New e-mails authentication requirements from Google and Yahoo

New e-mails authentication requirements from Google and Yahoo - DMARC

Google and Yahoo recently announced significant changes to their e-mails authentication requirements. The aim of these adjustments is to strengthen the security of online communications, a major issue in the current context of cybercrime.

The two giants are emphasizing the adoption of advanced authentication protocols, in particular DMARC (Domain-based Message Authentication, Reporting, and Conformance). DMARC relies on the existing SPF and DKIM standards, providing a robust method for verifying e-mails’ authenticity and reducing the risk of identity theft and phishing.

To implement these new requirements, Google and Yahoo will adjust their algorithms to give priority to e-mails from domains that have correctly implemented DMARC. The aim of this measure is to improve the deliverability of authenticated e-mails, reinforcing users’ trust in the security of their e-mail inboxes.

The new guidelines will apply from February 1, 2024 to all senders who send more than 5,000 emails per day. They underline Google and Yahoo’s commitment to fight against online threats, in particular phishing, a common method used by cybercriminals to deceive users and gain access to their sensitive information. By adopting stricter e-mails authentication requirements, these companies are strengthening users’ protection against malicious attacks.

It is now essential for domains holders and players in the digital world to comply with these new guidelines, in order to contribute to the creation of a safer and more secure Internet for all.

Nameshield’s experts are at your disposal to assist you in deploying this protocol.

DNS and HTTP(S) redirects – How do they work together?

In the world of websites and domain names, it is common to want to redirect the use of a domain name to another – e.g. in the address bar of a browser – to access a website. For example:

  • Redirect to
  • Redirect to

However, it is not always easy to understand how all of this works, nor how to configure these redirects. Do I have to configure redirection at DNS level? At my web server level? Both? One or the other?

The purpose of this article is to detail the distinction between DNS «redirect» and HTTP redirect, and to present how these two protocols work together.

In the rest of the article, we will not distinguish between HTTP and HTTPS (HTTP protocol secured by a certificate). Everything that is said here is valid for both.

Understanding the difference between DNS and HTTP

DNS and HTTP are two internet protocols that are both essential to the proper functioning of the web, but do not have the same purpose.

Let’s take the example of a user who wants to access He enters in the address bar of his favorite browser.

  1. Before the browser can send a request to obtain the content of the website’s home page, it must know to which IP address it must send the request. This is where DNS comes in. The browser sends a DNS query (using DNS protocol) to a resolver: «Give me the IP address associated with». It gets back an IP address ( configured on an authoritative DNS server. We’re talking about the resolution of the domain name.
  2. The browser can then send the HTTP request (using HTTP protocol) to the HTTP server (or web server) whose IP address it has just obtained: «Give me the content of the web page». In return, it receives the content of the page to display.

The DNS protocol offers types of records that allow to «redirect» one domain to another: especially the CNAME type. Although DNS “redirect” is easily referred to, the term “alias” is more appropriate. Strictly speaking, this does not redirect, but indicates that the domain we are resolving is an alias of another domain. You must then resolve this other domain to obtain the IP address you are looking for.

Let’s say we want to create a redirect from to If we configure the DNS zone of with a CNAME record of this type: CNAME, that basically means : “You want to know the IP address associated with Well, look for the one associated with and you’ll get your answer.” Another DNS query will be sent to resolve and obtain the IP address. The browser will have the IP address of the HTTP server we are interested in (the one hosting the website, but this will not change the content of the HTTP request sent by the browser: “Give me the content of the web page”.

You may notice that the HTTP request sent by the browser contains the name of the website (or host – here that you want to access. Indeed, a single server (and therefore a single IP address) can host dozens of different websites. It will only respond positively to HTTP requests containing a host for which it is configured. Knowing the IP address of the web server is not enough, one must also address an HTTP request to which it is able to respond. Sending a request to some server configured only to respond to will not work!

The HTTP protocol also offers a redirection system (here it is the appropriate term). An HTTP server can be configured to redirect one host to another. For example, if it receive HTTP requests “Give me the content of the web page”, it will answer “This resource is redirected to” Then the browser will repeat the following steps:

  1. DNS lookup of
  2. Send a request to the IP address obtained
  3. Display the web page obtained

How to make DNS and HTTP redirects work well together?

Let’s recap:

  • DNS is used to resolve a domain name to obtain an IP address.
  • HTTP requests are sent to an IP address, and contain the host of the website you want to access.
  • HTTP servers can return different contents depending on the host present in the request: a web page they host, a redirect for which they have been configured, or an error if the host is unknown to them.

So, to make a redirect work correctly (still using the same example), you must have:

  • A DNS record in the zone to associate the www host with the IP address of a web server…
  • …web server on which a redirect from to must be configured.

How Nameshield can help you

Nameshield offers an HTTP (and HTTPS) redirect service that simplifies the configuration of these redirections, which you can use from the moment Nameshield is the DNS provider of your domain to be redirected. Simply go to the technical configuration interface of your domain name, then in the tab «HTTP redirections». You can then create a new redirect on the host of your choice, specifying various parameters (such as the repercussion of directories and query parameters). Our system will then automatically:

  • Update the DNS zone to add records (A/AAAA or CNAME depending on the host) to point to the IP address of the Nameshield HTTP redirect server. In the zone configuration interface, a dedicated icon makes it easy to distinguish these automatically added records.
  • Configure a new redirect on our HTTP server (with an anycast architecture if you have a premium offer) according to the requested parameters.

Your redirect is then operational, you have nothing more to do. No changes are necessary with your web hosting provider.

If you want to change the destination of an existing HTTP redirect, you just have to modify the existing redirection from the same interface (no need to delete it and then to create a new one). No changes are expected on the DNS, since the host already points to our HTTP redirect server. Our system will modify the HTTP server configuration, and your new redirect will be effective in a few minutes.

If you have any questions about this article, please contact your customer support team.

.FR: Increased unaided awareness among French VSEs and SMEs

In October 2023, Afnic, the French Association for Cooperative Internet Naming, which manages the .fr domain, carried out a survey on the perception of .fr among 502 tradespersons, retailers or VSE/SME managers selected on the basis of company size. Here are the results of the survey:

  • For 70.9% of French VSEs and SMEs, the .fr extension is spontaneously cited, that’s 6.2 points more than in 2022, ahead of .com (69.1%) and .org (20.5%).
  • 61% of French VSEs and SMEs consider that .fr has a very good reputation (that’s 11 points higher than .com) and 38% consider it to have a fairly good reputation.
  • And finally, for 88% of French VSEs and SMEs, .fr is perceived as the extension that enables them to promote French expertise in France and abroad.

For more information and to register your .FR domain name, don’t hesitate to contact a Nameshield consultant.

ICANN78: Ahoy, the ICANN boat sails for 25 years

From 21 to 26 October, Hamburg in Germany, hosted the 78th ICANN Summit, the Internet’s regulatory body. Hamburg, the connected city par excellence and Germany’s leading intelligent city, succeeds Berlin as the second German city to host such a summit. Berlin hosted ICANN2 in 1999. This 78th edition brought together more than 1,600 participants from 175 countries and territories. It also marked the 25th anniversary of ICANN and the 20th anniversary of the Generic Names Supporting Organization (GNSO), the body responsible for policies applying to domain names in generic extensions.

De Elbschippers at the ICANN78 Welcome Ceremony, on October 23, 2023
De Elbschippers at the ICANN78 Welcome Ceremony, on October 23, 2023

ICANN faces new challenges

“On 30 September 1998, ICANN was incorporated as a private, not-for-profit organisation in the State of California”. With these words, Tripti Sinha, the Chair of ICANN’s Board of Directors, began a dense speech at the Welcome ceremony of ICANN78. She reminded us that most of today’s Internet tools, including smartphones, have been developed and launched during this period, and that while “25 years is not much”, “the world has changed remarkably” in the meantime. Today, it is the context of wars and technological transformations, in particular “artificial intelligence and quantum technology”, that constitute major challenges for the multiparty model. To these can be added alternatives to domain names that use the DNS, such as blockchain domains, which are outside the scope of ICANN. These were highlighted at ICANN78. Their protagonists like to call them “domain names”, while others would like to differentiate them by talking about “wallet domains”. ICANN’s interim President, Sally Costerton, made a point of emphasising the word “trust” in her introductory speech. “Trust is a fragile thing” she said, “difficult to build and easy to lose”.

On the subject of trust, Sally Costerton pointed out during the ICANN Board’s question and answer session that significant progress has been made on a number of important issues since her appointment in December 2022. In March of this year, for example, the first international Universal Acceptance Day was held, or how to make the Internet more inclusive and thus closer to the way its users use it. At the ICANN76 summit, also in March, the next series of new generic extensions was confirmed. More recently, the Registration Data Request Service (RDRS), a prototype of the future System for Standardized Access to Domain name registration data (SSAD) for legitimate requests, was launched. And the year 2023 will have seen a concrete proposal to strengthen the means of combating abuse of the DNS after years of fruitless exchanges. A proposal to revise the contracts of registry operators and registrars is currently being put to a vote by the parties concerned, with adoption expected between December 2023 and January 2024.

Registration Data Policy: Let it go let it go

The fact that ICANN represents numerous sensibilities whose interests are often divergent, but also that it operates with consensus as its totem, partly explains why the finish line is often far removed in time from the starting line. The Registration Data consensus Policy has not escaped this reality. This policy is intended to replace a Temporary Specification implemented as a matter of urgency on 17 May 2018, eight days before the General Data Protection Regulation (GDPR) came into force thus to integrate the GDPR requirements into the DNS ecosystem. The Registration Data Consensus Policy is the culmination of phase 1 of a Policy Development Process (PDP) initiated on this occasion. While a final report with a view to its implementation was issued at the beginning of this year, it was ICANN78 that enabled the implementation review team work to be concluded. The blocking point on the wording relating to the deadlines granted to operators to deal with urgent requests for access to registration data in the event of law enforcement, could be removed. The policy, which now has a permanent framework, will now be implemented by the parties concerned, registry operators and registrars.

The next round of new generic extensions

The next round of new generic extensions remained another major topic of this edition. While ICANN is now putting forward the date of April 2026 for the next application window (editor’s note: the previous window took place between January and April 2012), ICANN78 highlighted the progress made in implementing the recommendations arising from the Policy Development Process known as “PDP Subpro” (editor’s note: Subsequent Procedures). Earlier in March, some thirty recommendations had not been adopted by the ICANN Board and had been referred to the GNSO for clarification. Thanks to the work of a Small team, 12 additional recommendations have just been adopted by the ICANN Board, bringing the total number of adopted recommendations to 104. 13 remain in the balance and 7 have been rejected. For the latter, we will now have to assess their impact and consider remedies. The implementation team can therefore make progress on just over 80% of the recommendations arising from the Subpro PDP. The revised guide for future applicants is progressing in line with initial forecasts with at least 18 months to go.

The issue of closed generic extensions and diacritical letters

Considered but not proposed due to a lack of consensus in 2012, then discussed for five years, the topic of closed generic extensions was relaunched in 2022 with a view to a new series of generic extensions. In practice, they would allow organisations under certain conditions to use a generic term (editor’s note: for example .CHARITY) with the same rights as a brand extension. Access to the extension to create new domain names would therefore be very restricted. A year ago, a discussion group comprising the Governmental Advisory Committee (GAC), which represents governments, the At-Large Advisory Committee (ALAC), which represents end-users, and the GNSO was set up to try to address this issue. Last July, they proposed a framework detailing the many aspects to be considered to introduce this new type of extensions. However, at the end of their work, each body sent a separate letter to the ICANN Board of Directors, proof that their positions remained far apart. Barring any surprises, there should therefore be no closed generic extensions in the next round.

Québec, whose .QUEBEC was integrated into the DNS root in April 2014, has also invited itself into the discussions concerning the next series of new generic extensions. In 2012, Québec announced its wish to obtain .QUEBEC as well as .QUÉBEC. Although in the end they only applied for the non-accented version, they had hoped to be able to use .QUÉBEC as well. They were not granted this right because of a risk of similarity. ICANN78 highlighted the fact that perceptions remain different depending on whether or not .QUÉBEC is a variant of .QUEBEC. The pronunciation for French speakers is the same, but the presence of a diacritical letter (editor’s note: letters to which signs such as the acute accent, the grave accent, the circumflex accent, the umlaut are added) makes encoding in ASCII characters different and technically feasible. While their request has little chance of success, it has also served to focus attention on important issues for registry operators, where the answers provided are often ill-suited to their needs.

ICANN78 was ICANN’s last annual summit. All eyes now turn to 2024. A new year is approaching, which may or may not see the conclusion of contractual amendments to registry and registrar contracts, with specific obligations to remedy malicious use, the continuation of implementation work on the next series of generic extensions, the likely launch of an ICANN holistic review or even the prospect of the scheduled Sunset of the Whois protocol in early 2025.

For Europeans and companies operating on European territory, it is the NIS2 directive that will crystallise all attention, as it must be transposed into the national laws of the Member States by October 2024. On this subject, ICANN representatives indicated at the traditional closing Public Forum that the policies for generic extensions are not “in contradiction with the NIS2 directive and that the parties concerned have the latitude to implement measures to comply”. The European Top Level Domain Information Sharing and Analysis Center (European TLD ISAC) is to be commended on this point, as it will be a useful relay in implementing the NIS2 Directive in the domain name industry.

Nameshield, an independent European company that has been ISO 27001 certified since 2017, will comply with the directive and will be keen to help its customers to comply. Nameshield also has the expertise to manage your projects for new generic extensions.

Finally, in terms of leadership, the GNSO, the body responsible for generic extensions, now has a new Council team appointed at ICANN78, while ICANN Org will be appointing a new president in 2024. See you next year.

Image source : ICANN‘s website

[New gTLDs] Google launches .ING and .MEME

[New gTLDs] Google launches .ING and .MEME

Google enriches its catalog as a registry and launches two new extensions: .ING and .MEME.

Launch of .ING

With .ing, unleash your creativity and put your domain names into action:,,,…

.ING launch schedule

  • Sunrise phase: from 20/09/2023 to 24/10/2023

Phase reserved for holders of trademarks registered in the TMCH.

  • Early Access Period (EAP): from 31/10/2023 to 05/12/2023

Anyone can register available domains in .ing for an extra fee, which decreases leading up to General Availability.

  • General availability: as of 05/12/2023

Registration of .ing domain names is open to all, on a “first come, first served” basis.

Launch of .MEME

Funny and easy to share, “memes” are phenomena that have been massively reproduced and adapted, and are driving the web today. With .meme, use the codes of web culture for your online presence.

.MEME launch schedule

  • Sunrise phase: from 20/09/2023 to 24/10/2023

Phase reserved for holders of trademarks registered in the TMCH.

  • Limited Registration Period (LRP): from 31/10/2023 to 28/11/2023

Reserved for content creators specializing in the creation and distribution of Internet memes.

  • Early Access Period (EAP): from 28/11/2023 to 05/12/2023

Anyone can register available domains in .meme for an extra fee, which decreases leading up to General Availability.

  • General availability: as of 05/12/2023

Registration of .meme domain names is open to all, on a “first come, first served” basis.

If you have any questions about registering your .ING or .MEME domain name, please contact your Nameshield consultant.

News from Turkey! Liberalization of the .TR

Changes in the administration of Turkish extensions

Domain names in Turkey have undergone a major process of change and development in recent years. Last year, we announced the liberalization of domain names under the, and extensions.

It’s now a project to open .TR live. The allocation of .TR will be carried out according to a defined schedule with categories under a process called “ Transition Process“:

BTK announces the opening according to these 3 categories:

CATEGORY 1: since 14/09/2023 for a period of 2 months (end of period November 2023):

In this category, priority is given to holders of domain names with the extensions,,,, and respectively.

For example, for the domain name, the holder of the domain name has the right of priority allocation.

CATEGORY 2: from November 2023 to February 2024

In this category, priority will be given to holders of domain names with the “” extension assigned before 25.08.2023.

The category will be given priority to the following institutions (holder of

  • Professional organizations that are public institutions,
  • Public interest associations and foundations benefiting from tax exemption,
  • Professional organizations of employees or employers.

CATEGORY 3: the date has not yet been announced, but we can deduce that it will be from February 2024.

In this category, holders of domain names under these extensions will have priority:,,,, For this last category, the rules have not yet been defined.

We will keep a close eye on future announcements of the registry and will keep you informed as soon as we have more precise dates for the last category. Please note that the dates of the different periods can be modified if necessary.

Don’t hesitate to prepare your orders and contact your consultants and account managers to review your domain names portfolio in Turkey.

Meet Nameshield on the it-sa from 10th to 12th October 2023 in Nuremberg, Germany

Meet Nameshield from 10th to 12th October in Nuremberg at a new edition of the it-sa, the absolutely must-attend meeting of the IT security sector!

As the “Home of IT Security“, it-sa stands for both a comprehensive range of information and networking and knowledge exchange on the topics of data protection and IT security.

The three-day programme includes talks, workshops, discussion panels, one-to-one meetings and opportunities for networking…

Meet us on site: Hall 7, Stand 7-214, in cooperation with eco, the Association of the Internet Industry.

Exchange with our team and discover our global solutions that satisfy the requirements of your DNS security. Discover our product for a high-availability of your strategic domains: “DNS Bastion“.

For more information, visit the event website:

ICANN confirms DENIC Services as sole ICANN designated registrar data escrow agent

ICANN confirms DENIC Services as sole ICANN designated registrar data escrow agent

In 2018, ICANN, which is in charge of allocating domain names and IP addresses, confirmed DENIC eG as the data escrow agent for registrars on behalf of the ICANN organization, alongside provider Iron Mountain, which has since been taken over by NCC Group. Five years later, on July 17, following a new call for tenders, ICANN has confirmed DENIC Services as its sole accredited escrow agent for the next five years. A fine recognition for this European player and subsidiary of DENIC eG, which notably manages .DE, Germany’s geographical extension with over 17 million domain names.

Stefan Pattberg, Director of DENIC Services, took the opportunity to answer our questions.

Could you please remind us what the role of a data escrow agent is?

It is important for the stability of the global Internet that domain names are not only being granted but accessible all the time, independently from the financial, operational, or legal status of the managing registrars or registries at a certain time. Obviously, the registration data is an important asset for a registrar or a registry, often the most important one, because it represents the relationship to the customer and is the source of income for the service providers. But it is not only of economic importance. There are also additional policy requirements and even legal regulation like GDPR to consider when handling such data.

The role of the Data Escrow Agent is to ensure that the registration data that is belonging to a domain is always safe and available, even in case that a registrar or a registry in charge of managing a domain are failing. In such a case the mission of the Data Escrow Agent is to release the registration data to another service provider taking on board the role of the previous failed party. That is a very important security feature for domain holders, making sure that their domain will always be available, and the ownership is always certain. If there is no need to release such a deposit, it is the duty of the Escrow Agent to safeguard the registration data according to all relevant policies and regulation in a manner, that there is no risk for the depositor that the data could be lost to a competitor or anybody else not being authorized to access it. Registries and Registrars using Data Escrow are delivering the registration data, daily or weekly, as so-called deposits to the Escrow Agent. A deposit is a composition of all relevant registration data in a special form, highly encrypted and even electronically signed by the sender. The agent validates the deposit. That means the agent checks whether the received deposit is from the right sender, is intact in its full integrity and that the data format is compliant to the international standards. The result of the validation is then being reported to all parties involved, the depositors and the beneficiaries. That creates transparency and transparency creates trust.

In what way is the designation of DENIC Services as the sole ICANN-accredited escrow agent significant from the point of view of data protection and security?

When ICANN started the Data Escrow program well back in 2007, there was only one Data Escrow Agent that has been chosen as Designated Escrow Agent for registrars. Designated Escrow Agent means that ICANN has selected this agent in a very ambitious process, checking the technical, financial, and operational capacities of such an agent, and that ICANN is paying this agent for the service being delivered to the registrars. So, if a registrar is working with a Designated Escrow Agent there should be high certainty about the stability and the quality of the service which is free of charge for the registrar. If the registrar wants to deposit with a non-designated data escrow agent, fees must be paid and the registrar needs to do all the checks, that ICANN is performing during the selection process, on its own.

The sole Data Escrow Agent in 2007 was an US-American company, following the US law and regulation. ICANN saw the upcoming need in 2017 to offer a solution being GDPR compliant. GDPR increased the level of data privacy in advantage of domain holders but raised questions about locations of data storage, transfer of deposits in and out of the European Union etc. After a Request for Proposal process in early 2018 , ICANN decided to nominate a second Designated Escrow Agent which was DENIC. To get the best focus on the service quality for customers, DENIC created DENIC Services as the new service provider for Data Escrow and Anycast DNS services to the Domain Name Industry. That was only five years ago.

As a German company and GDPR on the horizon, we have decided to build the new Data Escrow application with privacy-by-design. The two data centers that we are using for a GDPR-compliant 365 days, 24 by 7 service are within the European Union, one in Frankfurt and the second one in Amsterdam. Since the beginning of DENIC Services it was important, that we proof trustworthiness to our customers, especially in IT security, business continuity and data privacy. We are certified according to ISO27001 and ISO22301. The data centers are operated by DENIC which is having a famous track record in running critical infrastructure without downtime and in a safe and secure manner for more than 25 years. So, I think that using DENIC Services as the sole ICANN-accredited escrow agent takes a lot of worries away from registrars. They can focus on their core business, and we promise that “WE PROTECT YOUR BUSINESS.”

In March this year, ICANN started a new selection process for one or more global Designated Data Escrow Agents. We understood this as a challenge to show that we are not only the best option for those registrars and registries being under the GDPR regime, but even for others that must respect other legislation and data privacy regulation. Hence, we have built a second Data Escrow infrastructure in North Virginia in the USA. That means, registrars and registries have the choice now, where their deposits should be stored. Both infrastructures deliver the same kind of security and safety and run accordingly to the same service level agreements provided by ICANN.

The top reputation that we have in the market today, our track record of annual innovations, and the aspect of being able to give registrars the choice for the location of storage seem to be compelling to ICANN and now we are the Sole Designated Escrow Agent for all ICANN accredited registrars around the globe.

How did you feel about this designation?

We are very proud to be selected for this role which is of high importance for the stability of the global Internet. We see this designation as an appreciation for our hard work over the past five years. We did not only rethink Data Escrow from scratch, but we have also delivered new innovations all the time. We wanted to be the market leader in technology, service quality and customer satisfaction since day one, and we have achieved it. But we also accept this challenge with a certain humility. We know how big the task is and that despite all the preparation, we will experience things that are unplanned and unforeseen. But I’m sure that we have the right attitude, motivation, the necessary expertise and also the joy of serving our customers in our team to cope with it.

Do you think it will help to consolidate the multi-stakeholder model that was initiated by ICANN with the IANA transition completed in 2016?

That is one of the challenges for us. We must proof within the next five years that having one sole Designated Escrow instead of two, ends up with a better service and better results for the community. Having a working multi-stakeholder model in place, which is accepted by almost all parties involved, is a value per se in our today’s world. Is there room for improvement? For sure. We have many ideas how to improve the Data Escrow process and how to get more value out of it. But most of the times, we withdraw new ideas because it seems to be too complicated to come to a conclusion in a timely manner. With all the advantages in having a multi-stakeholder model in place, time is always an issue. If you look at the discussion and the planning around gTLD 2.0, I have the feeling since my beginning, that it is always happening in two years from now, but we are never coming closer to it. Having only one Designated Escrow Agent being in direct communication with all accredited registrars should help us, to re-gain some of the speed that we may have lost.

What are the next steps envisaged by DENIC Services to organise the transition to this new responsibility?

We are planning a transition period of around 12 months which is managed and monitored closely by ICANN. More than 2,500 registrars will join us in that period. This will multiply the number of our customers and the number of domains being escrowed with us. The good news is that we are well prepared for this. As soon as a customer has passed the data escrow change process with ICANN, we send out credentials to the customer for our Data Escrow Control Center. This portal not only delivers all kind of information about the daily business with 365 days, 24 by 7 approach, it offers a new on-boarding feature that puts the registrar in control of the on-boarding and offers a semi-automated process up to the successful delivery of the first deposit to us. For registrar groups or families, we offer a special server-to-server communication via Restful API, so that the technical service provider is controlling the whole on-boarding process in a fully automated manner. These two innovations only have reduced the time needed for on-boarding from weeks to days by purposefully reducing the number of potential error sources.

Registrars that are looking for more information about our service can visit the website This website provides answers to the frequently asked questions, offers a lot of information to download and invites to register for the webinars that we are offering for on-boarding.

And not to forget, during all the selection process, ICANN was very much valuing the service quality and was insisting in the expectation to get the same kind of service level for all new registrars that the existing customers are appreciating. We have therefore agreed to double our Data Escrow customer service team which is a huge invest in addition to all the IT development that we have made before. Hence, from October onwards, we will have one customer service teams for all registrars already on-boarded and a second team trained and focused on on-boarding of registrars joining us.

Interview conducted by Nameshield on 18-07-2023.

Image source : Bruno via Pixabay

ICANN77: Concrete progress and the search for a future leader

ICANN77: Concrete progress and the search for a future leader

Last month, the 77th Summit of ICANN, the Internet’s regulatory body, was held in Washington DC. This second summit of 2023 was once again rich in meetings and exchanges, with 90 sessions held over four days.

Here is a look back at the highlights of this event.

Successful outcomes

While ICANN summits have often left a mixed impression due to the multitude of subjects debated and processes made more cumbersome by the consensual approach sought by the organisation, we can welcome the fact that ICANN77 was marked by the successful conclusion of several of them, starting with the Registration Data Consensus Policy.

In May 2018 ICANN hastily applied a Temporary Specification to all stakeholders with a package of measures directly linked to the GDPR that the European Union had just applied. These measures included the masking of personal data in generic domain name registration databases. This set of obligations was intended to be renewable for one year and was to be replaced by a permanent framework. The body responsible for generic name policies, the GNSO, therefore quickly convened a process for developing new policies, a PDP, which was divided into several workstreams. Phase 1 of the PDP concerned the long-term binding framework they were looking for. The result was the Registration Data Consensus Policy, which has now been finalised. This work has been extended because the subject of personal data on domain names overlaps with many other texts (21 policies in all) which have also been revised. While stakeholders will have at least 18 months to apply the new policy, aspects relating to the collection, processing and storage of personal data linked to domain names will be altered.

Phase 2 involves the creation of a standardised system for accessing hidden personal data on domain name contacts for legitimate purposes, such as investigations into cybercrime. This resulted in the creation of a prototype that will be deployed this Fall. Over the next two years, this prototype should enable the organisation to validate whether or not it should develop a permanent global tool. It is therefore a reasonable step, because it is prudent. It would have been risky to develop a particularly expensive global system whose use was uncertain. But this issue is also directly linked to the accuracy of the data. What is the point of requesting access to masked contact data if it is unreliable?

On this subject, ICANN has launched a project in 2021 on the accuracy of registration data. But ICANN came up against the fact that in order to assess the accuracy of the data, it needed a legal basis for accessing the data. This forced the body to put this project on hold last year, when negotiations began to create a Data Protection Agreement between ICANN and the stakeholders.

Two contractual amendments in 2023

On the contractual side, it should be noted that the contracts linking ICANN with the registry operators on the one hand and the registrars on the other are in the process – and this is unprecedented – of being amended twice in the same year. The first revision will come into force next month to organise the transition between the Whois protocol and the RDAP protocol. The second revision, which is about to be put to the stakeholders for a vote, aims to step up the fight against DNS abuse. As far as DNS abuse is concerned, it should be remembered that this subject has long been a staple of ICANN summits, in the sense that it has been debated for several years without ever coming to a conclusion due to a lack of consensus. The need to step up action against these attacks has therefore never been so close to being written into the contracts.

ICANN is looking for its future leader

In another unprecedented development, on 21 December last year, ICANN announced the resignation of Goran Marby, its President. Sally Costerton took on the responsibility and was rapidly appointed Interim President of the organisation. This experienced leader, who already has around ten years’ experience in the organisation, was logically closely watched at ICANN76, but was also well received by the community. She took ownership of the issues very quickly and was very proactive in pushing them forward. ICANN77 was an opportunity to propose a session called CEO Search Committee. The profile of the future president was drawn up, along with his or her eight responsibilities: management of the IANA function, development of new DNS system policies, the program for new generic extensions, strategic management, management of the governance body, commitment and exchanges within the community, management of responsibility and, of course, the role of representative of the body. The perspective given for the appointment of this future face of ICANN is the second quarter of 2024.

The next round of new generic extensions at the centre of attention

As is often the case at ICANN summits, the subject of the next round of new generic TLDs was on the menu for most of the discussions. The fact that the previous application window dates back to the beginning of 2012 is obviously no coincidence. At her first summit as President of ICANN, Sally Costerton made good progress on this issue, with ICANN76 concluding with the ICANN Board adopting 98 of the 136 recommendations arising from the process of developing new policies for the next round. 38 recommendations remain to be clarified, and this work is currently underway, with completion scheduled for the second half of this year.

At the same time, implementation of the other recommendations and revision of the Applicant Guide Book have begun. However, two other subjects complete the picture: the possibility of creating closed generic TLDs, a sort of model similar to brand TLDs but which would be made possible on generic terms, and the revision of policies for internationalised TLDs and domain names, i.e. in native languages. The first subject should soon be put into orbit via a process of development of new policies planned over nearly two years. As for the second, its policy development process could last until November 2025. The organisation’s intention is to bring these two issues to a successful conclusion before the next round.

At the time of the 2012 round of new generic extensions, internationalised extensions and domain names were already being strongly promoted as a vector for the success of this innovative process. However, this was without taking into account universal acceptance, which was still in its infancy and which has fortunately made considerable progress since then. The RDAP protocol for registration data was also already considered as an alternative to Whois to be implemented with the new generic TLD program. However, RDAP is only set to replace Whois after a transition period of 18 months. As for closed generic extensions, they were also considered in 2012 but abandoned due to a lack of consensus. They could finally see the light of day under terms to be defined during the next round. As for abuse of the DNS, another subject that has been debated for years, it is also on the point of leading to additional obligations that will affect registries and registrars alike.

If Nameshield is already offering you solutions to help you deal with infringements of your online assets and your gTLD projects, it should be noted that the obligations incumbent on companies that manage domain names are constantly increasing, but also that with ICANN the issues are almost always resolved in the end.

See you in Hamburg in October for ICANN78.

Image source : ICANN’s website

Nameshield’s DNS Premium labelled France Cybersecurity

The digital transformation of companies creates an increasing dependence on networks.

Websites, emails, VPN, applications… these company key services must remain accessible. An interruption would be dramatic.

DNS is the access point to all these services. It translates domain names into IP addresses and routes traffic to these services. It is increasingly exposed to attacks, yet remains poorly secured due to a lack of knowledge. With the increase in threats, maintaining its DNS infrastructure is becoming more and more complex.

Securing strategic domain names by hosting them on highly secure DNS offering permanent availability, to avoid any interruption to company key services, has become a necessity.

Nameshield, certified ISO 27001 on all its registrar activities, protects companies’ critical digital services against cyber threats, and proposes a DNS Premium solution that ensures high availability of online services.

Nameshield’s DNS Premium has been labelled France Cybersecurity since 2018. This label is a guarantee for users that Nameshield’s products and services present a level of quality in cybersecurity verified by an independent jury.

Cybersecurity is at the heart of Nameshield’s DNA, through its CERT and ISO 27001 certification. In a sector dominated by American players, this label is the perfect way to highlight our sovereign solutions such as DNS Premium“, Christophe Gérard, Nameshield’s Products Director.