Category: News

Nameshield renews its ISO 27001 certification

ISO 27001 - Nameshield renews its ISO 27001 certification

Nameshield Group is an expert in domain names, DNS, TLS/SSL certificates management.

Through our experience gained from world-renowned customers with ever-increasing security requirements, we have also become technical experts in Information security. That is why we have implemented an Information Security Management System (ISMS).

In 2017, we obtained the ISO 27001 certification of this ISMS for our activities of domain names portfolio, DNS and TLS/SSL certificates management. Nameshield Group has thus become the sole French registrar ensuring such a level of security for its customers.

Since then, our employees involved in the ISMS continuously contribute to the constant improvement of our security arrangements.

An analysis of the risks and their processing, according to the Ebios method, answer to our security goals and those of our clients.

We permanently adapt to security, performance and sustainability needs. It results in the deployment of more secure products and services, with higher added values, that meet our clients’ expectations more and better.

We know how to mobilize ourselves in case of incidents and learn to always do better by analyzing the processing of each alert.

We have and control a business continuity plan. Therefore, we are able to carry out our activities remotely (backup site, telecommuting, redundant servers…), whatever the threats.

Information security is the DNA of Nameshield Group and all its employees.

Logically, our ISO 27001 certificate has been renewed for 3 years in last February without any non-compliance nor comments being notified.

This international recognition ensures you:

  • An availability rate (domain names management platform and DNS Premium)
  • Tests implementation allowing us to permanently review ourselves and anticipate incidents
  • The raising awareness of all Nameshield employees to all Information security aspects
  • The reliability and performance of our system
  • The study of our experience feedbacks to continuously improve our security and thus yours

.ORG news – NGOs against the .ORG registry’s sale to Ethos Capital

Sale of .ORG registry - PIR Public Interest Registry - dot ORG - Nameshield

At the end of 2019, the announcement of the .org registry’s sale, Public Interest Registry (PIR) by Internet Society to Ethos Capital, a private equity firm, created a debate, which was also the subject of a previous article on this blog.

For reminder, this announcement caused several concerns from NGOs, such as the increase of .ORG prices and the implementation of rights protection policies that could lead to a form of censorship, as is already the practice in some countries. These fears led Electronic Frontier Foundation (EFF) to launch the SaveDotOrg campaign to raise awareness about the potential impact of this sale. To date, 846 organizations and 25 119 people have signed this petition demanding Internet Society to stop the sale.

In front of these many complaints, ICANN postponed the approval of the .ORG registry’s sale to Ethos Capital and requested additional information from Internet Society.

« Public Interest Commitments »: The measures proposed to address the .ORG community’s concerns

In response to these criticisms, Ethos Capital and Public Interest Registry try to reassure by proposing the implementation of “Public Interest Commitments” (PIC), binding commitments which would ensure that the .org prices’ increase would be limited.

Among these commitments, they also propose the creation of a “Stewardship Council” (a council for the .org management) which could influence decisions taken by PIR and thus ensure the preservation of freedom of expression.

These PIC would be added to the Registry Agreement, the contract between the registry and ICANN regarding the functioning of the registry.

A for-profit registry to defend non-profit organizations?

During the last ICANN summit, organized remotely from 7 to 12 March 2020 because of the Covid-19 pandemic, several NGOs, including EFF, mentioned this .ORG registry’s acquisition by Ethos Capital and asked ICANN about how it plans to review the change of control of the .ORG registry.

According to EFF, forming a “Stewardship Council” will not resolve the NGOs’ concerns. Indeed, the initial members of this council will directly or indirectly be selected by PIR and PIR will have the ability to veto new council members, which would thus ensure that the council will stay in lockstep with PIR.

Regarding the .ORG prices, according to NGOs, the implementation of the PIC doesn’t ensure a limitation of the prices increase. An amending of the Registry agreement can be negotiated at any time by the registry’s owner and ICANN, despite a public opposition. That’s what happened in June 2019, when the .ORG Registry Agreement was revised to diminish registrants’ rights and remove price caps. Furthermore, ICANN indicated in 2019, its interest in exiting the role of price regulation, but the PIC implementation would place ICANN back into that role.

Therefore, according to NGOs, these “Public Interest Commitments” would not protect adequately the .org community.

The NGOs’ questions remained without answer during the last ICANN summit, and this acquisition is still under review by ICANN.

We acknowledge the questions and concerns that are being raised” says ICANN. “To ease those concerns and maintain trust in the .ORG community, we urge PIR, ISOC, and Ethos Capital to act in an open and transparent manner throughout this process. […] We will thoughtfully and thoroughly evaluate the proposed acquisition to ensure that the .ORG registry remains secure, reliable, and stable.”

To be continued.

The launch of 8 new extensions for India

Domain Names - Extensions India - IDN in Indian Language - Nameshield
Image source: 0426xgds via Pixabay

.IN Registry launches new Internationalized Domain Name (IDN) in Indian Language.

IDN registrations will begin on March 16th 2020 and listed as below:

Internationalized Domain Name (IDN)

.ಭಾರತ

.ଭାରତ  

.ভাৰত   

.भारतम्  

.भारोत 

.بارت    

.ڀارت       

.ഭാരതം     

Language

Kannada

Oriya

Assamese

Sanskrit

Santali

Kashmiri

Sindhi

Malayalam

The launch schedule would be as follows:

  • Sunrise A (Indian Registrant holding Indian Trademarks) : starts 16/03/2020 ends 15/05/2020
  • Sunrise B (Overseas Registrant holding Indian Trademarks) : starts 16/04/2020 ends 15/05/2020
  • Sunrise C (Existing Registrant holding ASCII domain name .in) : starts 01/06/2020 ends 30/06/2020
  • General Availability: 15/07/2020

Note that the possibility of registration during the priority phase of SUNRISE for foreign holders starts a beat later.

For more information on the conditions for registration, don’t hesitate to contact us.

Apple announces the limitation of SSL certificates duration to 1 year in Safari

Apple Safari - SSL certifcates one year - Nameshield
Source de l’image : kropekk_pl via Pixabay

Apple announced this week that the maximum lifetime of SSL / TLS certificates on its devices and Safari browser would be limited to 398 days (1 year, and 1 month to cover the renewal period). The change, announced by Apple at the CA / Browser Forum meeting in Bratislava, Slovakia, will take effect for certificates issued after August 31, 2020.

Apple’s announcement follows a failure of the CA / B Forum’s vote on one-year certificates (Bulletin SC22), which was held in August 2019, and reflects a continuing trend to shorten lifespan certificates. Following this vote, Google had also expressed its intention to reduce certificate lifetime outside the framework of the CA / B forum if they do not position themselves quickly. This announcement is a bit of a surprise, we would rather have thought that Google or Mozilla would take the first step.

What are the consequences for companies and their SSL / TLS certificates?

Is shorter validity a good thing?

The shorter the validity period of a certificate, the more secure the certificate. By requiring replacement of certificates over a shorter period of time, security updates are made to certificates, they deploy faster. The shorter private key lifetime of a certificate is also a strong recommendation from online security players to limit the potential duration of fraud following a compromise.

From a security perspective, everyone agrees that reducing the life of certificates is a good thing. The problem lies on the operational side with the consequences of this reduction being: more frequent intervention on certificates, therefore greater complexity in keeping an up to date inventory and the need for optimal organization with partners for certificate issuance.

Should Apple’s announcement be taken into account?

Safari is one of the two main web browsers, with 17.7% in January 2020, behind Google Chrome (58.2%) and ahead of Microsoft Internet Explorer and Edge (7.1%). It is difficult to ignore the announcement as it will affect 1/5 of Internet users, what is more is that if Google does follow, it is better to anticipate and prepare. Nameshield’s has already adopted this stance.

Things to keep in mind

Certificates issued before September 1, 2020 are not affected by this change. They will remain valid for the entire two-year period. All certificates issued on or after September 1 must be renewed each year to be considered reliable by Safari.

We must therefore prepare to move towards having certificates with a maximum duration of one year compared to the current two years. Being able to rely on a partner and effective tools is more essential than ever.

Towards the end of the correlation between authentication and technical certificate management

What seems to be taking shape within the CA / B Forum is the idea of allowing an authentication duration identical to that which we know today (two years) while forcing the certificates to be replaced several times during this same period.

The main Certification Authorities, the bodies that issue certificates, anticipate these changes and are working on several automation systems to manage certificate life cycle. They would thus limit the need to go through a potentially cumbersome re-authentication procedure with each replacement. Companies could replace their certificates as many times as they want during this period. This would make it possible to anticipate possible further reductions in the maximum lifetime of certificates.

The trend is also towards the installation of automation tools for the maintenance of a precise inventory of certificates on the one hand and technical reinstallation on the other. Nameshield is closely monitoring these various developments and will allow you to continue working with confidence.

Our team is also at your disposal to anticipate these changes and answer any questions you may have.

Municipal elections 2020: buzyn2020.fr and buzyn2020.paris domain names redirect towards Anne Hidalgo’s campaign

Municipal elections 2020: buzyn2020.fr and buzyn2020.paris domain names redirect towards Anne Hidalgo’s campaign
Image source: Sadnos via Pixabay

Following the announcement on Sunday February 16, of Agnès Buzyn’s candidacy to Paris municipal elections, several political journalists discovered on Monday that the domain name buzyn2020.fr was registered but redirected towards “Paris en commun”, the campaign website of another candidate, Anne Hidalgo.

Several other names were registered on Sunday night, also redirecting towards Paris en commun’s homepage like buzyn2020.paris, agnesbuzyn2020.fr and agnesbuzyn2020.com.

If several of these names were anonymously registered, two of them were registered by the association “Montreuil en Commun”, a group of “four municipal councilors” who claims to be “without any political label” and explains to Numerama the fact that these names were available “indicates the improvisation of her candidacy and LREM’s lightness regarding a serious matter such as a candidacy to run for Paris’ mayor”.

Raising awareness to cybersquatting risks

The LREM candidate will not be able to use the domain name buzyn2020.com either, which was registered on Monday by Crisalyde, a risk and crisis management consulting company.

I took the opportunity to raise awareness. It’s my job, I saw a risk and I took advantage of it”, explains Selim Miled, Crisalyde’s CEO, to the Parisien.

Cybersquatting is a practice that consists in taking a domain name by registering it, using or mentioning a trademark, a business name, a patronym or any name on which the applicant has any right, in order to make material or moral profit from its current or future notoriety.

Thus, Crisalyde registered 6 domain names: buzyn.paris, agnesbuzyn2020.paris, buzynpourparis.com, buzynpourparis.fr, buzyn2020.info and buzyn2020.com. “As soon as Agnès Buzyn’s team contacts me, I will give them the domain name at the purchased price, with a friendly advice” adds Selim Miled.

What strategy to adopt against cybersquatting?

Agnès Buzyn’s team will have to contact the persons who registered these names, who may decide to graciously give them back or resell them at prices they will have set.

However, legal actions exist aiming to retrieve a cybersquatted domain name, like the UDRP procedure (Uniform Domain Name Dispute Resolution Policy). This procedure will allow to suppress or transfer the domain name.

And lastly, in order to prevent any cybersquatting risk, it is recommended to implement a domain names registration monitoring to be immediately alerted of any new domain names registration that can potentially infringe your notoriety or your business.

For more information on our online brand protection expertise and domain names recovery procedures, don’t hesitate to contact a Nameshield consultant.

ICANN67 – COVID19 : 0-1

ICANN67 - COVID19 : 0-1
Image source: geralt via Pixabay

The 67th annual ICANN Summit, a summit dedicated to Internet naming regulations, was to be held in Cancún, Mexico, from 7th to 12th March. Often referred to by the acronym ICANN67, it is finally another acronym COVID19 that designates the now famous coronavirus that forced ICANN to reconsider all the logistics of this major event.

Since 1999, ICANN has organised three annual meetings devoted to the regulations applicable to Internet naming and a fourth devoted to more operational aspects, often referred to as the GDD Summit (Global Domain Division Summit). These meetings are an opportunity for participants from some 150 countries to discuss live the hot topics related to the Domain Name System (DNS).

For the past few weeks, however, world attention has focused on a completely different subject: the ongoing spread of the coronavirus, which according to the latest figures available has contaminated some 75,465 people in mainland China and caused the death of 2,236 people since its emergence in December in Wuhan, capital of Hubei province. While South Korea also now has more than 150 confirmed cases, the list of countries with confirmed cases keeps growing. More than 30 countries are now in this situation.

Quite logically, in recent weeks, behind the scenes of the ICANN organization, coronavirus has been rising as a major concern for the players in the domain name industry. More and more potential participants were talking about the fact that they would prefer not to travel for this event, which is important to them, while others were asking whether it was appropriate to hold this event in such a context. Recent cancellations of similar events have indeed echoed their concerns. Earlier this month, the GSMA, the organizers of the world’s largest mobile industry exhibition, Mobile World Congress 2020, effectively cancelled the event after more than 30 exhibitors and sponsors withdrew due to the outbreak. The Fintech Festival of India (IFF 2020) organised by the government of Maharashtra, the Ministry of Electronics and Information Technology (MeitY), the National Payments Corporation of India (NPCI) and the Fintech Convergence Council also similarly announced this week that it would postpone the event to a “more appropriate time” due to coronavirus-related issues. The event was scheduled to take place on 4-5 March 2020.

At the 19 February session of the ICANN Board, which was extended by one hour, ICANN finally decided :

« Resolved (2020.02.19.01), by virtue of the public health emergency of international concern posed by COVID-19, the daily evolving developments, and the high global risk still identified, the Board directs the ICANN President and CEO, or his designees, to take all necessary actions to not hold ICANN67 as an in-person meeting in Cancún, Mexico.

Resolved (2020.02.19.02), as the Board has determined to not proceed to Cancun, Mexico for ICANN67, the Board directs the ICANN President and CEO to move ICANN67 to ICANN’s first fully remote public meeting. »

The ICANN Board communiqué confirms that the summit, which is usually held in person, will for the first time be entirely managed remotely with means still to be clarified.

If the holding of such event in a remote mode is unprecedented, it should be noted that in the past ICANN has already changed the organization of its meetings for similar reasons. Indeed in June 2016, for example, ICANN decided to move ICANN56 from Panama City to Helsinki in Finland because of the Zika virus. The only difference is that their decision could have been anticipated earlier.

This is why ICANN has already taken up the subject for the holding of the following events : the GDD Summit planned in Paris in May and then the ICANN68 planned in Kuala Lumpur in Malaysia in June.

Grandfathering registrations of a .TW in Chinese characters are opened for .TW domain names’ holders

Domain names in .TW in Chinese characters - .台灣
Image source: Yenyu_Chen via Pixabay

The .TW registry (TWNIC) offers grandfathering registrations for holders of existing ASCII.TW domains that wish to register the same ASCII domain under .台灣 (.xn--kpry57d).

Before the official opening, TWNIC provides priority registration for registrants who meet the eligibility requirements.

For example, twnic.tw can be registered for twnic.台灣 in the grandfathering period.

The following eligibility criteria apply and are checked by the registry:

  • The creation date for ACSII.tw should be earlier than the same ASCII name under .台灣 (.xn--kpry57d)
  • The registrant of ASCII.台灣 (.xn--kpry57d) should be the same as ASCII.tw
  • ASCII.tw and ASCII.台灣 (.xn--kpry57d) should be managed under the same registrar when creating ASCII.台灣.

Grandfathering Period : from January 7th, 2020 to February 10th, 2020.

The ASCII.tw Domain Name “.台灣(.xn--kpry57d)” will be starting  on February 18, 2020.

For more information on the conditions for registration of your .台灣, don’t hesitate to contact us.

*An internationalized domain name (IDN) is an Internet domain name that contains at least one language-specific script or alphabet, such as Arabic, Chinese, Cyrillic, Devanagari, Hebrew.  It allows the use of domain names in the native language of Internet users using special characters such as Asian, Arab or African users.

BREXIT – The plan of the .EU for UK citizens

Following BREXIT, Eurid (.EU registry) had recently updated its Domain names Registration Policy, by modifying the conditions of attribution of a .EU domain name for the British and Gibraltarians, according to the plan below:

* From 1st November 2019, EURid will NOT allow the registration of any new domain name where the registrant’s residence or establishment country code is either GB or GI, unless the citizenship country code of the registrant corresponds to an EU27 Member State.

* On 24 October 2019, and following explicit confirmation by the Commission, EURid will notify by email both GB and GI registrants and their providers about their forthcoming non-compliance with the .eu regulatory framework.

During this two-month period, the domain names concerned remained active and could continue to be used by their holders.

* As of 1 January 2020, all registrants who did not demonstrate their eligibility will be deemed ineligible and their domain names will be WITHDRAWN. A WITHDRAWN domain name no longer functions, as the domain name is removed from the zone file and can no longer support any active services (such as websites or email).

Twelve months after the UK withdrawal, i.e. on 1 November 2020, all the affected domain names will be REVOKED, and will become AVAILABLE for general registration. Their release will occur in batches from the time they become available.

* No transfer to GB / GI registrants will be possible during the two-month period between 1 November and 1 January, unless they have a citizen country code from an EU27 member state. The transfer to a non GB / GI registered will remain possible.

Following the UK’s official leave from the European Union on January 31, the United Kingdom and the EU will enter into the so-called “transition period” until December 31, 2020.

During this “transition period”, residents and citizens of the United Kingdom will continue to be able to own and register .eu domain names. The plan described above will apply from the end of the transition period and will soon be updated accordingly.

Nameshield will keep you informed as soon as Eurid will update the rules.

For its part, the British register (NOMINET) has no plans currently to restrict .uk domain names – they can be registered irrespective of nationality or place of residence. All are eligible.

FIC 2020 – Nameshield’s DNS Premium labelled France Cybersecurity once again

During the 12th edition of the International Cybersecurity Forum (FIC), the major event in terms of cybersecurity and digital confidence, which currently takes place from January 28 to 30 in Lille, Nameshield was given once again the France Cybersecurity Label for its DNS Premium solution.

Nameshield’s DNS Premium labelled France Cybersecurity
8th Edition of the France Cybersecurity Labels ceremony, January 29, 2020

Nameshield’s DNS Premium labelled France Cybersecurity

The DNS is at the heart of companies’ critical services: Internet, email, applications…

Exposed more and more frequently to attacks, like DDoS, Man in the Middle… it must remain available.

The Nameshield’s DNS Premium is the solution which meets DNS protection needs with a redundant, ultra-secure infrastructure with all the key DNS services (anycast, DDoS protection, DNSSEC, statistics…).

The DNS Premium solution labelled France Cybersecurity, thus allows its users to protect their digital assets from any attack and ensures a high availability of their Internet services.

France Cybersecurity Label, the guarantee of a certain level of quality in terms of cybersecurity

Nameshield’s DNS Premium labelled France Cybersecurity

For reminder, the France Cybersecurity label is the guarantee for users that the Nameshield’s products and services are French and possess clear and well defined functionalities, with a certain level of quality in terms of cybersecurity, verified by an independent jury.

It answers to several needs and objectives:

  • Raise awareness among users and international ordering parties regarding the importance of the French origin of a Cybersecurity offer and its intrinsic qualities ;
  • Certify to users and ordering parties the quality and functionalities of labelled products and services ;
  • Promote French cybersecurity solutions and increase their international visibility ;
  • Certify to users and ordering parties the quality and functionalities of labelled products and services ;
  • Increase their overall use and the users’ security level.

This label is governed by a committee composed of representatives gathered in 3 colleges:

  • College of officials: representatives from the “Direction Générale de l’Armement” (DGA, the French Government Defense procurement and technology agency), the “Direction Générale des Entreprises” (DGE, the French Directorate General for Enterprise within the Ministry of Economy, Industry and Digital), and the “Agence Nationale de la Sécurité des Systèmes d’Information” (ANSSI, the French National Cybersecurity Agency).
  • College of industrials: representatives from the “Alliance pour la Confiance Numérique” (ACN – Alliance for digital confidence) and HEXATRUST.
  • College of users: representatives from groups of users, such as: CIGREF, GITSIS, CESIN, CLUSIF ISSM space.

Nameshield, a 100% French company, certified ISO 27001 on all its registrar activity, was able to bring all the necessary guarantees to obtain the France Cybersecurity Label for its offer, the DNS Premium and illustrates its engagement to always provide the best services and standards regarding cybersecurity.

For more information on our labelled solution DNS Premium, please visit Nameshield’s website.

The launch of .GAY is close

The launch of .GAY - New gTLDs - dotgay - Nameshield Blog
Image source : Top Level Design website

On June 1970, one year after the Stonewall Riots, which marked the birth of the LGBTQ rights movements, the first Gay Pride parades took place in many US cities to claim liberty, equality and denounce prejudice, persecution, bigotry and hate.

Fifty years later, with the launch of the new extension .GAY by the registry TOP LEVEL DESIGN, a new digital space is created for the LGBTQ community. This extension is thus intended for individuals, organizations, businesses supporting the LGBTQ community. It will increase their visibility and create a safe online space.

The launch of .GAY will follow the calendar below.

.GAY Launching Calendar

  • Sunrise period: from 10/02/2020 to 06/05/2020
  • EAP (Early Access Period): from 11/05/2020 to 18/05/2020
  • General availability: from 20/05/2020

.GAY donations to LGBTQ nonprofit organizations

Note that for each new domain name registered, the .GAY donates 20% of registration revenue to LGBTQ nonprofit organizations like GLAAD and CenterLink which are currently the inaugural beneficiaries.

A .GAY domain name registration will become a way to express support to the LGBTQ community.

.GAY rights protections policy

The .GAY will give the possibility to create a safer space online for LGBTQ community. Indeed, the extension will be subject to a .GAY rights protections policy, which will allow to report any content that is harmful or harassing LGBTQ people, and to act against them by removing the content or suspending the site itself.

The use of .gay for anti-LGBTQ content or to malign or harm LGBTQ individuals or groups is strictly prohibited and can result in immediate server-hold. Prohibited behavior includes harassment, threats, and hate speech” highlights the registry.

.GAY domain name registrations will be prohibited to parties that are, or are associated with, recognized hate groups inciting violence against the LGBTQ community.

For more information on the conditions for registration of your .GAY, don’t hesitate to contact a Nameshield’s consultant.