Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

Splitting .uk security issues from direct.uk

Status
Not open for further replies.
Whois-Search

Whois-Search

Joined
Dec 25, 2004
Posts
1,970
Reaction score
380
In my personal opinion I think most members are now missing the point here in this announcement:
http://www.nominet.org.uk/news/latest/update-directuk

You are being blinded by the "we have listened" rhetoric and the prospect of .uk being "shelved":
http://www.bbc.co.uk/news/technology-21609406

This is because Nominet's imaginative (poor communication yet again) statement leaves the reader uncertain about the future:

As a result, we are going to explore whether it is possible to present a revised proposal that meets the principles of increasing trust and security and maintaining the relevance of the .uk proposition in a changing landscape.
Click to expand...

If you actually leave this point to one side:

•A revised phased release mechanism based largely on the prior registrations of domains in existing third levels within .uk and in which contention between different applicants for the same domain name should be reduced or eliminated.
Click to expand...

Which without doubt will be used to launch .uk in 2014...

All these measures could now be applied retrospectively to .co.uk etc:

• Measures to improve security across the whole of the .uk namespace. This would include increased focus on encouraging the adoption of DNSSEC.
• A firm focus on registrant verification and some form of UK presence.
• Further investigations into the impact on the SME sector.
• An appropriate pricing model.
Click to expand...

This is further highlighted by this statement:

The objective of raising trust/security was welcomed, but many disagreed with the proposed approach, suggesting that standards should be raised across the whole of the namespace. On individual security features, there was qualified support for options such as DNSSEC, but scepticism about whether the proposed trustmark would be effective. There was significant support for address validation, though some would like us to do more, and others would like us to do the validation process differently. There was clear support that the sale of domain names should be only through registrars who could meet a level of service and data quality.
Click to expand...

And the board report:

The Board received a review of pricing of domain registration and renewals. It was agreed to hold the levels of pricing at their current levels until the next review. It was agreed that the pricing for other services provided (e.g. transfers of domains) would need a more detailed review and that this would take place as part of the forthcoming registrar agreement terms and conditions review.
Click to expand...

Therefore if Nominet were to do as Alex Bligh suggests and split the security issue from direct.uk product itself:
https://twitter.com/alexbligh/status/306800203023917056

N.B. Which Nominet should have done in the first place instead of trying to use it as a marketing hook to get the civil servants on side

How would you then like...

  • Being forced to buy DNSSEC for each of your .co.uk domains?
  • Or losing your registration if your an overseas registrant and have to pay for a UK proxy service?
  • Or the cost price of .co.uk etc goes up to meet additional security features?
  • Or require a pin code to validate your .co.uk registration?
  • Or losing your TAG if you can't meet "a level of service and data quality"?

Let's not forget this consultation is going on at the same time:

A set of draft proposals for a revised .uk Registrar Agreement will be published for further stakeholder consultation shortly.
Click to expand...
http://www.nominet.org.uk/how-parti...ussions-and-consultations/review-uk-registrar

Therefore the fun has only just started comrades and this is not 'over' by a long way.

:rolleyes:
 
I agree with much of what you say.

and I'll say again you will not find a person who would not like the co.uk business space to be .uk

A word of caution to Nominet though it could be a little bit like woolworths not being entirely happy with their brand but sometimes it's more painful to try to change.

Of course Nominet are going to continually look to move forward and keep apace with change and if they could wave a magic wand and co.uk was .uk it would probably work but for blaringly obvious reasons, they can't. And this process now has a recent history which will continually come back to bite them.
 
Good post Andrew

Agree with you 100%

The announcement was encouraging yesterday - but this battle is far from over - nothing worse than settling into a false sense of security.

You're right about security being the hook that lured the Government departments. However they might have felt a bit foolish when Nominet broke the news that it was security + a shorter .uk domain.
 
Whatever progresses from yesterday onwards - I'm far more confident that it wont be the spin-doctored approach that was inplace.

I agree with the consensus. Of course we would love all our .co.uk's to be just .uk. But, I'd like to think we would far more care about "UK being a great place to be"

Given some of the comments It's always going to be difficult to keep 'Personal interest' separate. So in the same vain I have to say none of your bulleted points Andrew would seem unfair to me personally
 
I very much doubt 'being forced to buy dnssec for a .co.uk' will ever be on the table. At least not at the registrant level. The vast majority of registrants barely understand what a domain is.

Sometime down the line there may be a push towards a registrar 'requirement'.
 
They could adopt Edwins proposals but from where we are now I don't think Edwin would be making those proposals.
A migration would be acceptable but can they pay compensation to co.uk holders for the work involved.

I think we should be vigilant but not phobic.

Anyone now investing in co.uk can feel as secure as in any other extension there is not going to be a massive unforseen cost around the corner.

to put things in perspective.
If a person had registered 300 domains, encourage by nominet to do so over the years, they were proposing that if you were not a nominet member and had bought your names from a registrar who promoted nominets brand and paying say £6 per year for your 300 names = £1800 per year, you would now need to protect your investment by registering 300 .uk's ( if you could get them) from the same registrar costing say £28 per year, a further £8400 per year retail.

Costs would have risen from £1800 per year to £10200 per year.
Good work if you can get it.
 
If there was a migration from .co.uk domains to .uk (approved by nominet) I could easly see .co.uk becoming as active as say .org.uk/ ltd.uk etc nothing more ( a secondary choice)

Them saying we would continue to support .co.uk is a bit of a 'King Canute'
 
Bailey said:
If there was a migration from .co.uk domains to .uk (approved by nominet) I could easly see .co.uk becoming as active as say .org.uk/ ltd.uk etc nothing more ( a secondary choice)

Them saying we would continue to support .co.uk is a bit of a 'King Canute'
Click to expand...

My understanding of a migration would be to phase out the co.uk completely at some time in the future. Big risk though killing such a branded extension causing huge confusion, probably a non starter.

So no real solution without launching .uk as a direct competitor to co.uk and we all know 9,000,000 co.uk domain owners are not going to allow that. Game Over.
 
websaway said:
So no real solution without launching .uk as a direct competitor to co.uk and we all know 9,000,000 co.uk domain owners are not going to allow that. Game Over.
Click to expand...

Game-over being the best possible outcome - In case I'm inadvertently sending mixed messages
 
Last edited:
"real" security

Agree with your observations.

After reading quickly the 80 page overall summary produced by the .uk policy secretariat, I believe they are weighting their aurguments on a few people who completed a flawed consultation document as a desire to go forward with security they have suggested.

http://www.nominet.org.uk/sites/default/files/SummaryofdirectukFeedback.pdf

Those people did not have to do anything more than tick a box and not add a comment and all of sudden we have support.

They have not yet and will not be able to deal with the many serious objections and logically reasons why their efforts and suggestions at security will not work.

Nominet really need to go away and think serioulsy about "real" security for the users of the UK namespace.
 
I think before Nominet set out on their investigation a movement should be started.

" No Direct Competitor To co.uk In the UK Domain Space "

or the like, Keep it simple so everyone can grasp it, no personal interests involved just the fact that the uk business domain space has already been sold through 9,000,000 registrations of co.uk.
 
The biggest problem is that Nominet has treated the opinions of people without even the first clue about internet security, and those of people well versed (if not expert) in the subject as being of equal weight.

The reality is that there should be a minimum standard of "credibility" that a response achieves (as measured by an UNBIASED security industry observer) and if it doesn't meet that burden then every last word of that response should be thrown in the bin.

It's unfair to pick and choose the words of the clueless to counter the words of the knowledgeable, because the former aren't constrained by reality!

The following are fact:
- Introducing .uk increases the risk of successful phishing attacks
- Introducing .uk increases the probability of mis-directed email
- Trust marks mean nothing to most people, and can very easily be faked
- If you suggest something is more secure, people will relax their behaviour - it's human nature (i.e. a "veneer" of security can do more harm than good, if the actual security improvements are slight)
- The address verification process does nothing to validate IDENTITY
- DNSSEC will never be adopted voluntarily in meaningful numbers
- Increasing the security of .uk in isolation implicitly decreases the perceived security of .co.uk
- Taking a website offline (e.g. for malware) will have SEO implications that may not be resolved quickly, if at all, even if it's put back online promptly (Google is fickle)
 
Last edited:
Edwin said:
- Taking a website offline (e.g. for malware) will have SEO implications that may not be resolved quickly, if at all, even if it's put back online promptly (Google is fickle)
Click to expand...

Taking a website offline can be catastrophic in terms of G. Something to avoid at all costs!
 
Status
Not open for further replies.

Similar threads

Acorn Newsbot
Consultation opens on significant changes to .UK registry systems
Replies
4
Views
487
JMI
JMI
Acorn Newsbot
GoDaddy getting a free pass from porn jail?
Replies
0
Views
90
Acorn Newsbot
Acorn Newsbot
rob
This will probably affect you - big changes coming
Replies
0
Views
282
rob
rob
Acorn Newsbot
Science, Innovation and Technology Select Committee review cyber resilience across Critical...
Replies
0
Views
97
Acorn Newsbot
Acorn Newsbot
Acorn Newsbot
Where next for global governance of the online world?
Replies
0
Views
110
Acorn Newsbot
Acorn Newsbot

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Featured Services

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Be a Squirrel

Latest Comments

Spread the Word!

Acorn Domains Merch
MariaBuy Marketplace

New Threads

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Service
Laskos
URL Shortener
*the exceptional businesses of our esteemed moderators
Top Bottom