Nominet, the operator of the DNS registry for .uk, has issued a consultation on opening the second level for direct registration, allowing domains of the form
example.uk. Nominet will continue to operate and accept new registrations in the third level, for example under
Nominet is branding this direct registration initiative direct.uk
Security and monitoring
In 2010 Nominet adopted as part of its mission statement “Delivering a safe and secure .uk”. In furtherance of that objective direct.uk registrations will be subject to a variety of new security measures:
- DNSSEC signing of direct.uk registrations will be mandatory
- Nominet will apply “routing monitoring of domains for malware and viruses”, and will “notify registrants when their domains is affected and provide advice and guidance on steps that they can take to eliminate the malware or virus”.
- Nominet will suspend direct.uk domain registrations in cases where malware or a virus persists on the domain, until such time as it has verified the domain to be malware and virus free.
- Nominet will also launch a visible “trust mark” that web site operators can use to promote the presence of these security measures.
Nominet’s FAQ gives the opportunity to boost security as the #1 reason to makes these proposals
Q. Why are you proposing to introduce .uk?
A. We believe that this new service can help create and even more trusted online home for British businesses. We how it will help guard against cybercrime (which costs the UK approx £27 billion per year) and play its part in created a trusted space for businesses and consumers.
We know there is market demand. Recent research indicates businesses require effective and convenient tools to ensure the integrity of their online presence and achieve a high degree of customer confidence. Since our inception in 1996, we have been asked several times about whether registrations at the second level would be possible.
— Nominet consultation paper,
FAQ on page 18
Nominet also states
We believe that these measures would provide tools that actively address the UK Government’s Cyber Security Guidance for Business and its Ten Steps to Reduce Cyber-Security Risk, specifically the steps relating to Malware Protection and Network Security to protect against internal and external attack.
— Nominet consultation paper, p. 7
Handing Nominet the right to scan domains for malware and suspend them where it persists is likely to be the most controversial of these proposals. Nominet justifies the proposal by saying
Ensuring internet users’ confidence that visiting domains in direct.uk will expose them to minimal risk of infection is a key feature of our proposals. As such, we believe that registrants should be required to resolve the infection following notifications as soon as reasonably possible in order to preserve the integrity and trust of the direct.uk space.
— Nominet consultation paper, p.7
Nominet does not clarify exactly what it means by “monitoring the domain” for malware and viruses. For technical reasons, it might be presumed that the monitoring will be limited to scanning public pages of web sites operated on each domain, but no specifics are given in Nominet’s announcement.
UK postal addresses only
Nominet is proposing that registrations in direct.uk be limited to registrants with verifiable UK postal addresses where they can be served with notices. It suggests that the registration process might involve it asking for a UK postal address, and then posting a PIN code to address, which must then be resubmitted online in order to complete the registration (page 9).
No re-sale at the third level
Nominet is proposing to prohibit successful direct.uk applicants from reselling sub-domains created at the third level. Registrants will still be permitted to create sub-domains for their own use.
Its stated reason for this restriction is
“However, we also wish to ensure the integrity of the direct.uk space and to avoid customer and registrant confusion and would thus seek to minimise abuse and contractually prevent the sale of sub-domains by registrants to third parties.”
— Nominet consultation paper, p.11
Two sunrise periods
When direct.uk registrations are first launched, Nominet plans to operate not one but two “sunrise periods”, before first-come first-served begins: in the first sunrise period, owners of registered trademarks will have first choice of domains corresponding to their trademarks; in the second, existing registrants with domains in use in the third level, such as .co.uk and .org.uk, will have a chance alongside others claiming “unregistered trade mark rights” to claim a corresponding direct.uk domain, before new applicants.
Nominet is not currently proposing to extend the security and address verification requirements in .uk to existing domains in
It would be unfair to retrospectively impose a new suite of features and requirements on co.uk or any of our other TLDs. .co.uk is already very successful and not all of the existing registrants would want or need the features we are proposing to include in the new service. We are expanding the portfolio to provide a greater choice within the respected .uk portfolio for businesses.
On the other hand, some might think that the same justification for restricting resale of sub-domains, that web site visitors might be confused as to whether they are protected by Nominet’s security enforcement procedures, would also apply to
.co.uk. If these proposals go ahead, domains under .co.uk other pre-existing second level domains would be the only domains under .uk that didn’t benefit from Nominet’s security enforcement measures, which might then be said to lead to “confusion” and harm the “integrity” of the “trusted .uk space”.
Nominet’s consultation therefore also asks if respondents believe aspects of this proposal should also be introduced into
.co.uk over time.
Nominet’s consultation is available for comments, which must be received by 7th January 2013.