New document available on Nameshield’s website: ” 5 minutes to understand – Register a domain name “

5 minutes to understand - Domain names - Nameshield

The domain name is the first link between the web user and your website. It is thanks to the domain name that you are found on the Internet, that you are visible, that your identity is displayed and that you develop your business on the net. It is a digital asset of your business.

The more meaningful this name is, the more likely it is to position you effectively on the web, and to best represent your identity.

Discover the right questions to ask yourself before registering a domain name and the registration rules in this new “5 minutes to understand” document to download on the Nameshield’s website.

Modification of registration conditions in .DZ – Register the equivalent in .TM.DZ to keep control!

Modification of registration conditions in .DZ
Image source : SofiLayla via Pixabay

The Algerian registry has changed its registration conditions quite restrictively. These changes also affect already registered domain names:

  • The applicant must now be “an entity established in Algeria, having legal representation in Algeria”.
  • This means that holders or applicants holding only an Algerian brand and who cannot justify a local presence in Algeria will have to move towards the registration of a .TM.DZ domain name.
  • Please note, registering a .TM.DZ domain name opens an identical registration in .DZ.

Another important element relating to .DZ already registered:

  • Changes are no longer possible on these names, except for holders who are a local entity. The only “operation allowed” is renewal.

Our advice:

Since the end of 2018, Nameshield has been encouraging you to register your .TM.DZ domain names, we of course maintain this advice and strongly encourage you to quickly register the equivalent of your .DZ in .TM.DZ. This will maintain a high level of reactivity, especially in case of emergency modifications.

New resources available on the Nameshield’s website: The “5 minutes to understand” documents

5 minutes to understand - Domain names - Nameshield

Nameshield offers you new resources that will be regularly published and available for download on the Nameshield’s website: the “5 minutes to understand” documents.

Quick and easy to read documents to understand the basics of domain names in just a few minutes.

Discover now the first document “5 minutes to understand – The reading a domain name“:

Participate in the .eu Web Awards!

The .eu Web Awards is an online competition, launched in 2014 by EURID, the .eu registry, which rewards the best websites in the .eu, .ею or .ευ extensions, divided into 5 categories:

  • Leaders
  • Rising stars
  • Laurels
  • House of .eu
  • Better world

It is possible to apply until 05 August 2020 and the participation is free of charge: https://webawards.eurid.eu/

Once your candidature has been validated, it’s up to the public to vote! The 3 websites under each category that have won the most votes will then become finalists.

The big winners will be revealed at the Gala held in Brussels on 18 November 2020, where the 15 finalists will be invited.

The 5 winners will win the following prizes:

  • a two-month billboard advertising campaign in Brussels airport
  • a trophy, a customised video for communication support
  • the .eu Web Awards icon to use on their websites and social networks.

Do you own a website in .eu, .ею or .ευ? This contest can be a nice opportunity to liven up your social networks, generate additional traffic and win the prizes mentioned above.

Interested? Visit https://webawards.eurid.eu/ for more information.

.ORG News – ICANN rejects the sale of the .ORG Registry to Ethos Capital

Sale of .ORG registry - PIR Public Interest Registry - dot ORG - Nameshield

The news came on 30 April through a press release from the ICANN Board announcing that it had taken the decision to reject the sale of Public Interest Registry (PIR), the .ORG registry, to the private equity firm Ethos Capital.

For reminder, at the end of 2019, the announcement of the sale of the .ORG registry to Ethos Capital created a real debate and caused several concerns from NGOs, such as the increase of .ORG prices and the implementation of rights protection policies that could lead to a form of censorship (Find all the articles on this subject on the blog).

In mid-April, while the organization had to decide whether or not to approve the sale of the registry, the transaction was still pending. ICANN allowed itself additional time to complete its review, after receiving numerous letters of opposition, including one from California’s Attorney General, Xavier Becerra.

The decision to reject this deal was finally announced on Thursday 30 April “as a result of various factors that create unacceptable uncertainty over the future of the third largest gTLD registry”.

One of the main reasons for this decision is the “change from the fundamental public interest nature of PIR to an entity that is bound to serve the interests of its corporate stakeholders, and which has no meaningful plan to protect or serve the .ORG community.”

Among the reasons for this rejection is also the issue of financing, since this transaction could compromise the financial stability of the registry. Indeed, the proposed sale would change PIR from a not-for-profit entity to a for-profit entity with a $360 million debt obligation, which would not benefit PIR or the .ORG community, but the financial interests of Ethos and its investors.

Furthermore, the PIR proposal to implement a “Stewardship Council“, which aimed to make the entity more accountable to the community, did not convince ICANN either. According to the organization, this council “might not be properly independent“.

ICANN’s decision is therefore a victory for the .ORG community and Electronic Frontier Foundation, which does not stop there and adds “the .ORG registry still needs a faithful steward, because the Internet Society has made clear it no longer wants that responsibility. ICANN should hold an open consultation, as they did in 2002, to select a new operator of the .ORG domain that will give nonprofits a real voice in its governance, and a real guarantee against censorship and financial exploitation.”

Choosing the right TLD based on DNS performance

Comparative analysis of the famous Top Level Domains (.com, .fr…)

The crux of the war for high-visibility websites is the download time. As a natural referencing factor admitted by Google, this download time can be significantly impacted during DNS resolution. If it is necessary to rely on a first-class DNS infrastructure, the choice of the extension associated with a domain name is important. Indeed, not all registries perform equally well in terms of DNS, not to say that some have disappointing performance. The offer in terms of TLDs (nearly 1400) has greatly increased since ICANN’s New Extensions Program. Analysis to follow.

A quick look at DNS resolution time and its impact on load time

Resolving a domain such as nameshield.net follows several steps before you can contact the content server. The DNS resolver contacts the root DNS servers (.), then the DNS servers of the registry of the extension concerned (.net) in order to obtain the list of DNS servers responsible for the domain, and finally these DNS servers to obtain the requested response. The response obtained is certainly cached by the DNS resolver (generally managed by the Internet Service Provider), but this will not always be the case depending on the popularity of your domain.

This means that if the DNS for the top level domain (.net) is slow, it may actually delay DNS resolution for the domain itself and, in the very unlikely worst case scenario, even cause a breakdown. There’s not much you can do about this, apart from choosing the right TLD.

Comparative Analysis

Bunny CDN, a Slovenian content delivery player, conducted the following surprising analysis. Relying on their global network, they monitored DNS performance worldwide from more than 50 sites and networks.

For each TLD, their system chose a random name server published for each top-level domains and queried a random domain name. The results were grouped by region and the data recorded every 10 seconds.

Results

They tested 42 of the most popular top-level domains and then aggregated the results into a global median average and an 85-percentile aggregation (the 15% slowest responses were not taken into account). These tests were conducted only from their network, so a more complete study would certainly be worthwhile, but they provide a good overview.

Choosing the right TLD based on DNS performance
Source : BunnyCDN

The results were quite surprising

The most surprising domains are .info and .org, which have shown really poor performance, especially in the 85 percentile range, despite their seniority and the millions of domains registered. It seems that 4 of the 6 names servers function extremely poorly, which explains the poor results.

The .net and .com have been very slightly slower than expected in Europe and North America, but otherwise offer excellent and stable performance in all regions, visible in the global median. .net and .com have much larger networks, but remain a very interesting choice for absolute maximum performance.

Less expected is the performance of the .co, .biz and .in TLDs, well ahead of the others.

Some new domains (.online, .top, .blog…), which are attractive from a marketing point of view and growing strongly, show disappointing performances…

… on the other hand, very good surprises for .live, .email, .news, managed by Donuts Inc or .club and .buzz managed by Neustar Inc, with, however, a very important decrease in performance in regions outside Europe and North America, which further aggravates the problem.

42 of the most popular TLDs among the 1400+ available have been tested. Without drawing any definitive conclusions, we can assume that many may not work much better.

Conclusion

Do you need to revolutionize the management of your domain name portfolio and the choice of TLDs for your most visible websites? Should you switch everything to .biz or .co immediately to increase performance?

Certainly not. First of all, DNS responses are heavily cached, especially for very popular websites, resolvers may not need to reach many top-level names servers. Then, the choice of a domain name is primarily driven by marketing imperatives (brand, geographical area, name availability) that are often far more impactful than the additional 50 milliseconds of loading time for the first page to load.

However, if you are trying to compress absolutely every last bit of performance and ensure high reliability in a system where every last millisecond counts, then you may want to think twice before choosing your domain. The differences aren’t huge, but if you’re aiming for that one-second loading time, things can add up to 200 ms in some cases.

Choosing the right TLD based on DNS performance is indeed a good thing, but probably not a cause for too much concern.

Abandoned domain names vs renewed domain names: any observations?

Abandoned domain names vs renewed domain names - Nameshield
Image source: JanBaby via Pixabay

As a registrar, Nameshield has an accurate view of the typology of abandoned domain names and domain names kept by their holders when they clean up their portfolio.

As in all sectors of activity, phenomena that could be said to be “trendy” can even be seen in cybersquatting and therefore in domain names that are abandoned or maintained.

Let’s take the example of typosquatting, there was a time when it was essential to register domain names that included your trademark with as many typographical variants as possible (if your trademark contained the letter O, it was important to register a version with the number 0 instead of the O etc.), because cybersquatters were then very focused on this type of hijacking attempt. A decade later, cybercrime has changed and, while it is still important to register typographical variants, only the most pertinent ones are relevant today. As a result, many companies have abandoned the most distant variants.

The same goes for extensions. At certain periods, the risks of cybersquatting are greater depending on the registration conditions. A “first-come, first-served” extension is more at risk than a TLD requiring, for example, a locally registered trademark. Since the domain names registrations rules are set by each registry, they are likely to change over time, with the result that potential abandonments may occur.

An interesting study published at the end of 2019 by Frank Moraes, indicated that considering the first 8 extensions, only 29.79% of registered domain names would be renewed each year. Of the remaining 70.21%, 41.22% would simply expire and 28.99% would be registered by a new holder.

Only one domain name out of three would therefore be renewed the year following its registration! However, the rates vary significantly and the highest renewal percentages are unsurprisingly for .NET (46.3%), .ORG (44.24%) and .INFO (34.56%).

On the contrary, the lowest renewal rates are for .CN (1.72%), .BIZ (16.6%) and .TOP (22.22%).

What about .COM? The .COM TLD remains undoubtedly the most popular extension. If the study cited above only places the .COM in fourth position in the percentage of renewals (certainly taking into account the sampling), the renewal rate of the .COM is more around 80% and is relatively stable from year to year.

.ORG News – ICANN delays again the sale of the .ORG Registry

Sale of .ORG registry - PIR Public Interest Registry - dot ORG - Nameshield

A few months ago, in previous articles, we mentioned the sale by Internet Society of Public Interest Registry (PIR), the .ORG registry, to Ethos Capital, a private equity firm.

The .ORG is the reference extension for non-profit organizations and the .ORG registry represents more than 10.5 million domains. For reminder, the announcement of the sale of the registry caused several concerns in the NGO community.

In front of these many complaints, ICANN had already postponed the approval of the .ORG registry’s sale to Ethos Capital and requested additional information from Internet Society.

Further postponement of the .org registry’s sale after the intervention of the Attorney General of California

On Thursday 16 April, when the ICANN Board was to decide whether or not to approve the sale of the registry, it was finally decided at that meeting, to postpone it again until 4 May 2020. This fourth postponement was caused by a letter received the day before from California’s Attorney General, Xavier Becerra, asking ICANN to reject the sale. He explains that it “raises serious concerns that cannot be overlooked“.

Empowering a for-profit entity that could undermine the accessibility and affordability of the .org domain, which serves nonprofits, should concern all of us” the Attorney General’s office told The Register.

The secret nature of Ethos Capital is a source of concern

In his letter, the Attorney General expressed several concerns about the transaction, including the secret nature of the proposed buyer, Ethos Capital: “Little is known about Ethos Capital and its multiple proposed subsidiaries“. Ethos Capital is criticized for its unusual corporation structure (the purchase involves six different companies, all of which were registered on the same day in October 2019) and its lack of transparency regarding its future plans.

In its notice published last Thursday, ICANN affirms having listened to the community and having demanded greater transparency and more guarantees from PIR. According to the organization, the Attorney General’s letter does not take into account the recent work that PIR has done regarding Public Interest Commitments, to make the entity more responsible to the community. ICANN requested PIR to strengthen these commitments, and a draft of the revised Public Interest Commitments has been provided to ICANN.

ICANN’s behavior and Internet Society criticized

ICANN has also been subject to a number of criticisms during the entire process, particularly as it appeared that the organization’s staff was pushing for approval of the transaction despite near universal opposition to it from the Internet community.

In addition, early last week, ICANN’s founding CEO Michael Roberts and original Board Chair Esther Dyson wrote a letter to Xavier Becerra criticizing the transaction and accusing their successors of abandoning ICANN’s core principles.

According to the Attorney General, this transaction will have an impact on ICANN’s reputation given the way the organization has handled the situation.

Not only ICANN and Ethos have been criticized by the Attorney General’s office, Xavier Becerra also blames the Internet Society for proposing the sale of the .ORG registry to Ethos Capital: “ISOC purports to support the Internet, yet its actions, from the secretive nature of the transaction, to actively seeking to transfer the .ORG registry to an unknown entity, are contrary to its mission and potentially disruptive to the same system it claims to champion and support“.

Xavier Becerra’s letter does not threaten ICANN with action if it does approve the sale. However, it does indicate that the Attorney General of California holds significant authority over the organization and is prepared to act, particularly since this sale could affect hundreds of thousands of other non-profit organizations.

Given the concerns stated above, and based on the information provided, the .ORG registry and the global Internet community – of which innumerable Californians are a part – are better served if ICANN withholds approval of the proposed sale and transfer of PIR and the .ORG registry to the private equity firm Ethos Capital. This office will continue to evaluate this matter, and will take whatever action necessary to protect Californians and the nonprofit community.”

In a notice published last Thursday, ICANN thus declared the postponement of its decision: “We have agreed to extend the review period to 4 May 2020, to permit additional time to complete our review.

DNS on Blockchain: the next evolution of domain names?

DNS on Blockchain - Nameshield
Image source: TheDigitalArtist via Pixabay

Summary

The DNS, the Domain Name System, is a service at the heart of how the Internet operates. It is fundamental to the functioning of many services such as websites, mail servers, VoIP telephony and many others.

For more than 30 years, many extensions and functionalities have been added to the DNS, which technically translates into an increase in the complexity of the infrastructure.

The Blockchain technology could be a considerable evolution for DNS, bringing several advantages and new functionalities.

The DNS, a fundamental service

The DNS, the Domain Name System, is a service at the heart of how the Internet operates. It functions as a public directory that associates domain names with resources on the Internet, such as IP addresses. When a user enters an address in his browser, a DNS server translates this humanly understandable address into an IP address that is understandable by computers and networks. This is DNS resolution.

DNS - DNS on Blockchain - Nameshield

This system, created in 1983, is fundamental to the functioning of many services such as websites, mail servers, VoIP telephony and many others. It is constantly evolving to meet ever-increasing needs in terms of functionality and security. Indeed, the DNS must guarantee:

  • Availability: an unavailability of the DNS service would result in a service disruption.
  • Integrity: the data present on the DNS (associated with a domain name) must not be corrupted.
  • Confidentiality: to protect the privacy of users, the DNS implements various solutions that increase the confidentiality of DNS requests. If the requests are not confidential, it is possible to analyze users’ browsing information.

The domain name system is based on a centralized model of trust. It is distributed throughout the world and managed by different actors in a hierarchical manner, in several levels; a root level, a first level where extensions are managed by registries, then a second level managed by registrars. The whole thing is orchestrated by ICANN, the Internet’s regulatory authority.

Domain names - DNS on Blockchain - Nameshield

For more than 30 years, many extensions and functionalities have been added to the DNS, which technically translates into an increase in the complexity of the infrastructure.

Blockchain technology could be a considerable evolution for DNS, bringing several advantages and new functionalities.

Blockchain and decentralized registry

A Blockchain is a data structure accessible to all and distributed over a decentralized network; the data is replicated on each node of the network, there is no central authority. Everyone has the possibility to read its contents, add data and even join the network. The concept was first implemented in 2009 with Bitcoin, but today there are many different Blockchain technologies, each with their own properties.

The data is entered on a Blockchain via transactions. The transactions are grouped into blocks, each block is then validated by the network and then brought together. Thus, a Blockchain contains the history of all the transactions carried out since its creation.

The validation rules are written in the Blockchain protocol, which each member of the network respects. To ensure compliance with its rules, the Blockchain protocols are based on consensus algorithms, the best known being the Proof of Work. These algorithms guarantee the integrity, immutability and security of the data on the Blockchain.

Blockchain - DNS on Blockchain - Nameshield

The Blockchain technology meets several DNS needs:

  • Availability: a decentralized, peer-to-peer network cannot be stopped. It could replace or complement Anycast infrastructures. 
  • Integrity: the consensus protocol of a Blockchain guarantees, by nature, the integrity of the data. Furthermore, the data cannot be modified. These properties would eliminate the need for DNSSEC and its famous key renewal ceremony.
  • Confidentiality: Requests made to read the Blockchain data can be encapsulated in an HTTPS channel in the same way as the DNS over HTTPS (DoH) protocol. There are few DoH resolvers today, so traffic is centralized around a limited number of actors. The use of a Blockchain would offer the possibility of querying any node on the network, thus limiting centralization and SPF (single point of failure).

The data included in the DNS zone files, i.e. the domain name configurations, could therefore be distributed on a Blockchain. Each player (registries, registrars) could directly interact with this Blockchain to manage the domain names. This is the idea of the DNS on Blockchain.

New needs

In recent years, with the emergence of Blockchain technologies, new means of values exchange have developed, particularly with tokenization, crypto-assets and decentralized applications (dapps); we talk about Web 3.0, or the Internet of Value.

Values exchange - DNS on Blockchain - Nameshield

Digital wallets and decentralized applications work with identifiers that are difficult to read, e.g. 0x483add28edbd9f83fb5db0289c7ed48c83f55982 for a wallet address.

Being able to associate this type of address with domain names, within a universal naming system, could be of real interest for tomorrow’s Web applications. It would be possible to have a wallet of crypto-assets or a decentralized application configured directly behind a domain name. This could also be useful for the digital identity of companies and their brands.

DNS on Blockchain, today

Many naming system projects on Blockchain are currently under development, each with an implementation of its own.

Some applications propose new domain names extensions (TLDs), such as .bit, .zil, .crypto, .eth, etc. This is particularly the case for Namecoin and UnstoppableDomains. These systems are completely independent of the traditional DNS and ICANN. Registration is managed directly by users, and names resolution is generally done through a browser extension. The Opera browser has recently natively integrated the resolution of these domain names.

These applications are functional and the names registration is not controlled. There are therefore many cases of cybersquatting. Users register names in the hope of reselling them and making a profit. This obviously poses a problem for trademark owners, and will certainly prevent the adoption of these solutions by companies.

DNS on Blockchain - Nameshield

Other projects propose complementary solutions to DNS. In particular, Ethereum Name Service (ENS) offers a names system on Blockchain that integrates with the traditional DNS. If you are the holder of a domain name and can prove it with a DNSSEC registration, you can then register this same name on the Blockchain service. This allows you to combine the advantages of traditional DNS and DNS on Blockchain.

The .kred, .xyz and .luxe extensions already support this integration on Blockchain, and ENS plans to propose it for all DNSSEC-compatible extensions. This project is quite promising, Ethereum Name Service has recently joined the DNS-OARC (DNS Operations, Analysis, and Research Center).

The Handshake project proposes a naming protocol to manage the root level of the DNS, and provide an alternative to certification authorities. It challenges the trust and governance model of the DNS to experiment with a more decentralized, secure and resilient system based on validation of DNS zones by participants in the network.

Conclusion

The DNS on Blockchain could be a considerable evolution of the DNS; it would bring several advantages and new functionalities thanks to the Blockchain technology, which would benefit the development of the decentralized web.

Today, however, there are still no technologies and applications on which there is unanimous agreement, even though many projects and PoC are under development. They are not yet mature enough to be used on a large scale. Improvements in terms of scalability, security and usability need to be made.

The collaboration of the Internet players (ICANN, DNS-OARC, registries) seems essential for a technology to reach consensus and be adopted, in particular to set common rules. This is a subject to be followed closely over the next few years.

Are you interested in blockchain and crypto-assets topics? Don’t hesitate to consult the website of our collaborator Steve Despres: https://cryptoms.fr/

Companies’ cybersecurity – 5th edition of CESIN’s annual barometer

Companies’ cybersecurity - CESIN barometer - Blog Nameshield
Image source: TheDigitalArtist via Pixabay

Every year, the Club of Experts in Information and Digital Security (CESIN) publishes its barometer of companies’ cybersecurity in order to better understand the perception and concrete reality of cybersecurity and its issues within CESIN member companies.

Last January, CESIN unveiled the results of its OpinionWay survey, carried out from the 2nd of December 2019 to the 7th of January 2020 among its 253 members, Chief Information Security Officer (CISO) of major French groups.

Cyberattacks: Fewer companies affected but still heavily impacted

First of all, the study highlights a positive figure: the decline in the number of companies that suffered at least one cyberattack in 2019, i.e. 65% of the companies surveyed compared to 80% in 2018 (note, however, that this difference in results is nuanced by the addition of the definition of cyberattack in the survey conducted in January 2020).

On the other hand, the impact of these cyberattacks remains significant since 57% of these attacks have consequences on business such as disruption of production (27%), website unavailability (17%) and revenue loss (9%).

The targeted companies were the targets of 4 types of cyberattacks on average in 12 months. Among the attacks vectors, phishing remains the most frequent attack with 79% of companies affected in 2019, followed by the scam on the President (47%), the exploitation of a vulnerability (43%) and fraudulent login attempts (40%).

The main consequences of these attacks are identity theft (35%), malware infection (34%), personal data theft (26%), ransomware infection (25%) and denial of service (19%).

Cloud, IoT and AI, issues of concern

With the digital transformation, the use of the Cloud is important within companies: 89% of companies surveyed store their data in a Cloud, including 55% in public Clouds.

A massive use of the Cloud which still represents a high risk due to a lack of control over the hosting provider’s subcontracting chain (for 50% of CISOs), the difficulty of conducting audits (46%) and the lack of control over the use of the Cloud by employees (46%). For 91% of respondents, the tools implemented by Cloud hosting providers are not sufficient to secure the data stored, and specific additional tools or measures are necessary.

Connected objects are also a growing concern, increasing the attack surface and creating new types of threats. The CISOs surveyed are concerned about the security breaches present in this equipment (43%) and the uncertainty in the assessment of potential risks (28%).

The study also shows that the embedded AI at the heart of cybersecurity solutions has yet to prove its worth since 53% of CISOs do not trust it.

An awareness of cyber-risks

To prevent the risk of attacks, companies implement an average of a dozen protection solutions, in addition to antivirus and firewalls. Among them, the mail security gateway (85%), the VPN/SSL gateway (85%), proxy and URL filtering (83%), and multi-factor authentication. The latter, adopted by 72% of companies, has increased by 13% compared to 2018.

More aware of cyber risks, 91% of the companies surveyed are implementing a cyber-resilience program in parallel with protection solutions or are considering doing so, that’s 12 points higher than last year.

Awareness of cyber risks is also reflected in the steady increase over the last three years in the number of companies having subscribed to cyber-insurance (60%).

Despite this, only 4 out of 10 companies say they are prepared in case of a large-scale cyberattack.

Employees Awareness

In addition to the external threat, for 43% of companies, employees’ negligence is the most common cyber risk.

Shadow IT, i.e. the deployment and use of applications and services beyond the control of IT teams, is mentioned by 98% of the CISOs surveyed and remains a significant threat to be dealt with.

Yet even though they are aware of cyber risks (according to 74% of respondents), only half of employees comply with the recommendations, according to CISOs.

Issues for the future of cybersecurity

Governance is the first issue mentioned by CISOs (70%) for the future of cybersecurity, followed by users’ training and awareness raising on cybersecurity issues (57%).

Increasing the budget is another major issue for 50% of respondents. The proportion of the IT budget allocated to cybersecurity has increased in companies compared to last year. 62% of them plan to increase it further in the next 12 months and 83% want to acquire new technical solutions.

In terms of human resources, one out of two companies (51%) would like to increase the number of staff dedicated to cybersecurity, but 90% face a shortage of Information Systems Security profiles, leading to recruitment difficulties.