Nominet’s proposals for a more secure domain suffix under fire

The single proposal from Nominet has two basic parts: that there be a new suffix dropping the .co element (so that there would be an ‘’ as well as an ‘’); and that the domains with the new suffix come with enhanced security features. “We believe,” says the Nominet Q&A on the subject, “the security enhancements proposed as part of this new product (including registrant verification, malware scanning and DNSSEC) represent a step forward that will help businesses decrease the risk of fraud and cybercrime for their domain, ultimately improving consumer confidence and trust.”

While many accept some potential merit in the first part, the majority of commentators consider the second part of the proposal seriously flawed. One concern is that there is no explanation why existing registrants should not be able to receive the same advanced security as new registrants. “A cynic might suggest,” blogged Alex Bligh (CEO of Flexiant), “this was simply a revenue [the suffix will cost about four times the current cost of] or empire building exercise.” In a separate blog he added, “In my view this not just a very silly idea, but an attempt to adopt a ‘registrar knows best’ model, with Nominet as policeman of what should and should not be trusted, and gives a huge boost to the international trademark lobby.”

The Open Rights Group (ORG) takes a similar position. “We support Nominet being a registry, rather than a police force,” it says. Its concern is that is effectively a walled garden. “This 'walled garden’,” it suggests, “would be problematic precisely because of the role Nominet enjoys and the additional powers and services it is proposing. Given the status of trusted authority and security provider to which Nominet aspires, some consumers may reasonably conclude that only services with a .uk domain are trustworthy."

John Carr, chief executive of the Children's Charities' Coalition on Internet Safety is quoted in a Telegraph report, saying “[It is] difficult to avoid the conclusion that Nominet could be setting itself up to run and profit from two entirely separate regimes, operating at two entirely different ethical levels.” His concern is that Nominet is “in effect conceding and openly acknowledging that the regime which applies to some or all of the other uk domains – for example and – is open to the very forms of abuse which the .uk counter measures are designed to prevent.” 

The public consultation on Nominet’s proposals closed last week with more than 1000 submissions. It intends to publish a summary of the submissions on February 26. “Having reviewed the feedback, the board will then consider the best way forward,” Nominet said in a statement reported by the Telegraph. “This may take one of several possible routes to an eventual product, such as a product with a different set of features, or a different release process. There is also the possibility that we may decide to seek further stakeholder views or not go ahead with at all.”

What’s hot on Infosecurity Magazine?