Dear Colleagues, please find below my report. Have a nice day! Best, Matthias General: ICANN 85: Plenary on Internet Resilience to Survivability is confirmed for 09/03.The proposal is as follows: _Title: From Stability to Survivability: ICANN's Role in the Future of Internet Resilience_ _Goal: Shift the community mindset from technical stability--keeping the DNS running--to strategic resilience--ensuring the Internet ecosystem survives inevitable shocks across power, regulation, software supply chains, and third-party dependencies. __Drawing on our SAC132 work, the session will highlight four systemic resilience challenges that no single part of the community fully controls:_ * _Increasing system complexity_ * _Underinvestment in preventive measures_ * _Intensifying regulatory pressures_ * _Software supply-chain vulnerabilities_ _The focus is not on explaining how the Internet works, but on exploring what happens when external systems fail--and what role ICANN and its community should play._ Publications: There are presently no new publications available. Ongoing work parties: * DNSSEC Operational Considerations Work Party * Responsible Integration of External Technologies into the DNS * DNS Abuse and Artificial Intelligence Upcoming Work Parties: * DNS Transparency SSAC Membership Applications: The SSAC welcomes three new members: * Wes Hardaker, * Sourena Maroofi, * Raffaele Sommese. The SSAC is look forward to the contributions these new members will make to our ongoing work and also want to thank departing member Joe Abley for his service over the years. He has been a champion for SSAC since 2014 and a dear friend to us all. Technical Apprenticeship Program: The SSAC is excited to foster talent development and strengthen the pathway for ICANN Fellowship alumni into deeper ICANN community engagement through this program. It provides a structured pathway for alumni of the ICANN Fellowship program with technical or security backgrounds to gain hands-on experience with the SSAC. Our selected apprentice for 2026 is Gustavo Ortega Alvarado, who will support SSAC activities and undertake an independent research project relevant to the SSAC's remit concluding with the 2026 SSAC Annual Workshop in late-September or early-October. Gustavo will work with a dedicated mentor from within our leadership committee for guidance on navigating the SSAC and facilitating their successful work within the program.

Dear Colleagues, I respectfully submit my Liaison Report ahead of the ALAC Monthly Call. Please accept my apologies that I will be unable to participate in the call itself due to competing professional commitments. *GAC Liaison Report: ALAC Monthly Call* *By:* Joanna Kulesza, EURALO, ALAC Liaison to the GAC *Reporting Period:* January/February 2026 *Submitted:* 17 February 2026 ------------------------------ *1. ICANN 85 Mumbai – ALAC–GAC Bilateral Agenda and Agreed Topics* Following recent guidance from GAC Leadership and coordination with the GAC Liaison to ALAC, the agenda for the *ALAC–GAC bilateral meeting at ICANN 85 in Mumbai* has now been agreed. Given the 60-minute format and the need to prioritise focused and actionable exchanges, three core topics have been retained: *Agreed Substantive Topics* 1. *Linguistic Inclusion – Latin Script Diacritics (15 minutes)* A focused exchange on supporting linguistic and cultural inclusion, including how to address Latin script diacritics within implementation timelines, while avoiding delays to the Next Round of new gTLDs. 2. *DNS Abuse – Government Expectations and End-User Harm (20 minutes)* Discussion will cover: - Data, reporting, and enforcement expectations - End-user impact and trust considerations - Coordination related to the DNS Abuse PDP Phase 1, including Associated Domain Checks - Potential coordinated advisory signals to ICANN org and relevant PDP processes 3. *WSIS+20 and Global Digital Governance Processes (15 minutes)* A forward-looking exchange on: - Information sharing regarding timelines and preparations - Early identification of areas for possible ALAC–GAC coordination - Linkages with broader UN digital governance processes The previously discussed Review of Reviews topic was not retained due to time constraints and the need to focus on two to three priority areas. *Agenda: Draft* 1. Staff Introduction - Staff (2 minutes) 2. Welcome and Opening Comments -Jonathan Zuck, ALAC Chair and Nico Caballero, GAC Chair (3 minutes) 3. *Linguistic Inclusion: Latin Script Diacritics (15min)* – Supporting linguistic and cultural inclusion – Managing timing constraints without delaying the Next Round 1. ALAC Speaker: 2. GAC Speaker: 4. *DNS Abuse: Government Expectations and End-User Harm (20min)* – Data, reporting, and enforcement expectations – End-user impact and trust considerations – Coordinated advisory signals to ICANN org and relevant PDPs 1. ALAC Speaker: 2. GAC Speaker: 5. *WSIS+20 and Global Digital Governance Processes (15min)* – Information exchange on preparations and timelines – Identifying areas for possible GAC–ALAC coordination 1. ALAC Speaker: 2. GAC Speaker: 6. Closing - Jonathan Zuck, ALAC Chair and Nico Caballero, GAC Chair (5 minutes) GAC speaker confirmations for each segment are currently being coordinated. ALAC speaker coordination will proceed in parallel. ALAC members are invited to review the proposed structure and to indicate readiness to contribute to the individual segments. ------------------------------ *2. GAC Participation in DNS Abuse Plenary – Martina Barbero* In relation to the At-Large DNS Abuse Plenary at ICANN 85, GAC Leadership has confirmed that DNS Abuse remains a priority topic for governmental engagement. Martina Barbero, in her capacity as a designated GAC representative in the DNS Abuse PDP Phase 1 on Associated Domain Checks, has been identified as the most appropriate GAC participant for the plenary panel. Coordination is also foreseen with the leadership of the Public Safety Working Group, where relevant. Further updates will be provided as confirmations are received. Kind regards, *Joanna Kulesza* ALAC Liaison to the GAC

Dear Colleagues, please find below my report. Have a nice day! Best, Matthias General: 1. Webinar Series with ISPCP The next planned ones are: * Jun (ICANN86): (1)Post-Quantum Transition & (2) Privacy vs. Security * Sept: The Evolving Role of SSAC in Global Governance * Oct: DNSSEC and the Future of Trust * Nov (ICANN87): (1) Routing Security (MANRS) & (2) DNS Configuration Best Practices 2. ICANN 86: BC & SSAC Plenary on Artificial Intelligence and DNS Abuse Planning for the session is already fully underway. The organizing team has already held two coordination and planning sessions to define the scope, structure, speakers, and key discussion topics for the plenary. This collaborative session reflects the growing recognition within the ICANN community of the need to address the evolving intersection of AI technologies and DNS abuse, and underscores the value of cross-community cooperation in tackling emerging challenges. Publications: SAC133: SSAC Comments on Proposed Root KSK Algorithm Rollover The SSAC has published SAC133, providing comments on the proposed transition of the Root KSK from RSA/SHA-256 (Algorithm 8) to ECDSA P-256/SHA-256 (Algorithm 13). Here is a summary of the key points. Overall Support The SSAC endorses the proposed algorithm transition, including the selection of Algorithm 13, the double-signing rollover methodology, and the inclusion of backout SKRs and flexible phase scheduling. It finds the proposal consistent with the 2024 Root Zone Algorithm Rollover Study and prior SSAC advisories (SAC063, SAC073, SAC102, SAC108), and notes it addresses SSR2 Recommendation 23. The SSAC encourages ICANN to proceed. RSA ZSK Size Reduction (2048 → 1536 bits) The SSAC considers the ZSK size reduction operationally advisable to keep root zone responses under the 1232-byte UDP buffer threshold (established by DNS Flag Day 2020) during double-signing. It acknowledges the reduction lowers security from approximately 112 bits to approximately 96 bits, but finds this acceptable given each ZSK's short public exposure window (approximately 110 days, or approximately 193 days in a covert attacker scenario). However, the SSAC recommends that the final implementation plan: * Formally document this as a strictly time-bound exception to cryptographic best practices that establishes no precedent for future operations. * Include a cryptographic estimate of the computational cost and time required to break a 1536-bit key within its operational window. The SSAC also concurs with the proposal's rejection of the alternative approach (rolling the ZSK to Algorithm 13 before the KSK), as it would violate RFC 6840 mandatory algorithm rules, and the relevant draft specification has not been adopted by the IETF DNSOP working group. Timeline Concerns The proposed rollover spans approximately 4 years (Q2/2027 Phase AA through Q3/2030 Phase HH). The SSAC questions whether this duration is necessary and raises two specific concerns: EE (double-signing / trust anchor update via RFC 5011) is planned for approximately 2 years, yet RFC 5011's mandatory hold-down period is only 30 days. The SSAC requests an explicit operational justification for this duration and suggests evaluating a threshold-based approach using telemetry from the 2018 and ongoing 2025 rollovers, which could allow a shorter Phase EE if the ecosystem is ready while preserving the ability to extend if it is not. AA (ECDSA KSK generation and secure storage, with no root zone changes) targets Q2/2027, approximately six months after the October 2026 KSK rollover. The SSAC questions why Q4/2026 could not serve as a start date, given that the required personnel, facilities, and procedures will have just been exercised. A shorter overall timeline would also reduce the total time the 1536-bit RSA ZSK remains in active use. The SSAC additionally notes that while DNSSEC does not face the same post-quantum urgency as other protocols already deploying PQC, avoiding prolonged use of a reduced-strength RSA ZSK would reflect sound planning. Missing Success Criteria The SSAC notes that while the plan includes flexible phase scheduling, it lacks defined success criteria or specific thresholds for each phase that would determine when a schedule extension is necessary or when it is safe to resume. Without these, there is no objective basis for phase transition decisions. Operational Readiness The SSAC finds the ecosystem well-prepared for the transition: * Algorithm 13 is a mandatory implementation algorithm under RFC 8624 and RFC 9904. * Algorithm 13 deployment surpassed Algorithm 8 globally as of April 2024 and continues to grow. * Algorithm 13 is deployed by major TLDs (.com, .net, .gov) without reported issues. * SIDN's completed algorithm rollover for .nl in 2023 confirmed broad resolver support. * All major open-source resolvers (BIND, Unbound, Knot Resolver, PowerDNS Recursor) and commercial DNS platforms support Algorithm 13. * ICANN's Thales Luna G7 HSMs have been confirmed ready for ECDSA within the DNSSEC Practice Statement. * RFC 5011 remains the primary mechanism for resolver trust anchor updates. Operational Conventions The use of distinct phase identifiers (AA through HH) to differentiate this algorithm rollover from prior non-algorithm rollovers is noted as a sensible convention. Link: https://itp.cdn.icann.org/en/files/publications/sac-133-10-04-2026-en.pdf. Ongoing work parties: * DNSSEC Operational Considerations Work Party * Responsible Integration of External Technologies into the DNS * DNS Abuse and Artificial Intelligence * DNS Transparency SSAC Membership Committee: The application window for SSAC membership is now open. Interested candidates are encouraged to submit their applications during this period. Further details on the application process and eligibility criteria can be found on https://www.icann.org/en/ssac. [1] Links: ------ [1] https://www.icann.org/en/ssac