Share

Related Links

Related Stories

  • Proposal floated for shortened, secure domain names for UK businesses
    Nominet, the organization that runs the .uk domain name infrastructure, has issued a proposal for shortened domain names that feature comprehensive security features for businesses.
  • The danger in service operators’ censorship filters
    Yesterday we reported that the German Pirate Party had been ‘accidentally’ blocked by an automatic content filtering system used by many German schools. And yesterday the Open Rights Group and the LSE Media Policy Unit published a new report: Mobile Internet censorship: What’s happening and what we can do about it.
  • EURid adds easy-signing DNSSEC technology to web site registration
    EURid, the .eu top level domain registry, has taken the wraps off a new service for internet registrars that simplifies the signing and managing of .eu domain names enabled for the Domain Name System Security Extensions (DNSSEC) enhanced hosting facility.
  • UK internet registry mulls rapid website takedown option
    Nominet, the UK's internet registry, has issued an RFC to its members on the possibility of a rapid takedown option for websites. The membership discussion is at an early stage, but the idea is to allow ISPs and/or Nominet to takedown a site where malware, infections or similarly criminal actions are involved.
  • Business sees demand for confidentiality with DNSSEC, study finds
    Small and medium-sized businesses in the US, UK, Germany, Brazil, India and Japan saw substantial customer demand for Domain Name System security (DNSSEC) in the past 12 months, a study has revealed.

Top 5 Stories

News

Nominet’s proposals for a more secure domain suffix under fire

17 January 2013

Nominet, the UK’s internet domain registrar, has proposed a new, more secure direct .uk suffix for the UK; but these proposals have been heavily and widely criticized.

The single proposal from Nominet has two basic parts: that there be a new suffix dropping the .co element (so that there would be an ‘example.uk’ as well as an ‘example.co.uk’); and that the domains with the new suffix come with enhanced security features. “We believe,” says the Nominet Q&A on the subject, “the security enhancements proposed as part of this new product (including registrant verification, malware scanning and DNSSEC) represent a step forward that will help businesses decrease the risk of fraud and cybercrime for their domain, ultimately improving consumer confidence and trust.”

While many accept some potential merit in the first part, the majority of commentators consider the second part of the proposal seriously flawed. One concern is that there is no explanation why existing example.co.uk registrants should not be able to receive the same advanced security as new example.uk registrants. “A cynic might suggest,” blogged Alex Bligh (CEO of Flexiant), “this was simply a revenue [the direct.uk suffix will cost about four times the current cost of .co.uk] or empire building exercise.” In a separate blog he added, “In my view this not just a very silly idea, but an attempt to adopt a ‘registrar knows best’ model, with Nominet as policeman of what should and should not be trusted, and gives a huge boost to the international trademark lobby.”

The Open Rights Group (ORG) takes a similar position. “We support Nominet being a registry, rather than a police force,” it says. Its concern is that direct.uk is effectively a walled garden. “This 'walled garden’,” it suggests, “would be problematic precisely because of the role Nominet enjoys and the additional powers and services it is proposing. Given the status of trusted authority and security provider to which Nominet aspires, some consumers may reasonably conclude that only services with a .uk domain are trustworthy."

John Carr, chief executive of the Children's Charities' Coalition on Internet Safety is quoted in a Telegraph report, saying “[It is] difficult to avoid the conclusion that Nominet could be setting itself up to run and profit from two entirely separate regimes, operating at two entirely different ethical levels.” His concern is that Nominet is “in effect conceding and openly acknowledging that the regime which applies to some or all of the other uk domains – for example .co.uk and .org.uk – is open to the very forms of abuse which the .uk counter measures are designed to prevent.” 

The public consultation on Nominet’s proposals closed last week with more than 1000 submissions. It intends to publish a summary of the submissions on February 26. “Having reviewed the feedback, the board will then consider the best way forward,” Nominet said in a statement reported by the Telegraph. “This may take one of several possible routes to an eventual product, such as a direct.uk product with a different set of features, or a different release process. There is also the possibility that we may decide to seek further stakeholder views or not go ahead with direct.uk at all.”

This article is featured in:
Industry News  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×