ICANN Update Champika Wijayatunga - PowerPoint PPT Presentation

ICANN Update Champika Wijayatunga <champika.wijayatunga@icann.org> Regional Security Engagement Manager – Asia Pacific TWNIC OPM / TWNOG 27-28 November 2018 | 1

Overview Coordinating with our partners, we help make the Internet work. | 2

Exploring ICANN’s Multistakeholder Community Supporting Organizations (SOs) Three SOs in the ICANN community are responsible Advisory Committees for developing policy recommendations in the (ACs) areas they represent. Four ACs give advice and make recommendations on ICANN topics. Address Supporting Organization (ASO) Country Code Names Supporting At-Large Advisory Organization (ccNSO) Committee (ALAC) Generic Names Supporting Governmental Advisory Organization (GNSO) Committee (GAC) Root Server System Advisory Committee (RSSAC) Security and Stability Advisory Committee (SSAC) | 3

Get Involved and Informed | 4 | 4

Get Involved and Informed Take a free online course Attend an ICANN Public Visit go.icann.org/journey Meeting. Three times a year, to learn how you can attend at learn.icann.org . ICANN holds free and open an ICANN Public Meeting public meetings in different as part of the regions around the world. Visit NextGen@ICANN or ICANN meetings.icann.org to Fellowship programs. learn more. Attend events in Find and participate in an Sign up for ICANN news your region. ICANN community group alerts and regional by visiting newsletters. icann.org/community . | 5

Domain Name System (DNS) | 6 | 6

Overview The root tw Top-level nodes Second-level nodes Third-level nodes | 7

Internationalized Domain Names | 8 | 8

What Are Internationalized Domain Names (IDNs)? IDNs are domain names with non-Latin characters or Latin characters beyond letters (a to z) digits (0 to 9) and hyphens (-), as allowed by relevant protocols. Until late 2009, top-level domains were restricted to only the Latin letters a to z without accents or symbols. After 2009, IDN TLDs were introduced in other scripts, including Arabic, Chinese, and Cyrillic scripts. IDN TLDs can be either ccTLDs or gTLDs. IDNs use a particular encoding and format to allow a wider range of scripts to represent domain names. | 9

Increase in New Online Users IDNs can lower barriers to Internet access and usability among people who speak languages that do not use the Latin script. русский ﻋرﺑﻰ ભારતીય ﺑﮭﺎرﺗ ﯽ भारतीय 17M Tiếng Việt இ"திய& �� !"రత ਭਾਰਤੀ ਭਾਸ਼ਾ ਸਮੂਹ The report looked at just five major languages/language groups benefiting from IDNs (Russian, Chinese, Arabic, Vietnamese, and Indian languages as a group). White Paper/ Report by Analysys Mason, Commissioned by UASG in April 2017. Conservative metric, does not take account potential future growth in e-commerce spend, or in the registrations of the new domains. | 10

Universal Acceptance | 11 | 11

What Is Universal Acceptance? All domain names should be treated equally. пример.рф site.example �� @ �� . �� Internationalized Internationalized New gTLDs Email Addresses Domain Names | 12

The Role of Universal Acceptance UA-ready http://soap.organic http://tokyo. ��� http://bank.com Bank Welcome to organic TOKYO ����������� �� @ �� . �� Email SOAP Email validated. We make the best soap in the Account created. world. It’s 100% organic. Not ready http://soap.organic http://tokyo. ��� http://bank.com Bank �� @ �� . �� Email Not a valid email address. | 13

Get Involved Universal Acceptance Steering Group Composed of 120+ companies (e.g., Afilias, Apple, CNNIC, Google, Microsoft, THNIC, and Yandex), governments, and community groups Helping software developers and website owners understand how to update their systems. Learn more http://uasg.tech | 14

DNSSEC | 15 | 15

Elements of the DNS Vulnerable to Attacks CLIENTS RESOLVERS AUTHORITIES ASK ANSWER PUBLISH QUESTIONS QUESTIONS ANSWERS ¤ Authoritative name servers host zone data – the set of DNS data that the registrant publishes. ¤ Recursive name resolvers (resolvers) are systems that find answers to queries for DNS data. ¤ Caching resolvers find and store answers locally for a time-to-live (TTL) period of time. ¤ Client or stub resolvers are software in applications, mobile apps, or operating systems that query the DNS and process responses. | 16

What Is DNSSEC? DNSSEC stands for Domain Name System (DNS) Security Extensions. ¤ DNSSEC is a protocol that is currently being deployed to secure the DNS. ¤ DNSSEC adds security to the DNS by incorporating public key cryptography into the DNS hierarchy, resulting in a single, open, global Public Key Infrastructure (PKI) for domain names. ¤ DNSSEC is the result of over a decade of community-based, open standards development. | 17

How Does DNSSEC Work? Without DNSSEC With DNSSEC majorbank.com majorbank.com DNS DNS = IP address A = IP address A majorbank.com majorbank.com = Attacker IP address X = Attacker IP address X DNS DNS majorbank.com majorbank.com IP address X IP address X majorbank.com Passwords webserver Passwords majorbank.com webserver Desired page Attacker’s Attackers webserver webserver Attacker’s page | 18

Who Benefits from DNSSEC? End User Registrant Registrar Registry Complies with Meets industry best industry standards Gains confidence Mitigates fraud and practices and and meets about reaching increases brand registrar demands registrant demands intended website. protection. for increased for increased domain security. security. | 19

State of DNSSEC Deployment in ccTLDs Europe: 79 4 Asia/ Australia/ North America: 7 Pacific: 73 Africa: Latin America/ Caribbean Islands: 34 53 | 20

ICANN Managed Root Servers | 21 | 21

One of the root server operators, ICANN contributes over 160 instances to a global pool of over 900 root server instances. | 22

New Root Servers Additional servers are being added based on technical considerations. Interested in hosting a root server? Contact an ICANN GSE representative in your region. | 23

Visit us at icann.org