Tuesday, 29 May 2012

Could the .secure domain make the Internet safer


New TLD (top-level domain) names seem like little more than real estate developers proposing the creation of entire new continents just to lease the land. The creation of .name, .pro, .xxx, and even .biz, which has existed for more than 10 years, were arguably driven more by profiteering than need.


At first blush, the push by security technology firm Artemis for the .secure TLD could be similar. If successful, Artemis will manage the new top-level domain, charging companies that want to be part of the security-focused domain network.


Yet, unlike .name or .xxx, .secure has a real function. In essence, it's a logo program: A company with a .secure server will offer mature security technologies for locking down transactions between the user and its service. Artemis will require .secure holders to use stronger verification techniques to establish the identities of customers and to deploy certain security technologies, and it will regularly check to make sure the company is complying, says Alex Stamos, Artemis' CTO.


Most technologies for securing the Internet are not easy to use. Currently, companies have no convincing incentives to undergo the travails of implementing technologies such as the DNSSec (domain-name security extensions) or CSP (content security policy). And in cases where there's an easy-to-use security technology, such as HTTPS, many companies do not offer the capability. By contrast, a company using .secure will have to use DNSSec to sign its zone, TLS (transport layer security) for all HTTP sessions, domain keys to validate email infrastructure, and opportunistic encryption for email content.


"Explaining to my father-in-law, to take an example, why we need HTTPS is crazy. Instead, if you are a .secure domain, you are guaranteeing that you will provide certain security technologies," Stamos says.


Stamos believes the time is right because with the push for DNSSec and awareness of significant attacks on companies, companies are more willing than ever to implement security if there is some payoff. Contrast that motivation to what's gone on with the controversial .xxx domain, which essentially segregates pornography from the rest of the Internet -- not exactly what that industry wants.

No comments: