Category: Domain names

From 21 to 26 October, Hamburg in Germany, hosted the 78th ICANN Summit, the Internet’s regulatory body. Hamburg, the connected city par excellence and Germany’s leading intelligent city, succeeds Berlin as the second German city to host such a summit. Berlin hosted ICANN2 in 1999. This 78th edition brought together more than 1,600 participants from 175 countries and territories. It also marked the 25th anniversary of ICANN and the 20th anniversary of the Generic Names Supporting Organization (GNSO), the body responsible for policies applying to domain names in generic extensions.

ICANN faces new challenges

“On 30 September 1998, ICANN was incorporated as a private, not-for-profit organisation in the State of California”. With these words, Tripti Sinha, the Chair of ICANN’s Board of Directors, began a dense speech at the Welcome ceremony of ICANN78. She reminded us that most of today’s Internet tools, including smartphones, have been developed and launched during this period, and that while “25 years is not much”, “the world has changed remarkably” in the meantime. Today, it is the context of wars and technological transformations, in particular “artificial intelligence and quantum technology”, that constitute major challenges for the multiparty model. To these can be added alternatives to domain names that use the DNS, such as blockchain domains, which are outside the scope of ICANN. These were highlighted at ICANN78. Their protagonists like to call them “domain names”, while others would like to differentiate them by talking about “wallet domains”. ICANN’s interim President, Sally Costerton, made a point of emphasising the word “trust” in her introductory speech. “Trust is a fragile thing” she said, “difficult to build and easy to lose”.

On the subject of trust, Sally Costerton pointed out during the ICANN Board’s question and answer session that significant progress has been made on a number of important issues since her appointment in December 2022. In March of this year, for example, the first international Universal Acceptance Day was held, or how to make the Internet more inclusive and thus closer to the way its users use it. At the ICANN76 summit, also in March, the next series of new generic extensions was confirmed. More recently, the Registration Data Request Service (RDRS), a prototype of the future System for Standardized Access to Domain name registration data (SSAD) for legitimate requests, was launched. And the year 2023 will have seen a concrete proposal to strengthen the means of combating abuse of the DNS after years of fruitless exchanges. A proposal to revise the contracts of registry operators and registrars is currently being put to a vote by the parties concerned, with adoption expected between December 2023 and January 2024.

Registration Data Policy: Let it go let it go

The fact that ICANN represents numerous sensibilities whose interests are often divergent, but also that it operates with consensus as its totem, partly explains why the finish line is often far removed in time from the starting line. The Registration Data consensus Policy has not escaped this reality. This policy is intended to replace a Temporary Specification implemented as a matter of urgency on 17 May 2018, eight days before the General Data Protection Regulation (GDPR) came into force thus to integrate the GDPR requirements into the DNS ecosystem. The Registration Data Consensus Policy is the culmination of phase 1 of a Policy Development Process (PDP) initiated on this occasion. While a final report with a view to its implementation was issued at the beginning of this year, it was ICANN78 that enabled the implementation review team work to be concluded. The blocking point on the wording relating to the deadlines granted to operators to deal with urgent requests for access to registration data in the event of law enforcement, could be removed. The policy, which now has a permanent framework, will now be implemented by the parties concerned, registry operators and registrars.

The next round of new generic extensions

The next round of new generic extensions remained another major topic of this edition. While ICANN is now putting forward the date of April 2026 for the next application window (editor’s note: the previous window took place between January and April 2012), ICANN78 highlighted the progress made in implementing the recommendations arising from the Policy Development Process known as “PDP Subpro” (editor’s note: Subsequent Procedures). Earlier in March, some thirty recommendations had not been adopted by the ICANN Board and had been referred to the GNSO for clarification. Thanks to the work of a Small team, 12 additional recommendations have just been adopted by the ICANN Board, bringing the total number of adopted recommendations to 104. 13 remain in the balance and 7 have been rejected. For the latter, we will now have to assess their impact and consider remedies. The implementation team can therefore make progress on just over 80% of the recommendations arising from the Subpro PDP. The revised guide for future applicants is progressing in line with initial forecasts with at least 18 months to go.

The issue of closed generic extensions and diacritical letters

Considered but not proposed due to a lack of consensus in 2012, then discussed for five years, the topic of closed generic extensions was relaunched in 2022 with a view to a new series of generic extensions. In practice, they would allow organisations under certain conditions to use a generic term (editor’s note: for example .CHARITY) with the same rights as a brand extension. Access to the extension to create new domain names would therefore be very restricted. A year ago, a discussion group comprising the Governmental Advisory Committee (GAC), which represents governments, the At-Large Advisory Committee (ALAC), which represents end-users, and the GNSO was set up to try to address this issue. Last July, they proposed a framework detailing the many aspects to be considered to introduce this new type of extensions. However, at the end of their work, each body sent a separate letter to the ICANN Board of Directors, proof that their positions remained far apart. Barring any surprises, there should therefore be no closed generic extensions in the next round.

Québec, whose .QUEBEC was integrated into the DNS root in April 2014, has also invited itself into the discussions concerning the next series of new generic extensions. In 2012, Québec announced its wish to obtain .QUEBEC as well as .QUÉBEC. Although in the end they only applied for the non-accented version, they had hoped to be able to use .QUÉBEC as well. They were not granted this right because of a risk of similarity. ICANN78 highlighted the fact that perceptions remain different depending on whether or not .QUÉBEC is a variant of .QUEBEC. The pronunciation for French speakers is the same, but the presence of a diacritical letter (editor’s note: letters to which signs such as the acute accent, the grave accent, the circumflex accent, the umlaut are added) makes encoding in ASCII characters different and technically feasible. While their request has little chance of success, it has also served to focus attention on important issues for registry operators, where the answers provided are often ill-suited to their needs.

ICANN78 was ICANN’s last annual summit. All eyes now turn to 2024. A new year is approaching, which may or may not see the conclusion of contractual amendments to registry and registrar contracts, with specific obligations to remedy malicious use, the continuation of implementation work on the next series of generic extensions, the likely launch of an ICANN holistic review or even the prospect of the scheduled Sunset of the Whois protocol in early 2025.

For Europeans and companies operating on European territory, it is the NIS2 directive that will crystallise all attention, as it must be transposed into the national laws of the Member States by October 2024. On this subject, ICANN representatives indicated at the traditional closing Public Forum that the policies for generic extensions are not “in contradiction with the NIS2 directive and that the parties concerned have the latitude to implement measures to comply”. The European Top Level Domain Information Sharing and Analysis Center (European TLD ISAC) is to be commended on this point, as it will be a useful relay in implementing the NIS2 Directive in the domain name industry.

Nameshield, an independent European company that has been ISO 27001 certified since 2017, will comply with the directive and will be keen to help its customers to comply. Nameshield also has the expertise to manage your projects for new generic extensions.

Finally, in terms of leadership, the GNSO, the body responsible for generic extensions, now has a new Council team appointed at ICANN78, while ICANN Org will be appointing a new president in 2024. See you next year.

Image source : ICANN‘s website

Last month, the 77th Summit of ICANN, the Internet’s regulatory body, was held in Washington DC. This second summit of 2023 was once again rich in meetings and exchanges, with 90 sessions held over four days.

Here is a look back at the highlights of this event.

Successful outcomes

While ICANN summits have often left a mixed impression due to the multitude of subjects debated and processes made more cumbersome by the consensual approach sought by the organisation, we can welcome the fact that ICANN77 was marked by the successful conclusion of several of them, starting with the Registration Data Consensus Policy.

In May 2018 ICANN hastily applied a Temporary Specification to all stakeholders with a package of measures directly linked to the GDPR that the European Union had just applied. These measures included the masking of personal data in generic domain name registration databases. This set of obligations was intended to be renewable for one year and was to be replaced by a permanent framework. The body responsible for generic name policies, the GNSO, therefore quickly convened a process for developing new policies, a PDP, which was divided into several workstreams. Phase 1 of the PDP concerned the long-term binding framework they were looking for. The result was the Registration Data Consensus Policy, which has now been finalised. This work has been extended because the subject of personal data on domain names overlaps with many other texts (21 policies in all) which have also been revised. While stakeholders will have at least 18 months to apply the new policy, aspects relating to the collection, processing and storage of personal data linked to domain names will be altered.

Phase 2 involves the creation of a standardised system for accessing hidden personal data on domain name contacts for legitimate purposes, such as investigations into cybercrime. This resulted in the creation of a prototype that will be deployed this Fall. Over the next two years, this prototype should enable the organisation to validate whether or not it should develop a permanent global tool. It is therefore a reasonable step, because it is prudent. It would have been risky to develop a particularly expensive global system whose use was uncertain. But this issue is also directly linked to the accuracy of the data. What is the point of requesting access to masked contact data if it is unreliable?

On this subject, ICANN has launched a project in 2021 on the accuracy of registration data. But ICANN came up against the fact that in order to assess the accuracy of the data, it needed a legal basis for accessing the data. This forced the body to put this project on hold last year, when negotiations began to create a Data Protection Agreement between ICANN and the stakeholders.

Two contractual amendments in 2023

On the contractual side, it should be noted that the contracts linking ICANN with the registry operators on the one hand and the registrars on the other are in the process – and this is unprecedented – of being amended twice in the same year. The first revision will come into force next month to organise the transition between the Whois protocol and the RDAP protocol. The second revision, which is about to be put to the stakeholders for a vote, aims to step up the fight against DNS abuse. As far as DNS abuse is concerned, it should be remembered that this subject has long been a staple of ICANN summits, in the sense that it has been debated for several years without ever coming to a conclusion due to a lack of consensus. The need to step up action against these attacks has therefore never been so close to being written into the contracts.

ICANN is looking for its future leader

In another unprecedented development, on 21 December last year, ICANN announced the resignation of Goran Marby, its President. Sally Costerton took on the responsibility and was rapidly appointed Interim President of the organisation. This experienced leader, who already has around ten years’ experience in the organisation, was logically closely watched at ICANN76, but was also well received by the community. She took ownership of the issues very quickly and was very proactive in pushing them forward. ICANN77 was an opportunity to propose a session called CEO Search Committee. The profile of the future president was drawn up, along with his or her eight responsibilities: management of the IANA function, development of new DNS system policies, the program for new generic extensions, strategic management, management of the governance body, commitment and exchanges within the community, management of responsibility and, of course, the role of representative of the body. The perspective given for the appointment of this future face of ICANN is the second quarter of 2024.

The next round of new generic extensions at the centre of attention

As is often the case at ICANN summits, the subject of the next round of new generic TLDs was on the menu for most of the discussions. The fact that the previous application window dates back to the beginning of 2012 is obviously no coincidence. At her first summit as President of ICANN, Sally Costerton made good progress on this issue, with ICANN76 concluding with the ICANN Board adopting 98 of the 136 recommendations arising from the process of developing new policies for the next round. 38 recommendations remain to be clarified, and this work is currently underway, with completion scheduled for the second half of this year.

At the same time, implementation of the other recommendations and revision of the Applicant Guide Book have begun. However, two other subjects complete the picture: the possibility of creating closed generic TLDs, a sort of model similar to brand TLDs but which would be made possible on generic terms, and the revision of policies for internationalised TLDs and domain names, i.e. in native languages. The first subject should soon be put into orbit via a process of development of new policies planned over nearly two years. As for the second, its policy development process could last until November 2025. The organisation’s intention is to bring these two issues to a successful conclusion before the next round.

At the time of the 2012 round of new generic extensions, internationalised extensions and domain names were already being strongly promoted as a vector for the success of this innovative process. However, this was without taking into account universal acceptance, which was still in its infancy and which has fortunately made considerable progress since then. The RDAP protocol for registration data was also already considered as an alternative to Whois to be implemented with the new generic TLD program. However, RDAP is only set to replace Whois after a transition period of 18 months. As for closed generic extensions, they were also considered in 2012 but abandoned due to a lack of consensus. They could finally see the light of day under terms to be defined during the next round. As for abuse of the DNS, another subject that has been debated for years, it is also on the point of leading to additional obligations that will affect registries and registrars alike.

If Nameshield is already offering you solutions to help you deal with infringements of your online assets and your gTLD projects, it should be noted that the obligations incumbent on companies that manage domain names are constantly increasing, but also that with ICANN the issues are almost always resolved in the end.

See you in Hamburg in October for ICANN78.

Image source : ICANN’s website