<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Franklin Gothic Book";
panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Nur Text Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Franklin Gothic Book","sans-serif";
mso-fareast-language:EN-US;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:8.0pt;
margin-left:36.0pt;
mso-add-space:auto;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:8.0pt;
margin-left:36.0pt;
mso-add-space:auto;
line-height:105%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
span.NurTextZchn
{mso-style-name:"Nur Text Zchn";
mso-style-priority:99;
mso-style-link:"Nur Text";
font-family:"Franklin Gothic Book","sans-serif";
mso-fareast-language:EN-US;}
span.E-MailFormatvorlage20
{mso-style-type:personal;
font-family:"Franklin Gothic Book","sans-serif";
color:#1F497D;}
span.E-MailFormatvorlage21
{mso-style-type:personal;
font-family:"Franklin Gothic Book","sans-serif";
color:#1F497D;}
span.E-MailFormatvorlage22
{mso-style-type:personal;
font-family:"Franklin Gothic Book","sans-serif";
color:#1F497D;}
span.E-MailFormatvorlage23
{mso-style-type:personal;
font-family:"Franklin Gothic Book","sans-serif";
color:#1F497D;}
span.E-MailFormatvorlage24
{mso-style-type:personal;
font-family:"Franklin Gothic Book","sans-serif";
color:#1F497D;}
span.E-MailFormatvorlage25
{mso-style-type:personal-reply;
font-family:"Franklin Gothic Book","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:86854706;
mso-list-type:hybrid;
mso-list-template-ids:-1308989304 201785345 201785347 201785349 201785345 201785347 201785349 201785345 201785347 201785349;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:524975729;
mso-list-type:hybrid;
mso-list-template-ids:-106500750 201785345 201785347 201785349 201785345 201785347 201785349 201785345 201785347 201785349;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:899560656;
mso-list-type:hybrid;
mso-list-template-ids:2023667790 201785345 201785347 201785349 201785345 201785347 201785349 201785345 201785347 201785349;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l3
{mso-list-id:1211302334;
mso-list-type:hybrid;
mso-list-template-ids:707935064 201785345 201785347 201785349 201785345 201785347 201785349 201785345 201785347 201785349;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE-AT link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Franklin Gothic Book","sans-serif";mso-fareast-language:EN-US'>Hi colleagues, the SSAC has published SAC125.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Franklin Gothic Book","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt;font-family:"Franklin Gothic Book","sans-serif"'>### SSAC Report on Registrar Nameserver Management (SAC125):<o:p></o:p></span></b></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Franklin Gothic Book","sans-serif"'><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>The report focuses on a specific type of sacrificial nameserver where the parent domains of the renamed host objects are considered unsafe because they are registrable. This introduces a new attack surface for domain resolution hijacking, as malicious actors can exploit these unsafe sacrificial nameservers to gain unauthorized control over dependent domains, leading to manipulation or disruption. As of September 2020, this practice had inadvertently exposed over 500,000 domains within generic top-level domains (gTLDs) to resolution hijacking risk, resulting in over 163,000 domains falling under unauthorized control.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>The report explores potential solutions to remediate exposed domains and prevent the creation of new unsafe sacrificial nameservers. Remediating exposed domains involves registrants, registrars, and registries, but coordination efforts face challenges like awareness, technical capability, and liability concerns. To prevent the risk, two primary categories of solutions are examined:<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>1) granting registrars more flexibility to delete host objects of expired domains, eliminating the need for sacrificial nameservers altogether, or<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US>2) standardized renaming methods for sacrificial nameservers so their parent domains are not registrable.<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText><span lang=EN-US>Recognizing the need for balance between operational efficiency, security, and minimization of unintended consequences, the SSAC recommends a multifaceted approach:<o:p></o:p></span></p><p class=MsoPlainText><span lang=EN-US><o:p> </o:p></span></p><p class=MsoPlainText style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l3 level1 lfo7'><![if !supportLists]><span lang=EN-US style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US>Recommendation 1: The registry and registrar communities should collaborate to develop and implement a comprehensive code of conduct to mitigate the risks associated with registrable sacrificial nameservers.<o:p></o:p></span></i></p><p class=MsoPlainText style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l3 level1 lfo7'><![if !supportLists]><span lang=EN-US style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US>Recommendation 2: ICANN org should design, develop, and regularly publish aggregated statistics on the prevalence of unsafe sacrificial nameservers and the effectiveness of mitigation measures.<o:p></o:p></span></i></p><p class=MsoPlainText style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l3 level1 lfo7'><![if !supportLists]><span lang=EN-US style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US>Recommendation 3: ICANN org should directly engage with registries and registrars to assist in mitigation and prevention efforts based on the insights from Recommendation 2.<o:p></o:p></span></i></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Franklin Gothic Book","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Franklin Gothic Book","sans-serif"'>Link to the report:</span><span lang=EN-US> </span><span lang=EN-US style='font-size:11.0pt;font-family:"Franklin Gothic Book","sans-serif"'><a href="https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee-ssac-reports/sac-125-09-05-2024-en.pdf"><span style='color:windowtext'>https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee-ssac-reports/sac-125-09-05-2024-en.pdf</span></a>. <o:p></o:p></span></p><div><div><div><div><div><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Franklin Gothic Book","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Franklin Gothic Book","sans-serif";mso-fareast-language:EN-US'>Have a nice day!<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Franklin Gothic Book","sans-serif";mso-fareast-language:EN-US'>Best,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Franklin Gothic Book","sans-serif";mso-fareast-language:EN-US'>Matthias<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Franklin Gothic Book","sans-serif"'><o:p> </o:p></span></p><p class=MsoPlainText>______________________________<o:p></o:p></p><p class=MsoPlainText>Ing. Mag. Matthias M. Hudobnik<o:p></o:p></p><p class=MsoPlainText>FIP • CIPP/E • CIPT • DPO • CIS LA<o:p></o:p></p><p class=MsoPlainText>matthias@hudobnik.at<o:p></o:p></p><p class=MsoPlainText>http://www.hudobnik.at<o:p></o:p></p><p class=MsoPlainText>@mhudobnik<span lang=EN-US><o:p></o:p></span></p></div></div></div></div></div></div></body></html>