Home / Blogs

New gTLDs: The Registry Lock

Jean Guillon

Last week, The New York Times website domain was hacked by "the Syrian Electronic Army". Other famous websites faced the same attack in 2012 by the Hacker group "UGNazi" and, in 2011 by Turkish hackers.

Basically, it seems that no Registrar on the Internet is safe from attack, but the launching of new gTLDs can offer new ways to mitigate these attacks.

Back-end Registries play an important role supporting new-to-be Registry Operators

The back-end Registry provider is the technical partner to support a Registry. It is in charge of all technical operations between the Registry and the Registrars… for the benefit of the Registrant.

In simple words, when a Registry selects a robust, performant and secure back-end Registry service provider, Registrars have a relatively easy job implementing security functions and their clients, the Registrants, can rest assured that their domain names can be secured in the Registry.

Why is such a technical option so necessary?

A 'Registry Lock' allows Registry-level protection for domain names and/or hosts (name servers). The service enables to set Extensible Provisioning Protocol (EPP) server (Registry) status codes on selected domain names and/or hosts to prevent malicious or inadvertent modifications, deletions, and transfers — even if the Registrar is compromised.

Basically, the "Registry Lock" is an option a Registry Operator, armed with the proper experience and the correct procedures, can elect to implement, at his back-end Registry provider. It is like buying a car "with" or "without" an airbag.

Nowadays, few would purchase a car which did not come equipped with an airbag, even though many drivers are justifiably proud of never having been in a car accident. I once had one, while driving slowly and the idiot, in the car ahead of me, stopped sharply in the middle of the road for no reason whatsoever. Not only did I almost break my nose...but I was also found to have been at fault for having rear-ended him! I wish I had had an airbag on that day...and another car on-hand to drive the day after.

Applied to field of domain names, it means that without a domain name 'airbag' such as Registry Lock, you can lose control of the domain name with all the potential consequences that come with it.

  • Loss of revenue – for e-commerce sites this can account for many hundreds of thousands of Euros every hour that the domain is out of your control.
  • Diversion of email traffic – all inbound and outbound email can be collected, read and replied to by the malicious 3rd party who can also spam like crazy from a reputable email address.
  • Domain names repointed – to malicious look-alike, phishing or 'graffiti' websites denigrating your brand or others'.
  • Loss of customer confidence – aside from the embarrassment factor, which might be significant, consumer confidence in the brand will undoubtedly be affected, which in turn will affect sales revenue and customer loyalty.
  • Revised career prospects – if you are the one with responsibility for your brand's domain names you will be in the unhappy position of being the one to explain your top-management why emails don't work any longer and why your websites are pointing to a porn site (or worse).

So, in simple words if the registry operator does not offer "Registry Lock" your key domains are at risk. If a Registry lock is an option take it, for all domains that you intend to register in a Registry's Sunrise Period.

With a registry lock activated, you can rest easy in the knowledge that, even if the registrar is compromised, the attackers cannot affect your online business.

Registrars are the ones concerned… in particular during "Sunrise Periods"

If Registrants are not that concerned here, Registrars truly are:

  • More added value is offered to their clients when choosing a highly secured new domain name extension, in particular if they don't have the financial capacity to offer all 1,000 of them;
  • With such a crowded domain name space and so many offers, Registrars will need to make decisions based on the quality of the domain name extension, cost efficiency and simplicity of implementation;
  • Registries offering Registrars a single access to all their domain name extensions with this option included, minimizes costs, administrative and financial paperwork;
  • Sunrise Periods are intense for brands with the intention to secure their core domain names: such option included, is a great added value for a client to make a decision.

The New York Times' example

I do not know if The New York Times plans to change its domain name when the .NEWS Registry is launched. I sincerely hope it does because "nytimes.news" sounds much better than "nytimes.com".

Should this happen, let's hope that the Registry that wins the .NEWS Top-Level Domain (7 are competing for the honor) offers the "Registry Lock" option. This would likely mitigate any such attack in the future.

By Jean Guillon, New generic Top-Level Domain specialist. More blog posts from Jean Guillon can also be read here.

Related topics: DNS, Domain Names, Registry Services, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

General Availability Kicks Off for .Website, .Press and .Host

New .ORGANIC Top-Level Domain Welcomes Leading Brands As .ORGANIC Pioneers

Dot Chinese Online and Dot Chinese Website Featured in EURid's World Report on IDNs 2014

New .ORGANIC Top-Level Domain Opens to Serve the Organic Community

Independent Endorsement of Dot Chinese Online & Dot Chinese Website by by FiarWinds Partners

New gTLDs and Best Practices for Domain Management Policies (Video)

.Host Announces Top Global Players As Pioneer Partners

Public Interest Registry Releases Bi-Annual Report, .Org Domain Registrations Pass 10.4 Million

Public Interest Registry to Speak About Upcoming Launch of .ngo and .ong Domains for NPOs

Landrush Opens for .Website, .Press and .Host

Afilias Announces General Availability of .BLACK Top-Level Domain

Nominum Announces Future Ready DNS

Last Lap of .WEBSITE, .PRESS and .HOST Sunrise

DotConnectAfrica Trust Responds to ICANN 50 GAC Advice, Updates on .Africa Application IRP Status

New .ORGANIC Domain Sunrise Begins, Creating Verified Space 
for Organic Products and Services

Non-English "IDN Email" Addresses Are Finally Working!

TLD Registry to Speak at Inaugural World Domain Day India

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Independent Endorsement of Dot Chinese Online & Dot Chinese Website

ICANN London Recap Webinar

Sponsored Topics