Home / Blogs

New gTLDs: The Registry Lock

Jean Guillon

Last week, The New York Times website domain was hacked by "the Syrian Electronic Army". Other famous websites faced the same attack in 2012 by the Hacker group "UGNazi" and, in 2011 by Turkish hackers.

Basically, it seems that no Registrar on the Internet is safe from attack, but the launching of new gTLDs can offer new ways to mitigate these attacks.

Back-end Registries play an important role supporting new-to-be Registry Operators

The back-end Registry provider is the technical partner to support a Registry. It is in charge of all technical operations between the Registry and the Registrars… for the benefit of the Registrant.

In simple words, when a Registry selects a robust, performant and secure back-end Registry service provider, Registrars have a relatively easy job implementing security functions and their clients, the Registrants, can rest assured that their domain names can be secured in the Registry.

Why is such a technical option so necessary?

A 'Registry Lock' allows Registry-level protection for domain names and/or hosts (name servers). The service enables to set Extensible Provisioning Protocol (EPP) server (Registry) status codes on selected domain names and/or hosts to prevent malicious or inadvertent modifications, deletions, and transfers — even if the Registrar is compromised.

Basically, the "Registry Lock" is an option a Registry Operator, armed with the proper experience and the correct procedures, can elect to implement, at his back-end Registry provider. It is like buying a car "with" or "without" an airbag.

Nowadays, few would purchase a car which did not come equipped with an airbag, even though many drivers are justifiably proud of never having been in a car accident. I once had one, while driving slowly and the idiot, in the car ahead of me, stopped sharply in the middle of the road for no reason whatsoever. Not only did I almost break my nose...but I was also found to have been at fault for having rear-ended him! I wish I had had an airbag on that day...and another car on-hand to drive the day after.

Applied to field of domain names, it means that without a domain name 'airbag' such as Registry Lock, you can lose control of the domain name with all the potential consequences that come with it.

  • Loss of revenue – for e-commerce sites this can account for many hundreds of thousands of Euros every hour that the domain is out of your control.
  • Diversion of email traffic – all inbound and outbound email can be collected, read and replied to by the malicious 3rd party who can also spam like crazy from a reputable email address.
  • Domain names repointed – to malicious look-alike, phishing or 'graffiti' websites denigrating your brand or others'.
  • Loss of customer confidence – aside from the embarrassment factor, which might be significant, consumer confidence in the brand will undoubtedly be affected, which in turn will affect sales revenue and customer loyalty.
  • Revised career prospects – if you are the one with responsibility for your brand's domain names you will be in the unhappy position of being the one to explain your top-management why emails don't work any longer and why your websites are pointing to a porn site (or worse).

So, in simple words if the registry operator does not offer "Registry Lock" your key domains are at risk. If a Registry lock is an option take it, for all domains that you intend to register in a Registry's Sunrise Period.

With a registry lock activated, you can rest easy in the knowledge that, even if the registrar is compromised, the attackers cannot affect your online business.

Registrars are the ones concerned… in particular during "Sunrise Periods"

If Registrants are not that concerned here, Registrars truly are:

  • More added value is offered to their clients when choosing a highly secured new domain name extension, in particular if they don't have the financial capacity to offer all 1,000 of them;
  • With such a crowded domain name space and so many offers, Registrars will need to make decisions based on the quality of the domain name extension, cost efficiency and simplicity of implementation;
  • Registries offering Registrars a single access to all their domain name extensions with this option included, minimizes costs, administrative and financial paperwork;
  • Sunrise Periods are intense for brands with the intention to secure their core domain names: such option included, is a great added value for a client to make a decision.

The New York Times' example

I do not know if The New York Times plans to change its domain name when the .NEWS Registry is launched. I sincerely hope it does because "nytimes.news" sounds much better than "nytimes.com".

Should this happen, let's hope that the Registry that wins the .NEWS Top-Level Domain (7 are competing for the honor) offers the "Registry Lock" option. This would likely mitigate any such attack in the future.

By Jean Guillon, New generic Top-Level Domain specialist. More blog posts from Jean Guillon can also be read here.

Related topics: DNS, Domain Names, Registry Services, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Did the DPRK Hack Sony?

The Empire Strikes Back: "New" Verisign Hums a Familiar Tune

Thirty-Three Million and Counting

The Real Facts About New gTLDs

Can Big Companies Stop Being Hacked?

Related News

Topics

Industry Updates – Sponsored Posts

Season's Greetings - 2014 End of Year Message from DotConnectAfrica

Minds + Machines in 2014 and 2015

New .VOTE and .VOTO Domains Launched

Consumers Prefer the .ORGANIC Domain for True-Organic Goods

DNW Podcast Interview with Antony Van Couvering

TLD Registry and Right of the Dot Establish a Domain Name Industry "Dream Team"

TLD Registry Ltd Welcomes New Board Members

New .LGBT Top-Level Domain Launched

.sydney Domain Names Now Available in Pre-Release

"Chinese Domaining Masterclass" to be Presented at NamesCon Las Vegas in January 2015

Auction and Sales Channel Update

Radix Set to Launch .SITE TLD in 2015

Annual Manthan Award Event This Week

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

List of New gTLD Availability & Key Information Provided for Download

Radix Launches .Space for Individuals, Freelancers and Professionals

TLD Registry Wins Best Marketing Award at China New gTLD Roadshow

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi
Verisign

Security

Sponsored by
Verisign
Afilias

DNSSEC

Sponsored by
Afilias