Some movement in the SSL’s world: Digicert acquires Symantec’s certificates activity

Digicert acquires Symantec’s certificates activity

On Wednesday, August 2nd, Digicert announced the acquisition of Symantec’s Website Security Business branch (including SSL business, and some other services). It’s the direct consequence of the conflict opposing Symantec to Google for a few months.

Digicert acquires Symantec’s certificates activity
DigiCert’s Twitter account

You have certainly already heard about this disagreement opposing two companies on a certain number of certificates issued by Symantec and the possible loss of trust towards these certificates in the next versions of Chrome. Many information and dates have been flowing on this subject, sometimes contradictory, it can be sensitive to evaluate the impact on your own certificates.

Nameshield as a Symantec’s Platinum partner, has followed very closely the development of this case to ensure that its customers and partners don’t risk to be impacted and suffer from a loss of trust within their browsers. The very latest developments of this case lead us to communicate the following important information:

What happened?

Google and Symantec had a dispute in 2015, Symantec’s teams taking for example certificates often based on the CN google.com, by really issuing them to delete them afterwards. It was objectively a mistake and Google has sanctioned Symantec by making compulsory the subscription of all certificates within the Certificate Transparency base, which since became the market standard and a mandatory for all Certification Authorities. This decision was effective on June 1st, 2016.

At the beginning of 2017, Google and Mozilla announced the discovery of 127 Symantec certificates with irregularities, leading to a thorough investigation from Google, which would have found nearly 30 000 impacted certificates. Google decided to severely sanction Symantec by reducing the certificates’ duration to 9 months and by deleting the EV status for Symantec certificates in a very short period. Symantec has immediately reacted by sanctioning 4 partners who were at the roots of the errors. Many discussions between the two groups, and with many important actors of the industry, took place since March 2017. A part of these publications, proposals and counter-proposals has created confusion.

These different discussions have led Google and Symantec to an agreement on a method and a transition calendar towards a new PKI infrastructure for Symantec. Google officially communicated on this subject on Friday, July 28th. This communication can be consulted here.

Symantec is committed to create a new PKI infrastructure in collaboration with a third party to prove its good faith, answer to the transparency requirements of Google and maintain the high degree of trust which has always benefited the group from the web users. This infrastructure change will take place on December 1st, 2017 and will require the replacement (or if any, the renewal) of all the existing certificates for Symantec brands, Thawte, Geotrust and RapidSSL. This extended deadline will allow a smooth transition, without impact on web users.

Since August 2nd, we know that this trusted third party will thus be Digicert.

What Calendar?

Google distinguishes Symantec certificates issued before June 1st, 2016 from those issued after this date (Mandatory subscription in Certificate Transparency). The loss of trust in these two categories of certificates will arrive through two different versions of Chrome, hence the following calendar:

– Category 1: Certificates issued before June 1st, 2016, will have to be replaced (or renewed*) between December 1st, 2017 and March 15th, 2018 (arrival of the beta Chrome 66)

– Category 2: Certificates issued between June 1st, 2016 and November 30th, 2017, will have to be replaced (or renewed*) between December 1st, 2017 and September 13th, 2018 (beta Chrome 70 arrival).

The eventual emergency communicated by the different market actors is therefore not relevant.

*anticipated renewal: a renewal can be done until 90 days before the expiration date of a certificate, without penalizing the duration of the new issued certificate.

Are you impacted?

Yes you are, if you dispose of certificates issued with one of Symantec brands (Symantec, Thawte, Geotrust, RapidSSL) through Nameshield or other providers with whom you would be working. All that remains is to distribute them in the two mentioned categories. We could help you identify the eventual impacted certificates and their distribution in the right categories, in order to plan the actions to carry out from December 1st, 2017.

And Digicert in all this?

Digicert is an American company, of which the actual market share represents 2.2% of the world market, based on the last report of W3tech. It’s a company renowned for the work quality of its authentication team and its conformity with the CAB forum’s Baseline Requirements. Digicert is regularly growing for several years on serious values and manages certificates portfolios of very important companies and websites around the World.

Digicert will become a major actor of the certificates market, by taking the 14% of the global market shares of Symantec. More interesting, the 40% of market shares on EV certificates and 30% on OV certificates which represents Symantec.

On paper, this acquisition is good news for all the Symantec customers. It’s a guarantee of continuity in the quality of provided services. It’s the guarantee of a successful transition towards a new PKI infrastructure requested by Google. It remains to monitor Digicert capacity to respect the calendar imposed by Google, we will closely monitor this.

What does Nameshield think of this?

Nameshield trusts Symantec and its teams for several years. On one hand, for its quality of service, which allows us to provide you a service of first level and on the other hand for the brand image and the trust created by this group to the web users. The management of this Google/Symantec crisis doesn’t question the trust we have in this partner, and whose support remains irreproachable.

Furthermore, we were for a few months, in relation with Digicert to extend our solutions portfolio, we welcome this acquisition announcement like a positive news for our customers and partners, by being confident on the continuity of the services we could offer you. It means that the trust you place in us is primordial and if you want to move in a different direction, Nameshield remains at your service to propose alternatives to you.

.BRAND : 4 episodes, for this summer

.BRAND : 4 episodes, for this summer
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/

Act 3: Depression

 

Five years ago, the number of domain name extensions was alright: less than 500. It was still possible to register its trademark and its company’s name in the extension of its choice and to act against fraudulent deposits. Attacks were unusual and you defended yourselves when smart little ones made contentious deposits. Some extensions only accepted subdomains registrations, such as Australia and the United Kingdom. Impossible to save at the root and impossible to register without having any rights: .CO.UK for companies, .AC.UK for the academic world,…

But that was before.

 

Domain names - Number of delegated TLDs

 

Then arrived several generic extensions and if the rare extensions created, caused only few problems (.MUSEUM, .MOBI, .AERO,…), this was not the case for the thousand new delegated extensions following the new gTLD program, opened on January 12, 2012. Although brands have filed .BRAND or .COMPANY to protect their territories, many extensions were open and the registration race allowed smart little ones to create big damage. The registration of BLOOMBERG.MARKET and VINCI.GROUP are two particularly well-known examples.

Today, the management of domain names is managed by people dedicated to this activity, mostly within marketing, legal and IT departments.

But what do you have to do? Register your brand in all TLDs? Spend an important amount in domain name retrieval procedures? An in-between?

Interesting alternatives are born from the opening of the new gTLDs:

  • Create a closed extension with subdomains to find the identification-trust link, such as the .FX project I presented a few days ago to NetWare2017 ;
  • Create your own extension: some already do this well, like .BNPPARIBAS or .LECLERC ;
  • Help the end user and this is the project of the Nameshield’s CEO, through Brandsays, a browser extension.

If the brands continue to rightfully submit domain names, they will also develop other means of access, such as SEO or social networks.

While INTA, in its recent study, highlighted impressive figures regarding defensive actions, to get the right answer, you have to ask the right question. We will see in the fourth and last episode of this summer saga, how to understand the .BRAND strategy.

 

Read act 1: Denial (and Anger)

Read act 2: Expression

Read act 4: Reconstruction

Have you heard of Esperancia?

Esperancia_logo - Nameshield

Surely, you have already noticed the Esperancia logo in the email signature of your Nameshield partner. But do you know how it works?

Esperancia is an endowment fund with an innovative and ingenious concept: the search for long lasting funding. This system ensures to maintain its purpose: a long-term action to the associations it supports.

Esperancia - Nameshield

 

If Esperancia owns 15% of our company’s shares, Nameshield also transfers 1% of its annual revenue to Esperancia.

Therefore, as a Nameshield customer, you also participate to the development of Esperancia.

This endowment fund works in a unique way. In that regard, Nameshield and the other sponsoring companies are pioneer companies.

Thanks to the funds collected by donations in euros or in capital, Esperancia assists and supports existing associative projects aimed to protect and help children and underprivileged youth to become self-sufficient adults able to take their place in society.

Esperancia intends to be a “purveyor of hope” to young people in difficulty. At the same time, Esperancia brings a complementary meaning to the commitment of our collaborators and to their involvement in our company: we commit ourselves to social projects at their side.

 

Last July, Nameshield hosted an event for the project “Réussir Angers”, created to help vulnerable 18-30 years old young people, who have for example, the common point of disregarding professional codes.

One of the purposes of this day was to educate those young adults, to initiate them to the corporate world, and make them feel more confident about themselves.

Over a convivial meal, the young people could listen to four Nameshield collaborators discussing about their personal and professional background.

In this favorable context, reassuring and free of pretense, the young people integrated to the project, could explore the doubts, obstacles and difficulties experienced by our fellow volunteers as well as their achievements, their successes, small and big.

A moment of exchange and sharing, enriching for every participants on each side of the stage.

.BRAND : 4 episodes, for this summer

.BRAND : 4 episodes, for this summer
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/

Act 2: Expression

 

We left off on the time when the brands did not feel the Internet revolution, the techniques evolving and the registered domain names. (Read act 1: Denial (and anger))

The example of McDonald’s is interesting. In 1994, Wired, an American magazine created a year earlier, communicates about the case of mcdonalds.com. Joshua Quittner, a journalist at Newsday, contacted McDonald’s and asked if they would be interested in registering mcdonalds.com. There was little to no answer. He registers the name, contacts McDonald’s which does not answer. Then he publishes his article on Wired, putting the contact address ronald@mcdonalds.com.

McDonald’s complains and Quittner asks for a donation for charities: it will be 3500USD for the computer equipment of a school in New York.

McDonalds - .brand domain name example

 

In analogy, we can remember when a Russian worker asked for a gift from Vladimir Putin, who could not refuse in front to the camera. Putin offered him his watch worth a year’s salary.

The virulent attacks of trademarks are legion in order to recover the domain names from little jokers, some of them could be part of the company, such was the case for mtv.com.

Brands federate among themselves, contact ICANN to develop simplified procedures, even if, according to the famous trademark dilemna, the American organization had known the risk of cybersquatting for a long time.

On the side of lawyers, training courses are launched on each side of the Atlantic and the UDRP, SYRELI, URS and others, are created in order to defend the digital territories.

France, known for a long time as a country supporter of trademarks, will not remain passive and is today, the second country in the world in the disputes resolutions concerning domain names.

Thus, in the virtual territory, and in contrast to the reality, the police is financed by trademarks. The holders of a territory, similar to countries, are doing nothing or almost nothing: recovering a .Fr can be possible using a SYRELI procedure, while for our friends from the outside of Rhine, no alternative procedure exists: to apply for its .DE, it is the court or nothing.

Nevertheless, an economy of defense of brands is organized and thus, an ecosystem is developed.

Everything seems to be going well, until the arrival of the new extensions, as called in the field, the first round…

 

Read act 3: Depression

The acquisition of Rightside Group by Donuts becomes a reality

new gTLDs - The acquisition of Rightside Group by Donuts

It’s at mid-July that ICANN has given its consent regarding the merge of Rightside Group, the registry behind the 40 new gTLDs (.ATTORNEY, .NINJA, .PUB, .DENTIST, .NEWS, .ROCKS, .LIVE, etc.) and the other well-known registry in the new gTLDs’ world, Donuts Inc (more than 200 TLDs: .LIFE, .LOANS, .MEDIA, .SOLUTIONS, .WORLD, etc.).

Donuts will then acquire Rightside at the price of 10.60$ per action, in the context of a takeover offer, i.e. an operation of approximatively 213 million in total.

Donuts, already largely dominant with its hundred extensions, continues to reinforce its position and benefits from difficulties faced by some registries suffering from deficit of commercial success.

This new operation highlights a fact: many new extensions didn’t obtain the expected enthusiasm and the registries which created them are in difficulties.

Are we heading slowly but surely towards a retrieval by Donuts of unsuccessful registries seeking to limit the losses?

 

Black July for the .xyz

.XYZ - new gTLD

The volume leader of the new gTLDs has seen its zone file cut by more than half.

While it started its July month with more than 5.2 million of registered domain names in its zone, it had only 2.5 million on Monday 17, letting the .top get its way back to the top in the meantime.

How to explain such a phenomenon?

First of all, the multigenerational extension doesn’t escape the non-renewal law.

A year after having massively registered at the derisory price of 0.01$ or even received for free their domain names in .xyz, the acquirers simply don’t renew these latter, hence a considerably reduced zone file.

Last but not least, a big part of the non-renewals comes from the ban done to registries by the China Ministry of Industry and Information Technology to sell .xyz.

Yet, half of the registered domain names in .xyz were owned by people in China.

The case is currently in the process of being resolved, so the .xyz has yet to type its final point.

Nameshield: The first French registrar certified ISO 27001 on all its registrar activity

Nameshield's ISO 27001 certification

 

 

Nameshield is proud to announce its ISO 27001 certification on all its registrar activity, the product of many months of work.

Why the ISO 27001 certification?

Since its creation, 23 years ago, Nameshield has taken to heart to provide to its customers the best services under conditions of optimal security. By choosing the ISO 27001 standard, this constant care given to all our services is now certified by a competent authority.

The impressive rise of the occurrence and the force of the cybercriminal attacks has comforted the founder and CEO of Nameshield, Jean-Paul Béchu, in his determination to propose to all our users an ISO 27001 certification on all our registrar activity.

Today, it’s frequent that cybercriminals attack services providers in order to reach indirectly their final targets. And if our Security Officer of Information System monitored already the security of our infrastructure, the ISO 27001 reinforces the requirements.

If Nameshield has engaged in this process, the result of an important investment, human and financial, it’s because it’s essential for us to demonstrate and certify the dimension of our engagement in term of security.

To be certified ISO 27001 is to ensure our customers and partners that the security of the Information systems is completely integrated and that Nameshield is committed to a process of constant improvement requiring specific resources, which we have chosen to deploy.

The certification confirms the competence of Nameshield’s employees and their expertise in the protection of critical information.

 

What is the ISO 27001 certification?

ISO 27001 is an international standard which describes the requirements for the establishment of an Information security Management System. This one is intended to choose the security measures to set up in order to ensure the protection of sensitive goods of a company on a defined perimeter. In the case of Nameshield, it covers all of its registrar activity.

At a higher level, the ISO 27001 standard requires that the managers of the company are involved in the cyber defense. In parallel, a steering committee follows the implementation of the new arrangements respecting the standard.

An audit carried out by LRQA, the World Leader of the certification of value added Management systems, allows us to deploy our security measures and to become the first French registration office to be certified on the complete perimeter of its registrar activity.

Nameshield, your trusted partner.

 

.BRAND : 4 episodes, for this summer

.BRAND : 4 episodes, for this summer
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/

Act 1: Denial (and Anger)

 

The brand, a forbidden territory. Everything is played out by attacks, complaints, courts. A ruthless world. Since the 23rd of June 1857 and the creation of the first system of trademarks by France, it is possible to benefit from an exclusive right of use for a term on different applications. Otherwise the law is coming. The arrival of the Internet will shake up this foundation.

If one remembers the Milka conflict with Kraft foods, which led to the famous opposition between Milka Budimir, a seamstress in Bourg-lès-Valence, and the American giant Kraft Foods about the domain name milka.fr, we can keep in mind the case of many domain names holders who succeeded in winning attacks against those bigger than them.

The expression of David vs Goliath is illustrated in France with leclerc.fr, domain name registered by a fan of the Leclerc tank. In spite of an attempt at recovery of SYRELI type, the tradesmen never succeeded in obtaining this famous domain name. For posterity, the justification of the individual will be retained in his argument: “… in life there are not only shopping centers and consumption, France is above all, a country of history, a strong history of which we can be proud!”

 

.BRAND - Leclerc.fr website
Leclerc.fr website

 

In the United States, the case of Nissan Computers is interesting. The little known IT company was registered after the name of its owner, Uzi Nissan. The eponymous Japanese company Nissan Motors evidently pouted at the deposit of nissan.com and tried to recover the domain name in question. Despite an incessant media campaign and numerous attacks, today nissan.com remains the property of Nissan Computers. Nissan Motors now uses nissanusa.com for its US business. In this case, the Nissan.com website only reflects Nissan Computers’ computer sales activity. We can instead find a strong attack against Nissan Motors. A bad buzz in action!

 

.BRAND - nissan.com website
Nissan.com website

 

What can we keep in mind through these two experiences? A relatively interesting bone marrow: the domain name, this intangible asset representing the image of a company, has not been sufficiently monitored by multinationals.

Schmidt launches its new website in dot brand: Home-design.schmidt

Schmidt is one of the first French brands of kitchens, but also the first kitchen furniture export company in France.

Schmidt group has decided to launch its new website in « .brand » (dot brand), .schmidt and thus has joined many big companies which have made this bet, like BNP Paribas (mabanque.bnpparibas), MAIF (voyagepro.maif), Club Med (corporate.clubmed) or the latest, SNCF (oui.sncf).

Schmidt chose to regroup its activity under the « home design » designation which describes well its industry. The company is not only dedicated to the kitchen world but also proposes bathrooms and “custom-made” furniture for the entire house: dressing, TV furnitures… all with a design touch.

The domain name home-design.schmidt allows on the one hand, to optimize the SEO and on the other hand, to facilitate its development and its international communication. After its launch in Great Britain at the end of April, the website arrives in Belgium, and will continue with Spain, Italia and Switzerland by July the 4th.

The domain name home-design.schmidt is easy to recognize and to remember for general public.

dot brand - Home-design.schmidt website
Home-design.schmidt website

But what is the benefit for brands to have their own extension?

In 2013, some companies (including some thirty French companies) wished to have their own « .brand » extension, in order to capitalize on their leading brand. Most of them wanted to secure and protect their naming spaces (to limit intermediaries in the chain of actors involved on a domain name registration). The purpose is also to have a domain name really distinctive and reassuring for the final consumer. The brands fight against cybersquatting, but this is an endless war. It represents an important annual budget and doesn’t limit the damages enough. The message of the brands owners of a « .brand » (dot brand) is the following: If you’re not on my « .brand » website, then you don’t buy the products or services of my brand.

This practice to communicate in « .brand » isn’t known enough by the general public. Of course, the consumers’ awareness should be increased in order to use extra caution during their navigation, and that means the domain name verification.

So having its « .brand » is a differentiating factor and will be more and more used for marketing purposes.

.brand - ma.cuisinella website
ma.cuisinella website

Bitter taste to confectionary disputes

KitKat Nestlé - confectionary disputes

 

Last week the UK Court of Appeal ruled on the long running battle between Nestlé and Cadbury (owned by Mondeleze) over the attempt to register the shape of the KitKat bar in the UK.  Trademarks need to be a “badge of origin”. In particular registration of a shape mark requires good evidence of acquired distinctiveness to show that consumers rely on shape in a “trade mark sense”. The UK court has ruled that this is not the case for the KitKat shape. The mere fact that consumers recognise the mark is insufficient and the applicant must demonstrate that a significant proportion of the relevant public rely on the mark to indicate the product origin.

KitKat Bar - shape mark

Once again this shows how applications for non-traditional marks are more vulnerable to objections for lack of distinctive character.

But it is also interesting that the industry continues to fight these costly battles. Most of us might view these disputes as irrelevant and a waste of money but the parties involved see them as a battle for an all-important edge in the marketplace. The confectionery industry is extremely competitive – the aim is to ring-fence your brand and intellectual property rights in order to block others from cutting into your space.

There are quite a few registered shape marks in the world of confectionery and many of them have seen some level of trademark dispute.

 

Some well-known shape marks:

Bitter taste to confectionary disputes

The maker of the Golden Bunny, Lindt, launched a chocolate teddy bear. Haribo, which invented gummy bears in the 1920s, said shoppers would confuse the two products, even though Lindt’s bears are made of chocolate and gummy bears are jelly sweets.

 

Examples of colour marks:

Color marks

Both these shades of purple are used for chocolate products and are owned by Kraft / Mondelez. But there has been an ongoing battle between Nestle and Cadbury about the legitimacy of use as a trademark. The British public has linked this shade of purple with Cadbury for over a century in the same way that the Milka shade is well accepted by a wider European consumer audience.