Last updated: 
4 months 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Nominet consultation response

Monday, April 29, 2013 - 11:45

Thanks to all those who have provided feedback on Nominet’s proposal to allow the creation of domains directly under .uk subject to certain conditions. I hope I’ve picked up all the points raised in the Janet response I’ve just submitted, but you still have a couple of weeks if you’d like to submit your own thoughts to the consultation.

On the security proposals I’ve given a general welcome, but suggested that it needs to be clearer exactly what the ‘malware scanning’ of new domains will involve. For example is it just websites, or other services too? It’s important both for registrants in the new domains and for their users to understand what threats will be checked for. I was also reminded that suspending a domain is likely to mean it can’t send or receive e-mails, so registrants will need to have an e-mail address in some other domain to tell Nominet that they have fixed the problem! I’ve pointed out that any trustmark will need to be promoted and strongly policed to prevent unauthorised sites just copying the graphic. And, while welcoming the proposal to make DNSSEC mandatory in the new domains, I’ve stressed that this mustn’t result in reduced effort to have DNSSEC adopted in other .uk domains and registries.

Nominet have proposed that there be a contractual ban on selling third level domains in the new second levels. I’ve strongly supported that, both because if third-level domains were delegated it would be very hard to ensure that those registrants also met the security criteria applied to the second-level registrant, and because of the opportunities for confusion and misuse if it were possible to sell domains in parallel hierarchies such as, or To avoid those sorts of problems I’ve also supported Nominet’s proposal that domains matching existing top-level domains should not be allowed (though I’m not clear how this is going to be extended to cover new generic top level domains created over the next couple of years by ICANN).

Finally I’ve welcomed the reassurance that there will be no change (including to costs or technical requirements) to existing second level domains, and reminded Nominet that this must also extend to existing second level registrants (not all the SLDs under .uk are hierarchies!). One interesting question is whether the processes for managing the .uk zone file will change. In the past additions to that zone have only been made very occasionally to add new hierarchies, but in future the file will need to change whenever a new domain is registered. Any new process will need to ensure the appropriate level of security and stability for that key part of the DNS.

In the New Year we’ll be looking at Nominet’s proposals for the .cymru and .wales domains: suggestions welcome on those. But in the mean time Nadolig Llawen/Happy Christmas.

[UPDATE] a couple of other organisations have compared notes with us on their submissions: UCISA and ISOC(England)

[UPDATE] Nominet's board have decided that the consultation did not show sufficient consensus to proceed with the proposed plan. They will instead be looking at other options to deliver those parts of the plan that did have support, including wider deployment of DNSSEC.