STATEMENT OF THE INTERNET SOCIETY ENGLAND CHAPTER
The English Chapter of the Internet Society (www.internetsociety.org.uk) thanks the members, board and staff of Nominet UK for the invitation to comment on their important proposal for substantial changes to the management of the UK domain name system known as direct.uk.
The Society has conducted a consultation of its own members which is summarised below.
In this paper we shall be touching on the following:
- Double registration of domains
- Trademark Issues
- Loss of Hierarchy
- Is .uk in UK?
- Lack of justification for proposal
- Operational Risk
- DNSSEC Adoption
- Legality under Digital Economy Act 2010
- Second level UK Domain Policy
Double-registering of domain name space
Some members think direct.uk has the potential for making domain names shorter.
However there is considerable concern that current holders of .co.uk and .xx.uk (where xx is a second level domain) are affected negatively in two ways:
Legitimate added value of active domains can be affected negatively. For registrants, this introduces a need to register a second level domain themselves for an additional fee, should they wish to safeguard their invested trade.
This is seen very negatively as being motivated by Nominet looking to sell more domain
names to organisations having already registered under .uk via the current second level domains.
Secondly, registrants of active .co.uk domains have invested in their online branding, search engine listings and other directory services. Some search engines prioritise listings by keywords found in domain names under higher levels of the domain name system, i.e. second level before third level.
As commercial entities they are likely to view entries in direct.uk as potential passing off opportunities and will wish to register themselves in direct.uk as well. Those who succeed will end up paying twice for no added benefit compared to prior to introduction of direct .uk registrations. Those who do not register under direct.uk will end up risking confusion in their online brand.
How will Nominet ensure trademarks are managed for direct.uk, in particular where there are trademarks across different classes held by different entities with one holding the mark in .co.uk and others wishing to register in direct.uk?
Loss of Hierarchy
Concerns are being raised that the UK Namespace which until now is well ordered with second level domains (such as .org.uk, .gov.uk, .ac.uk, .co.uk etc. ) representing distinctive communities will lose the ability to discern whether a domain originated from an educational establishment, government or a company as the current second level domain service indicates. This blurring of lines was seen as not favouring the public interest.
But with proposed direct.uk second level domains looking to have special security status, the clear hierarchy appears to be reversed – the non- hierarchical name-space being counter-intuitively marketed as “better” protected. How will direct.uk distinguish security policies for SLDs from new direct domains so that the market is not confused in the UK or
Is .uk in UK?
While recognising the urgency of the need to give greater confidence that the use of .uk means that the registrant is subject to UK law, the status today is that residency of .uk services cannot be determined. Clearly some work needs to be done in order to clarify this situation. ISOC England is willing to work with interested parties into future consultations to explore and establish potential solutions for this matter.
In the meantime, it is widely believed even by a “security expert” on the BBC Today Program in late November 2012 that a .uk domain means the site is in the UK.
The uncertainty this imposes on users suggests there is a need to give greater confidence of what jurisdiction a service using .uk is operating. Direct uk does not appear to offer a solution to this issue.
How can Nominet correct this false impression for .uk when it is promoting
direct.uk domains as having a UK physical contact address but with no guarantee of UK resident Internet services? Can Nominet explain how a postal mail PIN delivery process adds value for direct.uk domains and will not continue to confuse the market? Will users really distinguish between the values of a .co.uk? a .ltd.uk and a direct.uk domain?
Lack of justification for proposal
Nominet has not justified why direct registrations under .uk are needed. The security mechanisms could just as easily be provided under a new or existing SLD such as ltd.uk or plc.uk which are both low volume and limited community managed zones.
Is it the role of a ccTLD operator to offer such services as malware scanning on third party networks and so forth?
Nominet has not shown why as a ccTLD operator it should be both delegated authority for domain of .uk AND the regulator of the .uk Register AND now add further roles in regulating content and services of devices on other networks which may resolve for direct.uk domains as well as others.
DNS resolution is a best effort service on the Internet. However malware scanning of third party devices implies quality of service metrics and so could be open to substantial risk of damages. Such damages could arise from any part of the world, from users, from registrars, from
network operators, from registrants or service providers. It could arise from faulty scans, damage caused by scans or where scans were legitimately blocked by local providers and expectations of users of “security” were falsely raised.
Risk of legal action from non best effort services would be a substantial change in the business model and Risk for .uk.
We should note that the increase in risk from litigation for damages from anywhere in the world could be so substantial as to weaken the robustness of the .uk Domain Name System as a whole including existing SLDs.
How can Nominet justify adding such unquantifiable risks within the operations of a private sector entity operating as a ccTLD registry for the UK?
Security of the .uk domain space and its reputation can be improved substantially through the adoption of DNSSEC. In 2010 the Nominet board signed .uk on behalf of all .uk but into 2013 take up by service providers, registrars, and users remains low.
More work and investment is needed in the UK to seed research and services to improve awareness, tools, training and infrastructure support for DNSSEC for all .uk domains.
The opportunity exists to expand security for all .uk domains using DNSSEC and it is questionable policy to restrict emphasis for security to direct.uk domains.
How will the direct.uk project avoid being a distraction to a key priority of promoting DNSSEC security services for all .uk domains?
Compatibility with Digital Economy Act 2010
Would Nominet’s proposed move to make registrations directly under .uk make implementation of the Digital Economy Act 2010 Sections 19, 20 and 21 by the Government more complicated and costly?
Second level UK Domain Policy
direct.uk has put current SLD policy as of March 2004 in disarray irrespective of outcome of consultation. http://www.uksld.org.uk/page/procedure.html
It is not clear following direct.uk proposal how community-led SLDs are intended to be established and function under .uk going forward.
As a reminder:
.co.uk, .ltd.uk, .me.uk, .net.uk, .nic.uk, .org.uk, .plc.uk and .sch.uk are managed by Nominet UK.
.gov.uk, .mil.uk, .ac.uk, .mod.uk, .nhs.uk, .parliament.uk, .police.uk, .bl.uk, .british-library.uk, .jet.uk and .nls.uk are not.
Some contributions from ISOC England members make suggestions about implementation phase – and these may be premature. One example is for the direct.uk proposal to preserve the rights of the current .co.uk users by providing the second level domain registration at a discounted cost-recovery basis fee to current holders of the third level registrations. Alternatively, current third level registrations could be kept in a “reserved” list so as for second level registrations to avoid clashing.
Should direct .uk move towards implementation, the complexity and uncertainties so far raised indicate that a fresh outreach consultation will be needed.
In conclusion, the English chapter of the Internet Society urges caution regarding the direct.uk proposals. In the absence of consensus for direct .uk and in view of the risk to stability of uk domain name system the conclusion is NOT to implement direct .uk plans to shorten domains as proposed.
Should the proposed security mechanisms be justified they could just as easily be provided under a new or existing SLD such as ltd.uk or plc.uk which are both low volume and limited community managed zones.This would be more consistent with the well established management of the UK domain name space.
Stability and Security of Internet services is an important priority for users. The chapter would prefer enhanced support for the deployment of core Internet protocols that can provide users across the whole of .uk with improved security such as DNSSEC. The benefits of malware scanning as proposed do not appear to be core to ccTLD operations nor likely to be dependable for users.