Day Four: At-Large Leadership Wrap Up of ICANN65

Listen to this post
Voiced by Amazon Polly

Video :: ICANN’s Andrew McConachie spoke with Cristian Hesselman of SSAC and SIDN about the DNS and the IoT –

Trang Nguyen, VP Strategic ProgramsPresentation

SSAC with Rod Radmussen and Julie Hammer, including discussion of IoT Report  – Presentation

The session started off with the follow-up items from the last 3 days of meetings. 

Subsequently, the topic discussed was the preparations on the next of new gTLDs, which was started off by Cyrus Namazi. He pointed out that ICANN has no opinion on the need for a new round, and that the session was only about preparations. The rest of the material (totally 33 assumptions available in the slide deck at was presented by Trang Nguyen. 

1. Timeline (SubPro report is a dependency for the opening of the next application window; Policy implementation PDP, readiness activities and operational processes will be completed prior)

2. Expected volumes and processing time

  • Volume approximately the same as previous (~ 2000 applications)
  • 1000 TLDs/year delegation
  • One application window per year (1-3 months)

3. Policy implementation

  • Will be changes in implementation based on 3 initial reports published by the SubPro PDP working group
  • Significant documentation may be required (not included in 2012 AGP)

4. Readiness activities

5. Systems and Tools

  • Includes systems, tools testing etc
  • Process and workflow management tools for solving data-intensive articles and critical program functions
  • Existing tools will be leveraged and as little outsourced as possible

6. Operational Processes

  • Well-defined processes required

7. People

  • Proactive resource planning to staff the program to meet deadlines
  • Org staff will be used for program management, operations and admin
  • Application evaluation, objection processing etc will be outsourced to firms with expertise in these areas
  • Temporary resources used for peak times

8. Cost

  • Program will operate on a cost-recovery basis, funded by application fees collected
  • Tracking of readiness will start as rapidly as possible

John Laprise felt that CCT and RPM review outcomes need to be considered as inputs for the second round. However, Trang Nguyen pointed out that there was no consensus within the Board or GNSO. 

Justine wanted to know (a) the source of the funding for pre-preparation phase; and (b) since there was no clarity on the actual costs, what the basis of the cost recovery model be, and what ICANN Org would be doing to address this. 

Xavier responded that the preparation is a long process and planning per se had not yet started. Preparation costs will be sourced from the left-over from the current program (presently earmarked for legal action and others from the last round), and later this would be repaid. There are conditions to this arrangement. For the cost recovery, an estimation is being carried out on the total cost (including the monetary value of risks, a subjective component) of the next round could be. The number of applications, a critical factor for costs, is based on operational assumptions. 

The next section of the Session was SSAC Update from Rod Rasmussen, SSAC Chair. Presentation is available at

Specific topics discussed included:

  1. SAC105: DNS and the Internet of Things: Opportunities, Risks and Challenges

Presented by Cristian Hesselman, the Chair of the Work Party. This is a different kind of report, with no recommendations to the Board, designed to facilitate dialog. It is more forward-looking rather than operational, and while part of it is within the SSAC & ICANN remit, partly outside as well.

Covers opportunities and risks for DNS vis-à-vis IoT. IoT devices impact with physical environments. DNSSEC would be beneficial to IoT devices. There are also risks, such as IoT Botnets (such as Mirai that mounted a significant DDOS attack). Currently there are 400-600K devices  that can support botnets. IoT may overload DNS infrastructure (such as when large numbers of devices come online after a power outage). An educational component for IoT developers on DNS Security may be required. A range of measures may be required to combat Botnets, including education, setting up security services in edge networks (clip off attacks at the edge itself), Exchange/sharing of information on attacks with other DNS providers.

  1. DoH/DoT (Suzanne Woolf and Barry Leiba)

Two new protocols for transporting DNS data securely and without impacting privacy. Traditional DNS queries are responses are unencrypted and DoH/DoT helps to secure man-in-the-middle reading of DNS traffic. The need for DNSSEC has not changed (as it ensures the integrity of DNS data). Standardization DoH/DoT resolver configuration is still ongoing. 

DoH/DoT may have implications on policy control points  in DNS resolution. Currently it is too early to assess the impact of DoH/DoT and DNSSEC and QNAME Minimization continue to be important.

  1. Name Collision Analysis project (NCAP) (Jim Galvin)

MAndated by ICANN Board to do a study on name collision. Includes Study 1 (Gap Analysis), Study 2 (Root cause and impact analysis) and Study 3 (Analysis of Mitigation options). Timeline is from March 2019 to July 2019.

  1. Registration Data Services Report

SSAC sent a letter in May 2019 to ICANN regarding anomalies/inconsistencies in RDS Query Reporting. Some registries were counting monitoring queries while others were not. Some operators were reporting that many of their TLDs receive the exact same number of queries in a given month. More work is required to outline the counting mechanism as well as the need/scope of this work.

  1. SSAC Review (not discussed in detail).

In the later discussions, there was a suggestion put forth by John Laprise that a joint advice to the Board could be considered on the EPDP Phase 1 recommendations, perhaps together with RSSAC, GAC etc.

Reported by Satish Babu