.SECURE Proposal For A gTLD

One application for a new generic Top Level Domain will have security at the forefront. The proposal for a .SECURE gTLD will require “fully encrypted HTTPS sessions and a comprehensive vetting process for websites and their operators,” according to Dark Reading. The proposal has gained investments of $9 million.

“Effortless security’ is our tagline,” Alex Stamos, CTO at Artemis, told Dark Reading. “Right now, when you go to .com, you have to look for five different visual clues to figure out what’s going on” security-wise, Stamos says. “If you type .secure, you’re telling the server or organization that you want to communicate with that you want to be safe and expect them to be as safe as possible. All of that security stuff is taken care of for you.”

Stamos went on to say he expects financial institutions and other security-sensitive businesses to adopt the new domain for their pages that handle transactions, for example, or sensitive data. “We’re not trying to tell people to throw away your .com. You can create a namespace where you can do more secure things, so if you are a bank that runs hundreds of websites and have some website for users who do billion-dollar transactions,” that site could go to the .SECURE domain, he says.

Explaining the rationale for the .SECURE proposal, Stamos said “We saw the Internet was in a period of malleability: DNSSEC is being deployed, IPv6 transition is [under way], and in the middle of all of that, this TLD [program] is happening. The Internet is now wet concrete again and we want to make a positive impact.”

Potential registrants will be required to go through a “rigorous screening to verify their identity” reports Ars Technica. As well as meeting the abovementioned security requirements, those wanting to use .SECURE will need to provide “physical addresses, trademark registrations, articles of incorporation, and other legal documents” which would be reviewed by human beings. “Upon approval, applicants would receive two-factor authentication hardware to register online.”

For now there is work underway including Artemis working “with other as-yet unnamed Internet companies under the auspices of the Domain Policy Working Group, which is creating a Domain Policy Framework specification that spells out how browsers and mail servers would implement .secure’s security functions, for instance. The final spec will be submitted to the Internet Engineering Task Force (IETF),” Dark Reading noted.