[Owasp-royalholloway] .UK domain name "security"

Colin Watson colin.watson at owasp.org
Wed Jan 2 22:04:15 UTC 2013


(Cross-posted to UK lists)

 Nominet is requesting responses to a consultation on proposals for new
 second-level .uk domains. Regardless of the merits of that idea, I
 wondered if UK OWASPers wanted to submit a response to the security
 ideas proposed? Apart from registrant identity verification, the
 security ideas are currently:

  * routine monitoring of domains for malware and viruses on the domain name
  * include a visible trust mark to indicate this enhanced security to
 customers of the domain,
  * include mandatory DNSSEC signing

 It would seem OWASP ought to be able to suggest improvements to these.
 The consultation document is:

     http://www.nominet.org.uk/sites/default/files/Nominet_FINAL_electronic_form3_0.pdf

 The closing date for responses is 7th January 2013. I think the
 response should be kept fairly short, and only answer the most
 OWASP-relevant items (i.e. not whether we think it is a good idea at
 all!). I tried to get some input via the London list and have created
 an initial draft here:

    https://www.owasp.org/index.php/File:Owasp-nominet-newukdomain-response-1.pdf

 If anyone has any thoughts, suggestions or improvements, please let me know.

 You can of course reply to the consultation independently as well.



 Colin Watson


More information about the Owasp-royalholloway mailing list