[At-Large] The SSAC has published SAC124

Andrey Kolesnikov dagnazza at gmail.com
Tue May 7 15:39:09 UTC 2024 

Thank you Matthias!
It is worth noting that the project implementation spanned many years with
numerous days and hours invested by the SSAC working group under the
guidance of Suzanne & Matt. The project also required active involvement
from ICANN org and many other ICANN stakeholders. This document stands as a
testament to meticulous work, countless discussions, debates and
compromises.
Great job!

--andrei

On Tue, May 7, 2024 at 12:20 PM Matthias M. Hudobnik via At-Large <
at-large at atlarge-lists.icann.org> wrote:

> Hi colleagues, the SSAC has published SAC124.
>
>
>
> *### SSAC Advice on Name Collision Analysis (SAC124):*
>
>
>
> The SSAC provides its advice on name collision analysis based on the NCAP
> Study Two report. The SSAC fully endorses the findings and recommendations
> presented in the report and recommends the ICANN Board adopt and implement
> these recommendations.
>
> The SSAC supports the centralized and coordinated approach proposed by
> Study Two. This approach is essential for implementing effective measures
> to mitigate the two data-access-related risks associated with name
> collisions:
>
> ·         Delegation Risk: Privacy and risks to users and end systems
> from name collisions associated with the delegation of a TLD.
>
> ·         Assessment Risk: Privacy risks associated with the execution of
> data collection methods in the proposed Name Collision Risk Assessment
> Framework.
>
> While acknowledging ICANN org's privacy concerns around the proposed data
> collection methods, the SSAC offers three considerations:
>
> ·         Privacy risks are inherent in managing name collision risk due
> to ICANN's role in coordinating gTLD allocation and assignment.
>
> ·         Avoiding data collection does not resolve delegation privacy
> risks, but rather transfers these risks to third parties, potentially
> amplifying harm.
>
> ·         Effective management of security, stability and resiliency
> risks requires a proactive approach to name collision identification and
> mitigation.
>
> Based on these, the SSAC recommends prioritizing solutions that allow
> sufficient data collection and analysis to properly inform name collision
> mitigation strategies. Failing to mitigate delegation risks due to
> assessment risk concerns would threaten DNS security/stability and end-user
> privacy.
>
> The SSAC's recommendations are:
>
> ·         Adopt and implement all recommendations in NCAP Study Two.
>
> ·         Prioritize finding appropriate solutions within the proposed
> framework that enable sufficient data collection and analysis for
> mitigation.
>
> ·         The SSAC welcomes engagement from ICANN org and offers its
> expertise.
>
> The SSAC acknowledges more work is needed on privacy aspects and looks
> forward to collaborating with ICANN org and privacy experts.
>
>
>
> Link to the report:
> https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee-ssac-reports/sac-124-01-05-2024-en.pdf.
>
>
>
>
> Have a nice day!
>
> Best,
>
> Matthias
>
>
>
> ______________________________
>
> Ing. Mag. Matthias M. Hudobnik
>
> FIP • CIPP/E • CIPT • DPO • CIS LA
>
> matthias at hudobnik.at
>
> http://www.hudobnik.at
>
> @mhudobnik
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>
> At-Large Official Site: http://atlarge.icann.org
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
>


-- 
Andrei Kolesnikov IOTAS.RU with calendar bot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://atlarge-lists.icann.org/pipermail/at-large/attachments/20240507/1f7f30b2/attachment.html>

More information about the At-Large mailing list