SSAC Briefing on Routing Security (R1)
| Date Issued | Document | Reference ID | Current Phase | ||||||
|---|---|---|---|---|---|---|---|---|---|
| SSAC Briefing on Routing Security (R1) | SAC121 |
|
Description:
The routing system today is subject to a continuous stream of routing anomalies that affect its integrity and that sometimes cause large DNS outages. For example, in April of 2018 attackers were able to “hijack” routes to Amazon’s Route53 DNS services, which resulted in DNS traffic for domains hosted on this service ending up at a different destination network where it was served by malicious DNS servers.
In this report, the SSAC discusses events like these and what impact similar incidents can have on the DNS, surveys the pros and cons of various solutions, and discusses future security extensions of the routing system (e.g., path validation). The main focus of this report is on the security and stability implications for the DNS, although most of it also applies to other types of Internet applications (e.g., email, web, media streaming).
STATUS UPDATES
| Date | Phase | Type | Status Updates |
|---|---|---|---|
| Closed | Phase Change | This Advice Item is now Closed |
| Phase 1 | Phase Update | ICANN org acknowledged receipt of SAC121 and notified SSAC it will be closed immediately. |
| Phase 1 | Phase Update | ICANN understands SAC121 is the SSAC's briefing report on routing security of the DNS. As there is no action for the ICANN Board, this item will be considered closed. |
| Phase 1 | Phase Change | Now in Phase 1: Receive & Acknowledge |
| Phase 1 | Phase Update | SSAC published SAC121: SSAC Briefing on Routing Security. Link: https://www.icann.org/en/system/files/files/sac-121-en.pdf. |