Historical Resolution Tracking Feature » 2012-06-23 - SSAC Report on Dotless Domains

Important note: The explanatory text provided through this database (including the summary, implementation actions, identification of related resolutions, and additional information) is an interpretation or an explanation that has no official authority and does not represent the purpose behind the Board actions, nor does any explanations or interpretations modify or override the Resolutions themselves. Resolutions can only be modified through further act of the ICANN Board.

2012-06-23 - SSAC Report on Dotless Domains

Resolution of the ICANN Board
Topic: 
SSAC Report on Dotless Domains
Summary: 

Board directs staff to solicit comments on the ICANN Security and Stability Advisory Committee (SSAC) report SAC 053: SSAC Report on Dotless Domains, and plan for its implementation.

Category: 
Root Zone
Meeting Date: 
Sat, 23 Jun 2012
Resolution Number: 
2012.06.23.08 - 2012.06.23.09
URL for Resolution: 
http://www.icann.org/en/groups/board/documents/resolutions-23jun12-en.htm#1.3
Status: 
Complete
Implementation Actions: 
  • Consult with relevant communities regarding implementation of the recommendations in SAC053
    • Responsible entity: ICANN staff
    • Due date: None provided
    • Completion date: 5 November 2012
  • Provide a briefing paper detailing the issues that may arise and the mitigating options available as a result of implementing SAC053 recommendations
    • Responsible entity: ICANN staff
    • Due date: 1 September 2012
    • Completion date: 28 January 2012
Resolution Text: 

Whereas, the delegation of TLDs in a way that promotes security and a good user experience is a longstanding topic of importance to ICANN's Board and the global Internet community.

Whereas, on 23 February 2012, the ICANN Security and Stability Advisory Committee (SSAC) published SAC 053: SSAC Report on Dotless Domains.

Whereas, the SSAC report concluded that the ways in which domain names are interpreted in different contexts would lead to unpredictable and unexpected dotless domain behaviour.

RESOLVED (2012.06.23.08), the Board hereby acknowledges the receipt the SAC 053, and thanks the members of SSAC and all other contributors for their efforts in the creation of the report.

RESOLVED (2012.06.23.09), the Board directs ICANN staff to consult with the relevant communities regarding implementation of the recommendations in SAC053 and no later than September 1, 2012, to provide a briefing paper for the Board which details the technical, policy and legal issues, if any, which may arise as a result of implementing SAC053 recommendations, listing the options, if any, for mitigating such issues.

Rationale for Resolution: 

SSAC studied the dotless domain issue due to potential user harm and user experience problems due to non-uniform implementations. As this issue is relevant in both nTLD and IDN ccTLDs, both of which are increasing in numbers, the SSAC recommends that the use of certain types of Resource Records (RRs) in the root is considered undesirable.

After the publication of SAC 053, the SSAC consulted with ICANN stakeholders (e.g., gNSO) in Costa Rica, as a result, some implementation questions were raised, (e.g., how long the prohibition period should be, what is the necessary and sufficient condition that it could be allowed). As a result, SSAC deemed further technical and community consultations are needed. Undertaking this work now is important due to the potential gTLD decisions/rollouts likely in 2013.

The board's receipt of this paper and direction for review of potential implementation issues is in furtherance of ICANN's accountability to the community, as ICANN is responding to the work of one of its advisory committees. This action is not expected to have an impact on ICANN's resources, and directing this work to be done may result in implementation plans that could positively improve the security or stability of the DNS.

Section 2.2.3.3 of the Applicant Guidebook states that the only permissible DNSResource Records for the apex in a TLD zone (i.e., the TLD-string itself) are: SOA, NS, and related DNSSEC records. This effectively prohibits dotless domain names. The same section also states, "An applicant wishing to place any other record types into its TLD zone should describe in detail its proposal in the registry services section of the application. This will be evaluated and could result in an extended evaluation to determine whether the service would create a risk of a meaningful adverse impact on security or stability of the DNS." The process for consideration of new registry services is described in the new registry agreement. This combination would probably serve to bar dotless domain in new gTLDs but this is not fully clear.

Other Related Resolutions: 
  • Other resolutions TBD
Additional Information: