Verisign: New gTLD Security and Stability Considerations
Verisign have sent a letter to ICANN concerning New gTLD Security and Stability Considerations according to their Labs Technical Report
—The introduction of multitudes of new generic Top Level Domains (gTLDs) into the DNS (the Internet’s de facto name mapping system) will have far-reaching effects. Any party concerned with the issues of privacy, trust, confidence, or the overall security of the DNS after the addition of new gTLDs (either from the consumer or the operator perspective) is implic- itly depending on the Internet Corporation for Assigned Names and Numbers (ICANN) and the broader DNS community to appropriately address these issues before delegating any new gTLDs.
The risk of a misstep during the process of introducing new gTLDs to the global DNS could have far-reaching and long- lasting residual implications. Many of the issues cataloged in this report focus on work that is currently not done, and should be completed before any new gTLDs can be deployed in a safe and secure manner. To both illustrate the concerns that exist and to clearly identify the rationale behind these concerns, the general areas of focus in this report are: Root Server System implications, Operational.
Readiness for gTLD Registries, and Risks of Name Collisions on the Internet, all of which will potentially have a considerable impact on the security and consumption of new gTLDs, as well as on the broader existing DNS ecosystem.
Some of the key areas of concern mentioned in the Verisign report:
- DNSSSEC
- DNS metrics
- Automated IANA
- Trademark Clearinghouse (TMCH)
- Registry collapse (EBERO)
- Escrow and Zone Data specs
- Security certificates
- SSAC recommendations