The .UK soon available to all: .CO.UK’s holders, don’t miss the end of the priority period!

Remember, in June 2014, Nominet, the registry of .CO.UK, launched the opening of the .UK registrations. At the time of the extension’s launch, the registry applied a 5 years restriction during which the .UK registration rights were restricted to the holders of the corresponding names in .CO.UK, .ORG.UK, .ME.UK, .NET.UK, .LTD.UK or .PLC.UK.

The 1^st of July 2019 will mark the end of the period when .UK extensions were blocked from registration if the .CO.UK was not already registered. The names will then be opened to all! If you are already a .CO.UK domain name’s holder, don’t hesitate to contact your Nameshield’s consultant before the end of the priority period to reserve your corresponding name in .UK and thus prevent a third party to do it on the general availability period.

The .DEV available to all

After the launches of the .APP and .PAGE, Google launched .DEV on January 16, its new extension dedicated to developers and technology, following the calendar below:

Sunrise period: from 2019/01/16 to 2019/02/19
EAP (Early Access Program): from 2019/02/19 to 2019/02/28
General availability: from 2019/02/28

Since February 28, 2019, the .DEV is in general availability and already has more than 64 000 domain names’ registrations according to Domain Name Wire.

To promote this new extension and for the Google I/O 2019 , its annual event for developers (which will be held on May 7-9, 2019 at the Shoreline Amphitheatre in Mountain View), Google proposes the free registration for 1 year of a .DEV domain name for all ticket booked. But the registrations resulting of this promotional campaign only represent a small part of the 64 000 .DEV domain names registered.

During the last months, Google itself has launched or relaunched many of its websites in .DEV: web.dev, opensource.dev, flutter.dev…

Other companies have also chosen to register their domain names in .DEV like Mozilla with mdn.dev, Salesforce with crm.dev and Level Access with accessibility.dev.

The HTTPS mandatory for all .DEV domain names

As mentioned in a previous article by Christophe GERARD, Nameshield’s Security Product Manager, as reminder, Google in its goal of a more secure Internet, makes HTTPS encryption mandatory for all its new extensions: .APP, .PAGE, .HOW, .DEV… (More details in this article).

Thus, .DEV extension is included on the HSTS pre-upload list, requiring HTTPS protocol on all .DEV domain names.

Therefore, in order to use a .DEV domain name, you will need to acquire a SSL certificate and deploy HTTPS.

From tools to platforms, programming languages to blogs, this extension will allow you to present your projects. Don’t hesitate to contact a Nameshield’s consultant for any questions regarding the conditions for the registration of your .DEV.

Brexit’s consequences on .eu domain names : EURid’s action plan

In a previous article, we discussed the Brexit’s consequences on .EU domain names, the European Commission announced on 28 March 2018 that companies and individuals, holders of a .EU will no longer be able to renew or register names in .EU if they are not residing in the European Union.

With the Brexit’s date approaching, EURid, .EU registry, has recently published its action plan that has two scenarios depending on the case there is no deal or the case there is a withdrawal agreement between the United Kingdom and the European Union. In the second case, it will be the same actions but they will be implemented on different dates (from December 2020).

Scenario 1: The United Kingdom leaves the European Union with no deal on 30 March 2019

New registrations

From 30 March 2019: EURid will not allow the registration of any new domain name from registrant declaring an address in Great Britain (country code GB) or in Gibraltar (country code GI).

.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

On 23 March 2019: EURid will notify by email both GB/GI registrants and their registrars about the forthcoming non-compliance of the data associated to their domain name within the .EU regulatory framework.

On 30 March 2019: EURid will again notify by email both GB/GI registrants and their registrars that their domain name is not in compliance with the .EU regulatory framework.

Before 30 May 2019: Registrants will be given the possibility to demonstrate their compliance with the .EU regulatory framework by updating their contact data.

During this two months period, the domain names in question will remain active and the following actions are possible:

-Contact data changes including updates to existing contact details pertaining to phone number, email address, postal address and country code;

-Updating a contact or linking a new contact;

-Name server and DNSSEC changes;

-Transfer the domain name to a non GB/GI registrant.

During this two months period, the following actions are not possible:

-Transfer the domain name to a GB/GI registrant;

-Term extension, unless accompanied by a transfer request to an eligible registrant;

-Automatic renewal for domain names that expire in the period between 30 March 2019 and 30 May 2019.

As of 30 May 2019: All registrants who did not demonstrate their eligibility will be deemed ineligible and their domain names will be withdrawn.

On 30 March 2020, i.e. twelve months after the UK withdrawal: All the affected domain names will become available for general registration.

For. EU domain names that are in the ON-HOLD status at the time of UK withdrawal: They will remain registered until there is an outcome of the court case. However, they will be suspended and will cease to function as of 30 May 2019.

-If a court ruling establishes a transfer to an eligible party, that decision will be implemented in the usual way.

-If the domain name stays with the GB/GI registrant, the domain name will be withdrawn.

For .EU domain names that are in the SUSPENDED status at the time of UK withdrawal: Evaluation by the registry on a case-by-case basis, moving forward if appropriate, with the withdrawal of the domain name.

For .EU domain names that are in the QUARANTINE status at the time of UK withdrawal:

-No transfer to GB/GI registrants from quarantine will be possible during the two months period.

-Transfer to a non-GB/GI registrant will be possible.

Scenario 2: The United Kingdom leaves the European Union with a planned transitional period on 31 December 2020

It will be the same actions but they will be implemented on different dates.

New registrations

From 1 January 2021: EURid will not allow the registration of any new domain name from registrant whose country code is either GB/GI.

.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

23 December 2020: First email sent about the non-compliance of the data associated to the domain name.

1 January 2021: Second email sent about the non-compliance.

Before 2 March 2021: Possibility for the registrants to demonstrate their compliance with the .EU regulatory framework by updating their contact data.

As of 2 March 2021: All registrants who did not demonstrate their eligibility will be deemed ineligible and their domain names will be withdrawn.

On 1 January 2022: All the affected domain names will become available for general registration.

The actions planned in the first scenario regarding the different status « ON HOLD », « SUSPENDED » and « QUARANTINE », will also be applied in the second scenario.

The Brexit’s consequences thus force the British to rethink their domain names strategy. Indeed, the loss of their .EU domain names will be an opportunity for cybersquatters who reside in the E.U. and meet the eligibility criteria, they would then have the rights to register these .EU domain names. Nameshield’s team is at your disposal to reply to all your questions and to propose you the best recommendations regarding your domain names’ portfolio management.

Communication, governance and opening: what we can wish for 2019

As 2019 begins, we make three wishes corresponding to an eventful year.

1.A better awareness of the Internet governance.

The main project at the time of international relations, fake news and voluntary disconnection from the Internet: the Internet governance should be at the table of the diplomats, political decision makers and strategic decision makers. France, which shines in the embassies’ world, should be able to take part in the digital decisions. The appointment of Henri Verdier as Digital Ambassador is a good thing, hoping that his knowledge in the private sector will be an absolute strength in his projects for France. France should be interested in the functioning of ICANN, the authority of world regulation of the IP addresses and the domain names. ICANN is recently the subject of strong criticisms regarding potential insider trading. The American desire to entirely privatize ICANN by suppressing its links with NTIA needs everyone’s attention.

2. ICANN decided it: a new opening of the root will soon be done. What temporality? That is a mystery. In the meantime, and so as to prevent that the list of the abandoned extensions does not cease to develop, new uses of the new extensions, whether they are opened (.PARIS, .FOOTBALL, .ICU…) or closed (.MMA, .LECLERC, .BCG…) should be found. Today (and tomorrow) the brand protection through a TLD’s possession is a definite advantage in front of the large number of opened extensions. A TLD’s possession can also allow the opening of the scope of possibilities, like .BEST will announce at Namescon at the end of the month (surprise!).

3. The third and last wish, to anticipate the new uses of domain names. While the progress curve of the domain names’ volume increases less than previously, the focus should be on the issue of communication on the Internet. It appears as necessary to propose the registration of all possible domain names one can imagine. This is the consortium Unicode, an American entity which decides which character can be integrated in the IT standards. Let’s follow the evolution of the integration of the characters integrated in the Unicode to identify the future domain names trends. The internationalized domain names were a real positive evolution for web users around the world, myself the first concerned, having an accented first name.

Thus it’s very likely that emojis and other special characters will become the stars of the upcoming extensions. Soon the .♥.

These three wishes are part of our work at this time.

For example, our participation in the updating of the methods regarding intangible assets’ financial and extra-financial valuation of the Thesaurus Capital Immatériel by the “Institut de comptabilité de l’immatériel” (Intangible accounting Institute), aims to answer to the need to acknowledge the domain names’ value by financial managers.

Domain names are the first assets held by web users. We are fully aware of the responsibility associated to their management, and our recent developments in terms of operational excellence (ISO 27100) are the new guarantors.

DNS Belgium will now take offline fraudulent websites within 24 hours

In the context of the fight against insecurity on the web, DNS Belgium, the .BE registry, decided to intensify its action by cooperating with the FPS Economy [The FPS Economy, SMEs, Middle Classes and Energy is a Federal Public Service of Belgium which is responsible for contributing to the development, competitiveness and sustainability of the goods and services market in Belgium] in order to shut down fraudulent websites within 24 hours.

Philip Du Bois, general manager of DNS Belgium indicates: “This protocol will enable us to take even more targeted action, together with the FPS Economy, against possible abuses where .be domain names are involved. It underscores our ambition for a high quality and safe .be zone which serves as suitable environment for the further development of the Internet.”

The aim: to ensure consumers a completely safe Internet browsing on .BE websites.

This procedure will ensure a much higher reactivity. Indeed, until now, FPS Economy couldn’t request a blocking from the registry regarding the content, moreover fraudulent websites with correct identification data (at least of which the forgery couldn’t be proven), were untouchable. The blocking required a request from the Prosecution, i.e. a two weeks long procedure, which left plenty of time for the fraudulent website to create important damages to the consumers. Several hundreds of such websites per year were concerned!

From December, the 1^st 2018, the protocol will then allow at the request of FPS Economy, the DNS Belgium registry to block .BE domain names which:

Are used for fraudulent websites
Host phishing websites

Of course, this procedure will be applied in the case of serious crimes.

The blocked domain name’s owner will have two weeks to react against the blocking. Without action of their part within 6 months, the blocked name will expire.

This still too rare initiative is to be welcomed in a context of the fierce fight against cybercriminality!

Swaziland, the country that changes its name and its extension

Source : OpenClipart-Vectors via Pixabay

We have learned from the press that Swaziland will change its name at the will of its Monarch.

Indeed, this little South African territory has not changed its name after the decolonization, fifty years ago. It will soon be the case, with the term eSwatini, the country of Swazi. If this information is more of a geopolitical notion, it will have an impact on the country’s abbreviation within the ISO standard 3166-1 alpha 2, and its extension will then change; a similar situation to the one of Kazakhstan, already discussed on this blog.

A new example which highlights the importance of the country’s stability in the choice of an extension used for an active communication.

Google makes HTTPS encryption mandatory for its 45 new TLDs : .dev / .app / .how…

Google makes HTTPS encryption mandatory for its 45 new TLDs - HSTS — Source : Sean MacEntee via flickr

In a recent article in this blog, we mentioned the arrival of Chrome 68 in July 2018 and the fact that HTTP will be considered “not secure” from then on. Well, this is not the only weapon that Google is planning to use to encourage large-scale adoption of encrypted websites.

You may not be aware, but Google has submitted a number of applications to ICANN as part of the new TLD program, and as a registry, they have secured the management of 45 top-level domains*. Just as the .bank and .insurance extensions have very strict security rules, Google has announced that they will apply HSTS implementation and pre-loading to their new TLDs therefore making HTTPS implementation mandatory.

What is HSTS?

HTTPS Strict Transport Security (HSTS) is a way in which browsers automatically enforce HTTPS-secured connections instead of unsafe HTTP. For example, if the website http://www.nameshield.net is on the list, a browser will never make insecure connections to the website, it will always be redirected to a URL that uses HTTPS and the site will be added to its list of sites that must always be accessed through HTTPS. From thereon, the browser will always use HTTPS for this site, whatever happens, whether the user has accessed the site via a Favorite, a link or simply by typing HTTP in the address bar, he has nothing more to do.

HSTS was first adopted by Chrome 4 in 2009, and has since been integrated in to all major browsers. The only flaw in the process is that browsers can still reach an unsafe HTTP URL the first time they connect to a site, opening a small window for attackers to intercept and carry out such attacks as Man-in-The-Middle attacks, misappropriation of cookies or the Poodle SSLv3 attack which was very much in the news in 2014.

A fully secured Top-Level Domain

HSTS pre-loading solves all this by pre-loading a list of HSTS domains into the browser itself, eliminating the threat of attacks. Even better, this pre-loading can be applied to entire TLDs, not just domains and subdomains, which means that it becomes automatic for anyone who registers a domain name ending in that TLD.

Adding an entire TLD to the HSTS pre-upload list is also more efficient because it secures all domains under this TLD without having to include all of the domains individually. Since HSTS pre-load lists can take months to update in browsers, TLD setup has the added benefit of making HSTS instant for newer websites that use them.

HTTPS deployment will be obligatory for .app and .dev extensions

Google is therefore planning to make HSTS mandatory for its 45 TLDs in the coming months. What does that mean? Millions of new sites registered under each TLD will now be HTTPS (and domain owners will need to configure their websites to switch to HTTPS or they will not work). In order to use a .dev, .app, .ads, .here, .meme, .ing, .rsvp, .fly … domain name, you will need to acquire an SSL certificate and deploy HTTPS.

Our team is at your disposal for any questions related to TLDs, domain names or SSL certificates.

* Google’s 45 TLDs: .gle .prod .docs .cal .soy .how .chrome .ads .mov .youtube .channel .nexus .goog .boo .dad .drive .hangout .new .eat .app .moto .ing .meme .here .zip .guge .car .foo .day .dev .play .gmail .fly .gbiz .rsvp .android .map .page .google .dclk .search .prof .phd .esq .みんな .谷歌 .グーグル

South Africa, domain names and brands: the advantage of a simultaneous registration

The domain name is to the virtual, what the brand is to the real. It is actually a little more complicated but this small sentence allows to associate brands and domain names.

It’s in the context of this shared vision, that the South African brands registration Office, CIPC has developed a partnership with the registry of .ZA, the South Africa geographic extension.

Thus, the brand applicants can choose the “domain name” option, registering that way the two protections. This is here the first collaboration I’ve seen between these kinds of registration office.

For more information, you can read the CIPC press release.

Note that a webinar is planned on Thursday January 25 2018.

Referendum in Catalonia

Context:

Spain, divided in 17 autonomous communities can’t be compared to the administrative division of the regions. Indeed, these Spanish communities don’t have the same autonomy and Catalonia, located in the North East, benefits from an autonomous status, in effect since 2006.

Issue of October 1^st

Last Sunday, the Catalan independent regional government organized a referendum concerning Catalonia independence among 7.5 million residents. This initiative has been quite badly perceived by the Spanish conservative government, which searches by any means to slow down if not stop the movement. For many media, this is one of the worst political crisis of the last 40 years.

Like many territories or regions, Catalonia benefits from its own TLD: .CAT.

In France, Brittany, Corsica, Alsace and Paris also benefit from a dedicated extension, i.e. respectively .BZH, .CORSICA, .ALSACE and .PARIS.

Beside France, we can find .SCOT for Scotland, .EUS for Basque culture, .FRL for Friesland, etc.

June, 9^th 2017

The referendum on Catalonia’s independence is announced. It will take place on October 1^st. The question that the voters will have to respond to is the following: “Do you want Catalonia to be an independent state in the form of a Republic?”

September 13^th 2017

Spanish law enforcement officers seize the electoral equipment.

September 15^th2017

Madrid, judging Catalan referendum illegal, raided the registry managing .CAT, PunCat in order to make unavailable the access to websites in favor of independence, the hosting of these latter being abroad. The registries of the other countries expressed dissatisfaction for this situation: .EUS and .SCOT have thus communicated on this subject. To this day, if we can note the reactions of EFF and ISOC, neither the GeoTLD Group nor ICANN have communicated yet on this matter. The issue having been covered beyond borders, we can note an article of NYT on this subject, it would seem natural that a first release from ICANN would soon be published.

PuntCat, .CAT registry, communicated with words on this incident and asked help from ICANN: « The show that we have experienced in our offices this morning has been shameful and degrading, unworthy of a civilized country. We feel helpless in the face of these immensely disproportionate facts».

September 20^th, 2017

“Anubis operation” launch, aiming to prevent the referendum.

September 24^th, 2017

Catalonia’s secretariat of telecommunications complains to the European Commission about the blocking of some websites in .CAT and the raid of the Catalan registry.

September 25^th, 2017

With the impossibility to cut pro-independence websites, Spanish government blocks them.

October 1^st, 2017

The vote takes place. 90% of YES for independence, 42% of participation rate.

October 4^th, 2017

Day of this article’s publication, Catalan government should announce the Catalonia independence.

Acquisition of Rightside by Donuts: What are the consequences on DPML Programs?

At the Internet new extensions launch, Donuts operator, the biggest extensions applicant (.services, .legal, .photos, .vin etc.) has launched a specific protection program in addition to the TMCH.

The Donuts Protected Mark List (DPML) allows to block the registration by a third party of a domain name similar to the brand under all the extensions managed by the registry.

For example, if the brand “iPhone” is registered in the TMCH (prerequisite) then in the DPML, no one can register <iphone.photos> or <iphone.services>, as well as the other hundred Donuts extensions.

Other registries have also created protection programs, in common with Donuts’ DPML, on more restricted perimeters. It was the case of Rightside which managed the following 40 extensions:

.ACTOR

.AIRFORCE

.ARMY

.ATTORNEY

.AUCTION

.BAND

.CONSULTING

.DANCE

.DEGREE

.DEMOCRAT

.DENTIST

.ENGINEER

.FAMILY

.FORSALE

.FUTBOL

.GAMES

.GIVES

.HAUS

.IMMOBILIEN

.KAUFEN

.LAWYER

.LIVE

.MARKET

.MODA

.MORTGAGE

.NAVY

.NEWS

.NINJA

.PUB

.REHAB

.REPUBLICAN

.REVIEWS

.RIP

.ROCKS

.SALE

.SOCIAL

.SOFTWARE

.STUDIO

.VET

.VIDEO

At the end of July, Donuts announced the acquisition of Rightside.

What are the impacts of this acquisition on the holders of these two protection programs?

The DPML now integrates the extensions of Rightside, without supplementary cost.
It’s not possible to only subscribe to Rightside’s program anymore, you will have to necessarily turn to Donuts’ DPML.
It will not protect the names previously registered by third parties.
It excludes premium domain names.

If you want to register your brand in the TMCH and/or in the DPML, don’t hesitate to contact your interlocutor at Nameshield.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
ppwp_wp_session	30 minutes	No description
visit	30 minutes	No description

The HTTPS mandatory for all .DEV domain names

Scenario 1: The United Kingdom leaves the European Union with no deal on 30 March 2019

New registrations

.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

Scenario 2: The United Kingdom leaves the European Union with a planned transitional period on 31 December 2020

New registrations

.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

What is HSTS?

A fully secured Top-Level Domain

HTTPS deployment will be obligatory for .app and .dev extensions

Context:

Issue of October 1st

June, 9th 2017

September 13th 2017

September 15th 2017

September 20th, 2017

September 24th, 2017

September 25th, 2017

October 1st, 2017

October 4th, 2017

What are the impacts of this acquisition on the holders of these two protection programs?

Nameshield uses cookies

Issue of October 1^st

June, 9^th 2017

September 13^th 2017

September 15^th2017

September 20^th, 2017

September 24^th, 2017

September 25^th, 2017

October 1^st, 2017

October 4^th, 2017