Rec 3: RSSAC028
Rec 3: RSSAC028
Technical Analysis of the Naming Scheme Used For Individual Root Servers (R3)
Date Issued | Document | Reference ID | Current Phase |
Technical Analysis of the Naming Scheme Used For Individual Root Servers (R3) | RSSAC028 | Phase 4 | Implementation Pending - Internal |
Conduct a study to understand the feasibility and impact of node re-delegation attacks.
Date | Phase | Type | Status Updates |
| Phase 4 | Phase Update | Paul sent a letter to RSSAC notifying them that the work for this recommendation has been completed and can now be closed. |
| Phase 4 | Phase Update | RSSAC028 Closure update |
| Phase 4 | Phase Update | ICANN sent a letter (https://www.icann.org/en/system/files/correspondence/olive-to-osborn-13oct23-en.pdf) to the RSSAC regarding this Advice item. |
| Phase 4 | Phase Update | Implementation of this recommendation is dependent on completion of implementation of RSSAC028 Recommendation 2 (completed in September 2023). As a next step ICANN org will develop an implementation plan to include milestones and anticipated timeline for completion and will share this in the coming months. |
| Phase 4 | Phase Change | Now in Phase 4: Deferred |
| Phase 4 | Phase Update | RSSAC028 Recommendation 3 is pending the completion of Recommendation 2. |
| Phase 4 | Phase Update | ICANN org hired a contractor in September 2022 to write a study analyzing the questions in Recommendation 2 of RSSAC028. This work is anticipated to be complete in August 2023. Tasks of the contractor include: surveying root server operators (“RSOs”) about which software they use to provide authoritative service for the root zone, performing the study using the open source “Resolver Testbed” software already created by ICANN org, and repeating the analysis that led to Appendix A of RSSAC028 using the current software in use by the RSOs. RSSAC028 Recommendation 3 is pending the completion of Recommendation 2. |
| Phase 4 | Phase Change | Now in Phase 4: Implement |
| Phase 3 | Phase Update | On 25 March 2021 the ICANN Board considered 2021.03.25.03 and the Board accepts Recommendation 3, relating to conducting a study to understand the feasibility and impact of node re-delegation attacks, and directs the ICANN President and CEO, or designee(s), to commence such a study. This item is now in Phase 4 | Implement as of 25 March 2021. |
| Phase 3 | Phase Change | Now in Phase 3: Evaluate and Consider |
| Phase 2 | AP Feedback | ICANN received confirmation of understanding from the RSSAC. |
| Phase 2 | Phase Update | The ICANN org understands RSSAC028 Recommendation 3 to mean that a study should be conducted to understand how the current infrastructure is susceptible to various cache poisoning attack scenarios, specifically node re-delegation attacks, and that proof-of-concept code for testing these scenarios should be made available to others in the DNS community for further studies. ICANN sent this updated understanding to the RSSAC for review. |
| Phase 2 | Phase Update | Updated Understanding sent to RSSAC for review. |
| Phase 2 | Phase Change | Advice Item returned to Phase 2: Understand to request further clarification of recommendation. |
| Phase 3 | Phase Change | Now in Phase 3: Evaluate and Consider |
| Phase 2 | AP Feedback | ICANN received confirmation of understanding from the RSSAC. RSSAC states: The RSSAC / RSSAC Caucus will scope the study. After that collaboration may be needed between the RSSAC / RSSAC Caucus and ICANN org to perform the studies. |
| Phase 2 | Phase Update | The ICANN org understands that the RSSAC has also provided an additional, speculative recommendation, which states that if node re-delegation attacks pose a serious risk that needs to be mitigated, the following should also be considered:
This understanding was sent to the sent to the RSSAC for review. |
| Phase 2 | Phase Update | Understanding sent to RSSAC for review. |
| Phase 2 | Phase Change | Now in Phase 2: Understand |
| Phase 1 | Phase Update | ICANN acknowledged receipt of Advice. |
| Phase 1 | Phase Update | RSSAC published RSSAC028: Technical Analysis of the Naming Scheme Used For Individual Root Servers Link: https://www.icann.org/en/system/files/files/rssac-028-03aug17-en.pdf. |