The NCC Group has requested the .secure generic Top Level Domain (gTLD) in an effort to create a “a truly trustworthy, secure and user-friendly internet environment.”
A wholly-owned NCC subsidiary, Artemis Internet, will manage the project, while an independent Domain Policy Working Group has been set up to enforce the standards required of a .secure website, if the application is successful.
Ironically enough, the Internet regulator, ICANN, suspended gTLD registrations last month over a security scare in which applicants (possibly including NCC) had their data exposed to other applicants.
To be accepted onto the programme, interested parties will have to submit corporate documentation, physical address verification and proof that they have a legitimate claim to the domain. This will then be checked by a full-time employee who will make the decision whether or not to issue a .secure domain.
“So unlike a .com where you get it in thirty seconds this will be a several week process,” explained Stamos. “There’s going to be no domain squatting or people taking other people’s domains or even taking terms that are copyrighted or trademarked.
“We’re not just going to let someone just sign up with Google with another ‘o’ for example.”
If accepted, organisations will have to agree to a security controls policy and an acceptable use policy which states that they can’t host malware, do phishing, try anything malicious or intentionally fool customers. These will be strictly enforced by Artemis, with strict punishments for those who fall foul of the rules.
“We will have scanning of subdomains when they come live to ensure that they follow our rules. If you‘re a legitimate company that has run the domain well and you have a small deviation from policy, then you’ll get an email or a phone call asking to fix this problem,” said Stamos. “If you registered the site two days ago and all of a sudden you’re hosting malware then your site is going to get turned off and you’re going to have to prove that it was an accident or that you were hacked, but mostly likely you’re not going to be allowed back on .secure.”
The domain will be open to anyone who wants the extra security, but the initial targets will be the financial and healthcare industries. Social media companies will also targeted as privacy becomes an increasing concern.
“We’re building a safe neighbourhood that has rules, so you can’t do things intentionally malicious,” added Stamos. “You can’t run a meth lab in your garage in our neighbourhood.”
How well do you know Internet security? Try our quiz and find out!
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…
View Comments
If we could do something similar with hackers then it would be a massive boost for security. Get them all to use .hacker or .evil and that's one domain to block on the firewall, job done.