Tag Archives: SWITCH

SWITCH Announce Tom Kleiber As New Managing Director

Tom Kleiber, a 53 year old ICT veteran, has been named today to take over as Managing Director of SWITCH, which among other roles manages Switzerland’s ccTLD .ch and Liechtenstein’s .li. Kleiber will succeed Andreas Dudler who is stepping down after nine years as Managing Director and retiring at the end of 2021. Kleiber will take up his new post on 1 January 2021.

Continue reading SWITCH Announce Tom Kleiber As New Managing Director

Domain Pulse 2020 Conference Going to Innsbruck To Gaze Into A Crystal Ball [updated]

The annual free domain name conference of the German-speaking world, Domain Pulse, is heading to the North Tyrolean Alps city of Innsbruck in Austria in February 2020 with the organisers looking towards the future, asking attendees to “gaze into the crystal ball together” with them.

Day 1 is dedicated to the question of what future will bring in terms of technology, internet governance and the world of work – and where the forecasts come from! On the second day, we will highlight the issue of risk – how much are we prepared to take in our personal lives, careers and as a society? And at what price?

The presentations will focus on the future of internet governance, the talents of tomorrow, does the domain name system tell us anything about the future, artificial intelligence, looking forward with 5G and its challenges in particular relating to surveillance and citizen’s rights and what should ccTLD registries expect in the future.

This year’s Domain Pulse conference (which is not related to the DomainPulse.com domain name news site) will be held on Thursday 20 and Friday 21 February. In 2020 the conference is organised by the Austrian ccTLD manager nic.at, with the conference rotating to be hosted by DENIC in 2021 in Germany, then by SWITCH in Switzerland in 2022.

For presentations in German, there will be a simultaneous translation service into English, but not for presentations in English into German. However given that networking is as important as the conference topics, it can still be extremely worthwhile to attend.

To register, book hotels, check out the agenda and find out more information in general, go to: domainpulse.at/dp2020. There are plenty of trains passing through Innsbruck and a number of airlines fly to Innsbruck. Conference hotels start at €120 per night, plus there’s the always wonderful Thursday evening event.

UPDATE: This article was updated to reflect a misunderstanding regarding translations. There will be translations of presentations into English from German, but not for German presentations into English. The original version of this article said there would be no translations.

SWITCH Divests Itself of switchplus To Belgian Webhoster

SWITCH, the registry for Switzerland’s ccTLD .ch and Liechtenstein’s .li, has sold its registrar business switchplus to the Belgian webhoster Combell Group.

Since the early stages of the Swiss internet, SWITCH has performed a dual role. The foundation acted both as a registry operator for .ch and a registrar for the direct sale of .ch domain names to end customers. For any transfer of this direct customer business to the registrars, SWITCH considered it of strategic importance that it preserve the values it had developed as a registrar for the benefit of the foundation. These values included SWITCH’s expert knowledge, as well as its loyal customers. Consequently, establishing switchplus nine years ago was a deliberate strategic decision. With the separation carried out in 2016, SWITCH was able to transfer some of the values it had developed as a registrar to switchplus.

With the sale of switchplus, SWITCH will now focus on its core business with Swiss universities and ensures the security of the Internet in Switzerland. All proceeds of the sale will be invested to benefit universities in line with foundation’s objectives. This includes the development of innovative IT services in the areas of networks, IT security, identity management and cloud computing, as well as the security of the Swiss internet.

switchplus has over 400,000 domain names under management for around 130,000 customers, with the majority being businesses and entrepeneurs. It also has the highest market share among all .CH and .LI Registrars.

Andreas Dudler, Managing Director of SWITCH, is pleased about the successful sale.

“We are happy that we were able to sell switchplus to the Belgian Combell Group,” said Dudler. “I am also glad that Combell Group will retain all employees and that switchplus will remain active in the market as an autonomous company. I am convinced that the expert knowledge and size of Combell Group will provide switchplus with the ideal conditions for further growth.”

It’s the Combell Group’s first foray into Switzerland. Announcing their acquisition, Combell Group said not only will they retain the current workforce at Switchplus in Zurich, they will further invest into the expansion by adding and renewing products and services in favour of its customers. Over time, it will therefore also further split off the company from its roots at SWITCH and define its own future identity, by rebranding the company.

“Combell Group is thrilled to start its journey in Switzerland,” said Jonas Dhaenens, CEO of Combell Group. “We’re welcoming a lot of new customers, new colleagues and lots of expertise and we already see great potential ahead. Our first priority has always been to inspire and to innovate, in benefit of our customers. We want to enable entrepreneurs and small businesses to build their digital identity online using our services.”

SWITCH Develops Top 1,000 .CH Domain Names List

The Swiss registry, SWITCH, has developed a means of counting the top 1,000 .ch domain names, which is based on a count of the unique IP addresses that query a certain domain.

SWITCH began publishing the top 1,000 list in July 2018 “to support open data in Switzerland and [to know] how exactly domain names are being used in order to keep the .ch zone secure.”

The SWITCH Top 1,000 list will differ from other sources such as the Top Alexa ranking however their “DNS based ranking will give a differing view on the .ch zone since not only the www usage is represented but all services that make use of DNS.”

SWITCH explains that their “idea is based on a tool developed by Alexander Mayrhofer from nic.at called DNS-Magnitude.” The first thought SWITCH had was to count “the number of queries for each domain name and then taking the 1000 domain names with the most queries. However, considering the TTL of a record, a domain name with low TTL might be less important as its ranking suggests since it would be queried over and over again due to the rapidly expiring TTL.”

So SWITCH decided they needed a metric that ignores the TTL. Their solution was “to count the unique IP addresses that query a certain domain. This way the number of times a single source queries a domain name has no influence on its ranking. Additionally, to limit the influence of daily fluctuations the numbers are measured over a month’s period.” The results will be published monthly on the SWITCH website.

By publishing the list of top 1,000 domain names SWITCH is hoping to contribute to the idea of open data. There will be questions raised, such as why some domain names are ranked so high, which will result in further analysis. SWITCH also hopes to see others make use of this ranking and publicly share their insights in order to broaden their understanding of the .ch landscape.

In June the top 10 domain names were:

No. Domain name #Resolvers
1 switch.ch 792958
2 comlaude.ch 616416
3 infomaniak.ch 552760
4 google.ch 529846
5 noris.ch 529012
6 finarea.ch 509463
7 bluewin.ch 446086
8 hostpoint.ch 409424
9 honcode.ch 403767
10 cern.ch 398087

To read the blog post in full on the SWITCH Security blog, go to:

Registries Aren’t Content Police, But Keeping Trust Is Reputationally Important: Domain Pulse

Registries universally said they’re not content police in a discussion on domain name take down processes involving legal counsels from the operators of 6 European registries, both generic and country code TLDs. However processes vary among the registries.

The discussion involved representatives from dotSaarland, DENIC (.de), SWITCH (.ch), SIDN (.nl), DNS Belgium (.be) and Nominet (.uk) at the Domain Pulse conference in Munich Friday, the annual event that rotates between Germany, Switzerland and Austria.

One registry that does make decisions on takedowns, or suspensions as they’re often called, and the content on the sites using the domain names, is SWITCH. Anna Kuhn explained how SWITCH was rather unusual in that they were both a registry and operated a national Computer Emergency Response Team (CERT), which gave them some additional expertise. However SWITCH still doesn’t make decisions on content, only on domain names involved in the hosting malware and phishing Combatting cybercrime, Kuhn explained, is one of the roles of the registry operator.

Volker Greimann from dotSaarland, the only new gTLD operator in the panel discussion, said .saarland is in a different position to the country code top level domain (ccTLD) registries as they have a direct contract with ICANN. Additionally, the Saarland regional government said they don’t want their new generic top level domain (new gTLD) to be a haven for crime. The gTLD for the German state has an anti-abuse rule in their terms and conditions that requires domain names to not ruin the reputation of the Saar region.

Horst explained the German registry's position of the German registry in this respect: “DENIC is not the right point of contact to which to turn when it comes to content. If DENIC were to evaluate content and delete, at its own discretion, domains through which websites with questionable content can be accessed, this would be equivalent to censorship. In a democracy based on the separation of powers, no one can seriously support law enforcement by the private sector. This philosophy of DENIC's is, by the way, also reflected by the unanimous opinion of the German courts.”

The courts, Horst explained, have always sided with DENIC’s view that they also aren’t in a position to judge on what is illegal content and that complaints should always go to the registrant if they can be contacted.

SIDN’s Maarten Simon said SIDN will never just take down a domain name and that contacting the registry should be a last resort. However Simon also noted .nl domain names are much more trusted by Dutch people than any other TLD. And that this trust is both in SIDN’s interest to protect so that internet users continue to want to visit sites using the Dutch ccTLD and businesses want to register .nl domain names. Building trust benefits SIDN’s bottom line as more .nl domain names are registered. For complaints regarding .nl domain names, there is an independent appeals board with a number of judges and professors with the expertise to deal with complaints.

Peter Vergote from DNS Belgium also noted how .be has nothing to do with judging content hosted using a .be domain name, so to get a domain name suspended a complaint has to give necessary evidence such as a court order to have a domain name taken down.

Vergote echoed Simon’s views on .nl in that DNS Belgium deeply cares about the quality of the .be zone and it’s their sincere duty to do what they can without taking unnecessary risks. While they are more active than in the past on dealing with complaints, they will never evaluate content on a website. This position has been backed by a court order from a Belgian court that states deciding illegal content is up to the courts and can’t be done by DNS Belgium. When it comes to phishing though, DNS Belgium treats this differently and will take action without a court order if they are advised from a competent body that a domain name is used for phishing.

But DNS Belgium will never take it upon themselves to suspend a domain name that’s suspected of being used for phishing because that’s a content evaluation. Additionally Vergote said a phisher is unlikely to put their correct identity in Whois. DNS Belgium suspends around a dozen domain names per month with complaints largely driven by government agencies and rarely from private individuals or organisations.

So what about the domain names that are required to be taken down, or suspended? For SIDN, Simon explained the procedure starts with a form to be completed on the SIDN website where the complainant explains why the domain name should be taken and what they’ve done to date to complain. If the complaint is clear cut SIDN will go to the registrar and get the domain name taken down. SIDN receives about 20 requests per year and take down one, maybe 2, each year out of the 5.8 million .nl registrations.

Nominet’s Wenban-Smith commented on the futility of removing or suspending a domain name because even if they do, the content still exists. Nominet doesn’t allow child abuse or content that promotes criminal activity on .uk domain names. But Nominet doesn’t make decisions on what is illegal content but does cooperate with those who can such as law enforcement. For those wishing to make complaints, Nominet doesn’t take requests from those outside the UK. In 2017 Wenban-Smith said Nominet suspended 16,000 .uk domain names in 2017.

2018 Domain Pulse Motors Into View With Focus On Digital Future

The 2018 Domain Pulse conference is motoring into view and will be held at BMW World in Munich on 22 and 23 March. The annual conference this year is organised by DENIC, the German registry with a focus on the digital future as well as the state of the domain name industry. The conference rotates between Germany, Switzerland (SWITCH) and Austria (nic.at).

The free conference is a great way of getting to know the German-speaking domain name market with a few hundred people from registries, registrars and resellers, domain investors and a range of other participants from the domain name world. And fear not if you’re not a German speaker. Most, if not all, presentations in German are translated into English [this writer certainly hopes so!] and there are plenty of great opportunities to network and get to know the key players in the German, Swiss and Austrian domain name industries, including the usual evening event. Already around 250 people have registered.

The conference, as always, has a focus on presentations and panels dealing with domain names, but also covers a range of other topics. This year there will be a look at the future with presentations on the governance of the Internet of Things, a futurologist looking at “digital enlightenment”, smart mobility and connected driving, another on security, terrorism and fear and another on privacy and security in the digital space.

And of course, there will be presentations on domain names with one of the most important and interesting topical discussions likely to be on the upcoming European General Data Protection Regulation. The GDPR is intended to strengthen and unify data protection for individuals in the European Union. This has an impact on any business that stores personal information on European citizens and the domain name business.

And that’s just day one! Day 2 will kick off with a presentation from Wolfgang Kleinwächter who will look at internet governance in 2018. There will also be a panel discussion on the notice and takedown debate from a registry perspective involving representatives from dotSaarland, DENIC, SWITCH, SIDN, DNS Belgium and Nominet, a discussion on how to overcome registration growth slowdown and an update on what’s been happening in 2017 from the 3 co-hosts.

To register for the free 2018 Domain Pulse, check out the programme and nearby hotels, or even see who else is going, go to:

SWITCH Deletes 5,000 Online Shops in .CH in 2017

SWITCH logoIf the price is too good to be true, well, it’s almost certain the be a fraud. But there are plenty of online shoppers who are only too willing to let the temptation of a bargain tempt them. And they often end up with counterfeit goods. And it’s a problem that many TLD managers take seriously. After all, they have a reputation to protect, for themselves and their customers with legitimate businesses using their domain names.
The problem of counterfeit goods and fraudulent websites has been growing rapidly and SWITCH, the .ch (Switzerland) ccTLD manager, has been working hard to deal with it. In 2016, SWITCH deleted around 700 .ch domain names for online shops. By August 2017, the figure had leapt past the 5,000 mark.
“Thanks to close cooperation with the authorities and improved processes, our targeted campaign allowed us to remove 4,500 fraudulent .ch online shops in August 2017 alone,” said Michael Hausding, a security expert in domain name fraud and a member of the 14-person SWITCH-CERT team of security experts.
“The fraudsters running these shops were attempting to steal money from internet users or gain access to their credit card information. By taking this approach, we are one step ahead of other domain endings, such as .com. We want internet users in Switzerland to continue to rely on a high level of security and trustworthiness of .ch web addresses.”
Internet users who visit fraudulent websites are exposed to several risks: they provide their credit card information along with email and postal addresses to criminal organisations. After making payment, they receive merchandise of inferior quality – if they receive anything at all.
To better protect internet users against threats when visiting .ch websites, the SWITCH Foundation has intensified its cooperation with the Federal Office of Police (fedpol) and other Swiss authorities, and has automated the processes for assisting the authorities. The SWITCH security experts have also created a list of five tips for secure online shopping. They are:
1. Security features
Legitimate online shops are protected by a secure web connection. When you arrive at the ‘Checkout’ process, at the very latest, you should be able to recognise a legitimate webshop by its security attributes, such as a green lock icon and use of https:// instead of http://. Both security attributes are visible in the address line of your browser.
2. Promises of discounts
Be suspicious of brand-name product offerings with unusually big discounts.
3. Internet address
Have an overall look at the provider: does its name, logo and web address seem credible? If you are unfamiliar with the shop, ask around to see whether other people have had a good experience with it. Fraudsters like to use web addresses of legitimate, albeit defunct, websites. This allows them to exploit the recognition factor and a better Google ranking.
4. Imprint
Switzerland requires websites to include an imprint (Impressum). Websites that offer merchandise, works or services must disclose their identity with a name and contact address. The link to the imprint is usually found at the bottom of a website. Be suspicious if a link, such as in this example, is missing or if the information provided does not seem credible. If in doubt, check the website address with www.nic.ch; this website operated by SWITCH lists the contact address given by the holder of the domain name when it was registered. But beware: this address may be fictitious. Avoid a webshop if this information seems dubious to you.
5. Reporting form
Always report fraudulent and suspicious websites to the Federal Office of Police (fedpol) by completing the reporting form: https://www.fedpol.admin.ch/fedpol/en/home/kriminalitaet/cybercrime/meldeformular.html
Removal procedure – close cooperation with authorities
If a Swiss authority (e.g. fedpol, MELANI, Comlot, ESBK, SECO, Swissmedic) comes across a .ch website that is potentially in violation of the law in the course of its work, it attempts to contact the owner of the .ch domain name. This requires a contact address in Switzerland. If the domain name owner has registered an invalid address or an address outside the country in the SWITCH database, the authority contacts SWITCH. The foundation then gives the owner 30 days to provide a valid address in Switzerland. If the deadline passes without a response, SWITCH deletes the domain name and the fraudulent website is no longer accessible. This procedure is in line with the Federal Ordinance on Internet Domains (IDomsO).
Protecting Europe’s most secure address
The security experts at SWITCH have been very proactive in fighting cybercrime for several years now, particularly in the case of malware and phishing. As a result, .ch has become Europe’s most secure domain ending. Together with partners in the Swiss internet industry, SWITCH also started the Safer Internet initiative. SWITCH is also working closely with the Swiss authorities in the area of white-collar crime. The goal is always the same: to offer Swiss internet users maximum protection against threats.

.CH Celebrates 30 Years As Europe’s Safest TLD

The Swiss ccTLD, .ch, celebrated 30 years of existence last Saturday, with the SWITCH Foundation, the current registry, being established later the same year.

The .ch country code top level domain entered the domain name system on 20 May 1987, and on 22 October the SWITCH Foundation was established. In the intervening 30 years, .ch has become the safest ccTLD in Europe, according to SWITCH.

One of the key reasons for .ch being so safe has been the establishment of SWITCH-CERT over 20 years ago, Switzerland’s first computer emergency response team. CERTs specialise in identifying abuse and attacks and fixing security incidents.

No other ccTLD has security experts that take such a proactive and systematic approach to combating malware and phishing. In 2016 alone, SWITCH-CERT’s 14 experts removed malware and phishing from .ch websites in 1,900 cases in conjunction with authorities such as the Federal Office of Communications (OFCOM) and the Swiss Reporting and Analysis Centre for Information Assurance (MELANI) as well as registrars, hosting providers and the website owners affected. This was done within 24 hours in 70% of cases. SWITCH-CERT provides those affected with precise instructions, ensuring that problems are solved much more quickly. Internet users are thus actively guarded against malware infections and attempted fraud. This protection is making .ch an increasingly unattractive target for cybercriminals compared with other domain endings.

Protecting the Swiss Internet is of vital importance. The Swiss Federal Council has declared .ch to be a critical infrastructure. High availability and stability are hugely important for the Swiss population, not least due to the fast pace of digitalisation in all areas of life.

SWITCH will continue to be responsible for the security and stability of .ch websites for at least the next five years. The foundation won OFCOM’s public tender to operate the registry in 2016 with security being a key component of the winning tender. Announcing that SWITCH had won the tender at the time the government noted how important security was and that SWITCH had the best security concept.

OFCOM noted SWITCH’s tender stood out with a combination of an excellent concept for combating cybercrime and a good price/performance ratio. Other criteria that were part of the tender process were experience, community, economic independence and DNSSEC.

SWITCH Retains .CH Registry For Five More Years [updated]

The SWITCH Foundation has once again won the right to operate the .ch (Switzerland) ccTLD for the five years from 2017 to 2022, the Federal Office of Communications (OFCOM) announced with its proposals for dealing with cybercrime one of the key reasons it won the tender.In announcing winning the tender on Twitter, SWITCH said they are “very proud”. And it means SWITCH will continue to operate .ch as it has since 2003.”We are very proud that OFCOM has decided in our favour and will continue to work hard to ensure that .ch domains remain among the most secure in the world,” said SWITCH’s Managing Director Andreas Dudler later in a statement. “To this end, we work closely with authorities and partners in the Internet industry throughout the world, not just in Switzerland.”SWITCH won the public tender process launched in mid-April 2016. OFCOM noted its tender stood out for the combination of an excellent concept for combating cybercrime and a good price/performance ratio. Other criteria that were part of the tender process were experience, community, economic independence and DNSSEC.The Swiss Federal Council has declared .ch a critical infrastructure. It was determined that .ch requires special protection because large parts of public life would grind to a halt if it were to break down, which is the case with most of the country code Top Level Domains (ccTLDs) around the world.SWITCH in announcing they had won the tender noted they had always endeavoured to keep this infrastructure operating securely and stably. The foundation has played a pioneering role in the fight against cybercrime. It was the first registry to begin taking decisive action against the distribution of malicious software and the theft of personal login details for online services.It means that from July 2017 to at least 2022 the SWITCH Foundation will continue to manage the national database of .ch domain names. Its tasks include the assignment and revocation of the right to use internet addresses with the ending “.ch”. The contract can be extended for a further five years by mutual consent.SWITCH won the tender, OFCOM said, because its bid achieved the highest score of the bids which were submitted.

Swiss Government Puts .CH Registry Out To Tender

Swiss Confederation government logoThe Swiss Federal Office of Communications (BAKOM/OFCOM) has put out the management of the .ch registry to tender. The current contract with the SWITCH Foundation expires in mid-2017.

The SWITCH Foundation has expressed its desire to retain its role. In a statement, SWITCH note how they have “made .ch one of the most secure top-level domains in the world and is confident that it will remain the best choice for Switzerland going forward.”

SWITCH believe they are most suited to continue in the role. “Ever since it first created the registry, [SWITCH] has worked hard to ensure the secure, stable and uninterrupted operation of .ch. No other organisation in Switzerland has similar experience or a comparable record of success. It is no accident that .ch domains are among the most secure in the world.”

“SWITCH is the first registry in the world to adopt an active stance against cybercrime – in particular the use of .ch domains to spread malicious software and the theft of personal access details for online services. Over many years of fighting cybercrime, SWITCH has built a network of contacts with authorities and Internet service providers and established and optimised processes based on mutual trust.”

In mid-April, BAKOM will launch the public invitation to tender for the roll of .ch registry manager. The company which wins the contract will assume the registry function as of northern summer 2017. On this basis it will have to manage the national database of .ch domain names and ensure the electronic connection with the global domain name system (DNS). It will also be responsible for the assignment and revocation of the right to use an internet address. Since 2003, this task has been entrusted to the SWITCH Foundation.

In order to apply for the registry function, candidate companies will have to be able to prove that they are capable of providing the services defined in the Ordinance on Internet Domains (OID). In particular they will have to demonstrate that they have the skills and personnel essential for the satisfactory operation of the technical infrastructure, i.e. the DNS.

With approximately two million registered domain names, .ch is regarded as a critical resource for Switzerland. The requirements in relation to guaranteeing stability and security are consequently very stringent. For example, the registry is required to put in place measures to combat cybercriminality and to ensure the system’s security and accessibility. In order to guarantee integrity and data protection in accordance with the national legislation, the public invitation to tender is open only to companies based in Switzerland which themselves (along with their parent companies) have no dependent relationship with a foreign legal system requiring excessive disclosure of data.

Interested companies will be able to submit their candidature until mid-July 2016. In the autumn, OFCOM will designate the company which will perform the registry function from mid-2017 onwards.