The .eu Web Awards is an online competition, launched in 2014 by EURID, the .eu registry, which rewards the best websites in the .eu, .ею or .ευ extensions, divided into 5 categories:
Leaders
Rising stars
Laurels
House of .eu
Better world
It is possible to apply until 05 August 2020 and the participation is free of charge: https://webawards.eurid.eu/
Once your candidature has been validated, it’s up to the public to vote! The 3 websites under each category that have won the most votes will then become finalists.
The big winners will be revealed at the Gala held in Brussels on 18 November 2020, where the 15 finalists will be invited.
The 5 winners will win the following prizes:
a two-month billboard advertising campaign in Brussels airport
a trophy, a customised video for communication support
the .eu Web Awards icon to use on their websites and social networks.
Do you own a website in .eu, .ею or .ευ? This contest can be a nice opportunity to liven up your social networks, generate additional traffic and win the prizes mentioned above.
The news came on 30 April through a press release from the ICANN Board announcing that it had taken the decision to reject the sale of Public Interest Registry (PIR), the .ORG registry, to the private equity firm Ethos Capital.
For reminder, at the end of 2019, the announcement of the sale of the .ORG registry to Ethos Capital created a real debate and caused several concerns from NGOs, such as the increase of .ORG prices and the implementation of rights protection policies that could lead to a form of censorship (Find all the articles on this subject on the blog).
In mid-April, while the organization had to decide whether or not to approve the sale of the registry, the transaction was still pending. ICANN allowed itself additional time to complete its review, after receiving numerous letters of opposition, including one from California’s Attorney General, Xavier Becerra.
The decision to reject this deal was finally announced on Thursday 30 April “as a result of various factors that create unacceptable uncertainty over the future of the third largest gTLD registry”.
One of the main reasons for this decision is the “change from the fundamental public interest nature of PIR to an entity that is bound to serve the interests of its corporate stakeholders, and which has no meaningful plan to protect or serve the .ORG community.”
Among the reasons for this rejection is also the issue of financing, since this transaction could compromise the financial stability of the registry. Indeed, the proposed sale would change PIR from a not-for-profit entity to a for-profit entity with a $360 million debt obligation, which would not benefit PIR or the .ORG community, but the financial interests of Ethos and its investors.
Furthermore, the PIR proposal to implement a “Stewardship Council“, which aimed to make the entity more accountable to the community, did not convince ICANN either. According to the organization, this council “might not be properly independent“.
ICANN’s decision is therefore a victory for the .ORG community and Electronic Frontier Foundation, which does not stop there and adds “the .ORG registry still needs a faithful steward, because the Internet Society has made clear it no longer wants that responsibility. ICANN should hold an open consultation, as they did in 2002, to select a new operator of the .ORG domain that will give nonprofits a real voice in its governance, and a real guarantee against censorship and financial exploitation.”
Comparative analysis of the famous Top Level Domains (.com, .fr…)
The crux of the war for high-visibility websites is the download time. As a natural referencing factor admitted by Google, this download time can be significantly impacted during DNS resolution. If it is necessary to rely on a first-class DNS infrastructure, the choice of the extension associated with a domain name is important. Indeed, not all registries perform equally well in terms of DNS, not to say that some have disappointing performance. The offer in terms of TLDs (nearly 1400) has greatly increased since ICANN’s New Extensions Program. Analysis to follow.
A quick look at DNS resolution time and its impact on load time
Resolving a domain such as nameshield.net follows several steps before you can contact the content server. The DNS resolver contacts the root DNS servers (.), then the DNS servers of the registry of the extension concerned (.net) in order to obtain the list of DNS servers responsible for the domain, and finally these DNS servers to obtain the requested response. The response obtained is certainly cached by the DNS resolver (generally managed by the Internet Service Provider), but this will not always be the case depending on the popularity of your domain.
This means that if the DNS for the top level domain (.net) is slow, it may actually delay DNS resolution for the domain itself and, in the very unlikely worst case scenario, even cause a breakdown. There’s not much you can do about this, apart from choosing the right TLD.
Comparative Analysis
Bunny CDN, a Slovenian content delivery player, conducted the following surprising analysis. Relying on their global network, they monitored DNS performance worldwide from more than 50 sites and networks.
For each TLD, their system chose a random name server published for each top-level domains and queried a random domain name. The results were grouped by region and the data recorded every 10 seconds.
Results
They tested 42 of the most popular top-level domains and then aggregated the results into a global median average and an 85-percentile aggregation (the 15% slowest responses were not taken into account). These tests were conducted only from their network, so a more complete study would certainly be worthwhile, but they provide a good overview.
Source : BunnyCDN
The results were quite surprising
The most surprising domains are .info and .org, which have shown really poor performance, especially in the 85 percentile range, despite their seniority and the millions of domains registered. It seems that 4 of the 6 names servers function extremely poorly, which explains the poor results.
The .net and .com have been very slightly slower than expected in Europe and North America, but otherwise offer excellent and stable performance in all regions, visible in the global median. .net and .com have much larger networks, but remain a very interesting choice for absolute maximum performance.
Less expected is the performance of the .co, .biz and .in TLDs, well ahead of the others.
Some new domains (.online, .top, .blog…), which are attractive from a marketing point of view and growing strongly, show disappointing performances…
… on the other hand, very good surprises for .live, .email, .news, managed by Donuts Inc or .club and .buzz managed by Neustar Inc, with, however, a very important decrease in performance in regions outside Europe and North America, which further aggravates the problem.
42 of the most popular TLDs among the 1400+ available have been tested. Without drawing any definitive conclusions, we can assume that many may not work much better.
Conclusion
Do you need to revolutionize the management of your domain name portfolio and the choice of TLDs for your most visible websites? Should you switch everything to .biz or .co immediately to increase performance?
Certainly not. First of all, DNS responses are heavily cached, especially for very popular websites, resolvers may not need to reach many top-level names servers. Then, the choice of a domain name is primarily driven by marketing imperatives (brand, geographical area, name availability) that are often far more impactful than the additional 50 milliseconds of loading time for the first page to load.
However, if you are trying to compress absolutely every last bit of performance and ensure high reliability in a system where every last millisecond counts, then you may want to think twice before choosing your domain. The differences aren’t huge, but if you’re aiming for that one-second loading time, things can add up to 200 ms in some cases.
Choosing the right TLD based on DNS performance is indeed a good thing, but probably not a cause for too much concern.
As a registrar, Nameshield has an accurate view of the typology of abandoned domain names and domain names kept by their holders when they clean up their portfolio.
As in all sectors of activity, phenomena that could be said to be “trendy” can even be seen in cybersquatting and therefore in domain names that are abandoned or maintained.
Let’s take the example of typosquatting, there was a time when it was essential to register domain names that included your trademark with as many typographical variants as possible (if your trademark contained the letter O, it was important to register a version with the number 0 instead of the O etc.), because cybersquatters were then very focused on this type of hijacking attempt. A decade later, cybercrime has changed and, while it is still important to register typographical variants, only the most pertinent ones are relevant today. As a result, many companies have abandoned the most distant variants.
The same goes for extensions. At certain periods, the risks of cybersquatting are greater depending on the registration conditions. A “first-come, first-served” extension is more at risk than a TLD requiring, for example, a locally registered trademark. Since the domain names registrations rules are set by each registry, they are likely to change over time, with the result that potential abandonments may occur.
An interesting study published at the end of 2019 by Frank Moraes, indicated that considering the first 8 extensions, only 29.79% of registered domain names would be renewed each year. Of the remaining 70.21%, 41.22% would simply expire and 28.99% would be registered by a new holder.
Only one domain name out of three would therefore be renewed the year following its registration! However, the rates vary significantly and the highest renewal percentages are unsurprisingly for .NET (46.3%), .ORG (44.24%) and .INFO (34.56%).
On the contrary, the lowest renewal rates are for .CN (1.72%), .BIZ (16.6%) and .TOP (22.22%).
What about .COM? The .COM TLD remains undoubtedly the most popular extension. If the study cited above only places the .COM in fourth position in the percentage of renewals (certainly taking into account the sampling), the renewal rate of the .COM is more around 80% and is relatively stable from year to year.
A few months ago, in previous articles, we mentioned the sale by Internet Society of Public Interest Registry (PIR), the .ORG registry, to Ethos Capital, a private equity firm.
The .ORG is the reference extension for non-profit organizations and the .ORG registry represents more than 10.5 million domains. For reminder, the announcement of the sale of the registry caused several concerns in the NGO community.
In front of these many complaints, ICANN had already postponed the approval of the .ORG registry’s sale to Ethos Capital and requested additional information from Internet Society.
Further postponement of the .org registry’s sale after the intervention of the Attorney General of California
On Thursday 16 April, when the ICANN Board was to decide whether or not to approve the sale of the registry, it was finally decided at that meeting, to postpone it again until 4 May 2020. This fourth postponement was caused by a letter received the day before from California’s Attorney General, Xavier Becerra, asking ICANN to reject the sale. He explains that it “raises serious concerns that cannot be overlooked“.
“Empowering a for-profit entity that could undermine the accessibility and affordability of the .org domain, which serves nonprofits, should concern all of us” the Attorney General’s office told The Register.
The secret nature of Ethos Capital is a source of concern
In his letter, the Attorney General expressed several concerns about the transaction, including the secret nature of the proposed buyer, Ethos Capital: “Little is known about Ethos Capital and its multiple proposed subsidiaries“. Ethos Capital is criticized for its unusual corporation structure (the purchase involves six different companies, all of which were registered on the same day in October 2019) and its lack of transparency regarding its future plans.
In its notice published last Thursday, ICANN affirms having listened to the community and having demanded greater transparency and more guarantees from PIR. According to the organization, the Attorney General’s letter does not take into account the recent work that PIR has done regarding Public Interest Commitments, to make the entity more responsible to the community. ICANN requested PIR to strengthen these commitments, and a draft of the revised Public Interest Commitments has been provided to ICANN.
ICANN’s behavior and Internet Society criticized
ICANN has also been subject to a number of criticisms during the entire process, particularly as it appeared that the organization’s staff was pushing for approval of the transaction despite near universal opposition to it from the Internet community.
In addition, early last week, ICANN’s founding CEO Michael Roberts and original Board Chair Esther Dyson wrote a letter to Xavier Becerra criticizing the transaction and accusing their successors of abandoning ICANN’s core principles.
According to the Attorney General, this transaction will have an impact on ICANN’s reputation given the way the organization has handled the situation.
Not only ICANN and Ethos have been criticized by the Attorney General’s office, Xavier Becerra also blames the Internet Society for proposing the sale of the .ORG registry to Ethos Capital: “ISOC purports to support the Internet, yet its actions, from the secretive nature of the transaction, to actively seeking to transfer the .ORG registry to an unknown entity, are contrary to its mission and potentially disruptive to the same system it claims to champion and support“.
Xavier Becerra’s letter does not threaten ICANN with action if it does approve the sale. However, it does indicate that the Attorney General of California holds significant authority over the organization and is prepared to act, particularly since this sale could affect hundreds of thousands of other non-profit organizations.
“Given the concerns stated above, and based on the information provided, the .ORG registry and the global Internet community – of which innumerable Californians are a part – are better served if ICANN withholds approval of the proposed sale and transfer of PIR and the .ORG registry to the private equity firm Ethos Capital. This office will continue to evaluate this matter, and will take whatever action necessary to protect Californians and the nonprofit community.”
In a notice published last Thursday, ICANN thus declared the postponement of its decision: “We have agreed to extend the review period to 4 May 2020, to permit additional time to complete our review.”
The DNS, the Domain Name System, is a service at the heart of how the Internet operates. It is fundamental to the functioning of many services such as websites, mail servers, VoIP telephony and many others.
For more than 30 years, many extensions and functionalities have been added to the DNS, which technically translates into an increase in the complexity of the infrastructure.
The Blockchain technology could be a considerable evolution for DNS, bringing several advantages and new functionalities.
—
The DNS, a fundamental service
The DNS, the Domain Name System, is a service at the heart of how the Internet operates. It functions as a public directory that associates domain names with resources on the Internet, such as IP addresses. When a user enters an address in his browser, a DNS server translates this humanly understandable address into an IP address that is understandable by computers and networks. This is DNS resolution.
This system, created in 1983, is fundamental to the functioning of many services such as websites, mail servers, VoIP telephony and many others. It is constantly evolving to meet ever-increasing needs in terms of functionality and security. Indeed, the DNS must guarantee:
Availability: an unavailability of the DNS service would result in a service disruption.
Integrity: the data present on the DNS (associated with a domain name) must not be corrupted.
Confidentiality: to protect the privacy of users, the DNS implements various solutions that increase the confidentiality of DNS requests. If the requests are not confidential, it is possible to analyze users’ browsing information.
The domain name system is based on a centralized model of trust. It is distributed throughout the world and managed by different actors in a hierarchical manner, in several levels; a root level, a first level where extensions are managed by registries, then a second level managed by registrars. The whole thing is orchestrated by ICANN, the Internet’s regulatory authority.
For more than 30 years, many extensions and functionalities have been added to the DNS, which technically translates into an increase in the complexity of the infrastructure.
Blockchain technology could be a considerable evolution for DNS, bringing several advantages and new functionalities.
Blockchain and decentralized registry
A Blockchain is a data structure accessible to all and distributed over a decentralized network; the data is replicated on each node of the network, there is no central authority. Everyone has the possibility to read its contents, add data and even join the network. The concept was first implemented in 2009 with Bitcoin, but today there are many different Blockchain technologies, each with their own properties.
The data is entered on a Blockchain via transactions. The transactions are grouped into blocks, each block is then validated by the network and then brought together. Thus, a Blockchain contains the history of all the transactions carried out since its creation.
The validation rules are written in the Blockchain protocol, which each member of the network respects. To ensure compliance with its rules, the Blockchain protocols are based on consensus algorithms, the best known being the Proof of Work. These algorithms guarantee the integrity, immutability and security of the data on the Blockchain.
The Blockchain technology meets several DNS needs:
Availability: a decentralized, peer-to-peer network cannot be stopped. It could replace or complement Anycast infrastructures.
Integrity: the consensus protocol of a Blockchain guarantees, by nature, the integrity of the data. Furthermore, the data cannot be modified. These properties would eliminate the need for DNSSEC and its famous key renewal ceremony.
Confidentiality: Requests made to read the Blockchain data can be encapsulated in an HTTPS channel in the same way as the DNS over HTTPS (DoH) protocol. There are few DoH resolvers today, so traffic is centralized around a limited number of actors. The use of a Blockchain would offer the possibility of querying any node on the network, thus limiting centralization and SPF (single point of failure).
The data included in the DNS zone files, i.e. the domain name configurations, could therefore be distributed on a Blockchain. Each player (registries, registrars) could directly interact with this Blockchain to manage the domain names. This is the idea of the DNS on Blockchain.
New needs
In recent years, with the emergence of Blockchain technologies, new means of values exchange have developed, particularly with tokenization, crypto-assets and decentralized applications (dapps); we talk about Web 3.0, or the Internet of Value.
Digital wallets and decentralized applications work with identifiers that are difficult to read, e.g. 0x483add28edbd9f83fb5db0289c7ed48c83f55982 for a wallet address.
Being able to associate this type of address with domain names, within a universal naming system, could be of real interest for tomorrow’s Web applications. It would be possible to have a wallet of crypto-assets or a decentralized application configured directly behind a domain name. This could also be useful for the digital identity of companies and their brands.
DNS on Blockchain, today
Many naming system projects on Blockchain are currently under development, each with an implementation of its own.
Some applications propose new domain names extensions (TLDs), such as .bit, .zil, .crypto, .eth, etc. This is particularly the case for Namecoin and UnstoppableDomains. These systems are completely independent of the traditional DNS and ICANN. Registration is managed directly by users, and names resolution is generally done through a browser extension. The Opera browser has recently natively integrated the resolution of these domain names.
These applications are functional and the names registration is not controlled. There are therefore many cases of cybersquatting. Users register names in the hope of reselling them and making a profit. This obviously poses a problem for trademark owners, and will certainly prevent the adoption of these solutions by companies.
Other projects propose complementary solutions to DNS. In particular, Ethereum Name Service (ENS) offers a names system on Blockchain that integrates with the traditional DNS. If you are the holder of a domain name and can prove it with a DNSSEC registration, you can then register this same name on the Blockchain service. This allows you to combine the advantages of traditional DNS and DNS on Blockchain.
The .kred, .xyz and .luxe extensions already support this integration on Blockchain, and ENS plans to propose it for all DNSSEC-compatible extensions. This project is quite promising, Ethereum Name Service has recently joined the DNS-OARC (DNS Operations, Analysis, and Research Center).
The Handshake project proposes a naming protocol to manage the root level of the DNS, and provide an alternative to certification authorities. It challenges the trust and governance model of the DNS to experiment with a more decentralized, secure and resilient system based on validation of DNS zones by participants in the network.
Conclusion
The DNS on Blockchain could be a considerable evolution of the DNS; it would bring several advantages and new functionalities thanks to the Blockchain technology, which would benefit the development of the decentralized web.
Today, however, there are still no technologies and applications on which there is unanimous agreement, even though many projects and PoC are under development. They are not yet mature enough to be used on a large scale. Improvements in terms of scalability, security and usability need to be made.
The collaboration of the Internet players (ICANN, DNS-OARC, registries) seems essential for a technology to reach consensus and be adopted, in particular to set common rules. This is a subject to be followed closely over the next few years.
Are you interested in blockchain and crypto-assets topics? Don’t hesitate to consult the website of our collaborator Steve Despres: https://cryptoms.fr/
Every year, the Club of Experts in Information and Digital Security (CESIN) publishes its barometer of companies’ cybersecurity in order to better understand the perception and concrete reality of cybersecurity and its issues within CESIN member companies.
Last January, CESIN unveiled the results of its OpinionWay survey, carried out from the 2nd of December 2019 to the 7th of January 2020 among its 253 members, Chief Information Security Officer (CISO) of major French groups.
Cyberattacks: Fewer companies affected but still heavily impacted
First of all, the study highlights a positive figure: the decline in the number of companies that suffered at least one cyberattack in 2019, i.e. 65% of the companies surveyed compared to 80% in 2018 (note, however, that this difference in results is nuanced by the addition of the definition of cyberattack in the survey conducted in January 2020).
On the other hand, the impact of these cyberattacks remains significant since 57% of these attacks have consequences on business such as disruption of production (27%), website unavailability (17%) and revenue loss (9%).
The targeted companies were the targets of 4 types of cyberattacks on average in 12 months. Among the attacks vectors, phishing remains the most frequent attack with 79% of companies affected in 2019, followed by the scam on the President (47%), the exploitation of a vulnerability (43%) and fraudulent login attempts (40%).
The main consequences of these attacks are identity theft (35%), malware infection (34%), personal data theft (26%), ransomware infection (25%) and denial of service (19%).
Cloud, IoT and AI, issues of concern
With the digital transformation, the use of the Cloud is important within companies: 89% of companies surveyed store their data in a Cloud, including 55% in public Clouds.
A massive use of the Cloud which still represents a high risk due to a lack of control over the hosting provider’s subcontracting chain (for 50% of CISOs), the difficulty of conducting audits (46%) and the lack of control over the use of the Cloud by employees (46%). For 91% of respondents, the tools implemented by Cloud hosting providers are not sufficient to secure the data stored, and specific additional tools or measures are necessary.
Connected objects are also a growing concern, increasing the attack surface and creating new types of threats. The CISOs surveyed are concerned about the security breaches present in this equipment (43%) and the uncertainty in the assessment of potential risks (28%).
The study also shows that the embedded AI at the heart of cybersecurity solutions has yet to prove its worth since 53% of CISOs do not trust it.
An awareness of cyber-risks
To prevent the risk of attacks, companies implement an average of a dozen protection solutions, in addition to antivirus and firewalls. Among them, the mail security gateway (85%), the VPN/SSL gateway (85%), proxy and URL filtering (83%), and multi-factor authentication. The latter, adopted by 72% of companies, has increased by 13% compared to 2018.
More aware of cyber risks, 91% of the companies surveyed are implementing a cyber-resilience program in parallel with protection solutions or are considering doing so, that’s 12 points higher than last year.
Awareness of cyber risks is also reflected in the steady increase over the last three years in the number of companies having subscribed to cyber-insurance (60%).
Despite this, only 4 out of 10 companies say they are prepared in case of a large-scale cyberattack.
Employees Awareness
In addition to the external threat, for 43% of companies, employees’ negligence is the most common cyber risk.
Shadow IT, i.e. the deployment and use of applications and services beyond the control of IT teams, is mentioned by 98% of the CISOs surveyed and remains a significant threat to be dealt with.
Yet even though they are aware of cyber risks (according to 74% of respondents), only half of employees comply with the recommendations, according to CISOs.
Issues for the future of cybersecurity
Governance is the first issue mentioned by CISOs (70%) for the future of cybersecurity, followed by users’ training and awareness raising on cybersecurity issues (57%).
Increasing the budget is another major issue for 50% of respondents. The proportion of the IT budget allocated to cybersecurity has increased in companies compared to last year. 62% of them plan to increase it further in the next 12 months and 83% want to acquire new technical solutions.
In terms of human resources, one out of two companies (51%) would like to increase the number of staff dedicated to cybersecurity, but 90% face a shortage of Information Systems Security profiles, leading to recruitment difficulties.
“Domainers” are always a step ahead when it comes to taking advantage of a good or bad situation. For example, some will anticipate elections by registering the names of political figures, others by taking advantage of a sport or cultural event. Consequently, regarding domain names, there will be opportunities for speculative registrations.
In the case of “COVID19.com“, it seems clear that at the time of this domain name registration on February 11, 2020, the holder obviously wants to speculate on the “COVID 19” virus, a term that can generate multiple requests in any language. The name is available for sale for $10,000 USD.
However, instead of simply redirecting the domain name to commercial links, the holder chose to redirect this strategic name to the World Health Organization (WHO) website. Is this a citizen’s initiative? Unlikely, because given the current context, using such a name to make a direct profit through commercial links could lead to a violation of the Registrar’s registration conditions.
If the holder does not immediately benefit from this domain name, he will at least have the merit to draw our attention to him for the time of an article.
Since last Thursday, the South African government has imposed to all websites using domain names in .ZA to propose a link that redirects towards the official Covid-19 information website implemented by the government: www.sacoronavirus.co.za
This new rule applies to all .ZA websites, regardless of their content.
The two other extensions managed by ZADNA registry, JOBURG and .CAPETOWN are also affected by this rule.
In the same logic, the registry also invites Internet services providers to block any websites which spread fake news.
Lastly, it is interesting to note that the government’s COVID information website is not www.coronavirus.co.za but www.sacoronavirus.co.za. This is because the domain name www.coronavirus.co.za has been registered by a domainer who proposes on his website to resell the name in question.
Like all crisis or news, COVID-19 led to a massive registration of domain names containing the associated terms, some unscrupulous players seeking to take advantage of the situation.
Unsurprisingly, during this unprecedented and complicated period, there has been a high increase in the number of cybercriminal attacks of all kinds.
Let’s Encrypt was recently the subject of discussions in the small world of TLS certificates, by suddenly revoking 3 048 289 certificates which should not have been issued. A bug in its validation software prevented CAA registrations controls, and the certificates in question should not have been initially issued. These significant disruptions resulted from this mass revocation, but it is difficult to complain about a free service.
I am often asked what I think of Let’s Encrypt, and I always have this same answer: Let’s Encrypt has done a lot to encrypt the web, but is undermining the security of the web. Encryption allows to ensure confidentiality (no one can spy on) and integrity (no one can modify) of exchanges. But encryption alone is not enough if I do not have any guarantee of the identity of the one I am exchanging with (legitimate or fraudulent?)… And that is the whole problem.
In 2015, the Let’s Encrypt initiative supported by leading players of the Internet (EFF, Mozilla, Cisco, Akamaï…) was created with the purpose of massively and freely spreading SSL certificates to the whole world. More than five years later, the organization secures 190 million websites and has just announced that it has issued a billion certificates. The milestone was reached on February 27, 2020. This is undoubtedly a great performance.
96% of the web encrypted in January 2020
In 2015, less than half of the web traffic was encrypted, to reach 96% in January 2020. Of course, Let’s Encrypt is not the only player responsible for this rise. Edward Snowden launched the first alert, Google has largely stepped into the breach, between referencing policy and changes in web security indicators. But by providing to all, free certificates based on a largely automated system, Let’s Encrypt has democratized encryption… and put the concept of identity into oblivion.
No identity, no security
Let’s Encrypt’s credo is simplicity, to “simplify to the extreme HTTPS deployment and put an end to its horribly complex bureaucracy” (says EFF in the launch campaign). The horribly complex bureaucracy has however a meaning: high authentication, which guarantees the identity of the certificate’s holder. Maybe not the absolute guarantee of legitimacy, not a guarantee of content either, but the guarantee of a registered company, legitimately owner of the concerned domain name and with a certificate validated according to a drastic procedure.
Let’s encrypt merely verifies the domain name’s control (DV, Domain Validation). One only has to click on a link in an email or to fill in a TXT record on the domain name’s DNS zone. Yet domain names registration in most TLDs is purely declarative. It is quite easy to register a domain name, to request a certificate from Let’s Encrypt and to publish a website in HTTPS://.
The results?
In five years, all phishing and fraudulent websites have switched to HTTPS://. Since 2016, Vincent Lynch alerted on this problem, 15 270 certificates with the term “Paypal” had been issued by Let’s Encrypt, 14 766 of these certificates were fraudulent.
The market has been brought down in terms of authentication level. Let’s Encrypt is far from being the only one responsible, Google and Mozilla, with their 70% of market shares, have largely supported the initiative, the big Cloud hosting providers followed, as well as the Certification Authorities, challenged on the prices. Today we have a secure web with 77% (November 2019) of certificates whose proprietary’s legitimacy is not verified.
High authentication changes the game
The web has become encrypted by default. Does that make it more secure? Nothing is certain. The web user educated for twenty years to check the presence of the padlock in the address bar, trusts a web where all the fraudulent websites display the security padlock. Today, Internet is confidential but that does not make it safe.
It is urgent to return to high authentication. High authentication ensures a set of compulsory, drastic and controlled steps in order to obtain certificates. The procedures are enacted by CA/B Forum, regularly strengthened, and followed by audit from Certification Authorities.
23% of the certificates are still issued on the basis of high authentication, mostly in the corporate world, where CISO are pushing to preserve it. We all have to rely on them and support initiatives supporting OV (Organization Validation) and EV (Extended Validation) certificates, especially EV to guarantee the identity of the websites visited by web users. While identity on the Internet seems to have been somewhat forgotten for some time in favor of confidentiality, it is likely to come back to the spotlight again soon, driven in particular by web users and the need of personal data protection.
Nameshield uses cookies
Nameshield wishes to use cookies to ensure the proper functioning of the site and, with our partners, to measure its audience🍪.
Nameshield wishes to use cookies to ensure the proper performance of the website and, with our partners, to monitor its audience. More information in our Cookie Policy 🍪.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14
1 minute
Set by Google to distinguish users.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
NID
6 months
NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
