• Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Where the hell is my website? (Part 2)

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   This topic is locked: you cannot edit posts or make replies.   Printer-friendly version    Networking/Security Forums Index -> Connectivity // Telecommunications // Internet News

View previous topic :: View next topic  
Author Message
Forum Fanatic
Forum Fanatic

Joined: 18 Apr 2002
Posts: 16777201
Location: ~/security-forums


PostPosted: Fri Jan 31, 2003 2:58 am    Post subject: Where the hell is my website? (Part 2) Reply with quote

-By Kieren McCarthy

Website hacking, email viruses and server failures are the great enemy of online businesses but in many cases it is the very people providing the building blocks of the Internet who are to blame for disruption.

In the first part of this article, we covered how and why there were so many domain disasters, outlined where the system had gone wrong and pointed to some of the attempts made to bypass the flaws in the ICANN-run system for "global" top-level domains.

In this part, we look at how an entirely different system has developed in the UK and investigate its strengths and weaknesses. Then, we review how the current systems can be improved and strengthened and finally offer a short guide to all domain name owners on how to keep control of their own online property.

ICANN and Nominet compared

When it comes to domains, ICANN and Nominet are two organisations with the same brief: to create a competitive system of domain sale and exchange that keeps fraud to a minimum. As we have already discussed, ICANN's approach was to remove itself from the entire picture while enforcing annual fees on accredited registrars for the right to sell domains. In effect, acting as a bank for property developers who then go on to sell property to the man in the street.

UK registry owner and manager Nominet on the other hand acts as more of a local authority overseeing council accommodation. Nominet does allow itself to be considered the ultimate authority when it comes to domain issues. Most crucially, as soon as someone buys a domain name Nominet considers that a contract is formed between itself and the registrant and not between the company that sold the domain and the registrant.

We spoke to Nominet's managing director Lesley Cowley, who explained the thinking behind its approach. "Without being boringly legal, we consider there to be a contract with Nominet. Even if the domain name is detagged [expired and on the delete list], it is still a valid registration. It goes into our pile and we attempt to make contact with the owner. If we don't hear after six to eight weeks it then gets cancelled. It's not a fast process but we do take a lot more care."

The advantage to this approach is four-fold. One, the person who paid for the domain is given extended rights; two, there is an ultimate decision maker in the case of domain troubles; three, the opportunities for fast practices are removed since registrars at no point own the domain; and four, everyone knows how the system works in every case. This small change in itself would remove a large percentage of domain problems under the ICANN-run system.

While only a select few companies have ultimate control over .com domains, in the UK, there are thousands - in fact 2,700 - that are entitled to sell domains. Ms Cowley elucidates: "With the dotcom market, you have to be an accredited registrar but when Nominet was set up we decided not to take that route. To not abuse our unique position. You need energy and competition in the market, and that means not having to jump any barriers."

Letting the market make decisions

To prevent the UK system from becoming stilted however - or perhaps better put, to allow the UK market to benefit from the innovations that competition brings, Nominet maintains a very hands-off role. "As much as we can, we let the market decide. I can't decide business models. Who am I to judge?" says Ms Cowley.

Nominet will act as the final port of call in any dispute however. "If you cannot get an ISP to take action, we will do the checks necessary. But we will charge you for it," Ms Cowley tells us. In all, Nominet is asked to intervene in 5,000 cases a month - just five per cent of the total number of transfers, we are told.

So is this structure of domain name allocation a utopia? No, far from it. As anyone can potentially become a domain seller, cowboys are inevitably drawn to the market. And to attract attention they usually charge lower rates than everyone else. They will most likely not have advanced computer systems for moving domains about and, as many will people have experienced first-hand, they tend to hire support staff with a very limited appreciation of the issues involved.

The UK has also been slow to see innovations that are common in many US registrars. For example, simple, easy-to-use online control panels that allow domain owners to change details with a minimum of fuss are still limited.

Some UK companies create charges to tie you in. Most blatant is a hefty fee to transfer a domain away from them. In the US, this is far less common as many ICANN-accredited registrars insist transfers are done for free by the losing registrar as a means of encouraging competition. Registrars under the UK system are free to set their own rules.

Lesley Cowley refuses to be drawn into this anti-competitive behaviour, saying only that you should check before you sign up with a particular company. However, an increasing number of problems with rogue registrars has prompted Nominet to introduce a new system from 1 February this year in which Nominet will step in to a dispute and move the domain for the owner. It costs 15 - which is peanuts compared to some charges and when weeks can often be spent trying to force a domain handover.

While Nominet's approach to expired domains also prevents many disputes from happening in the first place, it is however exceedingly slow for a competitive market. One registrar reckoned that expired UK domains sit in a pile "forever and a day" before being released, preventing anyone else from doing anything with them.

In global TLDs, a huge market has been built up around released domains. Some charge only if the domain is "won", some have a fee for a certain time-period of attempts and the most daft have a non-refundable fee placed on a particular domain just in case it is not renewed. Ms Cowley recognises the expiration delay is a problem. "Nominet should do something, we're not sure if we will or not or if we will do it in the same way [as the gTLD market]."

The future of UK domains

Tied in with this, Nominet plans to get rid of the hassle of having to renew domains every few years. The ICANN system has recognised the fact that many people will want the domain forever and so have extended the options so people can buy domain for five or ten years, instead of the normal two. Nominet plans to take that one step further: "We are looking at changing the renewal process so you can tick a box that says you want the domain in perpetuity," she explains.

Again, at a stroke, a huge number of problems will be solved. But would such a system take hold in ICANN's system with so much money now being made by registrars persuading customers to part with more cash to ensure their domain is automatically renewed?

Despite some excellent changes, there is still some way to go with Nominet though. We ask if it is planning to introduce a system that will prevent people from having to call, email and fax requests to different registrars in order to get a simple electronic transaction done. Surely some combination of digital signatures and password control should allow a company to assume authority and carry out all the tasks for the owner and charge a small fee in return? The US has examples of this working already.

Ms Cowley tells us they are looking at it but the jury is still out. Such a change is in the pipeline though? "Well, not in the pipeline. There are a number of thoughts but the jury's out on how it work and when it will work."

Making domain markets worldwide work better

So is there a way of improving the current systems for buying and selling domains, should we follow them and would they work in reality? Yes, yes and maybe.

ICANN is under increasing pressure not only from the Internet community but also from the only people that can actually force any changes on the organisation - the US government. It is clear that it cannot continue to function the way it is. However whether the status quo is maintained or if ICANN will be forced to concentrate solely on what it was set up to do - administer the technical side of the Internet - and leave the power play and politics to someone else, is anyone's guess.

Either way, global top-level domains need an organisation to assume responsibility over the entire system if all the issues are to be resolved. This body could then settle any disputes. More importantly, it could insist on common protocols and procedures. These would make the system behind the most popular domains (and thus the Internet) more consistent, more understandable and hence more stable. It would also be able to clamp down on fast practices and greatly reduce the amount of fraud carried out over the Internet. The organisation would need to be rebuilt and its powers restricted by its own statutes. It should also be international to more adequately reflect the modern nature of the Internet.

Either that organisation or another similar (independent) organisation should also be charged solely with maintaining the definitive Internet directory or registry. This would prevent the continued manipulation of its unique position by Network Solutions, to everyone's detriment.

Whether a domain system should follow ICANN's approach of affiliated registrars or Nominet's free market approach is a matter of taste. Both examples suffer from lack of control. If the ICANN system were to introduce registrar culpability or if the UK system more closely investigated registrars, they would improve enormously.

Both systems would also benefit beyond imagination from a compulsory registrar form asking what services they offer, do not offer and at what price. Plus who they work under, are owned by and what software they use. This information could then be easily compiled and posted on the overseeing organisations' websites. Each registrar would be obliged under law to give true and accurate responses and would have edit privileges to their entry to ensure the information was permanently up to date.

It these changes were made, not only would the very system of domain purchase and resale reach a level of stability expected in nearly every other industry where large number of transactions occur every day, but competition would be increased and prices would fall. It would also mark an important milestone in the Internet's evolution from wild west to worldwide institution.

What we haven't covered

It is important to explain what areas of domain problems we haven't covered. We have not even touched the issue of domain disputes due to the name of the domain itself i.e. nike.com. This is because it can be seen as virtually autonomous to the issues discussed in these articles. Plus, details about UDRP and Nominet's dispute resolution service are available in great detail elsewhere.

We have also ignored entirely the alternative root industry, which works outside of ICANN and offers domain names that the organisation has decided not to include in its portfolio. This is for matters of simplicity. Many alternative root companies argue that we do not necessarily even need a controlling organisation. Since the status quo looks set to continue for the immediate future, however, we have approached the article from the perspective that it is the only game in town.

source - theregister

links - part 1 - http://www.theregister.co.uk/content/6/29065.html
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
Display posts from previous:   

Post new topic   This topic is locked: you cannot edit posts or make replies.   Printer-friendly version    Networking/Security Forums Index -> Connectivity // Telecommunications // Internet News All times are GMT + 2 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter