News archive

ICANN84: How Global Internet Security and Trust Are Shaped

During the nearly week-long meeting, broad discussions were held alongside numerous working group sessions. Personally, I mainly took part in the ccNSO (Country Code Names Supporting Organization) meetings. The ccNSO’s purpose is to represent the interests of country-code top-level domains (ccTLDs) in ICANN’s policy development, share experiences, and strengthen global cooperation between registries.

The first day of ccNSO meetings is traditionally dedicated to technical topics. This time, the Dutch registry team presented an exciting SIDN Labs project that focuses on developing secure time synchronization on the internet. They explained that while the traditional NTP protocol synchronizes device clocks, it doesn’t verify the authenticity of the time signal. The new NTS protocol adds cryptographic protection, which helps prevent time spoofing and increases reliability. SIDN Labs has created a site ntpinfo.sidnlabs.nl showing how many networks and services already use this safer solution. The site offers a clear visual overview of NTS adoption across different countries and networks and helps illustrate how secure time synchronization improves the trustworthiness of the entire internet. The Dutch registry’s goal is to strengthen both the stability and reliability of the internet and domain infrastructure. It’s definitely worth a closer look!

Another interesting presentation came from Punktum.dk, which discussed changes in its operational model. Denmark will stop offering direct domain sales to registrants and move fully to a pure registry model, similar to Estonia’s .ee setup. Starting in 2026, Denmark will operate entirely under a two-tier system, where all .dk domains must be registered through accredited registrars. The transition period runs from 2025-2028, aiming to simplify the customer journey, strengthen competition, and let the registry focus on its core functions. Working with registrars, they will continue verifying registrant identity and address data. Interestingly, the Danish registry is one of the few that requires stronger-than-usual identity verification for domain holders, just like our .ee registry.

The Norwegian registry discussed principles for managing online content, emphasizing their rule that “activities that are illegal in the real world are also illegal online.” Under the Norwegian model, a domain name is considered a form of property that can be confiscated or seized by law, just like physical assets. The domain owner is fully responsible for how it is used and must ensure it’s not linked to illegal activities. If a domain is used to spread prohibited content or break laws, authorities such as the police or prosecutor’s office can request its seizure under Norway’s criminal procedure law. The Consumer Protection Authority may submit such requests via the courts, while certain agencies can act directly. The Norwegian registry, like .ee, does not monitor or censor content but complies with law enforcement decisions and cooperates with the authorities.

It was also fascinating to follow discussions in the GAC (Governmental Advisory Committee) working group, which, together with the ccNSO, addressed issues around domain data and DNS abuse. A U.S. representative pointed out that large fraud networks are becoming more sophisticated, registering seemingly trustworthy domains months or even years before using them for criminal activity. They referenced a recent case in the United States involving a $15 billion fraud scheme connected to hundreds of domains. These schemes often use techniques like CNAME forwarding, which redirects traffic to malicious websites. The discussion highlighted the importance of cooperation between registries, registrars, and law enforcement to prevent and detect such schemes. It was also stressed that WHOIS domain registration data should remain as accessible and reliable as possible so investigators can act quickly when dealing with fraud, abuse, or identity theft.

Within GAC meetings, the “Trusted Notifier” system was also discussed. A model used between gTLD registries (generic Top-Level Domains) and their operators under ICANN’s oversight. It’s a voluntary cooperation framework where a registry signs an agreement with a trusted organization or government agency, allowing them to quickly report domain or DNS abuse. When such a trusted notifier provides verified evidence, the registry can act swiftly, for example, by suspending a domain or contacting the registrar. According to ICANN, this system enables faster responses and better protection across the global internet ecosystem. GAC suggested considering the use of such systems for ccTLD registries as well.

Across ICANN’s various working groups, including ccNSO, there were also ongoing discussions about the UN WSIS+20 process and its potential impact on global internet governance. WSIS+20 (World Summit on the Information Society +20) marks the 20th anniversary of the UN-led initiative to shape a global framework for digital society development, including principles for internet governance, access, and security. The process reviews past progress and sets new goals. The session concluded by encouraging the ccTLD community to play a more visible role in policy discussions and to work more closely with national representatives to ensure the sustainability of a multistakeholder internet governance model.

A particularly interesting topic at ccNSO discussions was IANA recovery mechanisms, focusing on cybersecurity and continuity if something happens at the ccTLD level. The question was: what happens if a ccTLD stops functioning normally, for example, due to a natural disaster, business closure, or serious political disruptions? Currently, IANA lacks clear, unified mechanisms to handle such cases, which shows the need for a possible global policy framework. Under existing agreements, IANA can only intervene in very limited cases such as when a ccTLD failure causes significant harm to the internet’s operation or when the registry no longer fulfills its contractual obligations. Such intervention has never been practically carried out, but discussions focused on when and how IANA could act to restore a ccTLD if problems occur. I found this particularly fascinating, especially the debate over whether such actions should be transparent and public. Given how strongly ccTLDs value national sovereignty in managing their domains, it seems unlikely that IANA could make major changes to the current system.

The final day of ICANN84 was the most interesting for me because I was able to participate in the Public Forum for the first time. It’s an open discussion where the community can directly ask ICANN leaders questions, offering a good snapshot of the most talked-about topics. The discussion focused on several key issues: strengthening international representation, supporting internet communities in the Middle East and Nepal, and improving the accuracy of domain registration data. The expansion of the WHOIS/RDAP system to include more ccTLDs was also discussed, as well as the NomCom (Nominating Committee) process, emphasizing transparency, accountability, and fairness in ICANN leadership selection.

In summary, ICANN84 was an incredibly valuable and eye-opening experience. It reinforced how internet governance and security principles are shaped globally, and the vital roles played by registries, technical experts, and governments. I also had the chance to meet several of our international .ee registrars in person, which was a great opportunity to exchange ideas and insights on current topics in the Estonian domain field.

The next ICANN85 meeting will take place in Mumbai!