ICANN79: A summit that builds on decisions taken in 2023

ICANN79

After ICANN29 in 2007 and ICANN61 in 2018, Puerto Rico hosted its third Internet Governance Summit, ICANN79, at the beginning of March. Six days of meetings, exchanges and encounters in a studious atmosphere, with ongoing issues moving forward. The star topic: the next round of new generic extensions. Other major subjects, such as the NIS2 European cybersecurity directive and the appointment of a new President for the organisation, were discussed on the sidelines.

Three women at the centre of ICANN: Tripti Sinha on the left, Manal Ismail in the centre and Sally Costerton on the right

The next round of new generic extensions, a priority topic

On Saturday 2 March, the launch day of ICANN79, a session was held on the implementation of the recommendations from the Subpro policy development process (PDP), which aims to enable the launch of the next series of new generic Top level domains. This constituted an initial focus on this central issue, which is now bound to come to a conclusion as the next application window has been set for April 2026.

At this first session, attention was focused on the recommendations that the ICANN Board had not adopted as part of a resolution on the PDP passed in March 2023. At the previous summit (ICANN78), 14 recommendations remained outstanding, 6 were rejected. The body responsible for generic policies, the GNSO (Generic Naming Supporting Organization), which has got into the habit of creating small teams to work on blocking issues, has invited a small team to address these recommendations. At the same time, an implementation team is working on other recommendations approved by the ICANN Board and on the new version of the Applicant guide book. This central document for future applications is currently being written. Its finalised version should be available by the end of next year at the latest. At the end of ICANN79’s week of debates, it was clear that the work carried out during the many sessions on the next round had been fruitful. The Small Team found a compromise on the recommendations not approved by the ICANN Board and was even able to avoid a meeting scheduled in the summit agenda.

At least twelve ongoing topics

A GNSO session on Sunday provided an inventory of the policy development processes underway and those still being studied, such as the accuracy of registration data. The list includes at least twelve topics, some of which are blocked and where, due to the length of the process, the history is sometimes difficult to find for current GNSO members. This is the case for the protection of the names of inter- and non-inter-governmental organizations. Examples include the International Olympic Committee (IOC) and the Red Cross. In 2012, a PDP was launched to study the question of specific protection for the names of these bodies, bearing in mind that the contracts of the registry operators of the new generic extensions resulting from the 2012 round require them to be blocked from registration. At the beginning of 2019, the ICANN Board adopted the final recommendations of an extended PDP, which should enable them to be implemented. However, the body representing governments, the GAC, considered that not all the issues had been addressed, in particular that of specific protection for the acronyms of these organizations. This issue is still open today, and the recommendations have not yet been implemented.

Three women honoured at the Opening Ceremony

Monday marked the official launch of the summit, with the much-anticipated opening ceremony, which always takes place on a Monday morning. Tripti Sinha, Chair of the ICANN Board of Directors, recalled that the previous ICANN summit in San Juan took place “just after the devastating hurricane Maria”. She also referred to 2023, a year in which Sally Costerton took on the role of interim President of ICANN and in which ICANN celebrated its 25th anniversary in Hamburg. On the appointment of a new President for ICANN, participants were informed that the process is underway after listening to stakeholders in 2023. A group of candidates has emerged and will now lead to the selection of the future ICANN President and CEO. For her part, Sally Costerton repeatedly used the expression “superpower” to refer to ICANN’s mission to maintain a single global Internet. A difficult mission in a shifting geopolitical and technological context. But perhaps the most striking moment of the summit was the image of a third woman, Manal Ismail, who joined Tripti Sinha and Sally Costerton at the opening ceremony. Manal Ismail, who played an important role in the IANA transition and as chair of the GAC for more than five years, was honoured with the ICANN Community Excellence Award 2024.

Decisive milestones reached in 2023 which will materialize over the next three years

To the credit of ICANN’s current president, it must be said that many issues have moved forward under her leadership in 2023. If 2024 marks the entry into force of new obligations for registries and registrars on malicious uses, this is indeed the fruit of the work carried out last year. This central issue for Internet users had given rise to years of fruitless debates. The next round of new generic TLDs has made significant progress, with the adoption of recommendations and a roadmap towards a new application window now set for April 2026. We can add the Registration Data Policy, which will replace the Temporary Specification resulting from the GDPR (General Data Protection Regulation) by 2025. A related issue is the future Standardized System for Access to registration Data, which has entered an experimental phase in an attempt to reconcile protection with the need to respond to real needs for access to registration data. The inclusive Internet is entitled to a dedicated international day following the launch of the first UA Day (Universal Acceptance Day) in 2023. Finally, “ICANN grant”, a programme aimed at financially supporting projects to unify and make the Internet more inclusive, has also been launched. It is based on the substantial amounts raised by the 2012 auctions of new generic extensions. An envelope of USD 10 million will be allocated at the end of March.

We’re not winning on all fronts

While progress has been made on a number of fronts, there has been little progress on others. This is the case with a new holistic review of ICANN and the review of the organisation’s Accountability and Transparency. These reviews are necessary to bring about improvements in security and consumer choice, in the services associated with domain name registration databases, and in the security, stability and resilience of the DNS. This important subject is impacted by the many projects currently underway, and ICANN has also embarked on a continuous improvement project that could replace these processes.

As far as the European directive on NIS2 cybersecurity is concerned, the main point to note is that the contracting parties and the ICANN Board of Directors have emphasised that this legislation does not conflict with the ICANN policies in place. For the Board, which has indicated that it is working with the European Commission on this subject, there are, however, issues such as data accuracy that need to be considered.

While ICANN79 was not the subject of any noteworthy announcements, the main thing to remember is the studious atmosphere after a pivotal year in which many subjects passed decisive milestones towards their implementation. This is the case for the next series of new generic extensions, the previous one having been introduced twelve years ago. If a form of agility seems to have won over ICANN under the leadership of Sally Costerton and Tripti Sinha, this approach is also that of Nameshield, which adapts to your needs to provide you with tailor-made answers on the new TLD projects and many others.

Image source: ICANN‘s website

Artificial intelligence, NIS2 Directive, our society model: some of the topics debatted at Domain Pulse 2024

On 22 and 23 February, Domain Pulse was held in Vienna, Austria. This symposium brings together all the stakeholders in the domain name industry once a year around the registries of Austria (nic.at), Germany (DENIC eG) and Switzerland (SWITCH). The event was a resounding success, with a mix of conferences and networking opportunities.

Domain Pulse 2024
Neil Harbisson, the “cyborg artist” as he describes himself attracted a great deal of attention

For those who thought that cyborgs – human beings who have been grafted with mechanical or electronic parts – only existed in science-fiction literature or cinema, such as Fritz Lang’s masterpiece ‘Metropolis’, released almost 100 years ago, Domain Pulse 2024 was a wake-up call. The event’s star guest, Neil Harbisson, a self-styled cyborg artist, caused quite a stir at the opening of the event. The British artist was the first human to have an antenna implanted in his skull, back in 2004. This additional “organ” enables him to perceive colour frequencies differently. With the help of a software layer, he can even translate these perceptions into sound. He likes to explain that he can “eat songs” by transforming the perception of a dish into sounds, or “make sound portraits” of people. He shared that “King Charles III was able to listen to his sound portrait”. He also explained that for him, skin colours are simply variations on the colour orange. Another facet of his transformation is the “obstacle course” he went through to obtain the possibility of renewing his passport. Grafting technological tools raises ethical issues and is not normally allowed on passports. In the end, however, he obtained the right to have a passport with his antenna on his photo. To hear him tell it, augmented reality is already a thing of the past, since we are now talking about revealed reality.

He did not, however, overlook the fact that, like all technologies, these have their share of promises and dangers. In the case of the former, more impactful uses are possible, such as the fact that such “organs” could one day enable humans to “see at night”, thus saving energy, or to “regulate their body temperature instead of air-conditioning”. On the downside, there are risks of infection or clinical rejection, tools that are still dependent on conventional energy sources, problems of acceptability to society and, of course, the risk that these tools will be hacked, with impacts that are difficult to identify and assess.

The NIS2 directive also featured prominently in the discussions at Domain Pulse. This cybersecurity legislation must be transposed into the national laws of the Member States of the European Union by 17 October 2024 at the latest. At Domain Pulse, DNS service providers were warned that they will have to upgrade their cyber capabilities, risk management and reporting capacities, as well as cooperation and information exchange – the three pillars of the directive. On Article 28 of the text, which specifically targets domain name registration databases, a panel of specialists questioned the consistency of the approach: “The European Commission is going back on the accuracy of registration data and legitimate interests. This cyber approach runs counter to the need to publish less data”, said Thomas Rickert.

Other notable presentations included a reflection on our model of society around the question “Is the future in the virtual communities that will replace states? A projection by the Einstein Center allowed us to project ourselves into such a model.

The second day of the event focused on Artificial Intelligence. Implemented in a wide range of fields, AI has already shown that it is capable of surpassing human capacities. Its ability to adapt was also discussed, using the example of captcha input. Captcha are tests based on human image or sound analysis capabilities that differentiate automated requests from human requests. ChatGPT did not manage to enter a captcha, but went to a website where it is possible to request human assistance for specific needs. In the help forum, the support team asked ChatGPT if it was a robot. As a human would probably have done to achieve the desired end, ChatGPT lied and replied that it was not a robot. As if to echo the technological bodies mentioned the day before, AI offers interesting prospects for making faster progress in sectors such as research, for example. But the other side of the coin is that AI can be used for malicious purposes. Just as there is the Dark Web, there is also Dark AI. AI is capable of creating phishing emails and scams (internet fraud). It will become increasingly difficult to tell the difference between what is real and what is fake, for example with deepfakes (editor’s note: multimedia synthesis techniques based on AI that can generate fake audio or video sequences).

Another challenge and issue of the moment is the war on Europe’s doorstep. The Ukrainian conflict was discussed in the form of feedback from the Ukrainian registry operator in the context of the war and the lessons learned from an operational point of view. These included the preferred use of hosting companies offering a resilient infrastructure and “SMEs which are more responsive than large structures”, “choosing the right people to work with” and the fact that in a crisis situation “people are more reliable than machines”.

Domain Pulse 2024 skilfully reconciled issues specific to the domain name industry, such as cybersecurity and the regulatory aspect of the NIS2 directive, as well as technological issues. Feedback from the Ukrainian registry echoed Nameshield’s values and customer approach and solutions. This Domain Pulse also provided an opportunity for participants to reflect on the model of society we want for ourselves and our children, as humanity seems to be at a turning point in this area.

Nameshield at the CSA Summit in Cologne – From April 22 to 24, 2024

Celebrate the 20th anniversary with us and be part of the discussion about the future of commercial emails.

For 20 years, the CSA (Certified Senders Alliance) has been committed to strengthening trust in email as a communication channel. Building bridges between email senders and email providers has been the central goal of the CSA from the very beginning – this year’s anniversary summit will examine the success factors of the future under the motto ‘Trust Fuels the Future’.

Nameshield is a Gold Sponsor of the event – our team would be delighted to meet you there. Gain market-leading expertise with CSA’s insights and evolving best practices. We are particularly looking forward to the discussion around the implementation of DMARC, which is becoming a new standard.

Join an international network of brands, agencies, email service providers and mailbox vendors for a dynamic exchange of information in the well-connected email ecosystem! The CSA Email Summit is not just an event, it’s your path to realising your full potential in the ever-evolving landscape of commercial email.

The CSA Email Summit is supported by various industry associations and provides a solid platform for conversations that offer valuable insights into the future of email marketing. Learn from industry experts in workshops, sessions, short talks and masterclasses to enhance your expertise.

Please contact the Nameshield team for more information and to make an appointment at the Summit!

.FR extension is no exception to the trend towards concentration in the domain name sector

Afnic Registrar Day

On 23 January, Afnic the French domain name registry held its Registrar Day, an event aimed primarily at the registrars. Like every year, it was an opportunity to look back over the past year and look ahead to the current one.

The figures drawn up by Afnic for 2023 show an excellent dynamic. Indeed, the .FR extension has passed the 4.1 million domain names, ranking 7th among country-code Top level domains globally and still 3rd among the 27 Top level domains of the European Union. With a renewal rate of over 83% in 2023 and a 6.4% increase in new domains, the .FR domain has flattering figures for 2023.

Afnic has also drawn up an overview of its registrars. Above all, it shows increased concentration, which can also be seen in other Internet extensions and, more generally, in the domain names industry as a whole. Two figures to illustrate this: the number of accredited registrars has fallen by 40% in 10 years, and 38% of accredited registrars now account for 99.5% of the domain names managed by the French Registry.

For 2024, Afnic wants to continue to strengthen the visibility and awareness of the French Top level domain .FR. This will of course involve digital communication and in traditional media. But it also involves enhancing the accuracy and reliability of contact data associated with domain names and stepping up the fight against malicious uses with measures involving registrars. The aim of these two initiatives is to improve the reputation of, and confidence in the .FR domains, and also to honour commitments made to the French State, its mandator.

The European NIS2 directive on cybersecurity, due to come into force in October 2024, is never far away either. Indeed the directive explicitly targets the activities of the DNS and domain name stakeholders. Let’s hope that the increase in the price of the .FR domain names on 1 March does not dampen this positive momentum.

Image source: Afnic website

Opening of the .TR. extension in CATEGORY 3

Opening date of Turkish extensions moved forward to September 14, 2022

In this article published on October 4, 2023, we announced that the opening of the .TR extension in CATEGORY 3 will probably be in February.

Applications for the 3rd Category, where transactions will be carried out within the scope of the “a.tr Transition Process”, start on February 14, 2024.

In this category, holders of one of the following extensions: kep.tr, av.tr, dr.tr, com.tr, org.tr, net.tr, gen.tr, web.tr, name.tr, info.tr, tv.tr, bbs.tr and tel.tr will be given priority for .TR registration.

Following the application process, which starts on February 14, 2024 and will last for 3 months, it is expected that the evaluation process will be completed and the allocation procedures will be completed within 1 month (14-May-14 June 2024).

The date of your application between 14 February and 14 May 2024 is not important in the evaluation process. If the necessary conditions are met, the evaluation will be made taking into account the extension hierarchy.

Valentine’s Day is a wonderful day to make an analysis of your Turkish domain names portfolio!

Do not hesitate to contact our teams to secure your .TR!

Image source: smuldur via Pixabay

DNSSEC: Nameshield adopts ECDSA

DNSSEC is the protocol that guarantees the integrity of DNS resolution by establishing a chain of trust all the way back to the root. Data security is ensured by a mechanism of cryptographic keys that sign DNS zone records. Historically, DNS operators have used RSA keys (RSASHA256 algorithm), renowned for their robustness.

As an alternative to this asymmetric cryptographic algorithm, there are elliptic curve algorithms. In the case of DNSSEC, the “ECDSA Curve P-256 with SHA-256” algorithm (RFC 6605 and 8624) offers a higher level of security with smaller key sizes.

The ECDSA algorithm is increasingly being implemented by major players in the domain names industry, such as Verisign and AFNIC, and aims to become the standard.

This has several advantages over our current implementation:

  • Smaller signatures and smaller zone files (approx. -33%);
  • Faster zone transfer and reload;
  • Improved signing performance;
  • Potentially faster DNS requests (less reliance on IP fragmentation);
  • Reduced amplification factor of DDoS attacks based on DNS.

For all these reasons, Nameshield has chosen to use this algorithm by default to secure its own domain names and those of its customers.

Image credit : Nameshield with storyset.com

Phishing, slamming and other fraudulent e-mails: Stay alert during the end-of-year holidays!

Phishing, slamming and other fraudulent e-mails: Stay alert during the end-of-year holidays!

The end-of-year holidays often announce the upsurge of fraudulent mass e-mails campaigns. Indeed, cybercriminals take advantage of this period, when vigilance can be particularly low, to launch phishing e-mails.

What are phishing and slamming?

Phishing is used by cybercriminals to obtain personal information in order to commit an identity theft.

In the world of phishing, slamming is a well-known variant that consists in encouraging domain names holders to renew their annuity with another registrar, by arguing the emergency and criticality of the concerned name’s loss. Concretely, this is an e-mail pushing its recipient to contract an unsolicited service and to proceed to the payment of this latter without delay.

Thus, the slamming may take the form of a fraudulent renewal invoice, usually associated with intimidating terms like “Expiration notice”. Under the pressure of such e-mail, generally well built, it happens that the recipient then proceeds to the payment and finds himself debited with an important amount for the so-called renewal.

In the same way, the slamming e-mail may also indicate that a “customer” of the sender, posing as a fake registrar, intends to register domain names identical or similar to your brand. Then the fraudster proposes to register them for you in order to protect you from these troublesome registrations, of course, in exchange for an urgent payment.

Another kind of attack, the suspicious e-mail attachment!

Be careful of fraudulent e-mails with infectious attachments: a single entry point is enough to destroy a network!

The aim of a trap and thus malicious attachment is to pose as a legitimate file (PDF, Word document, JPG image…), while hosting and hiding a malicious code: this is what we generally call Trojans.

Some simple rules to protect against them

  • Always stay alert when someone asks you your personal data;
  • Do not ever open an attachment from an unknown sender, or from one who is not entirely trustworthy;
  • Check the links by hovering the cursor over them (without clicking) to ensure that they link to trustworthy websites;
  • Never reply under the pressure of this kind of solicitation and of course do not proceed to any payment;
  • If there is any doubt, do not reply to the e-mail and contact the sender through another method who will confirm whether it really is a fraud attempt or not.

To remind you of this more often, you can find a wallpaper to download on the Nameshield website:

Download the wallpaper

Image credits : Nameshield with storyset.com

New e-mails authentication requirements from Google and Yahoo

New e-mails authentication requirements from Google and Yahoo - DMARC

Google and Yahoo recently announced significant changes to their e-mails authentication requirements. The aim of these adjustments is to strengthen the security of online communications, a major issue in the current context of cybercrime.

The two giants are emphasizing the adoption of advanced authentication protocols, in particular DMARC (Domain-based Message Authentication, Reporting, and Conformance). DMARC relies on the existing SPF and DKIM standards, providing a robust method for verifying e-mails’ authenticity and reducing the risk of identity theft and phishing.

To implement these new requirements, Google and Yahoo will adjust their algorithms to give priority to e-mails from domains that have correctly implemented DMARC. The aim of this measure is to improve the deliverability of authenticated e-mails, reinforcing users’ trust in the security of their e-mail inboxes.

The new guidelines will apply from February 1, 2024 to all senders who send more than 5,000 emails per day. They underline Google and Yahoo’s commitment to fight against online threats, in particular phishing, a common method used by cybercriminals to deceive users and gain access to their sensitive information. By adopting stricter e-mails authentication requirements, these companies are strengthening users’ protection against malicious attacks.

It is now essential for domains holders and players in the digital world to comply with these new guidelines, in order to contribute to the creation of a safer and more secure Internet for all.

Nameshield’s experts are at your disposal to assist you in deploying this protocol.

DNS and HTTP(S) redirects – How do they work together?

In the world of websites and domain names, it is common to want to redirect the use of a domain name to another – e.g. in the address bar of a browser – to access a website. For example:

  • Redirect a-great-website.com to www.a-great-website.com
  • Redirect www.to-be-redirected.com to www.a-great-website.com

However, it is not always easy to understand how all of this works, nor how to configure these redirects. Do I have to configure redirection at DNS level? At my web server level? Both? One or the other?

The purpose of this article is to detail the distinction between DNS «redirect» and HTTP redirect, and to present how these two protocols work together.

In the rest of the article, we will not distinguish between HTTP and HTTPS (HTTP protocol secured by a certificate). Everything that is said here is valid for both.

Understanding the difference between DNS and HTTP

DNS and HTTP are two internet protocols that are both essential to the proper functioning of the web, but do not have the same purpose.

Let’s take the example of a user who wants to access blog.nameshield.com. He enters blog.nameshield.com in the address bar of his favorite browser.

  1. Before the browser can send a request to obtain the content of the website’s home page, it must know to which IP address it must send the request. This is where DNS comes in. The browser sends a DNS query (using DNS protocol) to a resolver: «Give me the IP address associated with blog.nameshield.com». It gets back an IP address (81.92.84.102) configured on an authoritative DNS server. We’re talking about the resolution of the blog.nameshield.com domain name.
  2. The browser can then send the HTTP request (using HTTP protocol) to the HTTP server (or web server) whose IP address it has just obtained: «Give me the content of the web page blog.nameshield.com». In return, it receives the content of the page to display.

The DNS protocol offers types of records that allow to «redirect» one domain to another: especially the CNAME type. Although DNS “redirect” is easily referred to, the term “alias” is more appropriate. Strictly speaking, this does not redirect, but indicates that the domain we are resolving is an alias of another domain. You must then resolve this other domain to obtain the IP address you are looking for.

Let’s say we want to create a redirect from www.to-be-redirected.com to www.a-great-website.com. If we configure the DNS zone of to-be-redirected.com with a CNAME record of this type: www.to-be-redirected.com CNAME www.a-great-website.com, that basically means : “You want to know the IP address associated with www.to-be-redirected.com? Well, look for the one associated with www.a-great-website.com and you’ll get your answer.” Another DNS query will be sent to resolve www.a-great-website.com and obtain the IP address. The browser will have the IP address of the HTTP server we are interested in (the one hosting the website www.a-great-website.com), but this will not change the content of the HTTP request sent by the browser: “Give me the content of the web page www.to-be-redirected.com”.

You may notice that the HTTP request sent by the browser contains the name of the website (or host – here www.to-be-redirected.com) that you want to access. Indeed, a single server (and therefore a single IP address) can host dozens of different websites. It will only respond positively to HTTP requests containing a host for which it is configured. Knowing the IP address of the web server is not enough, one must also address an HTTP request to which it is able to respond. Sending a request http://www.to-be-redirected.com to some server configured only to respond to http://www.a-great-website.com will not work!

The HTTP protocol also offers a redirection system (here it is the appropriate term). An HTTP server can be configured to redirect one host to another. For example, if it receive HTTP requests “Give me the content of the web page www.to-be-redirected.com.”, it will answer “This resource is redirected to http://www.a-great-website.com.” Then the browser will repeat the following steps:

  1. DNS lookup of www.a-great-website.com
  2. Send a request http://www.a-great-website.com to the IP address obtained
  3. Display the web page obtained

How to make DNS and HTTP redirects work well together?

Let’s recap:

  • DNS is used to resolve a domain name to obtain an IP address.
  • HTTP requests are sent to an IP address, and contain the host of the website you want to access.
  • HTTP servers can return different contents depending on the host present in the request: a web page they host, a redirect for which they have been configured, or an error if the host is unknown to them.

So, to make a redirect work correctly (still using the same example), you must have:

  • A DNS record in the to-be-redirected.com zone to associate the www host with the IP address of a web server…
  • …web server on which a redirect from http://www.to-be-redirected.com to http://www.a-great-website.com must be configured.

How Nameshield can help you

Nameshield offers an HTTP (and HTTPS) redirect service that simplifies the configuration of these redirections, which you can use from the moment Nameshield is the DNS provider of your domain to be redirected. Simply go to the technical configuration interface of your domain name, then in the tab «HTTP redirections». You can then create a new redirect on the host of your choice, specifying various parameters (such as the repercussion of directories and query parameters). Our system will then automatically:

  • Update the DNS zone to add records (A/AAAA or CNAME depending on the host) to point to the IP address of the Nameshield HTTP redirect server. In the zone configuration interface, a dedicated icon makes it easy to distinguish these automatically added records.
  • Configure a new redirect on our HTTP server (with an anycast architecture if you have a premium offer) according to the requested parameters.

Your redirect is then operational, you have nothing more to do. No changes are necessary with your web hosting provider.

If you want to change the destination of an existing HTTP redirect, you just have to modify the existing redirection from the same interface (no need to delete it and then to create a new one). No changes are expected on the DNS, since the host already points to our HTTP redirect server. Our system will modify the HTTP server configuration, and your new redirect will be effective in a few minutes.

If you have any questions about this article, please contact your customer support team.

.FR: Increased unaided awareness among French VSEs and SMEs

In October 2023, Afnic, the French Association for Cooperative Internet Naming, which manages the .fr domain, carried out a survey on the perception of .fr among 502 tradespersons, retailers or VSE/SME managers selected on the basis of company size. Here are the results of the survey:

  • For 70.9% of French VSEs and SMEs, the .fr extension is spontaneously cited, that’s 6.2 points more than in 2022, ahead of .com (69.1%) and .org (20.5%).
  • 61% of French VSEs and SMEs consider that .fr has a very good reputation (that’s 11 points higher than .com) and 38% consider it to have a fairly good reputation.
  • And finally, for 88% of French VSEs and SMEs, .fr is perceived as the extension that enables them to promote French expertise in France and abroad.

For more information and to register your .FR domain name, don’t hesitate to contact a Nameshield consultant.

Image source : AFNIC