Skip to main content
Tech banner v4

Internet Identifier System Research and Security, Stability, and Resiliency

Office of the Chief Technology Officer supports improving the Security, Stability, and Resiliency of Internet’s system of unique identifiers; researches issues related to those identifiers; provides capacity building training for DNS, DNSSEC, and Security; participates in technical and security community groups (IETF, regional TLDs, AntiPhishing)


Internet Assigned Numbers Authority Functions

Part of ICANN Operational functions include the maintenance or key Global Registries (Protocol Parameters, Top level IP number Prefixes and Top level Domain name delegation) under the IANA functions, and the Time Zone Database which contains the code and data that represents local time around the globe


Information Systems, Corporate Security, IT and DNS Engineering

Office of the Chief Information Officer monitors and maintains ICANN systems and technical operations, corporate security, and Information Technology. The DNS Engineering Team administers ICANN's DNS network services and the global L-root constellation.


Global Domain Division Technical Services

The Global Domains Division supports gTLD Registries and Registrars under contract with ICANN. This includes contracting for Emergency Backend Registry Operator, Registry and Registrar Data Escrow, operating the CZDS, and Registry Services Evaluation Process. Also supports IDNs, ccTLD Fast Track Process, Root Zone Label Generation Ruleset...


  • How the ITI Technical Infrastructure Works
    We've blogged previously that the Information Transparency Initiative (ITI) is a foundational project that aims to establish content governance and rebuild our underlying technical infrastructure. These key foundational deliverables will improve how we manage all of our...

    21 Jun 2018 | By Ashwin Rangan, Senior Vice-President, Engineering and Chief Information Officer (CIO)

  • Important Changes Coming to The Way You Use Adobe Connect
    As you know, issues were reported with Adobe Connect (AC) during ICANN61 in Puerto Rico and we later restored service. The way you access closed Adobe Connect sessions is changing so that the rooms are more secure. Room administrators or meeting organizers will apply...

    20 Jun 2018 | By Ashwin Rangan, ICANN SVP Engineering and CIO

  • ICANN Adobe Connect Services Restored
    Today, I am writing to let you know that we are restoring ICANN's Adobe Connect collaboration services, effective 1 June 2018. This decision was made following extensive independent and joint forensics investigations by ICANN org, CoSo Cloud LLC (our Adobe Connect cloud...

    31 May 2018 | By Ashwin Rangan, SVP Engineering & Chief Information Officer

  • The Information Transparency Initiative (ITI): Making Improvements by Building Strong Foundations
    Today, the ICANN org launched improvements to the existing Acronyms and Terms feature on These changes are a part of ITI's commitment to increase the findability of our public content. Some of the enhancements include: Multilingual search via acronym,...

    24 May 2018 | By David Conrad, ICANN Senior Vice President and Chief Technology Officer (CTO)

  • Adobe Connect Update
    I wanted to give you an update on the Internet Corporation for Assigned Names and Numbers (ICANN) plan for a remote participation tool and reinstating Adobe Connect. Based on your overwhelming sentiment, over 75% of you asked in one way or another for Adobe Connect, we...

    08 May 2018 | By Ashwin Rangan

  • The Information Transparency Initiative (ITI) Feedback Site is Now Live
    I'm pleased to announce that today, we launched the ITI feedback site ( As I have written about in previous blogs and discussed at ICANN60 and ICANN61 sessions, this site is intended to provide you, the ICANN community, with the ability to share your...

    23 Apr 2018 | By David Conrad, Chief Technology Officer (CTO) and Senior Vice-President

    As you know, the ICANN organization took down its Adobe Connect service midway through the ICANN61 meeting in response to reported issues with this service. Concurrently, we began to conduct our own forensic analysis of the reported incident and began working with our...

    20 Apr 2018 | By Ashwin "Ash" Rangan, ICANN SVP Engineering and CIO

  • Interim Tools for Remote Participation
    As you know, during ICANN61 in San Juan, Puerto Rico, the ICANN organization was made aware of possible issues with our Adobe Connect services. In an abundance of caution, we took immediate action and deactivated Adobe Connect services – both for external and internal...

    26 Mar 2018 | By Ashwin Rangan

  • More Information on the Adobe Connect Issue
    In our last blog on this issue, we reported that our technical teams are testing various scenarios to determine the root cause of the technical issue affecting our use of Adobe Connect. We are investigating whether the issue was caused by the software, or ICANN's...

    20 Mar 2018 | By Ashwin Rangan

  • The Information Transparency Initiative (ITI) and the Open Data Initiative (ODI): Similarities, Differences, and What These Projects Mean for You.
    You've heard and read about the Information Transparency Initiative (ITI) and the Open Data Initiative (ODI), but you may be unsure of the difference between the two projects. ITI and ODI share a similar goal – to make it easier for the ICANN community to access...

    05 Mar 2018 | By Duncan Burns, Senior VP, Global Communication, ICANN; and David Conrad, Senior VP and Chief Technology Officer, ICANN

  • Supporting Standards that Ensure an Open and Interoperable Internet
    The Internet as we know it today owes its development and scalability to the meticulous work of thousands of volunteers who develop technical standards and specifications that ensure global interoperability. This work is mostly done by the Internet Engineering Task Force...

    14 Feb 2018 | By Adiel Akplogan, VP Technical Engagement, ICANN.

  • An Information Transparency Initiative Update: The Content Audit and ICANN Taxonomy
    As you may recall from our September 2017 blog, the Information Transparency Initiative's (ITI) primary goals are: improving content findability in all six U.N. languages, creating content governance, and building new technical infrastructures to enforce...

    31 Jan 2018 | By Duncan Burns and David Conrad

  • 2017

  • Reputation Block Lists: Protecting Users Everywhere
    Cybercrime is a constant problem. What many Internet users don’t know is that the vast majority of users are being protected all the time by Reputation Block Lists (RBLs). RBLs are built into the Internet services we all use every day to keep harmful material out of your...

    01 Nov 2017 | By Dave Piscitello, VP of Security and Information and Communications Technologies (ICT) Coordinator, ICANN; and Greg Aaron, VP Product Management, iThreat Cyber Group

  • Eastern Europe Cybersecurity Tour, Redux
    Hero1 eastern europe cybersecurity tour 3600x2025 23oct17 en
    From 9-15 October, I spent a busy week of Global Stakeholder Engagement (GSE) cybersecurity engagements in Budapest and Visegrád, Hungary and Minsk, Belarus. Gabriella Schittek and I met in Budapest with representatives of the Hírközlési Tudományos Egyesület (HTE), the...

    23 Oct 2017 | By Dave Piscitello, VP Of Security and ICT Coordinator

  • Creating Content Governance and Rebuilding the Infrastructure of ICANN’s Public Sites
    It probably comes as no surprise to many of you who use that our content can be difficult to find. It's an issue we have grappled with for a long time that needs a permanent fix. On 23 September 2017, at the ICANN Board meeting in Montevideo, Uruguay, the...

    26 Sep 2017 | By Duncan Burns, Senior Vice President, Global Communications & Managing Director, Washington, D.C. Office; David Conrad, Senior Vice President & Chief Technology Officer

  • A “Key” Milestone in Protecting the DNS
    A significant milestone has been reached in ICANN’s ongoing effort to change the cryptographic key that helps protect the Domain Name System (DNS). On 11 July 2017, the new DNSSEC Key Signing Key (KSK-2017) appeared in the DNS, marking the first time a new key has been...

    12 Jul 2017 | By Edward Lewis

  • ICANN's Open Data Initiative Early Pilot Platforms Now Available
    Hero1 odi pilot 750x583 27jun17 en
    'Open data is publicly available data that can be universally and readily accessed, used, and redistributed free of charge. It is structured for usability and computability.' -'The Global Impact of Open Data,'by Andrew Young and Stefaan Verhulst Today, ICANN is pleased to...

    27 Jun 2017 | By Edward Lewis

  • The Dark Web: The Land of Hidden Services
    Hero1 dark web 225x175
    According to Internet Live Stats, the World Wide Web passed the one billion website benchmark in 2014 and is still hovering around that figure. The publishers of these billion websites compete for search engine relevance and the attention of nearly 3.6 billion Internet...

    27 Jun 2017 | By Dave Piscitello, VP of Security and Information and Communications Technologies (ICT) Coordinator, ICANN

  • The DNSOP Working Group of the IETF Organizes Webinar to Raise Awareness of Special-Use Domain Names
    Special-Use Domain Names are domain names that are not intended to be resolved globally using the Domain Name System (DNS). For example, queries for the top-level domain name “.onion” are never intended to be resolved through the DNS protocol. Following the approval of...

    19 May 2017 | By Adiel Akplogan

  • M3AAWG Appoints Dr. John Levine Liaison to ICANN
    The Messaging, Malware and Mobile Anti Abuse Working Group (M3AAWG) recently appointed Dr. John Levine Liaison to ICANN. The ICANN organization welcomes this appointment and thanks M3AAWG's Board of Directors for this decision. This appointment will allow the portion of...

    28 Apr 2017 | By David Conrad

  • Ways of Trusting Internet Identifiers
    Recent news that Google's Chrome browser is going to trust Symantec-issued transport layer security (TLS) certificates less than those from other certificate authorities (CAs) has reignited debates about how trust is expressed to Internet users. Certificates for TLS are...

    03 Apr 2017 | By Paul Hoffman

  • The Three Pillars of ICANN’s Technical Engagement Strategy
    Hero1 technical enagement strategy 750x500 21mar17 en
    ICANN's technical engagement team was established two years ago. Since then, we have made a great deal of progress in better engaging with our peers throughout the Internet Assigned Numbers Authority (IANA) stewardship transition proposal process and currently during the...

    21 Mar 2017 | By Adiel Akplogan, VP, Technical Engagement, ICANN

  • Technology@ICANN: A Landing Page for ICANN’s Technical Engagement Ecosystem
    Hero1 icann technology 590x336 14mar17 en
    For some time, we've heard from our technical stakeholders and participants how difficult it is for a technical person wanting to engage in ICANN to find appropriate information about ICANN's activities. Content was scattered, but users wanted a single landing page for...

    14 Mar 2017 | By Adiel Akplogan, VP, Technical Engagement, ICANN

  • What Is Ransomware?
    Hero1 ransomware anatomy of an attack
    Ransomware is a cyberattack (a virus) that is used to extort money. Originally, criminals used ransomware to extract payments from individuals for the recovery of personal information. Today, cyberattackers extort payments from businesses for the recovery of sensitive...

    13 Mar 2017 | By Dave Piscitello, VP of Security and Information and Communications

  • Tech@ICANN58: Your Roadmap to Copenhagen's Technical Sessions
    As we start our meeting here in Copenhagen with a packed agenda, I would like to share with you some of the key sessions that have a more technical focus. I hope that this will be useful to newcomers with a technical background, so they can easily find their way...

    12 Mar 2017 | By Adiel Akplogan

  • 2016

  • Cybersecurity Topics on a Whirlwind Tour of Eastern Europe: Take 2
    Hero1 dp eednsf 1500x1000 14dec16 en
    Dave Piscitello presenting at the Eastern European DNS Forum in Kiev, Ukraine. During the first weeks of December 2016, I continued a series of Identifier Systems Security, Stability and Resiliency (IS SSR) team and Global Stakeholder Engagement (GSE) cybersecurity...

    14 Dec 2016 | By Dave Piscitello, VP of Security and ICT Coordinator

  • What Is a DNS Covert Channel?
    Hero1 blog dns covert channel 08dec16 en
    In the first part of our covert channel series, I explained that a covert channel is an evasion or attack technique used to transfer information in a secretive and typically unauthorized or illicit manner. I also explained how one could create a covert channel using the...

    08 Dec 2016 | By Dave Piscitello, VP Of Security and ICT Coordinator

  • ICANN Kicks Off Open Data Initiative Pilot
    ICANN has begun a pilot project to introduce an Open Data Initiative for ICANN-generated data. Various ICANN activities produce data related to ICANN’s mission of coordinating the Internet’s system of unique identifiers, including domain name system operations, domain...

    06 Nov 2016 | By Edward Lewis, Senior Technologist, ICANN

  • Research Revealed on Authoritative Servers at the Second Level
    ICANN is interested in the infrastructure supporting the identifiers that we help coordinate, and the Domaine Name System (DNS) has a wide variety of infrastructure. There has already been a fair amount of research about the root servers and the Top-Level Domains (TLD)...

    28 Oct 2016 | By Paul Hoffman, Principal Technologist, ICANN's Office of the CTO Research Department

  • KSK Rollover Operations Begin
    Hero1 ksk rollover operations 750x514 27oct16 en
    Today, ICANN created a new root zone key signing key (KSK). This new cryptographic public/private key pair was made during the quarterly Root KSK Ceremony at our secure key management facility in Culpeper, Virginia. With this key generation, the initial operational phase...

    27 Oct 2016 | By David Conrad

  • ICANN57: A Real-Life Audio-Video Disaster Recovery Story
    Very few people realize what it actually takes to make an ICANN meeting run smoothly from the Network Operations Center backroom, where the InfoTech team orchestrates its magic with high energy. You’ve probably experienced the excellent remote capabilities to encourage...

    26 Oct 2016 | By Ashwin Rangan

  • Universal Acceptance Compliance at ICANN
    Hero1 universal acceptance compliance 750x350 10oct16 en
    Universal Acceptance ensures that all domain names and email addresses can be used by all Internet-enabled applications, devices and systems. It is essential for the continued expansion of the domain name system and provides a gateway to the next billion Internet users....

    10 Oct 2016 | By Ashwin Rangan

  • Exploring Cybersecurity Topics on a Whirlwind Tour of Eastern Europe
    Hero1 cybersecurity whirlwind tour eastern europe 1980x1320 27sep16 en
    ICANN's Dave Piscitello (second from left) takes part in a panel at CYBERSEC 2016, a conference on cybersecurity held this week Krakow, Poland. This week I begin a two–week series of Identifier Systems Security, Stability and Resiliency (IS SSR) team and Global...

    27 Sep 2016 | By Dave Piscitello, VP of Security and ICT Coordinator

  • Sharing Links Over Email: Security @ ICANN
    Many of you have read earlier posts by our CIO Ashwin Rangan regarding our ongoing improvements to ICANN's overall cybersecurity. This is a brief update on some recent security changes we've made to email services, some of which will be noticeable to many in the ICANN...

    27 Sep 2016 | By Ashwin Rangan

  • News from Identifier Technology Health Indicators (ITHI)
    ICANN recently organized an ITHI workshop in its Washington DC office on September 7th. We had 18 participants, 11 of them from the community, representing a variety of stakeholders: DNS operators, registry operators, registrars, ISPs, content providers, government, etc....

    22 Sep 2016 | By Alain Durand

  • What Is an Internet Covert Channel?
    Hero1 covert channel 28aug16 en
    A covert channel is an evasion or attack technique that is used to transfer information in a secretive, unauthorized or illicit manner. A covert channel can be used to extract information from or implant information into an organization. An Internet covert channel is the...

    29 Aug 2016 | By Dave Piscitello, VP of Security

  • DNSSEC: Rolling the Root Zone Key Signing Key
    Hero1 ksk rollover 750x480 en
    ICANN today posted plans to update or "roll" the Root Zone Key Signing Key (KSK), marking another significant step in our ongoing efforts aimed at improving the security of the Domain Name System (DNS). The KSK rollover plans were developed by the Root Zone Management...

    22 Jul 2016 | By David Conrad, ICANN Chief Technology Officer

  • Metadata Collection And Controversy
    In What Are Metadata?, I explained that metadata are data that describe or provide information about other data such as social media discussions, email exchanges or online transactions. Now that we have a common appreciation for what metadata are, let's consider how...

    27 Jun 2016 | By Dave Piscitello

  • Security Best Practices: DNSSEC Validation
    Hero1 dnssec 765x333 21jun16 en
    I would like to share some key points about the significance of the security technology Domain Name System Security Extensions (DNSSEC) and some important updates that will be implemented in the coming year. These points are extracted from my recent presentation at the...

    21 Jun 2016 | By Ed Lewis

  • Part I: What Are Metadata?
    Hero1 metadata 1000x700 11may16 en
    The concept of metadata is both simple and complicated. We readily understand what data are: they are the information that we communicate, process or consume in our ever-growing digitized society. But what are metadata? Metadata: Data About Data Data, especially digital...

    11 May 2016 | By Dave Piscitello

  • Changing the Keys to the Domain Name System (DNS) Root Zone
    Hero1 changing keys dns root zone 756x503 09may16 en
    Ensuring the Integrity of the top level of the DNS Through Security Best Practices In July 2010, ICANN, Verisign, and NTIA added a level of protection to the Internet's top DNS layer using a technology known as DNSSEC, which stands for Domain Name System Security...

    09 May 2016 | By David Conrad

  • Documentation is Key to Recovering Hijacked Domain Names
    When victims of domain name hijackings contact our Security Team for guidance, we will ask about the circumstances relating to the attack. We'll ask whether they have contacted their hosting provider, registrar, or law enforcement. We next ask, "do you have any way to...

    14 Apr 2016 | By Dave Piscitello

  • Lending Clarity to Security Risk Definitions - For ICANN Community and Beyond
    Hero1 security risk clarity 750x500 16mar16 en
    In its Beijing Communiqué [PDF, 155 KB] of 11 April 2013, the ICANN Government Advisory Committee (GAC) called on ICANN to have new gTLD registry operators find and act upon a variety of abusive activities occurring within their TLDs. This led to a requirement in all new...

    17 Mar 2016 | By Dave Piscitello, VP, Security And ICT Coordinator

  • Expectations of Service Level Expectations
    Introduction Recently, ICANN staff has been working to meet the community requirements related to establishing metrics for the performance of the "Post Transition IANA" as it processes root zone management requests. For those not following the development of the Service...

    07 Mar 2016 | By David Conrad

  • The Registration Operations Workshop: Join Us in Buenos Aires
    The next Registration Operations Workshop, the fourth of these events, will take place just before IETF-95 on Sunday, April 3, 2016, at the Hilton Hotel in Buenos Aires. The Registration Operations Workshop series is now being co-sponsored by Verisign and ICANN and...

    02 Mar 2016 | By David Conrad

  • What is Privilege Escalation?
    Hero1 privilege escalation 750x485 18feb16 en
    In my previous post, we examined the measures that organizations use to enforce authorization policies. Authorization policies and the methods we use to enforce them – access controls, user permissions or privileges – are intended to protect sensitive information against...

    18 Feb 2016 | By Dave Piscitello

  • Access Controls, User Permissions and Privileges
    Hero1 access controls 1258x839 19jan16 en
    In my last post, What is Authorization and Access Control, I explained that we use authentication to verify identity – to prove you are who you claim to be – and also to enable an authorization policy, to define what your identity is allowed to "see and do". We then...

    19 Jan 2016 | By Dave Piscitello, VP, Security And ICT Coordinator

  • 2015

  • What is Authorization and Access Control?
    Hero1 authorization access control 02dec15 en
    You are probably familiar with the concept of authentication, the way that security systems challenge you to prove you are the customer, user, or employee whom you claim to be, using a password, token, or other form of credential. You may be less familiar with the concept...

    02 Dec 2015 | By Dave Piscitello, VP, Security And ICT Coordinator

  • CIIO Perspectives: ICANN’s Incident Response Protocol
    As part of our mission to provide secure and stable digital services to the community, the ICANN Information Technology (IT) team takes information security incidents very seriously and thwarts these threats through a variety of measures. We know it's impossible to...

    09 Nov 2015 | By Ashwin Rangan

  • What is a Man in the Middle Attack?
    Hero1 mitm 750x425 02nov15 en
    Many years ago, your local telephone service may have been shared among you and many of your neighbors in what was called a party line. This shared configuration had two characteristics. If you wanted to place a call, you had to wait until the circuit was idle, i.e., all...

    02 Nov 2015 | By Dave Piscitello | VP Of Security and ICT Coordinator

  • Tech@ICANN54 – Your Roadmap to Dublin’s Technical Sessions
    We are hours away from the official start of ICANN54 in Dublin, Ireland, and the meeting agenda is packed with many exciting and interesting sessions. As we have seen with previous public meetings since the March 2014 announcement, the focus remains the IANA Stewardship...

    17 Oct 2015 | By Adiel Akplogan, VP Technical Engagement​

  • IPv6: The Future is Now More than Ever
    Hero1 ipv6 750x425 28sep15 en
    On Thursday of last week (September 24th), the American Registry for Internet Numbers (ARIN) announced that it has officially run out of IPv4 addresses. This is an important milestone in a countdown that started on 3 February 2011, when IANA's central pool of IPv4...

    28 Sep 2015 | By Adiel. A. Akplogan | Vice President of Technical Engagement

  • Top Level Domain Incident Response Resource Now Available
    When Top Level Domain operations are attacked, ICANN's SSR department may be asked to assist with incident response, either directly, or as a facilitator that can identify competent incident response, recovery, or subsequent investigations. A recent series of attacks...

    28 Sep 2015 | By Dave Piscitello

  • Is This a Hack or an Attack?
    Hero1 hack or attack 750x425 15sep15 en
    Nearly every day, we see news stories or tweets that reveal another "cyber attack" against a well-known brand, bank or government agency are commonplace today. These are almost always characterized as sophisticated hacking schemes. Some are described as acts of...

    15 Sep 2015 | By Dave Piscitello, VP Of Security And ICT Coordinator

  • Threats, Vulnerabilities and Exploits – oh my!
    Hero1 threats exploits 558x388 10aug15 en
    Some of the most commonly used security are misunderstood or used as if they were synonymous. Certain of these security terms are so closely related that it's worth examining these together. Today, we'll look at several related terms – threat, vulnerability, and exploit –...

    10 Aug 2015 | By Dave Piscitello, VP Security and ICT Coordination

  • What is Two-Factor Authentication?
    Hero1 two factor auth 750x426
    In this installment of Raising Security Awareness, One Security Term at a Time, I'll explain two-factor authentication; how this improves the security of your online accounts or logins, and where you'll find two-factor authentication in use today. Begin at the beginning:...

    13 Jul 2015 | By Dave Piscitello | VP Of Security And ICT Coordinator

  • CIIO Perspectives- Volume 3
    A few weeks back, I blogged about how ICANN manages its IT assets and digital services in light of cyber-security threats. I also wrote at the time that we have engaged a globally-recognized, independent third party to annually audit ICANN's security controls, and I...

    01 Jul 2015 | By Ash Rangan

  • Identifier Systems SSR Activities Reporting
    As part of our continuing commitment to transparency and accountability, the Identifier Systems SSR department is pleased to publish our activities report for the first half of 2015 (1H 2015). Our activities reports describe the activities we perform to maintain the...

    20 Jun 2015 | By John Crain, Dave Piscitello

  • New IANA Functions Resource Published
    ICANN is pleased to announce a new resource for the community: The IANA Functions: An Introduction to the Internet Assigned Numbers Authority (IANA) Functions [PDF, 2.17 MB]. As an overview of how the IANA Functions are currently executed, the 20-page booklet includes an...

    20 Jun 2015 | By Elise Gerich, Vice President, IANA & Technical Operations; David Conrad, Chief Technology Officer

  • Raising Security Awareness, One Security Term at a Time
    Hero1 security awareness 750x425 15jun15 en
    The Internet has finally, and in so many ways, become an integral part of our every day lives. As familiar as we are with it, however, we still need to understand how best to navigate our way in this vast digital territory securely. We all face challenges when trying to...

    15 Jun 2015 | By Dave Piscitello | VP Of Security and ICT Coordinator

  • Hardening ICANN’s IT and Digital Services
    During ICANN52, many community members inquired after the state of ICANN's digital-services. In addition, in response to one of my blog posts, some of you met with Chris Gift, VP of Digital Services, and me to gain a deeper understanding of status and plans. And in a...

    09 Jun 2015 | By Ashwin Rangan

  • APWG, APWG EU Welcome ICANN to Steering Committees
    Nearly 300 participants from academia and research, governments and NGOs, and commercial security investigation gathered in Barcelona from 26-29 May to attend the Anti-Phishing Working Group (APWG) Symposium on Electronic Crime Research (eCrime 2015). This year's event...

    03 Jun 2015 | By Dave Piscitello, Vice President of Security and ICT Coordination

  • IANA Functions Usage Analysis
    When I joined ICANN a few months ago and learned that part of my role would be supporting the IANA Stewardship Transition process, I wanted to learn more about how those functions are actually operated and how much the community uses them. My background has been in the...

    27 May 2015 | By Alain Durand, Principal Technologist

  • Service update on some ICANN hosted blogs
    The content on several ICANN-hosted public blogs has been restored to service after being temporarily taken offline to investigate a software security vulnerability (,,,,...

    20 Feb 2015 | By Ashwin Rangan

  • Identifier Systems SSR Activities Reporting
    As part of our continuing commitment to transparency and accountability, the Identifier Systems SSR department is pleased to publish our activities report for the second half of 2014 (2H 2014). Our activities reports describe the activities we perform to maintain the...

    21 Jan 2015 | By Dave Piscitello

  • 2014

  • Increasing Stakeholder Engagement in Beirut
    From 5-6 November 2014, my colleagues Dave Piscitello, Patrick Jones and I travelled to Beirut to engage with local stakeholders. Our first stop was the American University of Science and Technology (AUST), where we conducted a workshop for Lebanese Law Enforcement...

    26 Nov 2014 | By Dave Piscitello – VP, Security and ICT Coordinator; Patrick L. Jones - Senior Director,Global Stakeholder Engagement; Fahd A. Batayneh – Stakeholder Engagement Coordinator, Middle East

  • Working Together to Tame the Coming Tsunami
    Watch Ashwin's Call to Action It is just over eight months since I joined ICANN and several noteworthy events have occurred since. Within a few days of coming on board, the IANA Stewardship Transition was announced. Fadi's efforts to appropriately position Internet...

    17 Nov 2014 | By Ashwin Rangan, ICANN Chief Innovation and Information Officer

  • Be Careful What You Click: Alert of New Fraudulent Domain Renewal Emails
    Hero1 reg false requests 750x425 29sep14 en
    Phishing is a type of email scam that cybercriminals use to steal credit card or personal identifying information. The Anti-Phishing Working Group (APWG) reported that 125,215 attacks occurred [PDF 1.28 MB] in January through March of this year alone, which reminds us to...

    29 Sep 2014 | By Dave Piscitello, ICANN Senior Security Technologist

  • Monitor DNS Traffic & You Just Might Catch A RAT
    Criminals will exploit any Internet service or protocol when given the opportunity. Here are six signs of suspicious activity to watch for in the DNS. IT admins have the thankless task of having to watchdog devices, hosts, and networks for signs of malicious activity....

    22 Sep 2014 | By Dave Piscitello, VP Security and ICT Coordination

  • Identifier Systems SSR Activities Reporting
    As part of our commitment to transparency and accountability, the Identifier Systems SSR department will publish periodic reports on our activities. These reports will describe the activities we perform to maintain the security, stability, and resiliency of the Internet's...

    29 Aug 2014 | By Dave Piscitello, VP Security and ICT Coordination

  • Like a Swiss Watch
    Hero1 ashwin looking watch 750x425 30jul14
    The very expression, "like a Swiss watch", evokes powerful (and almost universal) imagery. Of a mechanical device. Driven with precision. Elegance. Carefully engineered parts. Put together with loving labor. With cogs and wheels engaging. Each with its unique purpose....

    30 Jul 2014 | By Ashwin Rangan

  • With a RASP in my Throat
    Hero1 rangan 550x599 05jun14
    Before joining ICANN, people had told me that it is unlike any other organization. Coming – as I did – from global companies like Samsung, Walmart, Bank of America and most recently, Edwards Lifesciences, I asked myself whether it could be that different. It has been...

    05 Jun 2014 | By Ashwin Rangan, ICANN Chief Information and Innovation Officer

  • The Heartbleed Bug: Are you at risk?
    Hero1 heartbleed bug
    Researchers have uncovered a vulnerability in OpenSSL, a software that provides secure (encrypted) communications for electronic commerce, banking, and secure remote access (SSL VPN). This vulnerability has been termed the Heartbleed Bug. An attacker who successfully...

    09 Apr 2014 | By Dave Piscitello

  • The TLD Universal Acceptance Project
    As the global Internet expansion continues to move forward, ICANN’s motto of, “One World, One Internet,” has never been a more apt rallying cry. The growing number of TLDs will doubtlessly affect us all, but the benefits are most likely to be felt most deeply by two very...

    21 Mar 2014 | By Francisco Arias

  • Mitigating DNS Namespace Collisions
    In line with our ongoing commitment to preserve the security, stability and resiliency of the Internet’s Identifier systems, ICANN today published a report on collisions in the DNS namespace as they relate to the New TLD program. We would like to thank JAS Global Advisors...

    26 Feb 2014 | By John L. Crain

  • Data Privacy Day 2014 – Start to Protect Your Privacy Today
    Our growing dependency on the Internet seems to make it impossibly hard to keep anything confidential. Social media tempt us to share. Data collectors encourage us to disclose identifying data, our personal preferences and our online behavior in exchange for free...

    28 Jan 2014 | By Dave Piscitello

  • 2013

  • Managing Name Collision Occurrences
    The topic of name collisions has received considerable attention in the DNS and Internet communities over the past several months. A name collision occurs when an attempt to resolve a name that is used in a private name space (e.g., a non-delegated Top Level Domain, or a...

    06 Dec 2013 | By Dave Piscitello

  • Celebrating 25 Years of .TH and Much, Much More
    Dr. Steve Crocker Visits With Thai Prime Minister Yingluck Shinawatra In Bangkok, June 7 2013 Earlier this month, Dr. Stephen Crocker and I had the privilege of visiting Thailand’s capital city, Bangkok. We spent the week meeting with local Internet and business...

    17 Jun 2013 | By John L. Crain

  • How to Report a DDoS Attack
    Dave Piscitello, on behalf of the ICANN Security Team DDoS attacks are serious problems. While ICANN’s role in mitigating these threats is limited, the Security Team offers these insights to raise awareness on how to report DDoS attacks Distributed Denial of Service...

    25 Apr 2013 | By Dave Piscitello

  • Do More to Prevent DNS DDoS Attacks
    Dave Piscitello, on behalf of the ICANN Security Team In recent weeks, numerous high profile organizations and financial institutions have been targets of massive service disruption attacks. Several of these attacks are characteristically similar to attacks against top...

    03 Apr 2013 | By Dave Piscitello

  • ICANN Coordinated Disclosure Guidelines
    The Security Team has prepared a set of guidelines to explain ICANN's Coordinated Vulnerability Disclosure Reporting. The guidelines serve two purposes. They define the role ICANN will perform in circumstances where vulnerabilities are reported and ICANN determines that...

    11 Mar 2013 | By Dave Piscitello

  • The Value of Assessing Collateral Damage Before Requesting a Domain Seizure
    In ourMarch 2012Thought Paper on Domain Seizures and Takedowns, we offerguidance[PDF, 439 KB] to anyone who prepares an order that seeks to seize or take down domain names. By offering this guidance, we do not endorse such actions as a prescriptive measure, nor do we...

    24 Jan 2013 | By Dave Piscitello

  • 2012

  • What You Should Learn from the Diigo Domain Hijacking incident
    Dave Piscitello, Sr. Security Technologist, for the ICANN Security Team Diigo is a social annotation and bookmarking service that millions of individuals, educators, and students use daily to manage and share information, conduct research and collaborate. On October 24th,...

    02 Nov 2012 | By Dave Piscitello

  • ICANN Hosts Commonwealth Cybercrime Initiative Workshop
    Offers to Assist in Securing DNS 14 March — ICANN welcomed members of the Commonwealth Cybercrime Initiative (CCI) Steering Group to Costa Rica as part of its efforts to improve the security, stability and resiliency of the global Domain Name System (DNS). The meeting...

    15 Mar 2012 | By Dave Piscitello

  • Thought Paper on Domain Seizures and Takedowns
    Recent legal actions (Rustock, Coreflood and Kelihos, among others) resulting in disrupting or dismantling major criminal networks have involved seizures of domain names, DNS name server reconfiguration and transfers of domain name registrations as part of the takedown...

    08 Mar 2012 | By Dave Piscitello

  • 2008

  • goes IPv6
    Last week IANA processed a request to add AAAA records for one of the thirteen DNS root-servers., operated by ICANN, became the seventh of the root servers to have it’s IPv6 address records (AAAA) added into the DNS root-zone. The addition of IPv6...

    15 Dec 2008 | By John L. Crain

  • Ghosts of Root Servers Past
    As noticed by some in the Internet network operations community, at the beginning of May an odd event occurred as ICANN ended DNS service on the IP address formerly associated with L.ROOT-SERVERS.NET (“L-root”). Specifically, as ICANN turned off the DNS service at the...

    19 May 2008 | By David Conrad

  • 2007

  • A Root with a view…
    Running a DNS server that serves the root gives an interesting view into the world of the DNS.With the ongoing improvements to the ICANN operated L-ROOT we’ve been fortunate enough to be able to make use of the “DNS Statistics Collector” tool....

    26 Nov 2007 | By John L. Crain

  • Lessons from Guyana: It takes a network to run a network.
    It was interesting to see discussions start on the blog around “What does it take to run a registry”. Jacob Malthouse (Liaison for Canada and the Caribbean) and I (John Crain, CTO) have just returned from Georgetown, Guyana. With us in Georgetown, locked into a classroom...

    21 Feb 2007 | By John L. Crain

View All Blogs >

View All News & Announcements >

ICANN Tech on Twitter

Technical Engagement Leadership

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."