ICANN 70, which was the fourth consecutive conference to be held completely online due to the COVID-19 pandemic, closed on March 25. Despite the format restrictions, the conference was very productive, offering more than 70 sessions and attracting over 1,500 participants from around the world who discussed major issues in the domain industry.
Technical issues were traditionally among the most widely discussed. Dan York of the Internet Society (ISOC) reported on the global practices of deploying DNSSEC, DANE (DNS-based Authentication of Named Entities) specifications that support DNSSEC usage for SSL certificate authenticity control, as well as using RPKI (Resource Public Key Infrastructure), a hierarchical system of public keys designed to secure the internet’s global routing infrastructure.
Dutch researchers Moritz Müller and Jins de Jong offered an intriguing yet slightly disturbing peek into the future. They speculated on the possible impact of post-quantum cryptography on DNSSEC. In essence, popular encryption algorithms such as RSA, currently used in DNSSEC, can be easily hacked using a quantum computer running Shor’s algorithm. Therefore, the domain community should already be considering potential uses for post-quantum cryptography (PQC) for DNSSEC.
A report by Wes Hardaker from the USC’s Information Sciences Institute stirred up heated debates as well. Hardaker presented two possible replacements for KSK and ZSK encryption algorithms. He believes a replacement is necessary due to the growing computing capacity of modern computers, which significantly impairs the security of the RSA/SHA1 encryption algorithm, an algorithm still commonly used. He says it is imperative to replace it with an upgraded algorithm such as RSA/SHA256 or ECDSA Curve P-256 with SHA-256. However, each of the replacement scenarios suggested by the speaker has its flaws. In the first case, which complies with all the requirements and the procedure described in RFC6781, the process requires several technically complicated steps and a double-signature using old and new keys. The intricacy of these steps means more errors by replacement operators. In the second case, the process is less complicated and, therefore, almost airtight but it requires disconnecting DNSSEC for a short period in the lifecycle of a DS record. This approach implies a required security breach. Although Wes Hardaker believes this scenario is very unlikely, when asked if he would recommend the second approach for the root zone, he replied absolutely not.
Other topics traditionally in the focus of the domain community’s attention include domain security and preventing domain abuse. A particularly noteworthy presentation on these topics was given by COMAR, a joint project by French and Dutch ccTLD registries and several European universities. COMAR relies on AI and machine learning algorithms to evaluate domain use based on 38 parameters. Unlike the majority of existing domain reputation check systems, this tool can distinguish between compromised domains and domains that were registered for unlawful purposes from the start.
Bulgarian expert Iliya Bazlyankov presented a catalogue of best ccTLD registry security practices. His report focused on the main aspects of information security to consider when organizing and managing a TLD registry.
Brian King (MarkMonitor) and Brian Lonergan (Donuts Inc.) offered an extensive analysis of homoglyph usage. This term refers to domain names that include confusingly similar characters and characters from different alphabets. It is a common domain registration tactic in phishing scams, which remains an extremely pressing security problem. The speakers reviewed both commonly used strategies to prevent homoglyph attacks – such as registries prohibiting the use of characters from different language sets within one domain name label – and lesser-known methods. Those include, for example, generating a list of IDNs that look the same and putting them on an ASCII domain registration stop list at the registrar level.
Internationalized domain names (IDN) covered in the report by Brian King and Brian Lonergan were also one of the key topics at ICANN 70. One of the closing sessions, Remediating Universal Acceptance, was fully dedicated to IDNs. Maria Kolesnikova, Chief Analyst at the Coordination Center for TLD .RU/.РФ and Chair of the Communications Working Group of the Universal Acceptance Steering Group (UASG), was the main speaker and moderator of the session. She stated that, unfortunately, the current level of UA readiness is rather low: only 9.7 percent of email servers and 11 percent of the evaluated top 1,000 websites are ready to accept email addresses in non-ASCII languages. Maria Kolesnikova also spoke about essential UA software and the technology stack that UASG is working on. She also presented the results of recent projects and plans for 2021.
Session participants noted that a constructive dialogue with major developers is possible if they understand that the lack of UA support leads to customer loss. The participants also discussed the significant role of government support: government bodies can be an example to encourage the business community to implement support for identifiers in local languages.
The Country Code Names Support Organization (ccNSO) hosted several ICANN 70 sessions, the most popular being a session on the future of ccTLDs. Olaf Kolkman of ISOC shared his outlook on the prospects of internet development and noted that the small changes currently being made to the internet infrastructure due to new regulatory initiatives may have a negative impact on its performance in the future. Olaf Kolkman argued that governments are trying to solve social problems (fake news, personal data confidentiality and protection, etc.); however, they are disregarding the impact of increasing regulation on the internet itself. If any of the internet’s five essential properties – accessibility, open architecture, decentralization, common global identifiers and technological neutrality – is taken away, the system would become disabled. He suggested that every new regulatory proposal must be analyzed for its effect on the internet to prevent any harm to the critical infrastructure. It is for this purpose that ISOC released its Internet Impact Assessment Toolkit.
A meeting of the ccNSO Council witnessed another notable event: Katrina Sataki (.LV) stepped down as ccNSO Chair. At the end of this year, Katrina Sataki will join the ICANN Board of Directors.
In December 2020, Deputy Director of the Coordination Center for TLD .RU/.РФ Irina Danelia was elected to the ccNSO Council. According to ccNSO regulations, Irina Danelia will assume office in March, immediately after ICANN 70.
ICANN 71 is scheduled for June 14−17, 2021, and will be held online. Originally to be hosted by The Hague, the conference will take place in that European time zone.
