[lac-discuss-en] Fwd: [At-Large] The SSAC has published SAC124

Tue May 7 16:14:49 UTC 2024

Hi,

I am sending this important note on the English-language LACRALO list as it
contains contacts originated in English. This is an extremely important
report from the SSAC (ask if you need more information about it), regarding
domain name collisions. I have sent not the original SSAC posting but the
comment on its process which then includes the original SSAC posting.

End users in small organizations and individuals, such as LACRALO purports
to represent and whose interests LACRALO represents itself as a steward,
are particularly liable to hurt from domain name collisions, because some
of these collisions involve names often used in the management of
local-area networks or small ISPs, where there is no availability of the
kind of technical staff and expertise, or the ability to hire third-party
services or consultants, to configure things appropriately.

Every ALS in LACRALO should get technical advice either from its own
members and staff or from neighbors, friends, and allies, and their service
providers, to be able to take part in this development and to prevent
policy development that may lead to further damage. This is an important
input and constraint on new gTLDs.

Alejandro Pisanty

---------- Forwarded message ---------
From: Andrey Kolesnikov via At-Large <at-large at atlarge-lists.icann.org>
Date: Tue, May 7, 2024 at 9:40 AM
Subject: Re: [At-Large] The SSAC has published SAC124
To: Matthias M. Hudobnik <matthias at hudobnik.at>, At-Large Worldwide <
at-large at atlarge-lists.icann.org>

Thank you Matthias!
It is worth noting that the project implementation spanned many years with
numerous days and hours invested by the SSAC working group under the
guidance of Suzanne & Matt. The project also required active involvement
from ICANN org and many other ICANN stakeholders. This document stands as a
testament to meticulous work, countless discussions, debates and
compromises.
Great job!

--andrei

On Tue, May 7, 2024 at 12:20 PM Matthias M. Hudobnik via At-Large <
at-large at atlarge-lists.icann.org> wrote:

> Hi colleagues, the SSAC has published SAC124.
>
>
>
> *### SSAC Advice on Name Collision Analysis (SAC124):*
>
>
>
> The SSAC provides its advice on name collision analysis based on the NCAP
> Study Two report. The SSAC fully endorses the findings and recommendations
> presented in the report and recommends the ICANN Board adopt and implement
> these recommendations.
>
> The SSAC supports the centralized and coordinated approach proposed by
> Study Two. This approach is essential for implementing effective measures
> to mitigate the two data-access-related risks associated with name
> collisions:
>
> ·         Delegation Risk: Privacy and risks to users and end systems
> from name collisions associated with the delegation of a TLD.
>
> ·         Assessment Risk: Privacy risks associated with the execution of
> data collection methods in the proposed Name Collision Risk Assessment
> Framework.
>
> While acknowledging ICANN org's privacy concerns around the proposed data
> collection methods, the SSAC offers three considerations:
>
> ·         Privacy risks are inherent in managing name collision risk due
> to ICANN's role in coordinating gTLD allocation and assignment.
>
> ·         Avoiding data collection does not resolve delegation privacy
> risks, but rather transfers these risks to third parties, potentially
> amplifying harm.
>
> ·         Effective management of security, stability and resiliency
> risks requires a proactive approach to name collision identification and
> mitigation.
>
> Based on these, the SSAC recommends prioritizing solutions that allow
> sufficient data collection and analysis to properly inform name collision
> mitigation strategies. Failing to mitigate delegation risks due to
> assessment risk concerns would threaten DNS security/stability and end-user
> privacy.
>
> The SSAC's recommendations are:
>
> ·         Adopt and implement all recommendations in NCAP Study Two.
>
> ·         Prioritize finding appropriate solutions within the proposed
> framework that enable sufficient data collection and analysis for
> mitigation.
>
> ·         The SSAC welcomes engagement from ICANN org and offers its
> expertise.
>
> The SSAC acknowledges more work is needed on privacy aspects and looks
> forward to collaborating with ICANN org and privacy experts.
>
>
>
> Link to the report:
> https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee-ssac-reports/sac-124-01-05-2024-en.pdf.
>
>
>
>
> Have a nice day!
>
> Best,
>
> Matthias
>
>
>
> ______________________________
>
> Ing. Mag. Matthias M. Hudobnik
>
> FIP • CIPP/E • CIPT • DPO • CIS LA
>
> matthias at hudobnik.at
>
> http://www.hudobnik.at
>
> @mhudobnik
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>
> At-Large Official Site: http://atlarge.icann.org
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
>

-- 
Andrei Kolesnikov IOTAS.RU with calendar bot
_______________________________________________
At-Large mailing list
At-Large at atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/at-large

At-Large Official Site: http://atlarge.icann.org
_______________________________________________
By submitting your personal data, you consent to the processing of your
personal data for purposes of subscribing to this mailing list accordance
with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
the website Terms of Service (https://www.icann.org/privacy/tos). You can
visit the Mailman link above to change your membership status or
configuration, including unsubscribing, setting digest-style delivery or
disabling delivery altogether (e.g., for a vacation), and so on.

-- 
- - - - - - - - - - - - - - - - - - - - - - - - - - -
     Dr. Alejandro Pisanty
Facultad de Química UNAM
Av. Universidad 3000, 04510 Mexico DF Mexico
+525541444475
Blog: http://pisanty.blogspot.com
LinkedIn: http://www.linkedin.com/in/pisanty
Unete al grupo UNAM en LinkedIn,
http://www.linkedin.com/e/gis/22285/4A106C0C8614
Twitter: http://twitter.com/apisanty
---->> Unete a ISOC Mexico, http://www.isoc.org
.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://atlarge-lists.icann.org/pipermail/lac-discuss-en/attachments/20240507/734c2d30/attachment-0002.html>