The road to a more secure .uk namespace – Simon McCalla

20th November 2013

We made a number of major announcements today about the future of the .uk domain name space. One of the key aspects of this suite of initiatives is our work on enhancing the security of and trust in UK domains.

We’ve listened to feedback to recent consultations and taken a view that our role in securing the UK namespace needs to be one that encompasses all domains whilst allowing flexibility and freedom to choose from products and services that are not mandated by us. This means that we will seek to increase the range of available security products and services available through partnership and our own research and development activities.

As such, we’re investing significantly in boosting the security of the entire namespace, for all .uk domains. The goal is to help all .uk domain owners, businesses and consumers alike, protect their domains from attack and exploitation.

This programme of activity kicks off with a number of specific products for internet domain registrants and users, including enhanced domain-locking, which will help mitigate the risk of accidental or malicious website redirection, and new registrar security features, both of which will be released in the first quarter of 2014.

A second core area of focus lies in understanding the level of security and trust associated with the UK namespace, looking at key security identifiers alongside technical and human behaviours. This will help warn of situations where, for example, a website is vulnerable to being infected by malware that could hijack a domain for a concerted series of phishing attacks, or which might have its e-commerce platform hacked to deliver identity and payment information to criminal elements. It will also help inform domain owners on areas in which they can improve the security of their domains. We believe that by providing everyone with helpful and targeted security information, we can create an environment where security features are easy to understand and desirable to adopt.

We are investing heavily in our R&D team, increasing both the number of staff and the funding we’re putting into areas of advanced research that we expect to lead to exciting new security products and services. This work has already started to pay off; our advanced prototype DNS monitoring technology has allowed us to identify significant bugs in the global internet infrastructure which we were able to ensure were fixed before they could be abused. Our work on combating spam and malware domains continues at pace and is showing very promising results.

The nature of this kind of innovation and development is inherently experimental. Some of our initiatives will be highly successful, and some will need to return to the drawing board for further work: that’s why my team and I can’t be more precise on the details of some of these projects at this stage. We’re intent on focusing our research work towards the direction of higher security and trust indicated in our announcements today, and will provide updates as specific initiatives firm up into products and capabilities. We have strong and definitive plans for our developments in this space, and where and when practical, will share details.

What I can commit to today is that we will be piloting and deploying new and exciting technology that we believe will significantly enhance the security and trust in .uk domains, sustaining our position and relevance as a world-leading trusted domain name space. Look out for more announcements and for opportunities to trial these exciting new services in the months ahead.