The Nccgroup a publicly traded company on the London Stock Exchange (NCC) has announced it has applied for the new gTLD .Secure. under its subsidiary Artemis
Nccgroup currently owns and operates Escrow UK among other services and according to its most recent financial report generated in the first 10 months of the financial year, £72.0m.
The NccGroup according to its site provides “business critical IT assurance and protection to over 15,000 organizations worldwide, including 94 out of the 100 company’s in the FTSE (the London equivalent to the Dow Jones).
According to its site .Secure will “provide Internet users with the confidence to go about their business online via our three core principles: Verify, Secure and Enforce.”
-
The .SECURE registry will require registrants to submit identity documentation and will perform a human-powered verification and search for trademarks and other IP rights.
-
Secure
Registrants of .SECURE domains will be required to agree to rigorous Acceptable Use and Security Control Policies. These policies will strictly prevent the intentional use of .SECURE domains for malicious activity or the inadvertent creation of vulnerability through misapplication of security technologies. -
Enforce
The .secure Registry will continuously scan sub-domains for compliance with our minimum security standards, as well as for violations of our Code of Conduct.
playing in Verisign’s backyard.. ?
.SECURE is not a NOUN it is a Verb
♚ ♛ ♜ ♝ ♞ ♟
http://thetoplevel.com/secure
http://www.dot-secure.co
http://www.dot-bank.co/aboutDotBank.aspx
Auction?
ICANN could hire them to .SECURE the TAS
But first they would have to approve ICANN – right ?
M
.bank is a different extension than .secure
There maybe multiple applicants for .secure there will be a lot of multiple applicants for many extensions which is why we are running the new poll on the right.
I sure wouldn’t want to go into a auction with a company generating over $100M in revenue like this one.
Michael, The link includes they’re plans to launch .secure regardless of .bank
“The purpose of the .secure top level domain is to provide a secure location in which to perform secure transactions. The .secure top level domain will provide security as a service through the top level domain itself, which has never before been done for public-facing websites, although other domains, like .mil, do provide security through the top level domain for the American Military.”
Agreed that’s why I said .secure has nothing to do with .bank regarding M comment about a possible auction
marketing.
“secure” is a subjective concept.
for some, “secure” means they show you the code and the system they use, you and countless other people review it, and you, after careful consideration, decide it’s “secure” (enough). in other words, it’s gotta be open for review.
others would believe something is “secure” because of a domain name extension. no comment.
look at the areas this company is invested in. “security” does not appear to be their priority.
wonderful marketing term though.
this new gtld chirade is a going to be circus of internet marketing. need to get some more popcorn. there are so many more acts to come.
there absolutely nothing “secure” about dns. it’s a simple, open protocol. that’s probably why it has worked so well.
watch how these marketing gurus try to make people think domain names have something to do with servers that handle financial transactions, and how secure those servers are judged to be. absurd. it’s a disservice to everyone.
there are auditing services for this kind of “certification”. it has nothing to do with “domain names”. do you really want a domain name registrar doing “security audits”?
why did verisign sell off it’s “certification” business? because pki is seriously flawed.
this is even worse.
icann and this company already have been doing business together on .pro
will they get preferred treatment?
the inconvenient truth is that putting “security consultants” out of business (by giving consumers truly secure solutions from the outset) is actually the first step toward a more secure computing environment.
“your antivirus needs updating. just click here.”
these are not my people 🙂
While some gTLD applications will look to use savvy marketing initiatives to toothless new protocols as mentioned above, this particular application will require substantial changes including mandatory DNSSEC signing of every zone and a manual review and verification of every registrant.
It’ll be interesting to see if competing bids will actually be looking to innovate any new security protocols, or just try to cash in on the marketing spin mentioned by “2”.
dnssec is, alas, snake oil. at this point, it’s marketing. sell products and services based on “fear of dns security vulnerabilities”.
guess what? dns was never secure. and it was never intended to be.
if you want to be secure, you don’t use dns. and you certainly don’t use dns caches (which is what dnssec tries to protect).
if you are serious about security, then you know the ip addresses of the important machines you need to connect to (e.g., your bank). it’s easy to keep that info on hand. second, you verify the identity of those machines to which you connect (still no good consumer soluton for this; ssh is the best you can do and it’s FREE). and third you secure the connections to those machines. again, the technology to do that is FREE.
dnssec doesn’t even secure the connection the machine you use to get ip addresses from. how is that secure? we’re securing http traffic. so why not dns?
everyone, every single machine involved in the dns, not just the ones run by registries, has to support dnssec for it to work as intended. it requires knowledge of cryprographic key management, it’s complex, error-prone and burdensome. it might be effective someday in the future, but that day is a looooong way off. most people are barely able to handle vanilla, uncomplicated dns. for the last what, 30 years, the overwhelming majority of dns servers have remained MISCONFIGURED. and you could say dns is easy. but dnssec is just plain hard. even if you’re a nerd.
the worst part of it is dnssec whether intentional or not serves to protect a centralised monopoly. because it relies on the idea that only one source, e.g. icann, can say what is a “secure” domain name and what is not. it’s poorly suited to decentralisation. which is at the very heart of the robustness the internet allows. centralising the internet is not how you achieve security.
all it takes is one bad apple in the central authority (and we’ve seen kind of folks are running icann. the probability of this is not zero) and the whole security model is defeated.
dnssec is very expensive snake oil. caveat emptor.
caches = public, untrusted caches
dnssec is not about security in the general sense. it’s really about “authenticity”. preventing “forgery”.
alas, this means it’s about letting some central authority say what is an “authentic” name and what is not. in other words, a creating a domain name monopoly on naming under the false pretense of “security”. it’s not truly “security” because anyone can still sniff, tamper with, block or otherwise interfere with dns traffic that is “protected” by dnssec. it hardly “secures” dns. maybe it secures a monopoly though.
dnssec, if it were ever fully adopted (which is unlikely to ever happen), besides (unintentionally?) protecting a icann style domain name monopoly, would do nothing more than ensure the continued use of large, public dns caches (which use is what gave rise to the dns vulnerability scare in the first place… so why are we still using them?)
it’s arguable people even need to be using such public caches today. two of the biggest proponents of dnssec have admitted it makes a lot of sense for home users to just run their own caches. (which alleviates the need for dnssec!) large public caches are going to be even less relevant years from now given the dropping costs of storage space and processing power.
if you want security, then you don’t do things that are insecure. people who really care about your security will tell you to stop doing certain things that are known to be insecure. even if it means sacraficing some convenience.
snake oil salesmen, on the other hand, are the ones who will tell you to keep doing what you’re doing, no matter how insecure, but you need to buy their product/service which will make you “secure”.
“The guidebook is very clear”