Super Security Club Proposed With .secure Domains

The NCC Group has requested the .secure generic Top Level Domain (gTLD) in an effort to create a “a truly trustworthy, secure and user-friendly internet environment.”

A wholly-owned NCC subsidiary, Artemis Internet, will manage the project, while an independent Domain Policy Working Group has been set up to enforce the standards required of a .secure website, if the application is successful.

Ironically enough, the Internet regulator, ICANN, suspended gTLD registrations last month over a security scare in which applicants (possibly including NCC) had their data exposed to other applicants.

Exclusive club

“Our hope is to create a trustworthy space on the internet that consumers can feel comfortable navigating to, even if they don’t have the best security such as an insecure network or a country that they feel internet monitoring happens or just being as paranoid as you probably should be using the Internet in general,” Alex Stamos of Artemis told TechWeekEurope. “We want to create a space that gives a user the choice to declare ‘I want to do this securely’ and then to build the technology that supports them in doing this.”

To be accepted onto the programme, interested parties will have to submit corporate documentation, physical address verification and proof that they have a legitimate claim to the domain. This will then be checked by a full-time employee who will make the decision whether or not to issue a .secure domain.

“So unlike a .com where you get it in thirty seconds this will be a several week process,” explained Stamos. “There’s going to be no domain squatting or people taking other people’s domains or even taking terms that are copyrighted or trademarked.

“We’re not just going to let someone just sign up with Google with another ‘o’ for example.”

No meth labs

If accepted, organisations will have to agree to a security controls policy and an acceptable use policy which states that they can’t host malware, do phishing, try anything malicious or intentionally fool customers. These will be strictly enforced by Artemis, with strict punishments for those who fall foul of the rules.

“We will have scanning of subdomains when they come live to ensure that they follow our rules. If you‘re a legitimate company that has run the domain well and you have a small deviation from policy, then you’ll get an email or a phone call asking to fix this problem,”  said Stamos. “If you registered the site two days ago and all of a sudden you’re hosting malware then your site is going to get turned off and you’re going to have to prove that it was an accident or that you were hacked, but mostly likely you’re not going to be allowed back on .secure.”

The domain will be open to anyone who wants the extra security, but the initial targets will be the financial and healthcare industries. Social media companies will also targeted as privacy becomes an increasing concern.

“We’re building a safe neighbourhood that has rules, so you can’t do things intentionally malicious,” added Stamos. “You can’t run a meth lab in your garage in our neighbourhood.”

How well do you know Internet security? Try our quiz and find out!