SoylentNews

If You Keep to this 124-page Security Rulebook, You Can Own a .trust TLD

posted by n1 on Thursday October 23 2014, @03:42PM   
from the do-not-.trust-anyone dept.

AnonTechie writes with an article from El Reg:

NCC Group has published a set of security standards that you'll have to follow if you want to operate a .trust website.

The company owns the rights to sell dot-trusts, and uploaded the 124-page policy document [PDF] earlier this month. It provides a technical rundown covering network security to secure DNS settings, and NCC Group says the rules will be used as a configuration standard for all new dot-trust websites.

• Damn! Damn! (Score: 1) by barrahome on Thursday October 23 2014, @07:10PM

  by barrahome (3580) on Thursday October 23 2014, @07:10PM (#109309) Journal

  This is stupid. Good luck with their "business" because no one is interested on enforced policy just for a crappy domain! :P

• Re:Damn! (Score: 2) by kaganar on Thursday October 23 2014, @07:33PM

  by kaganar (605) on Thursday October 23 2014, @07:33PM (#109323)

  I suspect that's the point -- if I want any "crappy" domain, I could just go buy one for dirt-cheap and pop up a hazardous website. On the other hand, if I want to be Trustable Inc. that offers "trustable" online services, and ".trust" domains have a reputation for being actually secure (unlike websites only secured with mere SSL certificates), then I'd surely want a .trust domain to attract customers. This seems like a viable way to make ".trust" domains of great utility -- and high price.

  Parent

• Re:Damn! (Score: 2) by edIII on Thursday October 23 2014, @08:52PM

  by edIII (791) on Thursday October 23 2014, @08:52PM (#109358)

  I am. Very interested.

  All the new .TLDs are intensely stupid and just a huge money grab against businesses with "Internet presence" budgets. That being said, .trust is pretty hot. If the new TLDs are going to come into use, all sorts of things like this are going to happen. It will devolve into moderated subreddits with members able to afford the financial raping by the interests controlling DNS.

  Forcing something akin to DSS-PCI compliance in order to qualify for the domain is a big deal. If you do that, and have regular spot audits, you have quite a product on your hands. Instead of goofy little badges at the bottom of the screen, you have a domain itself indicating trust. That's the kind of trust you can count on at the command line. You don't need to run a statement and grep for SSL security and certificate statuses. If you entered .trust properly, and your DNS is operating correctly, you can rest assured that all connections to .trust servers are following those security standards and are audited regularly.

  I want a pony.

  I remember that .NET addresses were *only* supposed to be for network operations are what not, and that .ORG were only supposed to be used for non-profits. Truthfully, I barely remember the rules because *nobody* ever followed them all the way back in '97. I even remember being told by the person helping me get my domain, "those are the rules, but nobody is checking anything anyways". Since '97 nobody has ever checked my domains to see if I was in compliance. Maybe they would for a .US or a .BIZ, but I never drank that kool-aid, and most businesses I know only ever went as far as .COM/.NET/.ORG.

  If nobody is following the rules for the parent organization, why do I really believe that this organization will enforce rules against their *paying* customers, that will need to continue paying?

  That .trust domain better be on the fucking Super Bowl if they want businesses to swallow that marketing copy. It's not impossible for this to work, just massively improbable.

  --
  Technically, lunchtime is at any moment. It's just a wave function.

  Parent