Membership is FREE, giving all registered users unlimited access to every Acorn Domains feature, resource, and tool! Optional membership upgrades unlock exclusive benefits like profile signatures with links, banner placements, appearances in the weekly newsletter, and much more - customized to your membership level!
Sedo Global Domain Report

Nominet's proposal suffers from sequel-itis

Status
Not open for further replies.
Edwin

Edwin

Joined
Apr 5, 2005
Posts
9,729
Reaction score
1,311
I only just realised (been far too close to the consultation for far too long - can't see the wood for the trees) that Nominet's V2 consultation document makes little sense if you don't know about V1.

They spend a lot of time talking rather opaquely about the differences from V1 rather than explaining the things in the actual V2 proposal from first principles in simple, plain English.

That makes it very intimidating to most potential respondents from outside "the industry"!

It's a bit like watching a bad movie sequel, where you have no idea of who half the characters are or what their motivation is if you missed the first one.
 
fallen into the same trap again?

Agree and thank you for taking the time to post your observation, Nominet have also used the prior consultation as justification for .uk,
so at first glance it looks you all the problems of introducing .uk have been dealt with in V2.

It was clear from this feedback that there was support for registrations at the second level but that the original proposal could not proceed. We have made significant changes in order to try and address the concerns raised and strike a better balance between the needs of different stakeholders. The revised proposal forms the basis for this consultation.
Click to expand...

After Nominet's Fridays .uk webinar which explained .uk proposal via a presentation, I asked this questions to Nominet via webinar, which in a way link V1 feedback and V2 action.

What came across in the presentation is how more secure .uk is going to be than the existing UK tld’s.

In the prior consultation there was very strong and reasoned argument by many that existing .co.uk and .org.uk would be seen as less secure because .uk would be seen as more secure.

Appreciate it is not to the same extend as the previous proposal but more secure is more secure.

Without the security road map announced in June being published to date, it is difficult to see that you have not fallen into the same trap again?
 
Last edited:
No

Lucien Taylor said:
Good point Edwin.

Stephen, did they answer the webinar question?
Click to expand...

At the beginning of the Q & A section, I added would it be possible to add a question as I had asked some before in a meeting but they stated they had a lot of questions already and it was not worth adding it as they would not get around to it.

They only left 10 minutes for questions and answers at the end of the 40 minute presentation and took no questions during the presentation.

I did send Nominet on email on Friday at 14.01 but have not received an acknowledgement or reply.

I could not find a thread on Acorn about the .uk webinar and didn't want to start a thread as want this last few days before the .uk deadline on 23rd September to be about the .uk issues and people completing and sharing their .uk feedback.
 
100% of security enhancements have been dropped from .uk.
 
Stephen said:
Edwin, Did you see the Nominet .uk webinar on Friday?
Click to expand...

No.

If it talked about security, that's a smokescreen.

They're doing that a lot. Talking about two unrelated things in the same paragraph, and letting the audience assume they must therefore be related.

For example, from the introduction to their V2 consultation:

We are committed to the existing .uk registrants and believe that offering the opportunity to register a shorter domain name would help the .uk namespace remain competitive. This would attract registrants to a domain we are making trusted, safe and relevant. Therefore we intend to allow second level domain registration subject to stakeholder feedback to this consultation. This, together with the development of a new Security Road Map for the entire .uk namespace will help Nominet meet its objectives to:
• Fulfil Nominet’s public purpose by increasing security and trust in the .uk name space
Click to expand...

See, if you read it quickly it sounds like they're saying that .uk will make the UK namespace safer.

What they're actually saying is:
A) There is a consultation on .uk
B) There is a security road map that, when developed, will make the UK namespace safer

A) is completely unrelated to B)
B) is completely unrelated to A)

But Nominet keep talking about security every single chance they get (for example by talking about the "security elements" that have changed between V1 and V2) to try and blur the distinction in readers' minds.

I'll repeat: there are NO security elements left in V2.

Therefore the actual change from V1 (as far as security is concerned) could be paraphrased thus: "We have removed all the security elements that were present in V1".

Instead, by enumerating the specific changes one by one, Nominet intends their audience to think "Aha, the security aspect has been changed by the removal of X, Y and Z" without noticing that X, Y and Z is the sum total of ALL security aspects of .uk.

The fact that Nominet are still tricking even those close to the consultation shows that they're doing a brilliantly effective job of pulling wool over the eyes.
 
Last edited:
BTW, by and large the media have been taken in too. Harried journalists don't have the time to parse every sentence and unravel it to find exactly what applies to .uk and what doesn't.
 
just because you have dismissed it- Nominet have not

Edwin said:
The fact that Nominet are still tricking even those close to the consultation shows that they're doing a brilliantly effective job of pulling wool over the eyes.
Click to expand...

The matter in hand is address verification (and maybe address for service for UK non-residents)

In your report on .uk you state :
B) Since address verification doesn't provide actual security, but only a fig-leaf of security, it should not be painted as something that will enhance consumer confidence. The fact that Nominet is seeking to do so is extremely worrying, since it is indicative either of a gross level of naivety about what internet security is actually about, or a deliberate attempt to inflate the perceived importance of a minor and easily defeatable verification step to turn it into a justification for rolling out .uk in the first place
Click to expand...

I do agree with your statement.

Just because you, me and others state that "address verification" is not added security to .uk.

It does not mean Nominet, the media, Registrars trying to sell .uk cannot infer, imply or simply state that with address verification comes more security.

This is Nominet stand alone statement;

• Enhanced checks on data supplied for all registrations. The process would ensure that the named individual resides, or the named business trades, at the specified address. This aims to enhance consumer trust in the registration process and the data on record.
Click to expand...

Security is interchangeable to some with the bolded statement.

I think Alex Bligh has a good take on the matter in his feedback.

Fourthly, this once again means that existing registrants would be disadvantaged. By presenting (probably falsely) registrations in the second level as more trustworthy, this implies registrations at the third level (i.e. all existing registrations) are somehow less trustworthy, or in some way ‘dodgy’.
Click to expand...

So I stand by original security question that I have put to Nominet (above) and I think it is worth raising the concerns raising about .uk being in any way at all as portrayed as more "secure" / "trusted" than .co.uk / .org.uk as all the concerns raised in V1 about this issue would come into play.
 
Last edited:
trust is not security
security is not trust

Nominet bung them together as close as it can possibly squeeze them in the same sentence, as often as possible, but they are different things and they are separate.

It is possible that people will "trust" .uk more if they think (because Nominet over-sold the idea) that a verified address means you know more about the entity owning the domain name.

Address verification doesn't provide security.

Not because I said so, but because it doesn't. (i.e. that's a "fact")

Incidentally, Nominet are guilty of another little trick as well: presenting opinions and facts as of equal (and therefore equally low) value. You can see that in the summary of V1 consultation document, where they say things like "some respondents felt that blah blah blah" about stuff that's not opinion but "fact".

It's like Nominet saying "Some people think the Earth is round". Magically, when you couch a statement like that, it somehow forces the burden of proof onto the people who are having the "opinion". Gosh, so now I have to prove the Earth is round...

Whereas in reality there should be no need to defend facts because, well, they're facts!

Stephen, I understand your concern, but please always be mindful that there are two separate things going on here:

A) There are Nominet's statements (wishful thinking, wouldn't it be nice, fictional, unrelated, tangential etc.)
B) There is reality (fact based)

Even if Nominet say something, that doesn't necessarily affect/have anything to do with reality.

They can talk about security and .uk in the same breath until they lose their voices, but the FACT is there's nothing left in V2 as far as security goes. Read the proposal cover to cover and you won't find anything it that (in reality) will make one iota of difference on the security front.

That's not my opinion. It's fact.

See for example Simon McCalla's statement in the press release introducing the V2 consultation:

In response to the strength of feeling from our first consultation, we are tackling security differently. Moving forward, our approach has changed in two ways. Firstly, we have de-coupled security features from the second level domain proposals and will tackle this as part of a broader security roadmap that benefits the whole namespace. Secondly we will be working with registrars to develop and introduce new security features rather than mandating change.
Click to expand...

It's so subtle, isn't it? "We have de-coupled security features". Yes, that's true. But it's not the whole truth. Because Nominet have actually decoupled ALL security features from the proposal.
 
Last edited:
My connection died during the webinar though I did ask where the new so-called 'private' registrations offered by eg. godaddy would fall within their newer 'security and verification measures' - I assume that it didn't get answered? It was really annoying to see them spend a good chunk of time on security etc. when it was supposed to be about the introduction of .uk...
 
Edwin said:
They can talk about security and .uk in the same breath until they lose their voices, but the FACT is there's nothing left in V2 as far as security goes. Read the proposal cover to cover and you won't find anything it that (in reality) will make one iota of difference on the security front.

That's not my opinion. It's fact.

See for example Simon McCalla's statement in the press release introducing the V2 consultation:



It's so subtle, isn't it? "We have de-coupled security features". Yes, that's true. But it's not the whole truth. Because Nominet have actually decoupled ALL security features from the proposal.
Click to expand...

I agree with your analysis entirely Edwin. One thing that worries me is that although V2 contains no actual reference to enhanced security, as you point out, and neither do subsequent statements such as those by Simon McCalla, that Nominet might be taken in by their own spin. They might be so used to conflating the subjects that they somehow believe themselves that this is also a consultation about increased security, that when they review the feedback and give this the go-ahead they will argue that the positive case for direct.uk and more costly (but still ineffective) security rituals are tied, i.e. they claim that we want more security because the topics were always discussed as one.

I think in providing our feedback it is important to state the case for enhanced security (which seems to be surrounding this consultation) and proposals for exactly how the .uk domain system can be better secured, have yet to be made.
 
Even if .uk was more secure than Fort Knox, it wouldn't tip the balance from bad idea to good.
 
more secure /trustworthy by Nominet

Edwin said:
Even if .uk was more secure than Fort Knox, it wouldn't tip the balance from bad idea to good.
Click to expand...

Agree. In fact I believe if .uk was seen to have any extra security it would be actually worse for the current UK registrants.

The point was any security (real or imagined) at all at the .uk only level was a bad thing, it is Nominet pushing that line not me:

In the prior consultation there was very strong and reasoned argument by many that existing .co.uk and .org.uk would be seen as less secure because .uk would be seen as more secure.​

My issue with security, started from the Nominet .uk webinar were .uk is portrayed as being more secure /trustworthy by Nominet.

If Nominet did as they did on the webinar and talk about/push .uk being more secure / trustworthy by implication / inference .co.uk and .org.uk is seen as less secure / trustworthy and that is a bad thing for the owners of the existing 10 million UK domains.
 
What I'm saying is that splitting hairs with Nominet about exactly how "secure" .uk will make the UK namespace is like trying to argue with somebody who believes the Earth is flat. They're so "wrong" that there's no "compromise position" in between - they're just wrong.

So better to simply state "The revised .uk proposal has nothing to do with security. Nominet themselves have stated that security will be dealt with separately as part of the security roadmap covering the whole UK namespace" or something like that, rather than trying to pick holes in the detail of what they're saying about it. To do anything else is to gratify their non-statements with more attention than they deserve.
 
Last edited:
Lucien Taylor said:
I think in providing our feedback it is important to state the case for enhanced security (which seems to be surrounding this consultation) and proposals for exactly how the .uk domain system can be better secured, have yet to be made.
Click to expand...

Just don't get tripped up.

Our role is to provide feedback about the IDEA of .uk just as much as it is about V2. The consultation is a referrendum on both, although Nominet would love to bury the general in a mountain of specificity.

So there's no need to make a case for "enhanced security" (or indeed any other form of security) since the introduction of .uk will by definition - and completely independent of how it's implemented - make the UK namespace less secure, due to issues such as phishing and misdirected emails that can't be "schemed" around.
 
Edwin said:
Just don't get tripped up.

Our role is to provide feedback about the IDEA of .uk just as much as it is about V2. The consultation is a referrendum on both, although Nominet would love to bury the general in a mountain of specificity.

So there's no need to make a case for "enhanced security" (or indeed any other form of security) since the introduction of .uk will by definition - and completely independent of how it's implemented - make the UK namespace less secure, due to issues such as phishing and misdirected emails that can't be "schemed" around.
Click to expand...

Yes I agree. And I like this suggested wording:

"The revised .uk proposal has nothing to do with security. Nominet themselves have stated that security will be dealt with separately as part of the security roadmap covering the whole UK namespace"
Click to expand...
 
glimpse of the .uk future

Edwin said:
Just don't get tripped up.

Our role is to provide feedback about the IDEA of .uk just as much as it is about V2. The consultation is a referrendum on both, although Nominet would love to bury the general in a mountain of specificity.

So there's no need to make a case for "enhanced security" (or indeed any other form of security) since the introduction of .uk will by definition - and completely independent of how it's implemented - make the UK namespace less secure, due to issues such as phishing and misdirected emails that can't be "schemed" around.
Click to expand...

I'm not making a case for extra security for .uk at all.

The 2 should be 100% split and yes I have read Nominet saying that.

However, after seeing the Nominet .uk webinar, I had a glimpse of the .uk future.

The Nominet spin, the marketing hype, call it what you will but if Nominet did what they did with .uk in the webinar, when launching .uk;
".uk will be presented as more secure, more trustworthy"​

Not everybody in the UK would have read this thread and will take the Nominet statement as it is and believe it and all the negative consequences for the existing UK domains would unfold from their.
 
Suffers from what the board wants! Consultation is just "going through the motions".
 
Status
Not open for further replies.

Similar threads

JimDavies
Why you should Vote NO! to Nominet's Proposed Governance Changes
Replies
15
Views
2K
Whois-Search
Whois-Search
Acorn Newsbot
Nominet Growing technical coalition raises concerns about UN Global Digital Compact process
Replies
0
Views
445
Acorn Newsbot
Acorn Newsbot
Acorn Newsbot
Nominet New tech enables thousands of additional child victims to be counted in sexual abuse images for the first time
Replies
0
Views
215
Acorn Newsbot
Acorn Newsbot
KevDI
Domain Incite GoDaddy getting a free pass from porn jail?
Replies
0
Views
515
KevDI
KevDI
it.com
it.com AI, Domains and Sustainable Growth: 2024 Holiday Reading List from Andrey Insarov, CEO of it.com Domains
Replies
0
Views
273
it.com
it.com
Domain Summit Europe 2025

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

Total: 339 (members: 13, guests: 326)
IT.com

Premium Members

Sedo Global Domain Report
Aucdom Auctions
Catch Club
dot Hiphop

Latest Comments

Upcoming events

New Threads

Domain Forum Friends

DNForum
ConsultDomain.de
Domaineforum.fr
Domainforum.ro
DN.ca
DomainFragen.de
Inforum.in

Our Mods' Businesses

DomainUI Mod
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
      There are no messages in the current room.
      Top Bottom