Stories
Slash Boxes
Comments

SoylentNews is people

If You Keep to this 124-page Security Rulebook, You Can Own a .trust TLD

posted by n1 on Thursday October 23 2014, @03:42PM   Printer-friendly
from the do-not-.trust-anyone dept.

AnonTechie writes with an article from El Reg:

NCC Group has published a set of security standards that you'll have to follow if you want to operate a .trust website.

The company owns the rights to sell dot-trusts, and uploaded the 124-page policy document [PDF] earlier this month. It provides a technical rundown covering network security to secure DNS settings, and NCC Group says the rules will be used as a configuration standard for all new dot-trust websites.

 
This discussion has been archived. No new comments can be posted.
If You Keep to this 124-page Security Rulebook, You Can Own a .trust TLD | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday October 23 2014, @04:55PM

    by Anonymous Coward on Thursday October 23 2014, @04:55PM (#109250)

    Some of these requirements were written by MBA's, not by people with real security skills. Here are some of the dumbest ones I found:

    Do not Attempt to Automatically Install Malware on User Machines Detected via Heuristics
    Do not host Windows executables without Authenticode signatures
    Do not host content with “dangerous” file extensions
    Filter ICMP messages traversing inbound across the network edge (including Destination Port Unreachable, which is actually important for UDP services)

    And then all the "Do not serve web applications containing ${SOME} vulnerability", for about 20 different types.

  • (Score: 0) by Anonymous Coward on Thursday October 23 2014, @06:01PM

    by Anonymous Coward on Thursday October 23 2014, @06:01PM (#109276)

    I read it more as spyware/malware guys not welcome here.

    It reads like a check list of 'dont be a dick to your customers' and 'here are some good things to setup while configuring your system'.

    • (Score: 2) by darkfeline on Friday October 24 2014, @02:24PM

      by darkfeline (1030) on Friday October 24 2014, @02:24PM (#109581) Homepage

      Except, as GP mentioned, they're pointless/badly written/misinformed/etc.

      >Do not host content with “dangerous” file extensions

      So, what? Let's say .docx is dangerous because they can contain embedded code, so as long as I don't host any files ending in .docx I'm fine? BRB, just going to `rename s/.docx/.not-docx/ *.docx` really quick.

      --
      Join the SDF Public Access UNIX System today!