Feeds

Nominet pilots .co.uk domain security pump-up

Lays an egg, hopes chicken will ensue

Intelligent flash storage arrays

Dot-UK registry Nominet has started piloting a free service designed to help UK businesses boost the security of their websites' domains.

The DNSSEC Signing Service "will allow registrars to quickly and easily implement DNSSEC by relying on Nominet to manage the cryptographic signing process, management of keys and publishing records to nameservers and zone files," Nominet said.

The organisation said the hosted service will be free to use for .co.uk domains until January 2013, after which it will start charging an extra fee, probably 50p per domain per year.

DNSSEC, for Domain Name System Security Extensions, adds a hierarchy of cryptographic signatures to domain records, enabling browsers to verify that internet addresses have not been tampered with by phishing or cache poisoning attacks.

It's complex to deploy, however, requiring ongoing management of the cryptographic keys used to sign the domains. For the registrars targeted by Nominet, it could also require infrastructure upgrades.

Matt Mansell, CEO of registrar DomainMonster, said he doubts his company will sign up to Nominet's service – it likes to keep its DNS infrastructure in-house – but suggested it could be of value to smaller Nominet registrars, which comprise the majority.

"Registrars have no choice but to participate in DNSSEC," said Mansell. "It's going to be in demand, whether from a small subset of customers or from all customers remains to be seen."

He said he expects large corporate customers to be early adopters, but that others will be slow to embrace the technology, a view shared by other registrars.

While the security community by and large thinks blanket DNSSEC deployment would be a Good Thing, it currently faces a chicken and egg adoption problem.

Due it its cost and complexity, ISPs, browser makers and registrars don't want to support it unless their customers demand it, and customers currently don't know about it and aren't asking for it.

"Customers don't care about DNSSEC. They don't give a damn," Michele Neylon, managing director of the Irish registrar Blacknight said during an ICANN workshop in Singapore last month.

Out of 50,000 customers, only one had requested a signed domain, he said. Without a compelling business case, adoption is likely to be sluggish, he indicated.

Mansell said DomainMonster, which does not currently support DNSSEC, would be likely to do so as part of a premium-price package including extra security measures such as two-factor authentication.

That's a similar model to that offered by Go Daddy in the US.

VeriSign started supporting DNSSEC for .com sites this March, and to date the number of signed domains is believed to be in the low thousands.

VeriSign executives said at the ICANN workshop that 26 of its 900-plus approved registrars, including seven of the top 10, have signed at least one domain. But no registrar had more than 1,000 domains. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.