[NCUC-DISCUSS] RZMA and .COM Registry Agreement Reviews
Rafik Dammak
rafik.dammak at gmail.com
Thu Jun 30 16:30:17 CEST 2016
Hi everyone,
a follow-up of a previous discussion thread.
Best,
Rafik
---------- Forwarded message ----------
As outlined in Akram’s blog below, ICANN has published the RZMA and.COM
Registry Agreement Amendments today.
The RZMA can be found here:
https://www.icann.org/iana_imp_docs/63-root-zone-maintainer-agreement-v-1-0.
This agreement is posted for a 30-day public review period before it will
be signed.
In addition, ICANN has published the Proposed Amendment to .COM Registry
Agreement for a 43-day public comment period. The public comment page is
here: https://www.icann.org/public-comments/com-amendment-2016-06-30-en
and the public comment will run through 12 August 2016.
Original link:
https://www.icann.org/news/blog/root-zone-management-transition-update-preservation-of-security-stability-and-resiliency
*Root Zone Management Transition Update: Preservation of
Security, Stability and Resiliency*
On March 4, 2015, the U.S. National Telecommunications and Information
Administration (NTIA) officially requested that ICANN and Verisign work
together to develop a proposal on how best to transition
theNTIA administrative role associated with root zone management in a
manner that maintains the security and stability of the Internet’s domain
name system. NTIA previously announced that the transition of this aspect
of its administrative role was a process separate from but parallel to
the IANA stewardship transition.
Verisign and ICANN submitted a proposal to NTIA that contained two primary
elements. First, the teams would build and test a parallel root zone
management system that would simulate root zone management functions
without NTIA’s current authorization role. That system is now approaching
the completion of its 90-day defect free testing phase. Second, in
anticipation of the release of Verisign from root zone management
obligations by NTIA under the Cooperative Agreement, the teams began work
on a commercial agreement between ICANN and Verisign for the continued
performance of root zone management functions.
We are pleased to announce that ICANN and Verisign have completed the
discussions and negotiations for the root zone maintainer services
agreement (RZMA).
Since the early days of the Internet, Verisign has been providing
“registration services” under its Cooperative Agreement with NTIA, which
was broadly defined to include root zone management functions and Top Level
Domain registry services. NTIA recognized that root zone management aspects
of the IANA functions contract are “inextricably intertwined” with the
Cooperative Agreement. Given the unified nature of the present Cooperative
Agreement, much of the root zone infrastructure itself is “inextricably
intertwined” with Verisign’s TLD operations for .com: the servers that
provide root services are hosted at every .com resolution site (over 100
locations). These servers share bandwidth, routing and monitoring with the
.com operations, and the servers use the same code base as the .com TLDname
servers and are operated and maintained by the same operation and
engineering group. On the provisioning side, the root zone’s provisioning
system is derived from the .com Shared Registration System (SRS), using the
structure, schema, and software used for .com provisioning
operations. Verisign builds and signs the root zone today using the same
cryptographic facilities used for .com as well as signing software derived
from that used for signing .com. Importantly, Verisign’s root zone
operations are also within the .com’s Denial of Service attack detection
and mitigation framework including independent internal and external
monitoring and packet filtering at all layers. A key component of ensuring
security of the root operations was making sure that those operations
continued to benefit from its historic association with the .com operations.
The RZMA is intended to maintain stable, secure, and reliable operations of
the root zone not only for direct root zone management service customers
(Registry Operators, Registrars and Root Server Operators), but also to
maintain the security and stability of the Internet’s domain name
system. This was achieved by a simple extension of the .com Registry
Agreement to coincide with the term of the new RZMA.
Regarding the RZMA, some of the key features include:
? Requiring Verisign and ICANN to work together in good faith to
preserve the security, stability and resiliency of the root zone and root
zone management system consistent with the security and stability of the
Internet.
? Detailing ICANN’s responsibility to authenticate, verify, and
submit to Verisign changes to the service data comprised in the Root
Zone File.
? Establishing service level requirements for Verisign to process,
edit, generate and publish the Root Zone File, including an accelerated
path to update the service data in the Root Zone File in cases of emergency.
? Describing ICANN and Verisign’s key-signing obligations, which
are to be performed in a secure, transparent and accountable manner.
? Providing that the integrity of the service data of the Root
Zone File and the Verisign systems performing the root zone maintainer
function will be operated under a business continuity plan with the same
product support level as maintained by the .com DNS resolution service and
.com SRS, respectively.
? Setting forth that Verisign will participate as a member of the
future Root Zone Evolution Review Committee.
? Providing for continuity of the security and stability of the
root zone through a one-year transition process which may be initiated by a
community driven process under which Verisign continues to perform the root
zone maintainer function while ICANN implements a public RFP process to
identify and onboard a new provider.
? Setting out the development of an emergency transition process
for extraordinary events.
? Requiring ICANN and Verisign to meet quarterly to prioritize
potential changes and updates to the services, including service levels and
to prioritize a roadmap for implementation of such changes that may be
effected through a built in change control process.
What’s left to be done? Soon, we will post the RZMA for public review and
the .com registry agreement amendment for public comment, after which our
respective boards of directors will be asked to approve the agreements. The
.com extension will be sent to NTIA for review and approval according to
their processes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20160630/0ecfe2d6/attachment.html>
More information about the Ncuc-discuss
mailing list