Out-Law News 2 min. read

ICANN sets security standards requirement for new 'top-level' domain registries as Nominet resurrects '.uk' plans

Applicants hoping to win the right to control the registries of new generic 'top-level' domains (gTLDs) will be obliged to adhere to security standards that help direct internet users to websites they seek to access.

ICANN (Internet Corporation for Assigned Names and Numbers), the body that oversees the identification of websites, will require new gTLD registry operators to implement the Domain Name System Security Extensions (DNSSEC) standard.

DNSSEC is a security protocol that assigns a digital signature onto website addresses and validates that the correct website being sought access to by internet users is delivered to them. It helps prevent the manipulation of data that can drive traffic to alternative websites.

ICANN is currently in the process of considering the expansion to the number of 'top-level' domains that are in operation on the internet. Top level domains are the suffixes to addresses and include familiar address endings such as .com, .org and .net. 

Last summer ICANN announced that nearly 2,000 applications had been made for new generic 'top-level' domains (gTLDs), ranging from '.bank' and '.insurance', to '.store' and '.shop'. A number of the world's biggest online companies, including Google, Microsoft and Amazon, are among those seeking to operate some of the new gTLDs that have been applied for. The registrars would be responsible for approving individual web addresses rooted at the new gTLDs.

Now ICANN has published a new Registry Agreement (93-page / 2.25MB PDF) which those successful in winning the right to operate the new gTLDs registries will have to comply with.

As well as implementing the DNSSEC standard, the registry operators will be obliged to abide by the rules of the Trademark Clearinghouse. The Trademark Clearinghouse allows brand owners to pay to list their trade marks in an index that new gTLD registrars are obliged to refer to before allowing new web addresses to be rooted at the new domains.

ICANN said that it had also set "enhanced" requirements for registries in relation to the information that they would be require to collect about website operators.

"This new Registry Agreement means we've cleared one of the last hurdles for those gTLD applicants who are approved and eagerly nearing that point where their names will go online."
Fadi Chehadé, ICANN president and chief executive, said in a statement.

The first right to operate some of the gTLDs that have been applied for could be awarded before the end of the year.

In a separate development, Nominet, the internet registry for '.uk' domain names, has unveiled new plans that would allow businesses to apply for website addresses rooted at just the '.uk' domain, (8-page / 102KB PDF) as opposed to at '.co.uk', for example.

Nominet had previously consulted on '.uk'-only domain name plans but dropped them following a lack of appetite from stakeholders. Now the registry has resurrected the plans which it said had been amended to reflect the views received in its last consultation.

Under the plans businesses that own existing domain names rooted at '.uk' would have a "right of first refusal" to secure a '.uk'-only domain name. Nominet said the new regime would offer improved security.

"We listened to the extensive feedback on the initial consultation and the revised proposal is significantly different as a result," Lesley Cowley, chief executive of Nominet, said."We believe this is the right step to safeguard the long-term relevance of the .uk namespace in the face of unprecedented competition. By attracting more consumers and businesses to a trusted and reliable online home, we can continue to make a strong contribution to the thriving UK digital economy. But we are determined to harness the views of stakeholders so that, if we proceed, we do so in a way that is fair and practical."

Simon McCalla, Nominet’s chief technology officer, added: “In response to the strength of feeling from our first consultation, we are tackling security differently.  Firstly, we have de-coupled security features from the second level domain proposals and will tackle this as part of a broader security roadmap that benefits the whole namespace.  Secondly we will be working with registrars to develop and introduce new security features rather than mandating change."

Nominet's revised plans are open to consultation until 23 September.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.