Gustavo,

I have a few feedback items below:

  1. The Note under URS Lock and Non-URS State (URS Rollback) states "If glue records were removed when the Registry Operator activated the URS Suspension, the Registry Operator MUST restore the require glue records".  The only changes to the domain when removing the URS Suspension is to attempt to add the previous name servers for a registry supporting the host object model in RFC 5731.  There are no expected changes of the referenced hosts as part of URS since the URS Lock and Suspension is on the domain and not the referenced hosts.  
  2. If a host does not exist anymore that was previously referenced on a URS Rollback, the host will not be created and set as a name server for the domain .  The URS actions only apply to the domain objects and do not apply to hosts and contacts since there is a many-to-many relationship between domains and hosts, as well as domains and contacts.  
  3. What should be done if a URS Lock request is made when the domain is already in RGP?  I'm assuming that the domain would not be put on URS Lock since RFC 5731 states that the "pendingDelete" status MUST NOT be combined with "serverDeleteProhibited".  How would the BERO handle this case?  
  4. How can an "Expedited Registry Security Request" ERSR be used when the BERO identifies a security or stability issue in implementing the URS Suspension of a domain name?  The use case that could be an issue is suspending a domain name that has child hosts that are name servers for other domain names (in zone or out of zone), which would cause the resolution of those domain names to fail .  The text for ERSR ( http://www.icann.org/en/resources/registries/ersr ) states the following.  The URS Suspension is not malicious activity and is not a temporary or long-term failure of one or more critical functions.  Please explain how ERSR can be used for this case and whether there is a more lightweight flow that can be used?  For example, can the BERO reply to the URS Suspension request with a request to hold the suspension pending review of the potential security or stability issue by the BERO and / or the URS Provider?
    1. …An Incident could be one or more of the following: 
      1. Malicious activity involving the DNS of scale and severity that threatens systematic security, stability and resiliency of a TLD or the DNS;
      2. Unauthorized disclosure, alteration, insertion or destruction of registry data, or the unauthorized access to or disclosure of information or resources on the Internet by systems operating in accordance with all applicable standards;
      3. An occurrence with the potential to cause a temporary or long-term failure of one or more of the critical functions of a gTLD registry as defined in ICANN’s gTLD Registry Continuity Plan [PDF, 96K]. 
Thanks,

-- 

 

JG

 

 

James Gould

Principal Software Engineer

jgould@verisign.com

 

703-948-3271 (Office)

12061 Bluemont Way

Reston, VA 20190

VerisignInc.com


From: Gustavo Lozano <gustavo.lozano@icann.org>
Date: Thursday, October 24, 2013 4:05 PM
To: "gtld-tech@icann.org" <gtld-tech@icann.org>
Subject: [gtld-tech] Version 1.0 of the URS technical requirements published

Colleagues,

 

Version 1.0 of the URS technical requirements document has been published at:

http://newgtlds.icann.org/en/applicants/urs

 

The direct download link of the document is: http://newgtlds.icann.org/en/applicants/urs/tech-requirements-17oct13-en.pdf

 

Regards,

Gustavo