively engage with stakeholders in the global Internet ecosystem to ensure
This is a shared responsibility among the community of multi-stakeholder participants in the Internet ecosystem and not one borne alone by ICANN as a singular entity.
ICANN's SSR role encompasses three categories of responsibilities:
ICANN's technical mission includes
Responsibilities that lie outside ICANN's role in SSR include:
ICANN is not a law enforcement agency, a court of law or government agency. ICANN cannot unilaterally suspend or terminate domain names. ICANN is able to enforce its contracts with third parties, including domain name registration providers. Furthermore, ICANN does play a role in supporting the work of law enforcement or government agencies in carrying out legitimate actions at their request.
ICANN plays the same part as any interested stakeholder with regards to Internet protocols; evolution of Internet protocols and related standards are not under the purview of ICANN.
|Section III: Document and Resource Links
Learn more about ICANN's SSR role and remit
Specific information in support of this technical mission is described in ICANN's Security, Stability and Resiliency Framework (https://www.icann.org/en/about/staff/security). This annual document explains the connection between ICANN's role and remit in DNS Security, Stability and Resiliency, ICANN's Strategic and Operational Planning and its related SSR programs and initiatives for each fiscal year.
Translations of the draft statement, and links to the FY 13 SSR Framework will be posted as soon as possible.
|Section IV: Additional Information
Appendix – Background
ICANN was founded in 1998 to coordinate the Internet's unique identifier systems for worldwide public benefit to enable a single, global interoperable Internet [United States Department of Commerce, Statement of Policy, Management of Internet Names and Addresses, 5 June 1998, 63 Fed. Reg. 31741 (commonly known as the White Paper), http://www.icann.org/en/about/agreements/white-paper]. ICANN operates in an open, accountable and transparent multi-stakeholder model that reflects the diversity of all Internet users as a whole.
Since its formation, stability of the Internet has been a central priority for ICANN [ICANN Articles of Incorporation, 21 November 1998, http://www.icann.org/en/about/governance/articles]. Security and reliability of the Internet's unique identifiers are important parts of stability.
According to ICANN's Bylaws (most recently updated on 16 March 2012) [ICANN Bylaws, dated 16 March 2012, Mission & Core Values, http://www.icann.org/en/about/governance/bylaws#I], ICANN's mission is "to coordinate, at the overall level, the global Internet's systems of unique identifiers, and in particular to ensure the stable and secure operation of the Internet's unique identifier systems. In particular, ICANN:
ICANN acknowledges responsibility in its core values for "preserving and enhancing the operational stability, reliability, security, and global interoperability of the Internet."
From 1998 to 2009, ICANN operated under a set of transition agreements with the United States Department of Commerce, known as the Memorandum of Understanding [Memorandum of Understanding between the US Department of Commerce and ICANN, 25 November 1998, http://www.icann.org/en/about/agreements/mou-jpa/icann-mou-25nov98-en.htm] (and later Joint Project Agreement) [Joint Project Agreement, dated 29 September 2006, http://www.icann.org/en/about/agreements]. Collaboration by ICANN in technical coordination of the Internet's unique identifiers was a central theme in these agreements.
On 30 September 2009, ICANN and the United States Department of Commerce entered into the Affirmation of Commitments [http://www.icann.org/en/about/agreements/aoc/affirmation-of-commitments-30sep09-en.htm]. The Affirmation of Commitments "institutionalized and memorialized the technical coordination of the Internet's domain name and addressing system (DNS), globally by a private sector led organization."
The Affirmation of Commitments requires periodic reviews of ICANN's execution on its plans and processes related to operational stability, reliability, resiliency, security and global interoperability of the DNS [Affirmation of Commitments, Section 9.2]. A Security, Stability and Resiliency Review Team commenced its work in October 2010, and published its initial report for public comment on 15 March 2012 [http://www.icann.org/en/news/public-comment/ssrt-draft-report-15mar12-en.htm].
The Security, Stability and Resiliency Review Team recommended that ICANN "publish a single, clear and consistent statement of its SSR remit and limited technical mission." (See Recommendation 1, draft report dated 15 Mar 2012).
Consistent with this recommendation, this draft statement of ICANN's SSR role and remit has been developed based on its foundational documents, previous SSR Plans and Frameworks, and the SSR Review Team draft report. This statement is being published for community consultation along with ICANN's FY 13 Security, Stability and Resiliency Framework.
(*) Comments submitted after the posted Close Date/Time are not guaranteed to be considered in any final summary, analysis, reporting, or decision-making that takes place once this period lapses.