Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New .secure Internet Domain On Tap

Soulskill posted more than 2 years ago | from the it-says-so-right-in-the-url dept.

Security 129

CowboyRobot writes "A new top-level domain (TLD) in the works for the Internet will bake security in from the outset: The .secure domain will require fully encrypted HTTPS sessions and a comprehensive vetting process for websites and their operators. If the new domain takes off, it could shift the way Web domains are secured. ICANN is expected to sign off on .secure, and for the new TLD to be up and running June or July 2013."

Sorry! There are no comments related to the filter you selected.

Call me back in a month ... (1, Troll)

Barbara, not Barbie (721478) | more than 2 years ago | (#39972141)

... when it's hacked.

Re:Call me back in a month ... (4, Funny)

BackwardPawn (1356049) | more than 2 years ago | (#39972177)

Might as well just name it .hackme

Re:Call me back in a month ... (2)

Barbara, not Barbie (721478) | more than 2 years ago | (#39972325)

All this is going to do is encourage a false sense of security - after all, the chain of security is only as strong as the weakest link, and there are plenty of weak links, starting with the end users and their computers.

"But how was I to know that drivebydownload.secure serves up malware? Or that russianbusinessnetwork.secure would resell my credit card info?"

Re:Call me back in a month ... (2)

Joce640k (829181) | more than 2 years ago | (#39974125)

"But how was I to know that drivebydownload.secure serves up malware? Or that russianbusinessnetwork.secure would resell my credit card info?"

Even the summary says "vetting process for websites and their operators"...

Re:Call me back in a month ... (1)

Barbara, not Barbie (721478) | more than 2 years ago | (#39974471)

It's a TLD that's going to be operated by a private for-profit business. They won't be able to do much in the way of an invasive "vetting process", and $$$ talks. Even the Hells Angels knows how to use "pret-noms" (people who lend their names and identities as covers for activities) and "social engineering" (crack, broken bones) to get around it.

Re:Call me back in a month ... (4, Informative)

Anonymous Coward | more than 2 years ago | (#39972317)

And it's this type of attitude that will kill it. They're not claiming it to be bulletproof or perfect, only that they're enforcing a number of currently available security protocols that are optional in the general internet, and difficult to figure out if they're actually in use. So if you're on a .secure domain name, it doesn't mean the site is unhackable, but it does mean that you resolved the domain via DNSSEC, and that your connection is over SSL, and that the SSL certificate was reasonably vetted. Unfortunately, this doesn't solve the fundamental problem that understanding network security requires some knowledge, and so some day some site on this TLD will get hacked, and every shitty news organization on the planet will talk about how .secure is worthless, and it will die.

Re:Call me back in a month ... (1, Troll)

AngryDeuce (2205124) | more than 2 years ago | (#39972385)

Yeah, but the idiots will think it is an impenetrable shield. All this kind of shit does is encourage risky behavior by instilling a false sense of security when there is none.

Re:Call me back in a month ... (3, Interesting)

Anonymous Coward | more than 2 years ago | (#39972557)

So by that logic, you shouldn't be allowed to advertise anything as "secure" because nothing is 100% secure, but if you call something secure then stupid people will assume it is impenetrable. I mean, the security system on my house doesn't turn it into an impenetrable bunker, but it does increase my security, and no one has a problem with it being referred to as a "security system", so how is this different?

The fundamental problem is that while everyone realizes that there's no such thing as perfect security in the real world, the vast majority of the nontechnical population seems to have this ridiculous assumption that there is such a thing as perfect security on the internet. And to make it worse, they assume that such security requires no effort or knowledge on their part. It gets frustrating that those of us who do understand these concepts are constantly being handcuffed by the people who don't.

+1 Great Comment (1)

Anonymous Coward | more than 2 years ago | (#39974217)

The fundamental problem is that while everyone realizes that there's no such thing as perfect security in the real world, the vast majority of the nontechnical population seems to have this ridiculous assumption that there is such a thing as perfect security on the internet.

Will it just take time and generations of internet users to change that mentality? Or are we forever doomed by "computers are magic".

Re:Call me back in a month ... (4, Insightful)

Tridus (79566) | more than 2 years ago | (#39972565)

And we can do all that now without paying ICANN extra fees or creating the illusion that it's "secure" because the address says so. Which is exactly what end users and the media are going to believe.

What we really need to do is rein ICANN in and stop this kind of nonsense.

Re:Call me back in a month ... (1)

Anonymous Coward | more than 2 years ago | (#39972715)

RTFA, this is one of the TLDs being sold to private corporations. ICANN will not be running .secure, it's being applied for by Artemis Internet Inc.

Re:Call me back in a month ... (1)

nullchar (446050) | more than 2 years ago | (#39974321)

Uh, no. All of these new gTLDs (generic top level domains) will be "sponsored" by ICANN and run by various registries (private corporations or public ones) under an ICANN agreement. The agreements are periodically "refreshed" through ICANN proposals (just like com/net/org/etc are today) where the statutes of the agreements may change.

So in the application for .secure, the applicant puts in whatever rules they want (e.g. for .slashdot, each registrant must list their UUID and have excellent karma) and if ICANN approves it, then the registry operator enforces those rules. Additionally, registrars (the middleman in the ICANN three tiered model of registry, registrar, registrant) must be ICANN accredited, even if they only wish to manage domains under a single TLD.

ICANN runs the root servers (with the US DoC ultimately controlling the root servers) so they can decide how new gTLDs get managed. I agree with the GP of this post, as ICANN is getting crazy with a flood of new TLDs instead of slowly deliberating over a handful of sTLDs (sponsored top level domains) like in the last decade (see .mobi, .pro, .coop, .museum, etc.)

Re:Call me back in a month ... (0)

Anonymous Coward | more than 2 years ago | (#39973593)

What we really need to do is to stop modding retards like you insightful. This isn't a ICANN initiative.

Re:Call me back in a month ... (2)

makomk (752139) | more than 2 years ago | (#39972709)

Except it doesn't mean that at all, because all those technologies are backwards-compatible. So any client that doesn't know about .secure should quite happily resolve .secure domains without using DNSSEC and connect to them over plain, unencrypted HTTP. In fact, I expect that in practice most clients won't validate DNSSEC because otherwise it'll break access to .secure sites on networks which don't support DNSSEC and their users will complain.

Re:Call me back in a month ... (1)

Anonymous Coward | more than 2 years ago | (#39972923)

Except the DNS servers for this domain will only respond to DNSSEC queries, and the sites will only be hosted over SSL. RTFA.

Re:Call me back in a month ... (1)

MightyYar (622222) | more than 2 years ago | (#39972621)

Who needs to hack it when there is already a secure.ru domain? It's already shady as hell - won't even let you in unless you let it set a javascript cookie.

Re:Call me back in a month ... (0)

Anonymous Coward | more than 2 years ago | (#39973743)

... or when someone reveals that it's just an elaborate plot to lull you into thinking you're safe by sophisticated black hats wearing monocles.

By any Name (1)

decipher_saint (72686) | more than 2 years ago | (#39972191)

An insecure website by any name sucks just as bad...

*This Post Approved by the Council of Approving Things

tl;nt (4, Insightful)

X0563511 (793323) | more than 2 years ago | (#39972197)

(too long, not typing)

Seriously. When every other TLD is two or three characters, they decide to go use a full word? Breaking conventions AND convenience! Whee!

Re:tl;nt (2, Interesting)

Anonymous Coward | more than 2 years ago | (#39972263)

Users don't type in URLs anymore!

Re:tl;nt (2)

allo (1728082) | more than 2 years ago | (#39973127)

yeah, just google "online banking" when you want to use your online-banking.

Re:tl;nt (5, Funny)

eln (21727) | more than 2 years ago | (#39973471)

You laugh, but if I hadn't used that method I never would have known that my bank relocated to Russia.

Re:tl;nt (1)

morcego (260031) | more than 2 years ago | (#39972283)

Will be interesting to see people using URL shorteners (bitly etc) on .secure domains, and how that will compromise the whole principle of the idea.

Re:tl;nt (1)

X0563511 (793323) | more than 2 years ago | (#39972405)

I see no reason why it should. All that does is set up an HTTP redirect (which if you think about it for more than half a second is pretty much exactly like clicking a link)

Re:tl;nt (2)

morcego (260031) | more than 2 years ago | (#39972519)

You only see where you are being redirected to AFTER you click on the link.

The .secure domain is only different because people can just assume it is secure, even before clicking.

There is nothing stopping the current websites from being even more secure than the .secure ones. The principle of the idea is identify.

Re:tl;nt (1)

X0563511 (793323) | more than 2 years ago | (#39973323)

The .secure domain is only different because people can just assume it is secure, even before clicking.

You are forgetting about SSL? .secure will be mandatory vetted SSL, combined with it's own domain TLD? Eg, that certificate can't be used by a .com, which is not as vetted.

Re:tl;nt (1)

Mr. Sketch (111112) | more than 2 years ago | (#39972309)

When every other TLD is two or three characters, they decide to go use a full word?

Agreed. Why not just .s? Or maybe .sec?

Bad idea... (2)

billlava (1270394) | more than 2 years ago | (#39972401)

.sec is just a fat finger slip away from .sex, which I can only assume will some day be its own TLD at the rate ICANN is handing them out. Can you imagine accidentally stumbling upon https://discreteaccountants.sex/ [discreteaccountants.sex] ? Hold that thought. I just had an idea for a startup.

Re:tl;nt (1)

HarrySquatter (1698416) | more than 2 years ago | (#39972447)

Agreed with what? A comletely false statement? There are TLDs that have been around for years to over a decade that are more than 3 characters.

Re:tl;nt (1)

makomk (752139) | more than 2 years ago | (#39972759)

All the TLDs that are over three characters long have gone almost totally unused for their intended purposes.

Re:tl;nt (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#39972979)

Arguably, in countries where the local country-code TLD isn't considered a deviant slumzone, the end user experience of a 'TLD' is already five characters long.

Architecturally '.co.uk' isn't a TLD, of course; but the intention is more or less identical to '.com'. Adoption does fall off pretty rapidly as you get into the dodgier waters away from .com and .org; but there seems to be a reasonably widespread assumption that country code TLDs can be chopped up into categories in a way that effectively makes a given entity's domain suffix five characters long, in a way that the classic three character TLDs are far less frequently divided.

Re:tl;nt (1)

Barbara, not Barbie (721478) | more than 2 years ago | (#39973355)

Try this one [chicken.coop]

It's for a chicken co-op, but it sure sounds and reads more like a chicken coop (hen house) [wikipedia.org]

I'm surprised no conspiracy groups ever registered dis.info or noneofyour.biz

And in a case of the internet imitating life, steve.jobs is offline.

Re:tl;nt (2)

nullchar (446050) | more than 2 years ago | (#39974441)

There are a few .museum domains in use: http://index.museum/fullindex.php [index.museum]

Even more .aero domains in use: http://www.nic.aero/cgi-bin/ad_search.cgi [nic.aero] (hit the search without changing the form)

The same for .jobs and .travel who's registry operator verifies the website contents before allowing the nameservers in DNS. (Which is why steve.jobs never resolved anywhere.)

Those > 3 character TLDs seem to adequately fit under their respective namespaces, unlike domain names under generic top level domains (gTLDs), as by nature, they are generic and can have non-profits under .com and for-profit companies under .org and personal blogs under .net.

Re:tl;nt (1)

KlomDark (6370) | more than 2 years ago | (#39972481)

I think the goats have something to do with avoiding sec...

Clearly they should have used .sucr (1)

Tekfactory (937086) | more than 2 years ago | (#39972487)

I mean there it is, just another plan to extort money, which then gets added to the product, which we pay for and somebody else is chipping off a little bit for themselves.

Re:tl;nt (1)

Zocalo (252965) | more than 2 years ago | (#39972585)

Two or three characters like ".museum" and ".travel", the former of which at least tries to enforce some verification of its domain applicants. It's hardly a new concept, if hardly widely adopted; I've only come a across a handful of ".musuem" sites and can't recall any ".travel" domains, although I'm sure there are some.

What really frustrates is that we keep getting schemes like this that just look to be a pure money grab instead of things that might actually help solve a problem. Where's the accredited applicants only ".bank" gTLD to help prevent phishing of financial institutions, for instance?

sperm.bank (1)

tepples (727027) | more than 2 years ago | (#39972691)

Where's the accredited applicants only ".bank" gTLD to help prevent phishing of financial institutions, for instance?

Not all "banks" are financial. Who would get blood.bank or sperm.bank?

Re:sperm.bank (1)

Zocalo (252965) | more than 2 years ago | (#39973817)

True, there are several other types of "bank", but the one most people think of first is the financial type, and so far at least they are the ones mostly being targetted by phishers, although a 419 email phishing a sperm bank would be an "interesting" read, I'm sure. Still, why not? A bank's a bank, so why not allow "vlads.blood.bank" if you were running a hypothetical ".bank" domain? Or maybe apply ".finance" instead, since not all financial targets of phishing are banks, either; EFTS, building societies and co-ops for instance. (Yes, I know there is already a ".coop" gTLD, but that's just for the birds.)

Re:tl;nt (1)

X0563511 (793323) | more than 2 years ago | (#39973341)

Have you ever seen those domains used? No? That's my point. Nobody uses them because they are a pain in the ass.

Re:tl;nt (1)

Zocalo (252965) | more than 2 years ago | (#39973709)

Yes, I have, and said so in the post, along with that the statement that they were not exactly widely used. For what it's worth, I've come across several museums with a site within the ".museum" gTLD since I travel a lot and like to find out something about the local culture while I'm there, for which museums are often a good place to start. I've also come across a couple of ".aero" domains and have an email address at a ".int". All that kind of proves my point though; gTLDs more than three letters are certainly out there and have been, but hardly used.

I don't think that's down to them being a pain in the ass to use because most people are going to use them via a search engine result, email or some other linking method that doesn't involve them typing in the URL, but because of the utter sewer that ".biz" and, to a slightly lesser extent, ".info" became. That, combined with the squabbling over ".xxx" and latest ICANN license to print money scheme, has probably tainted the opinion of most of the people who actually still notice or care about domain names in the first place. If there's a demonstrable need (a high bar, admittedly), or a problem that can be alleviated (i.e. something like my suggestion of ".bank" to help counter phishing) with a new gTLD then I'm all for it. Otherwise, we're just going to end up with another ".biz" or worse.

Re:tl;nt (2)

HarrySquatter (1698416) | more than 2 years ago | (#39972415)

Ignoring .info, .museum, .aero, .arpa, .asia, .coop, .jobs, .mobi, .name, .travel, etc, right? There is no rule that says domains are only 2 or 3 characters despite nerd protestations.

Re:tl;nt (4, Insightful)

Tridus (79566) | more than 2 years ago | (#39972607)

Pretty much everybody else ignores those, so why not?

Re:tl;nt (1)

rb12345 (1170423) | more than 2 years ago | (#39972995)

All ignored except .arpa, presumably, although that's assuming people bother to set up reverse DNS.

Re:tl;nt (1)

allo (1728082) | more than 2 years ago | (#39973153)

.info is widely used, too. but museum? seriously?

Re:tl;nt (1)

mbstone (457308) | more than 2 years ago | (#39973587)

They could put up tree.museum and charge $1.50.

Re:tl;nt (1)

IAmGarethAdams (990037) | more than 2 years ago | (#39974305)

Think the prices have gone up since you visited. Amy Grant had to pay 25 bucks

Re:tl;nt (1)

Guppy06 (410832) | more than 2 years ago | (#39973367)

Length is irrelevant to a TLD getting ignored. When was the last time you visited a .us domain other than the likes of "delicio.us?"

And that's before getting to all the state-specific subdomains (al.us, ak.us, ar.us, etc.) that aren't even used by the state governments in question.

Re:tl;nt (0)

Anonymous Coward | more than 2 years ago | (#39973995)

Real question is will redirects be allowed from the non .secure TLD?

I'm still waiting for 100% physically isolated encrypted network (YES, entirely isolated NEW PHYSICAL NETWORK across the US) that is accessible through post offices only, or Federal Buildings only, and touches no existing infrastructure. Include 100% auditing and full disclosure..... There is a way for such a thing to exist, but nobody wants to pay for it, or at least leave room in for culpability when someone with access, does something wrong. Politicians, and agency and department heads need wiggle room, after all....

Re:tl;nt (1)

thegarbz (1787294) | more than 2 years ago | (#39974463)

Personally I find typing 4 characters tedious. Instead I just type the domain name and hit Ctrl+Enter.

Combined with shortened URLs purchased by companies, "www.faceboo.com"+Enter, becomes "fb"+Ctrl+Enter

CAPTCHA (1)

Anonymous Coward | more than 2 years ago | (#39972271)

...for every link within subdomains

ICANN is king of nothing (0)

Anonymous Coward | more than 2 years ago | (#39972285)

They can't even deal with malicious registrars, and they expect to enforce SSL on these .secure domains? Get real.

relevant captcha: kidded

Yeah yeah whatever (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39972287)

Recall the ".pro" TLD? Supposed to be for "vetted professionals"? The first .pro I ever encountered turns out to be a crooked outfit. (If you must know, videolan.pro, which impersonates but does not actually have any connection to the real thing.) I have so far never encountered a dot-pro that was actually legit. A lesser used .biz of sorts, but with delusions of grandeur.

So I'll reserve judgement on this one. Not that it isn't a reasonable idea, I've been toying with the notion for a while. It's the execution that matters, and we'll just have to see how that pans out.

Re:Yeah yeah whatever (1)

wiedzmin (1269816) | more than 2 years ago | (#39972383)

Recall the ".pro" TLD? Supposed to be for "vetted professionals"? I have so far never encountered a dot-pro that was actually legit.

What's ".pro"?

Re:Yeah yeah whatever (2)

X0563511 (793323) | more than 2 years ago | (#39973585)

Erm, did you even read what you just quoted? The first sentence defines it.

Re:Yeah yeah whatever (1)

Em Adespoton (792954) | more than 2 years ago | (#39972937)

We obviously need to pair every .pro domain with a matching .con domain... you know, for balance.

Re:Yeah yeah whatever (1)

X0563511 (793323) | more than 2 years ago | (#39973599)

.con should be a CNAME to .com at the root (.) level :P

i was laughing at the headline (2, Insightful)

NemoinSpace (1118137) | more than 2 years ago | (#39972301)

Then I realized it wasn't a joke.
This is so not going to end well.
something almost, but not quite, entirely unlike tubes.

Re:i was laughing at the headline (1)

The Mister Purple (2525152) | more than 2 years ago | (#39972471)

Tubes with locks on them!

Inevitable security breach aside, this looks like a great way to scam a lot of money out of the Wall Street types who are intimidated by the complexity fax machines.

Re:i was laughing at the headline (1)

The Mister Purple (2525152) | more than 2 years ago | (#39972501)

... complexity of fax machines.

FTFM... sigh.

Re:i was laughing at the headline (1)

Anonymous Coward | more than 2 years ago | (#39972485)

Then I realized it wasn't a joke.

Then I read the summary and realised it was. Also coming soon the .not-secure TLD for sites that have no reason to use SSL and the .redundant-due-to-protocol-string TLD to both complete and future-proof the system.

Re:i was laughing at the headline (1)

Em Adespoton (792954) | more than 2 years ago | (#39972955)

I've been waiting for the .cdn TLD for some time, to house all content distribution networks, and anyone who wants to pretend they're a CDN.

Re:i was laughing at the headline (0)

Anonymous Coward | more than 2 years ago | (#39973945)

And a commercial cdn should have domains like "cdn.company-com.cdn" for good measure.

The search for more money (2)

MrDiablerie (533142) | more than 2 years ago | (#39972313)

Hmm, just a way for domain registrars to make more money? https:/// [https] should be sufficient, browsers already inform you when you have a secure connection.

Re:The search for more money (1)

Barbara, not Barbie (721478) | more than 2 years ago | (#39972403)

So they'll implement a new protocol: httpSS - twice as secure ... and you'll use it and like it, OR ELSE!

Of course it's a money grab. So quick - register in.secure and cash in!

Re:The search for more money (1)

dyingtolive (1393037) | more than 2 years ago | (#39973499)

Link appears broken.

(don't hit me, I'm joking)

.bank (4, Insightful)

wiedzmin (1269816) | more than 2 years ago | (#39972365)

Again, I would rather have them introduce the .bank domain name, that can be registered only by verified banking institutions (they make it cost like $20,000 per year too, to further deter fraud). IMHO that, combined with PCI regulations enforcing the security of sites hosted on such domains, would be infinitely more useful.

Re:.bank (1)

Anonymous Coward | more than 2 years ago | (#39972801)

The thing is, people read left to right, and web addresses read inside to out. Try to convince most endusers that http://www.wellsfargo.com.soundslegit1234.ru/onlinebank/enterpasswordhere.html isn't safe.

Even if people do read the URL, they often don't understand it. A .secure TLD just gets buried in the legit-looking stuff on the outside.

Re:.bank (1)

Anonymous Coward | more than 2 years ago | (#39972901)

Trying to make something more legitimate based on price only makes it worth more to criminals that want to take advantage. Which means they will then have the money to pay whatever is necessary.

Re:.bank (1)

Anonymous Coward | more than 2 years ago | (#39972905)

Pray tell, who decides what is a bank?

SInce this is a national matter, I'd say .bank.us (and .bank.$cc in general) would be a far better approach.

Re:.bank (0)

Anonymous Coward | more than 2 years ago | (#39973089)

(they make it cost like $20,000 per year too, to further deter fraud)

Would have to be significantly more, since if a .bank site became considered "guaranteed" secure, I'd imagine dumping 20k into one for fraud would bring in major Return on Investment.

Re:.bank (1)

X0563511 (793323) | more than 2 years ago | (#39973615)

with PCI regulations enforcing

BWAHAHAHAHAHA!

If only you knew what an insider knew.

secure:// (1)

GeneralSecretary (1959616) | more than 2 years ago | (#39972389)

When I first saw this I though, "Oh good, no more explaining to Grandma that you need to check for HTTPS://", but it is a bit to type. Why not replace "https://" with "shttp://" or "secure://"?

Re:secure:// (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#39972571)

The stuff before the '://' specifies the protocol. There is no "secure://" protocol, nor does this proposal involve any additions or changes to what currently counts as https, except for actually using them consistently.

Re:secure:// (1)

fearlezz (594718) | more than 2 years ago | (#39973285)

If that is the whole problem, why not rename the https protocol to "secure"?

I personally don't think it's a bad idea to make secure:// an alias of https://./ [.] The only problem would be that just using https [google.com] does not tell anything [google.com] about the connections [ssllabs.com] actual security [google.nl] .

Re:secure:// (1)

X0563511 (793323) | more than 2 years ago | (#39973649)

The only problem would be that just using https does not tell anything about the connectionsactual security.

Of course not. That's the job of the browser. It's not the protocol's fault the browsers don't do it. The CA break-ins are all political problems really - those who were trusted betrayed that trust in one way or another.

Re:secure:// (2)

pahles (701275) | more than 2 years ago | (#39972595)

shttp:// sounds like a rather shitty protocol...

Re:secure:// (1)

geekoid (135745) | more than 2 years ago | (#39973029)

I like how you have to explain something you clearly don't understand to your grandma.

EV certificates? (1)

diamondmagic (877411) | more than 2 years ago | (#39972391)

Isn't this exactly what Extended Verification Certificates were supposed to be for?

Why should I trust some arbitrary party to vet the security of a website by the virtue it's accessible with a particular TLD? I get that TLS shouldn't require any third parties merely to establish a secure pipe, but if you *are* looking for a third party to vet other stuff, like your bank's privacy policy and whatnot, this is exactly what PKI *does* do well, at the protocol level.

Re:EV certificates? (2)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#39972683)

I'm skeptical of this fancy new domain(for basically the same reasons that I'm skeptical of SSL/TLS once you include the 'identity' problem); but 'EV' certs are a perfect example of how PKI, as presently implemented, does a ghastly job of doing what it is supposed to do. Plain, boring, certificates were originally supposed to be all authoritative and vetted and whatnot. That didn't survive price pressure and laziness, so now we have the new double-secret-verified certificates that make your browser turn green. I suspect that we'll soon have a third tier of genuinely-actually-100%-vetted-trust-us certificates that play soothing background music as well as turn the browser green, for a small additional fee.

Type-in traffic (1)

tepples (727027) | more than 2 years ago | (#39972777)

Isn't this exactly what Extended Verification Certificates were supposed to be for?

I imagine that it's a TLD for which type-in traffic is intended to go on HTTPS instead of HTTP, and for which browsers can expect DNSSEC and EV certs and fail if not present.

Too Long (1)

Githaron (2462596) | more than 2 years ago | (#39972407)

If they are going to do this, can they at least shorten it? How about ".sec"?

Re:Too Long (0)

Anonymous Coward | more than 2 years ago | (#39972525)

If they are going to do this, can they at least shorten it? How about ".sec"?

Yes - and I'd like to register my domain whcih is all about goats. How do you think that one will work out?

Re:Too Long (1)

John Bokma (834313) | more than 2 years ago | (#39972651)

letmethinkaboutthatfora.sec....

Re:Too Long (1)

Jorgensen (313325) | more than 2 years ago | (#39973255)

Shortening to ".sec" is not a good idea - on a QWERTY keyboard the C and X keys are next to each other and grandma cannot be trusted to avoid typos...

Re:Too Long (1)

Githaron (2462596) | more than 2 years ago | (#39973435)

Shortening to ".sec" is not a good idea - on a QWERTY keyboard the C and X keys are next to each other and grandma cannot be trusted to avoid typos...

I thought the new domain for that stuff was .xxx?

Bribes, Corruption, Maneuvering (1)

greenlead (841089) | more than 2 years ago | (#39972431)

So, who maneuvered this one into being, so that one they and their closest friends can approve people for this TLD? Oh, and we should start teaching the uneducated public that *.secure is the only way for a site to be trustworthy, so that those key players can make even more money from certificates that cost nearly nothing to generate.

Re:Bribes, Corruption, Maneuvering (1)

greenlead (841089) | more than 2 years ago | (#39972469)

errr... "one" --> "only".

Hmm, funny... (0)

Anonymous Coward | more than 2 years ago | (#39972433)

I THOUGHT THAT WAS THE POINT OF HTTPS?!

This TLD nonsense is just awful, seriously, so awful.

Some dethrone those twats already, they are useless and just destroying the DNS world.
All they want to do is rob people of even more money.
These new TLDs are just an even larger redundancy being tacked on to the internet.

It should have been protocol://ccTLD.domaintype.domain.subdomains/directories/file.ext (and domain type would have been things like museum, hotel, banking, etc)
Quick example: http://uk.search.google.images/?trillion_parameters_here (you can take your little and middle endians and spin on it!)
But they even managed to screw THAT one up! To think these supposed smart people had such insight to have come together to create this glorious network...
Now they are doing useless_protocol_consider_deprecation://subdomains.domain.domain2/directories/file.ext
TLDs don't even exist anymore, pretty much. To even think of them as TLDs is pointless.
GOD.

I'll see you all on usenet or openNIC or whatever else replaces it if (please be when) the web comes crashing down.

Re:Hmm, funny... (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#39972821)

Ironically, your proposal is actually horribly similar to this pointless-loads-of-arbitrary-TLDs nonsense, just in reverse order and with questionably useful ccTLDs prepended.

The 'domaintype' notion is the kicker. It isn't quite as broad as an arbitrary string; but it is very broad indeed, and would be the stuff of endless wrangling(and, since many sites do multiple things, would suffer from similar must-protect-trademark-on-all-possible-domains shenanigans). At some point, you have to give up and accept that(outside of a few, largely sterile, walled gardens that maintain order mostly by virtue of being a direct projection of a real-world organization, like .mil) URLs are either going to be largely meaningless or an unbelievably ungainly apparatus will have to be deployed to hammer out the possible categories of the internet and then force all the TLDs and subdomains into submission.

What could possibly go wrong? (2)

Arrogant-Bastard (141720) | more than 2 years ago | (#39972533)

Given the rousing success of .mail, which immediately succeeded in reducing spam to a...oh...wait...

And then there's .pro, which is used exclusively by millions of professionals and...oh...umm...

Alright, never mind that. Of course it will be secure, because a well-known security company is on the job and...oh...errrrmm... Verisign, Pillar of Internet Security, Hacked [idexperts.com] ...

Doesn't matter. I'm certain it will work perfectly. I mean, really, what blackhat would target a .secure domain? Everyone knows they're secure.

Monumentally stupid idea (1)

Tridus (79566) | more than 2 years ago | (#39972661)

Hack one. Purpose defeated.

ICANN is a menace that needs to be put out of its misery.

This can be abused easily enough (0)

Anonymous Coward | more than 2 years ago | (#39972703)

http://nigerianfortunes.za/scam.aspx?decoy=www.legitimate.secure

Not that that's a good one, but really. Anyone who understands doesn't need this, and anyone who doesn't, will be easily fooled.

Filtering Evil Bit? (0)

Anonymous Coward | more than 2 years ago | (#39972731)

Will this TLD provide a mechanism for filtering out packets with the evil bit set?

IETF [ietf.org]

New website (1)

Anonymous Coward | more than 2 years ago | (#39972861)

I want to get not.secure, so I can create the domain this.is.not.secure.

someone did not understand DNS (1)

allo (1728082) | more than 2 years ago | (#39973099)

of course you can check, if an ip only runs https, when registering the domain. But you cannot check, if the ip accepts http at some point later on ... and even with regular checks, a firewall could allow http for clients and disallow it for the checker-ip.

Also implying https on = secure. then the browser display of 'valid certificate' would just be enough.

Re:someone did not understand DNS (0)

Anonymous Coward | more than 2 years ago | (#39973389)

You're missing the point.

Browsers can be set to reject HTTP or even out of spec SSL communications with anything in .secure. Likewise, they can fail to connect if they don't receive a valid, signed DNSSEC response.

The goal of .secure is to create a TLD in which heightened security practices can be enforced by the browser. With no legacy concerns, browsers can enforce certain standards which should have been built into the Internet from the first place.

Consider XSRs. A browser might be configured to block any XSR from a .secure to another TLD or vice versa. XSS, XSRF, and injection of externally hosted malware suddenly becomes impossible.

.Secure? From whom? (1)

CanHasDIY (1672858) | more than 2 years ago | (#39973115)

Unless it's secured from governments, agents provocateurs, corporate raiders, etc, it's not secure.

These days, it's not just random Slavs looking to jack your CC info you need to keep watch for...

In related news... (1)

wbr1 (2538558) | more than 2 years ago | (#39973511)

...norton.secure and mcafee.secure found to be hosting ransomware and malware.

Heard this before (1)

LordLucless (582312) | more than 2 years ago | (#39973737)

and a comprehensive vetting process for websites and their operators.

What, like the one required to get a signed SSL cert? Oh wait, I mean the one to get an "Extended Validation" SSL cert.

What's the point? (1)

Hentes (2461350) | more than 2 years ago | (#39974197)

When you use a https site you don't need the TLD to tell that it is secure: the protocol name is what's to be counted on.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?