Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

Nominet's proposal suffers from sequel-itis

Discussion in '.UK Domain Name Consultations' started by Edwin, Sep 15, 2013.

Thread Status:
Not open for further replies.
  1. Edwin

    Edwin Well-Known Member

    Joined:
    Apr 2005
    Posts:
    9,851
    Likes Received:
    617
    I only just realised (been far too close to the consultation for far too long - can't see the wood for the trees) that Nominet's V2 consultation document makes little sense if you don't know about V1.

    They spend a lot of time talking rather opaquely about the differences from V1 rather than explaining the things in the actual V2 proposal from first principles in simple, plain English.

    That makes it very intimidating to most potential respondents from outside "the industry"!

    It's a bit like watching a bad movie sequel, where you have no idea of who half the characters are or what their motivation is if you missed the first one.
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    IWA Meetup
     
  3. Stephen United Kingdom

    Stephen Well-Known Member

    Joined:
    Jan 2006
    Posts:
    1,718
    Likes Received:
    13
    fallen into the same trap again?

    Agree and thank you for taking the time to post your observation, Nominet have also used the prior consultation as justification for .uk,
    so at first glance it looks you all the problems of introducing .uk have been dealt with in V2.

    After Nominet's Fridays .uk webinar which explained .uk proposal via a presentation, I asked this questions to Nominet via webinar, which in a way link V1 feedback and V2 action.

    What came across in the presentation is how more secure .uk is going to be than the existing UK tld’s.

    In the prior consultation there was very strong and reasoned argument by many that existing .co.uk and .org.uk would be seen as less secure because .uk would be seen as more secure.

    Appreciate it is not to the same extend as the previous proposal but more secure is more secure.

    Without the security road map announced in June being published to date, it is difficult to see that you have not fallen into the same trap again?
     
    Last edited: Sep 15, 2013
  4. Lucien Taylor

    Lucien Taylor Active Member

    Joined:
    May 2013
    Posts:
    142
    Likes Received:
    2
    Good point Edwin.

    Stephen, did they answer the webinar question?
     
  5. Stephen United Kingdom

    Stephen Well-Known Member

    Joined:
    Jan 2006
    Posts:
    1,718
    Likes Received:
    13
    No

    At the beginning of the Q & A section, I added would it be possible to add a question as I had asked some before in a meeting but they stated they had a lot of questions already and it was not worth adding it as they would not get around to it.

    They only left 10 minutes for questions and answers at the end of the 40 minute presentation and took no questions during the presentation.

    I did send Nominet on email on Friday at 14.01 but have not received an acknowledgement or reply.

    I could not find a thread on Acorn about the .uk webinar and didn't want to start a thread as want this last few days before the .uk deadline on 23rd September to be about the .uk issues and people completing and sharing their .uk feedback.
     
  6. Edwin

    Edwin Well-Known Member

    Joined:
    Apr 2005
    Posts:
    9,851
    Likes Received:
    617
    100% of security enhancements have been dropped from .uk.
     
  7. Stephen United Kingdom

    Stephen Well-Known Member

    Joined:
    Jan 2006
    Posts:
    1,718
    Likes Received:
    13
    Did you see it?

    Edwin, Did you see the Nominet .uk webinar on Friday?
     
  8. Edwin

    Edwin Well-Known Member

    Joined:
    Apr 2005
    Posts:
    9,851
    Likes Received:
    617
    No.

    If it talked about security, that's a smokescreen.

    They're doing that a lot. Talking about two unrelated things in the same paragraph, and letting the audience assume they must therefore be related.

    For example, from the introduction to their V2 consultation:

    See, if you read it quickly it sounds like they're saying that .uk will make the UK namespace safer.

    What they're actually saying is:
    A) There is a consultation on .uk
    B) There is a security road map that, when developed, will make the UK namespace safer

    A) is completely unrelated to B)
    B) is completely unrelated to A)

    But Nominet keep talking about security every single chance they get (for example by talking about the "security elements" that have changed between V1 and V2) to try and blur the distinction in readers' minds.

    I'll repeat: there are NO security elements left in V2.

    Therefore the actual change from V1 (as far as security is concerned) could be paraphrased thus: "We have removed all the security elements that were present in V1".

    Instead, by enumerating the specific changes one by one, Nominet intends their audience to think "Aha, the security aspect has been changed by the removal of X, Y and Z" without noticing that X, Y and Z is the sum total of ALL security aspects of .uk.

    The fact that Nominet are still tricking even those close to the consultation shows that they're doing a brilliantly effective job of pulling wool over the eyes.
     
    Last edited: Sep 15, 2013
  9. Edwin

    Edwin Well-Known Member

    Joined:
    Apr 2005
    Posts:
    9,851
    Likes Received:
    617
    BTW, by and large the media have been taken in too. Harried journalists don't have the time to parse every sentence and unravel it to find exactly what applies to .uk and what doesn't.
     
  10. Stephen United Kingdom

    Stephen Well-Known Member

    Joined:
    Jan 2006
    Posts:
    1,718
    Likes Received:
    13
    just because you have dismissed it- Nominet have not

    The matter in hand is address verification (and maybe address for service for UK non-residents)

    In your report on .uk you state :
    I do agree with your statement.

    Just because you, me and others state that "address verification" is not added security to .uk.

    It does not mean Nominet, the media, Registrars trying to sell .uk cannot infer, imply or simply state that with address verification comes more security.

    This is Nominet stand alone statement;

    Security is interchangeable to some with the bolded statement.

    I think Alex Bligh has a good take on the matter in his feedback.

    So I stand by original security question that I have put to Nominet (above) and I think it is worth raising the concerns raising about .uk being in any way at all as portrayed as more "secure" / "trusted" than .co.uk / .org.uk as all the concerns raised in V1 about this issue would come into play.
     
    Last edited: Sep 15, 2013
  11. Edwin

    Edwin Well-Known Member

    Joined:
    Apr 2005
    Posts:
    9,851
    Likes Received:
    617
    trust is not security
    security is not trust

    Nominet bung them together as close as it can possibly squeeze them in the same sentence, as often as possible, but they are different things and they are separate.

    It is possible that people will "trust" .uk more if they think (because Nominet over-sold the idea) that a verified address means you know more about the entity owning the domain name.

    Address verification doesn't provide security.

    Not because I said so, but because it doesn't. (i.e. that's a "fact")

    Incidentally, Nominet are guilty of another little trick as well: presenting opinions and facts as of equal (and therefore equally low) value. You can see that in the summary of V1 consultation document, where they say things like "some respondents felt that blah blah blah" about stuff that's not opinion but "fact".

    It's like Nominet saying "Some people think the Earth is round". Magically, when you couch a statement like that, it somehow forces the burden of proof onto the people who are having the "opinion". Gosh, so now I have to prove the Earth is round...

    Whereas in reality there should be no need to defend facts because, well, they're facts!

    Stephen, I understand your concern, but please always be mindful that there are two separate things going on here:

    A) There are Nominet's statements (wishful thinking, wouldn't it be nice, fictional, unrelated, tangential etc.)
    B) There is reality (fact based)

    Even if Nominet say something, that doesn't necessarily affect/have anything to do with reality.

    They can talk about security and .uk in the same breath until they lose their voices, but the FACT is there's nothing left in V2 as far as security goes. Read the proposal cover to cover and you won't find anything it that (in reality) will make one iota of difference on the security front.

    That's not my opinion. It's fact.

    See for example Simon McCalla's statement in the press release introducing the V2 consultation:

    It's so subtle, isn't it? "We have de-coupled security features". Yes, that's true. But it's not the whole truth. Because Nominet have actually decoupled ALL security features from the proposal.
     
    Last edited: Sep 15, 2013
  12. viceroy United Kingdom

    viceroy Active Member

    Joined:
    Sep 2010
    Posts:
    295
    Likes Received:
    2
    My connection died during the webinar though I did ask where the new so-called 'private' registrations offered by eg. godaddy would fall within their newer 'security and verification measures' - I assume that it didn't get answered? It was really annoying to see them spend a good chunk of time on security etc. when it was supposed to be about the introduction of .uk...
     
  13. Lucien Taylor

    Lucien Taylor Active Member

    Joined:
    May 2013
    Posts:
    142
    Likes Received:
    2
    I agree with your analysis entirely Edwin. One thing that worries me is that although V2 contains no actual reference to enhanced security, as you point out, and neither do subsequent statements such as those by Simon McCalla, that Nominet might be taken in by their own spin. They might be so used to conflating the subjects that they somehow believe themselves that this is also a consultation about increased security, that when they review the feedback and give this the go-ahead they will argue that the positive case for direct.uk and more costly (but still ineffective) security rituals are tied, i.e. they claim that we want more security because the topics were always discussed as one.

    I think in providing our feedback it is important to state the case for enhanced security (which seems to be surrounding this consultation) and proposals for exactly how the .uk domain system can be better secured, have yet to be made.
     
  14. Edwin

    Edwin Well-Known Member

    Joined:
    Apr 2005
    Posts:
    9,851
    Likes Received:
    617
    Even if .uk was more secure than Fort Knox, it wouldn't tip the balance from bad idea to good.
     
  15. Stephen United Kingdom

    Stephen Well-Known Member

    Joined:
    Jan 2006
    Posts:
    1,718
    Likes Received:
    13
    more secure /trustworthy by Nominet

    Agree. In fact I believe if .uk was seen to have any extra security it would be actually worse for the current UK registrants.

    The point was any security (real or imagined) at all at the .uk only level was a bad thing, it is Nominet pushing that line not me:

    In the prior consultation there was very strong and reasoned argument by many that existing .co.uk and .org.uk would be seen as less secure because .uk would be seen as more secure. ​

    My issue with security, started from the Nominet .uk webinar were .uk is portrayed as being more secure /trustworthy by Nominet.

    If Nominet did as they did on the webinar and talk about/push .uk being more secure / trustworthy by implication / inference .co.uk and .org.uk is seen as less secure / trustworthy and that is a bad thing for the owners of the existing 10 million UK domains.
     
  16. Edwin

    Edwin Well-Known Member

    Joined:
    Apr 2005
    Posts:
    9,851
    Likes Received:
    617
    What I'm saying is that splitting hairs with Nominet about exactly how "secure" .uk will make the UK namespace is like trying to argue with somebody who believes the Earth is flat. They're so "wrong" that there's no "compromise position" in between - they're just wrong.

    So better to simply state "The revised .uk proposal has nothing to do with security. Nominet themselves have stated that security will be dealt with separately as part of the security roadmap covering the whole UK namespace" or something like that, rather than trying to pick holes in the detail of what they're saying about it. To do anything else is to gratify their non-statements with more attention than they deserve.
     
    Last edited: Sep 15, 2013
  17. Edwin

    Edwin Well-Known Member

    Joined:
    Apr 2005
    Posts:
    9,851
    Likes Received:
    617
    Just don't get tripped up.

    Our role is to provide feedback about the IDEA of .uk just as much as it is about V2. The consultation is a referrendum on both, although Nominet would love to bury the general in a mountain of specificity.

    So there's no need to make a case for "enhanced security" (or indeed any other form of security) since the introduction of .uk will by definition - and completely independent of how it's implemented - make the UK namespace less secure, due to issues such as phishing and misdirected emails that can't be "schemed" around.
     
  18. Lucien Taylor

    Lucien Taylor Active Member

    Joined:
    May 2013
    Posts:
    142
    Likes Received:
    2
    Yes I agree. And I like this suggested wording:

     
  19. Stephen United Kingdom

    Stephen Well-Known Member

    Joined:
    Jan 2006
    Posts:
    1,718
    Likes Received:
    13
    glimpse of the .uk future

    I'm not making a case for extra security for .uk at all.

    The 2 should be 100% split and yes I have read Nominet saying that.

    However, after seeing the Nominet .uk webinar, I had a glimpse of the .uk future.

    The Nominet spin, the marketing hype, call it what you will but if Nominet did what they did with .uk in the webinar, when launching .uk;
    ".uk will be presented as more secure, more trustworthy"​

    Not everybody in the UK would have read this thread and will take the Nominet statement as it is and believe it and all the negative consequences for the existing UK domains would unfold from their.
     
  20. max_rk

    max_rk Active Member

    Joined:
    Apr 2006
    Posts:
    304
    Likes Received:
    5
    Chances for V3?
     
  21. foz

    foz Well-Known Member

    Joined:
    Oct 2006
    Posts:
    3,019
    Likes Received:
    36
    Suffers from what the board wants! Consultation is just "going through the motions".
     
Thread Status:
Not open for further replies.