In a recent article in this blog, we mentioned the arrival of Chrome 68 in July 2018 and the fact that HTTP will be considered “not secure” from then on. Well, this is not the only weapon that Google is planning to use to encourage large-scale adoption of encrypted websites. You may not be aware, but Google has submitted a number of applications to ICANN as part of the new TLD program, and as a registry, they have secured the management of 45 top-level domains*. Just as the .bank and .insurance extensions have very strict security rules, Google has announced that they will apply HSTS implementation and pre-loading to their new TLDs therefore making HTTPS implementation mandatory.
What is HSTS?
HTTPS Strict Transport Security (HSTS) is a way in which browsers automatically enforce HTTPS-secured connections instead of unsafe HTTP. For example, if the website http://www.nameshield.net is on the list, a browser will never make insecure connections to the website, it will always be redirected to a URL that uses HTTPS and the site will be added to its list of sites that must always be accessed through HTTPS. From thereon, the browser will always use HTTPS for this site, whatever happens, whether the user has accessed the site via a Favorite, a link or simply by typing HTTP in the address bar, he has nothing more to do.
HSTS was first adopted by Chrome 4 in 2009, and has since been integrated in to all major browsers. The only flaw in the process is that browsers can still reach an unsafe HTTP URL the first time they connect to a site, opening a small window for attackers to intercept and carry out such attacks as Man-in-The-Middle attacks, misappropriation of cookies or the Poodle SSLv3 attack which was very much in the news in 2014.
A fully secured Top-Level Domain
HSTS pre-loading solves all this by pre-loading a list of HSTS domains into the browser itself, eliminating the threat of attacks. Even better, this pre-loading can be applied to entire TLDs, not just domains and subdomains, which means that it becomes automatic for anyone who registers a domain name ending in that TLD.
Adding an entire TLD to the HSTS pre-upload list is also more efficient because it secures all domains under this TLD without having to include all of the domains individually. Since HSTS pre-load lists can take months to update in browsers, TLD setup has the added benefit of making HSTS instant for newer websites that use them.
HTTPS deployment will be obligatory for .app and .dev extensions
Google is therefore planning to make HSTS mandatory for its 45 TLDs in the coming months. What does that mean? Millions of new sites registered under each TLD will now be HTTPS (and domain owners will need to configure their websites to switch to HTTPS or they will not work). In order to use a .dev, .app, .ads, .here, .meme, .ing, .rsvp, .fly … domain name, you will need to acquire an SSL certificate and deploy HTTPS.
Our team is at your disposal for any questions related to TLDs, domain names or SSL certificates.
The domain name is to the virtual, what the brand is to the real. It is actually a little more complicated but this small sentence allows to associate brands and domain names.
It’s in the context of this shared vision, that the South African brands registration Office, CIPC has developed a partnership with the registry of .ZA, the South Africa geographic extension.
Thus, the brand applicants can choose the “domain name” option, registering that way the two protections. This is here the first collaboration I’ve seen between these kinds of registration office.
The case of Ethereum foundation and the «.ETH » extension.
Ethereum is a foundation created during 2015, by Vitalik Buterin, a 21 years old Canadian. This foundation aims to promote the Ethereum blockchain technology, created by this young computer engineer, who proposes in addition to a virtual currency, like the Bitcoin blockchain, the possibility to create applications ensuring traceability, inviolability and sustainability of the transactions they manage. To allow to the greatest number of people to access to these applications, the Ethereum foundation has recently presented the ENS for «Ethereum Name Service», and its corollary, the «.ETH» extension.
Thus, if we take the example of the Bitcoin blockchain, the purpose was to create a virtual currency. The major interest consists in the absence of any central regulatory body, since it is controlled and managed by the community members, in a fully decentralized way. Any transaction done on the blockchain leads to an inscription in a block, published on a registry shared between the members. The transactions’ inscription in a block is carried out by « miners », who check, register and secure the transactions in the blockchain. This database hence lists all the transactions in blocks, creating a blocks chain supposed to be immutable and inviolable, due to the use of electronic signatures, and redistributed on the network, since it is decentralized.
Ethereum blockchain also has its currency, namely the Ether. But unlike Bitcoin, Ethereum didn’t create a virtual currency but has extended the use of the blockchain to other applications: the «smart contracts». Thus, Ether must not be considered as a currency but rather as a consumable allowing to exchange on the blockchain, use the applications it hosts.
The « smart contracts » concept
Ethereum proposes many possibilities of decentralized applications usable on its blockchain. These smart contracts are defined by the Blockchain France website as being « autonomous programs, which once started, automatically execute predefined conditions. They operate as any conditional instruction of « if – then » type (if such condition is verified, then such consequence is executed) ».
Concretely, this is a decentralized application, developed according to the Ethereum programming language (the Solidity), which automatically executes predefined instructions, on the conditions that the requirements are met, without the assistance of a third party, and ensuring that no modification is possible. These programs are executed on the Ethereum blockchain and controlled and certified by its members.
Thus, the promise is to delete intermediaries thanks to the total decentralization, managed by the processes automation.
For example, among possible applications, Ethereum foundation has announced on May 4th 2017, the creation of Ethereum Name Service, allowing domain names registration using «.ETH » extension.
Names’ registration in «.ETH »
The Ethereum Name Service, or ENS, corresponds to the Internet DNS, managed by ICANN, but unlike the latter, ENS is not based on root servers, but on the multitude of servers/machines, members of the Ethereum blockchain.
This is not a new registry having created another extension, but rather an alternative notion of the Internet.
Indeed, ENS is neither attached to the Global DNS, or to the IANA organization, nor to ICANN. ENS is a naming system specific to the Ethereum blockchain.
Domain name registration using «.ETH » is operating in a different way than classic domain name registration. This is a bidding system by anonymous deposit of a number of Ethers. In short, the name request opens a 72 hours period allowing other persons to bid. A second period of 48 hours then opens, during this period, each bidder must disclose their bid. The best bidder wins the name registration and is refund of their bid, minus the value corresponding to the difference of amounts between the two best bids. These funds are kept in a contract during 1 year minimum and can be removed at the end of this period, subject to release the name. If the name is the subject of one bid only, the bid’s winner is refund of the invested Ethers, except 0.01 Ether, corresponding to the minimum bid. This system should allow according to the ENS developers to prevent from speculation on domain names registration.
The system then doesn’t need an authority like ICANN, since the names ‘attribution is automated thanks to an IT program distributed and secured on the blockchain.
Nevertheless, if you type a domain name in «.ETH » in your browser search field, like Google Chrome, or Mozilla Firefox, an error page will be displayed. Indeed, the registered names in «.ETH » are not recognized by these browsers, since they aren’t part of the DNS network, they aren’t recognized as a domain name. Google Chrome extensions are proposed to create a bridge between the « web Ethereum » and the Internet that we know.
Hence, essentially, names currently registered in «.ETH » are only usable on the Ethereum blockchain, and therefore don’t affect the general public.
Lastly, the first use of ENS is, like the DNS, to allow the user to read and remember more easily an address by giving it a meaning. The DNS allows to translate an IP address in a legible address via the domain name.
Thus, ENS allows to translate an Ethereum user’s address (a user portfolio) of type «f14955b6f701a4bfd422dcc324cf1f4b5a466265 » in « myfirstname.eth ».
For example, when a user wishes to send Ether to another user, they only have to know their domain name and not their user address anymore. These domain names have a quite limited use, but may thereafter be used to access to future Ethereum applications.
The risks of the «.ETH » for brands owners
To this day, current web browsers don’t support these extensions, it seems that brands owners have no need to worry.
However, many French and international brands are « cybersquatted ». I.e. Ethereum users have won bids on brands names like « samsung.eth » or « volkswagen.eth ». They take over the name’s ownership for one year.
At the end of this first year of registration, the owners may release these names to retrieve the Ether stock associated to the name.
Risks should not be excluded in a near future if the «.ETH » are led to become more common and to offer interesting uses for the general public. Under this hypothesis, current web browsers could natively integrate «.ETH », in the same way as «.COM » or «.XYZ ».
Therefore, the owners of «.ETH » taking registered trademarks, for example may seek to benefit from this registration by using the reputation or identity of these protected brands, in order to divert the traffic to their own products or services. It may also be competitors seeking to tarnish their competitor’s brand image.
In the ICANN system, the rules enacted, in particular with UDRP procedures, propose to overcome these risks afterwards by allowing brands owners to try to recover a domain name using unjustly their brand. The restrictive nature of these rules, accepted and respected by registration offices, facilitates the application of the decision of Arbitration Center experts, and thus a domain name transfer to their rightful owner.
In the ENS system, there is no central authority which could enact these rules. Furthermore, domain names in «.ETH » have no real Whois file. To register such a domain name, they need to have Ethers and to create a portfolio. The identity is concealed behind a characters sequence, i.e. the digital impression of a cryptographic key. Therefore, it seems difficult to know the real identity of an owner in «.ETH ».
Furthermore, unlike the current system, it seems difficult to justify a territorial competence for «.ETH». The blockchain is not linked to any territory, it is distributed on all its members ‘machines, and thus all around the world.
The solution could eventually be developed by the Ethereum users themselves. It’s not to be excluded that an application is created in order to check the legitimacy of a domain name owner, on the basis of criteria defined in a program, like for example, the risk of confusion regarding a preexisting brand, and the good faith criteria in the use made of them. The constitution of a «popular jury » with voting materials would allow to decide on the issue as the result of a complaint from another member.
The American telecommunication company, Sorenson Communication, has forgotten to renew a domain name for only a few days in June 2016. The decision has fallen at the end of September 2017, Sorenson Communication has to pay a fine of 3 million dollars. Why such a high amount?
The domain name which has fallen back into public domain was carrying a critical service for some users! It was the “Video Relay System” which telecommunication companies must provide to deaf people and persons with vocal disabilities, so they can make video calls and contact the 911 USA emergency number, by using sign language. Utah residents with these disabilities were unable to reach 911 for 3 days!
Sorenson Communication indeed realized rather late its omission and ended up renewing the domain name only 3 days later.
But this kind of omission can be easily prevented, thanks to the “automatic renewal” option for all your domain names portfolio. Your critical domain names, carrying services, website and/or mailboxes, will not be interrupted by a simple renewal omission.
On the fine of $3 million, 252 000$ are transferred to “The Federal Communication Commission” and $2.7 million to the company of “Telecommunications Relay Services Fund”, which has found a temporary solution to rent its bandwidth during these 3 sensitive days.
At the Internet new extensions launch, Donuts operator, the biggest extensions applicant (.services, .legal, .photos, .vin etc.) has launched a specific protection program in addition to the TMCH.
The Donuts Protected Mark List (DPML) allows to block the registration by a third party of a domain name similar to the brand under all the extensions managed by the registry.
For example, if the brand “iPhone” is registered in the TMCH (prerequisite) then in the DPML, no one can register <iphone.photos> or <iphone.services>, as well as the other hundred Donuts extensions.
Other registries have also created protection programs, in common with Donuts’ DPML, on more restricted perimeters. It was the case of Rightside which managed the following 40 extensions:
.TV means television, .FM, FM radio, .IO tech companies…
Actually no. In fact, yes but no. These codes do not designate sectors of activity but territories according to ISO 3166-1 alpha 2:
TV is for Tuvalu, a Polynesian state;
FM is for Federated States of Micronesia ;
IO for British Indian Ocean Territory.
Why such a mix of genres? In fact, domain names and geopolitics make a whole.
When you communicate with a .COM domain name, you trust Verisign, an American company. With a .FR, it’s the AFNIC! For the .TV, nothing to fear, this extension is technically delegated to Verisign. And for the .IO, it will be said that the infrastructure is fairly resilient. Why mention this reality?
Simply because geopolitics are moving, political events have frequently cut off domain name extensions. This is the case of .LY, which corresponds to Libya. For example, South-West professionals communicating in .SO met some technical problems when Somalia has cut its DNS infrastructure for some time.
But then, how do we do? This is precisely what is exciting in this intangible industry: if no guide is available to track real-time geopolitical movements and the consequences on registries’ DNS availability, Nameshield informs you in real time.
Do not hesitate to contact us if you have any questions.
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/
Act 4: Reconstruction
While a myriad of new extensions were open for recording, the time was to select .COM, .CM, .OM, .CO or .CAM records? .FR or .FRL?
The decision to make registrations in all new extensions of course has a high cost and is no longer necessarily wise.
This is also why, some brands have chosen a .BRAND: its own TLD, its own sovereignty, its own management rules! Many brands have opted for this configuration and we can see now the blooming of .BNPPARIBAS, .ALSTOM, .SNCF, .LECLERC, .GOOGLE …
This reflection on .BRAND has sometimes been badly conducted: some brands have now abandoned their own TLDs, such as McDonald’s. ICANN has a list of these TLDs, along with the very formal letters from the companies asking to remove the area of confidence, historically so costly. It reminds me of The Fallen Astronaut. We can say that the abandonment of these TLDs will be used for others to build themselves up. A good general uses the strength of the enemy as Sun Tzu said!
These discontinuations show that the companies concerned have not seen today the benefits they could make from the costs associated with the creation and management of a .BRAND. Others, more daring, have discovered the interest and / or imagine discovering new service opportunities allowing them to have an increased or even total control over their infrastructure to come with high stakes, Internet of Things, Industry 4.0 …
Let’s wait for the first connected objects and the deployment of a real infrastructure around a resilient .BRAND and we’ll see!
McDonald’s! The symbol of globalization: from the invention of the express service by the eponymous brothers to its successful franchise by Ray Kroc (I recommend the film ‘The Funder’), McDonald’s is an example of post-war entrepreneurial success. The BigMac, the Filet o’Fish? These are the inventions of franchisees that headquarters have agreed to develop throughout the world. A model of innovation.
What about their digital strategy? When Internet arrives and everyone talks about it, a Wired reporter contacted McDonald’s to explain that Burger King could record mcdonalds.com. McDonald’s will not register it. Then the reporter does, the US firm tries to recover it and will donate 3500USD to a school in order to buy computer equipment.
Once bitten, twice shy. As a result, McDonald’s is creating a preventive policy of registration of domain names: goldenarches.com, mcd.com, bigmac.com, …
If RayKroc.com and mcdo.com are already cybersquatted, the implementation of a defensive registration policy has begun.
Thus, when the new gTLD program is launched in 2012, McDonald’s is a candidate and wins the .MCD and the .MCDONALDS (MCD is used internally for e-mail).
Illustration 1: Home page of NIC.MCD
We note the weak development on the home page of the .MCD, which is limited to ICANN’s obligations regarding the presentation of the TLD.
Illustration 2: WHOIS of .MCDONALDS
The Whois service of the .MCDONALDS allows the identification of the owner, although, as presented in the file for ICANN, the .MCDONALDS is not intended to be an open extension.
What is interesting in the Whois is the joint management of different departments:
First contact: IP Division, Eric William Gallender, Senior Intellectual Property Counsel
Second Contact: Marketing Division, Anja Morrison Carroll, ‘Senior Director, Marketing’
In the motivations of the company to benefit from a .MCD and a .MCDONALDS coming from a public document, we can find the will to recreate confidence. McDonald’s highlights its gTLD, ccTLD and preventive registrations (.XXX, among others).
McDonald’s has many commitments:
provide an easy and intuitive reference and access point for internet users;
represent authenticity thus promoting user confidence;
direct internet users to locally relevant information and products;
use appropriate geographic names to connect with internet users in the relevant regions ;
potentially use IDNs to enable customers to interact in their native language;
enhance security and minimise security risks by implementing necessary technical and policy measures;
strengthen brand reputation and user confidence by eliminating user confusion; and
prevent potential abuses in the registration process reducing overall costs to businesses and users.
However, on May 2nd, 2017, a signed letter from VP Global Brand Marketing, Colin Mitchell announces the end for both TLDs.
There is no reason mentioned to justify this request and McDonald’s IP has not responded to the requests for communication.
Illustration 3: The letter of McDonald’s
McDonalds has failed to do with these two TLDs more than a trusted place for the websites: a .BRAND, yes, but it’s necessary to have a real strategy of deployment and use.
Creating a .BRAND with the only purpose of defending the intellectual property doesn’t seem, in that light, to be a successful tactic. The success of a .BRAND is mainly conditioned by an effective strategy, and its development has to anticipate far ahead, its use, as well as its implications regarding the digital and commercial communication.
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/
Act 3: Depression
Five years ago, the number of domain name extensions was alright: less than 500. It was still possible to register its trademark and its company’s name in the extension of its choice and to act against fraudulent deposits. Attacks were unusual and you defended yourselves when smart little ones made contentious deposits. Some extensions only accepted subdomains registrations, such as Australia and the United Kingdom. Impossible to save at the root and impossible to register without having any rights: .CO.UK for companies, .AC.UK for the academic world,…
But that was before.
Then arrived several generic extensions and if the rare extensions created, caused only few problems (.MUSEUM, .MOBI, .AERO,…), this was not the case for the thousand new delegated extensions following the new gTLD program, opened on January 12, 2012. Although brands have filed .BRAND or .COMPANY to protect their territories, many extensions were open and the registration race allowed smart little ones to create big damage. The registration of BLOOMBERG.MARKET and VINCI.GROUP are two particularly well-known examples.
Today, the management of domain names is managed by people dedicated to this activity, mostly within marketing, legal and IT departments.
But what do you have to do? Register your brand in all TLDs? Spend an important amount in domain name retrieval procedures? An in-between?
Interesting alternatives are born from the opening of the new gTLDs:
Create a closed extension with subdomains to find the identification-trust link, such as the .FX project I presented a few days ago to NetWare2017 ;
Create your own extension: some already do this well, like .BNPPARIBAS or .LECLERC ;
Help the end user and this is the project of the Nameshield’s CEO, through Brandsays, a browser extension.
If the brands continue to rightfully submit domain names, they will also develop other means of access, such as SEO or social networks.
While INTA, in its recent study, highlighted impressive figures regarding defensive actions, to get the right answer, you have to ask the right question. We will see in the fourth and last episode of this summer saga, how to understand the .BRAND strategy.
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/
Act 2: Expression
We left off on the time when the brands did not feel the Internet revolution, the techniques evolving and the registered domain names. (Read act 1: Denial (and anger))
The example of McDonald’s is interesting. In 1994, Wired, an American magazine created a year earlier, communicates about the case of mcdonalds.com. Joshua Quittner, a journalist at Newsday, contacted McDonald’s and asked if they would be interested in registering mcdonalds.com. There was little to no answer. He registers the name, contacts McDonald’s which does not answer. Then he publishes his article on Wired, putting the contact address ronald@mcdonalds.com.
McDonald’s complains and Quittner asks for a donation for charities: it will be 3500USD for the computer equipment of a school in New York.
The virulent attacks of trademarks are legion in order to recover the domain names from little jokers, some of them could be part of the company, such was the case for mtv.com.
Brands federate among themselves, contact ICANN to develop simplified procedures, even if, according to the famous trademark dilemna, the American organization had known the risk of cybersquatting for a long time.
On the side of lawyers, training courses are launched on each side of the Atlantic and the UDRP, SYRELI, URS and others, are created in order to defend the digital territories.
France, known for a long time as a country supporter of trademarks, will not remain passive and is today, the second country in the world in the disputes resolutions concerning domain names.
Thus, in the virtual territory, and in contrast to the reality, the police is financed by trademarks. The holders of a territory, similar to countries, are doing nothing or almost nothing: recovering a .Fr can be possible using a SYRELI procedure, while for our friends from the outside of Rhine, no alternative procedure exists: to apply for its .DE, it is the court or nothing.
Nevertheless, an economy of defense of brands is organized and thus, an ecosystem is developed.
Everything seems to be going well, until the arrival of the new extensions, as called in the field, the first round…
Nameshield wishes to use cookies to ensure the proper performance of the website and, with our partners, to monitor its audience. More information in our Cookie Policy 🍪.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14
1 minute
Set by Google to distinguish users.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
NID
6 months
NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
