SAC101 was published on 12 June 2018. All SSAC publications can be found at https://www.icann.org/groups/ssac/documents.
| Recommendation | Description | Current Phase |
|---|---|---|
| Recommendation 1 | The SSAC welcomes this opportunity to provide input on the issues related to root scaling. The SSAC understands the working group’s request on 14 September 2017 to be: 1. whether the limitations on delegations per annum (1000 / year) could be revisited given the results of the Continuous Data-driven Analysis of Root Stability (CDAR) study and if so, what guidance can the SSAC provide to maintain the security and stability of the root; 2. suggestions on ways that might mitigate potential issues in the event the working group recommends to increase the maximum annual delegation rate; and 3. inputs on the total number of TLDs that could be delegated without negative impact to root server performance. | RETIRED |
| Recommendation 2 | The ICANN Board should direct the ICANN Organization to incorporate the following principle into its contracts with gTLD RDDS service providers: Legitimate users must be able to gain operational access to the registration data that policy says they are authorized to access, and must not be rate-limited unless the user poses a demonstrable threat to a properly resourced system. This recommendation is also made to policy-makers participating in the EPDP. | RETIRED |
| Recommendation 3 | The ICANN Board and EPDP policy-makers should ensure that security practitioners and law enforcement authorities have access to domain name contact data, via RDDS, to the full extent allowed by applicable law. | RETIRED |
| Recommendation 4 | The ICANN Board and the ICANN Organization should not allow a fee to be imposed for RDDS access unless such a decision is made via a formal Policy Development Process (PDP). | RETIRED |
| Recommendation 5 | The SSAC reiterates recommendation 2 from SAC061: "The ICANN Board should ensure that a formal security risk assessment of the registration data policy be conducted as an input into the Policy Development Process. A separate security risk assessment should also be conducted regarding the implementation of the policy." These assessments should be incorporated in PDP plans at the GNSO. | RETIRED |
| Recommendation 6 | The ICANN Board should direct the ICANN Organization to amend registry and registrar contracts to clarify that if a data field is required to be published, the registry or registrar must publish it in RDDS server output, not just in Web-based output. | RETIRED |
| Recommendation 7 | The ICANN Board should direct the ICANN Organization to amend registry and registrar contracts to ensure that RDDS access is provided in a more measurable and enforceable fashion, which can be understood by all parties. | RETIRED |
