<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="&#1;" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<title>ICANN News Alert</title>
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Cambria;
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
h2
        {mso-style-priority:9;
        mso-style-link:"Heading 2 Char";
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:18.0pt;
        font-family:"Times New Roman","serif";
        font-weight:bold;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.Heading2Char
        {mso-style-name:"Heading 2 Char";
        mso-style-priority:9;
        mso-style-link:"Heading 2";
        font-family:"Cambria","serif";
        color:#4F81BD;
        font-weight:bold;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Courier New";
        color:navy;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body bgcolor=white lang=EN-US link=blue vlink=purple>

<div class=Section1>

<div style='border:solid #CCCCCC 1.0pt;padding:8.0pt 8.0pt 8.0pt 8.0pt'>

<div>

<h2 style='margin-bottom:0in;margin-bottom:.0001pt'><span style='font-family:
"Arial","sans-serif"'>Domain Name Security Paper Released<o:p></o:p></span></h2>

<p style='mso-margin-top-alt:11.25pt;margin-right:0in;margin-bottom:0in;
margin-left:0in;margin-bottom:.0001pt'><span style='font-family:"Arial","sans-serif"'>24
July 2008<o:p></o:p></span></p>

<p><strong><span style='font-family:"Arial","sans-serif"'>Marina Del Rey,
Calif:</span></strong><span style='font-family:"Arial","sans-serif"'> For many
years, the Internet community has been developing and enhancing a Domain Name
System (DNS) security technology called DNSSEC. <o:p></o:p></span></p>

<p><span style='font-family:"Arial","sans-serif"'>ICANN's <a
href="http://click.icptrack.com/icp/relay.php?r=9826224&amp;msgid=163486&amp;act=52JX&amp;c=165637&amp;admin=0&amp;destination=http%3A%2F%2Fwww.icann.org%2Fen%2Fstrategic-plan%2F">strategic</a>
and <a
href="http://click.icptrack.com/icp/relay.php?r=9826224&amp;msgid=163486&amp;act=52JX&amp;c=165637&amp;admin=0&amp;destination=http%3A%2F%2Fwww.icann.org%2Fen%2Ffinancials%2Fadopted-opplan-budget-v3-fy09-25jun08-en.pdf">operating</a>
[PDF, 480K] plans call for ICANN to be operationally ready to deploy DNSSEC at
the root level and work with relevant stakeholders to determine how this should
be implemented. With input from many stakeholders, ICANN has prepared a
document describing this path to operational readiness for signing the root. <o:p></o:p></span></p>

<p><span style='font-family:"Arial","sans-serif"'>The purpose of this <a
href="http://click.icptrack.com/icp/relay.php?r=9826224&amp;msgid=163486&amp;act=52JX&amp;c=165637&amp;admin=0&amp;destination=http%3A%2F%2Fwww.icann.org%2Fen%2Fannouncements%2Fdnssec-paper-15jul08-en.pdf">paper</a>
[PDF, 342K] released today is to: <o:p></o:p></span></p>

<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'>

<p><span style='font-family:"Arial","sans-serif"'>a) articulate ICANN's
initiatives toward operational readiness for DNSSEC signing; and <o:p></o:p></span></p>

<p><span style='font-family:"Arial","sans-serif"'>b) help determine the right
structures so ICANN is &quot;…prepared to digitally sign the root using DNSSEC
technology by late 2008&quot;, as directed in the July 2008 – June 2011 ICANN
Strategic Plan after consultation with stakeholders and having sought the
necessary approvals. <o:p></o:p></span></p>

</blockquote>

<p><span style='font-family:"Arial","sans-serif"'>Specifically, this document
is <em><span style='font-family:"Arial","sans-serif"'>not </span></em>a roadmap
for DNSSEC deployment. <o:p></o:p></span></p>

<p><span style='font-family:"Arial","sans-serif"'>Ultimately, this roadmap will
be developed by a community consultation process, and require relevant
approvals through ICANN's IANA functions contract with the U.S. Department of
Commerce. A public forum has been established at <a
href="http://click.icptrack.com/icp/relay.php?r=9826224&amp;msgid=163486&amp;act=52JX&amp;c=165637&amp;admin=0&amp;destination=http%3A%2F%2Fforum.icann.org%2Flists%2Fdnssec-roadmap%2F">http://forum.icann.org/lists/dnssec-roadmap/</a>
and ICANN actively seeks your input on this important matter. Email comments to
<a href="mailto:dnssec-roadmap@icann.org">dnssec-roadmap@icann.org</a><o:p></o:p></span></p>

<p><span style='font-family:"Arial","sans-serif"'>In addition recently, a
prominent security researcher privately reported two domain name system (DNS)
vulnerabilities to many DNS name server developers. <o:p></o:p></span></p>

<p><span style='font-family:"Arial","sans-serif"'>DNSSEC would be a solution to
these vulnerabilities. <o:p></o:p></span></p>

<p><span style='font-family:"Arial","sans-serif"'>The details of the
vulnerabilities have not yet been disclosed publicly at this stage so that
developers can produce patches to reduce the threat these vulnerabilities pose.
Private disclosures of this kind also give DNS operators an opportunity to
patch systems before the vulnerabilities can be exploited for malicious or
criminal purposes. ICANN understands there will be a public announcement of
these vulnerabilities by the researcher in coming weeks. <o:p></o:p></span></p>

<p><span style='font-family:"Arial","sans-serif"'>This vulnerability does not
affect root-level servers or services that provide authoritative name service
at the top level. But it does represent a threat for domain name servers that
operate between end users and the root; servers operated by Internet Service
Providers or large enterprises. Commercial service providers in general are
aware of this issue, and are working with vendors to update their software to
the latest versions. <o:p></o:p></span></p>

<p><span style='font-family:"Arial","sans-serif"'>ICANN's Security Stability
Advisory Committee will be examining this issue and may report more fully
later. ICANN urges any entity operating name services to update to the current
versions to provide greatest protection. <o:p></o:p></span></p>

</div>

</div>

</div>

</body>

</html>