Home / Blogs

A CENTR White Paper on Creating More Standardized and Streamlined Domain Registry Lock Services

Models of Registry Lock for Top-Level Domain Registries (Download White Paper)

CENTR has published a white paper separating registry lock services into two standardized models. This categorization and the included recommendations can help top-level domain registries (re)design their registry lock services. The aim of the paper is to reduce fragmentation in implementation between registries to explain the value of registry lock to domain holders more easily.

At the yearly CENTR Jamboree meeting in 2019, several registries got together, discussed the registry lock as a service, and why not more registrants choose to protect their domains with registry lock. With more and more people and interactions moving online, domain names are increasingly seen as online identities. Getting the right domain name has always been key, but protecting and keeping the domain name is now maybe even more important. Yet, very few domains are protected by registry lock.

One of the potential reasons for this low adoption rate, that was identified during the meeting, was the lack of awareness amongst registrants, both of the existence of registry lock, but even more of the value of having one’s domain protected by registry lock. The main underlying cause that was pinpointed was the fragmentation in implementation between registries. This not only makes the technical integration hard for registrars and resellers. It also makes it hard for registrants to deal with on a day to day basis when they have multiple domain names, but even more importantly, it is hard to explain the value of registry lock when there are so many different types of registry lock out there. Therefore, a clearer and more uniform approach would benefit all parties, from registries to registrars to registrants.

A number of registries, therefore, got together after the meeting to look into ways to standardize registry lock services between registries. A survey later that year found that of the 27 participating ccTLD registries, 14 offer a registry lock feature, and 8 are planning to. The group analyzed current and planned registry lock services and grouped them into two different models, each with two variants. These models are designed to help registries align their registry lock offerings, thereby reducing the current fragmentation. The technical implementations of these models can be standardized to ease integration with registrars and resellers. Hopefully, this taxonomy will encourage a gradual move to a more streamlined approach, making the interaction between registry and registrar more predictable.

To highlight the main separation between the two identified models, the implementations reported in the survey were categorized based on the entity performing the authentication of the initiator of a request. The first model is deemed to be registry-focused as the registry authenticates the initiator of the unlock request. The second model is more registrar-focused as the authentication of the request is delegated to the registrar. The paper further identifies variants within the models. For example, within the registry-focussed model, the service can be marketed and sold directly by the registry or through the registrar, depending on how the registry operates. The paper further discusses different in-band and out-of-band methods of authentication and closes with a number of recommendations.

We hope this paper can help registries in designing their operations, as well as provide food for thought for registrars and other interested parties to engage in creating more standardized and streamlined registry lock services. Most of all, we hope to see more domains protected by registry lock in any shape or form, thereby creating a safer and more secure Internet for all.

You can find the full white paper here.

By Erwin Lansing, Head of Security and Chief Technologist

Filed Under

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.



Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPXO

Domain Management

Sponsored byMarkMonitor


Sponsored byVerisign

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byAppdetex