| |||||||||||||
My own private Internet: .secure TLD floated as bad-guy-free zone (Ars Technica)My own private Internet: .secure TLD floated as bad-guy-free zone (Ars Technica)Posted May 11, 2012 23:49 UTC (Fri) by slashdot (guest, #22014)Parent article: My own private Internet: .secure TLD floated as bad-guy-free zone (Ars Technica)
There's no need for that, RFC 3514 already solves this.
Just set the evil bit correctly, and all will be fine.
(Log in to post comments)
My own private Internet: .secure TLD floated as bad-guy-free zone (Ars Technica) Posted May 12, 2012 11:58 UTC (Sat) by nix (subscriber, #2304) [Link]
Quite. The moment this goes live it'll become a huge target for every bad guy out there, and unless all the .secure people have systems with zero vulnerabilities (yeah right), some of them will get in. Then the reputation advantage of .secure vanishes.
The worst scenario would be someone getting in, *not* making a huge song-and-dance about it, and exploiting the increased trust of .secure to quietly steal stuff for a long time. We are probably saved from this because hardly anyone in the general public pays the least attention to URLs anymore: they're not going to feel any increased trust because they won't even notice they're in .secure. The most they're going to see is the green bar.
My own private Internet: .secure TLD floated as bad-guy-free zone (Ars Technica) Posted May 13, 2012 1:02 UTC (Sun) by pr1268 (subscriber, #24648) [Link] Notice the date on RFC 3514. Of course, I'm assuming you already know the IETF's quirkiness in that regard. But, I'm left wondering how serious iSec Partners and Artemis Internet are with this proposal? It seems to me that a .secure TLD would be the biggest target black hats would just love to exploit. This isn't some April Fools joke stretched all the way to May, is it?
|
|||||||||||||