Consultation on Secure Notification Processes

This consultation has concluded. A report of public comments has been compiled, and the record of submitted comments is published on the ICANN Public Comment page.

Consultation Objective

The Internet Assigned Numbers Authority (IANA) functions contract1 (SA1301-12-CN-0035) between ICANN and the United States Department of Commerce, National Telecommunications Information Administration (NTIA) to maintain the continuity and stability of services related to certain interdependent Internet technical management functions, known collectively as the Internet Assigned Numbers Authority calls for a public consultation from all interested and affected parties to help satisfy the following objective:

C.3.2 Secure Systems Notification — The Contractor shall implement and thereafter operate and maintain a secure notification system at a minimum, capable of notifying all relevant stakeholders of the discrete IANA functions, of such events as outages, planned maintenance, and new developments. In all cases, the Contractor shall notify the COR of any outages.

This consultation

The consultation process is being conducted using the ICANN Public Comment Process. The feedback received during this consultation will help ICANN implement a secure notification system that best meets the needs of the relevant stakeholders.

Implementation of the results of this consultation is planned for April 2013.

History of IANA-related Notifications

In the performance of the IANA functions to date, ICANN has used a number of mechanisms to notify relevant stakeholders of outages, planned maintenance, and new developments relating to the IANA Functions. These have included:

For the processing of requests, ICANN provides the requestor and other impacted parties with status updates and performs other communications in relation to the processing of the request.
For significant operational events, ICANN has posted notifications on the ICANN website, the IANA website and/or the ICANN Blog. For example, when the IP address of a root name server was changed2, and when ICANN implemented a new technical system for root zone management3.
Targeted announcements are made to specific groups for which a change pertains. For example4, various network operator groups are informed — both on their online mailing lists and in the face-to-face meetings — of significant allocations of IP address space made from the IANA managed network address space.
ICANN provides the ability for TLD managers to nominate additional private contact details for TLD managers for the purposes of operational communications.
ICANN directly emails all administrative and technical contacts for top-level domains for service interruptions and other notable developments. These emails are serve as a mechanism to remind the manager of the availability of 24-hour emergency service to TLD managers.

Updates Proposed by ICANN

In reviewing the contractual requirements, and based on the feedback and input ICANN has received to date in performance of the IANA functions, ICANN is proposing the following updates to its existing processes to better satisfy the need for secure notifications to IANA stakeholders:

ICANN proposes to implement a new email-based mailing list service for service notices. This mailing list will be available for subscription by any interested parties.
ICANN proposes to implement a new "service notices" section on the IANA website, which publishes both current and archived notices relating to outages, planned maintenance, and new developments. Publication of these notices will also include a syndication feed (such as using RSS or ATOM) to allow interested parties to subscribe.
ICANN proposes to implement in its revised user documentation clearer guidance on what specific mechanisms will be used to communicate certain types of changes and notifications.
ICANN proposes to implement additional information for TLD managers concerning emergency response inside the secured area of the Root Zone Management website.

Consultation Questions

ICANN is seeking feedback on the Secure Notification Process. Comments are welcome on any aspect of this process, and specifically on the following questions:

Are the methods and mechanisms used today by ICANN satisfactory for secure communications of outages, planned maintenance, and new developments relating to the IANA Functions?
Are the updates proposed by ICANN satisfactory for secure communications of outages, planned maintenance, and new developments relating to the IANA Functions?
Are there additional requirements that have not been identified within the scope of securely communicating outages, planned maintenance, and new developments relating to the IANA Functions?
Are there any suggestions for a secure communications process that would better satisfy the requirements for advising of outages, planned maintenance, and new developments relating to the IANA Functions?

Footnotes

1http://www.ntia.doc.gov/page/iana-functions-purchase-order

2For example, http://blog.icann.org/2007/10/advisory-—-l-root-changing-ip-address-on-1st-november/

3For example, http://www.iana.org/domains/root/online-system

4For example, http://seclists.org/nanog/2010/Jan/776