NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] More details on the .secure TLD proposal (and why I believe it is fundamentally flawed)

More details on the .secure TLD proposal (and why I believe it is
fundamentally flawed)
http://j.mp/JlSaLU  (This message on Google+)

 - - -

You may recall my posting yesterday ( http://j.mp/Ku8pEd [Google+] )
where I suggested that the .secure TLD proposal is fundamentally
flawed for many reasons. The CTO of the company involved contacted me
this morning, pointing at their blog with more details:

http://j.mp/JlRXZ2  (Unhandled)

After reviewing this information, which includes their proposals for a
broader "domain policy framework," I'm forced to stand by my earlier
characterization.  I won't get into the technical analysis now, but
just point out a few facts.

First, the business model for .secure is obvious enough. I mean, hell,
if you're not using .secure, you don't care about your users, right?
How can you possibly be "secure" if you're not in ... dot-secure? I'm
reminded more than a bit of the model used by the dot-xxx slimeballs
to try coerce firms into that TLD.

Not to say that the .secure folks are slimeballs. Nor that they're not
genuinely concerned about security. But their model is not 
realistic -- except as a profit center for them. There are no obvious benefits
to be derived from their model for the Internet community at large,
and the most likely outcome is yet another replay of the protective
registrations rush.

The most common reaction I received yesterday regarding .secure was
"LOL" -- but many respondents immediately caught on to one of the most
glaring problems with .secure -- that it would present an irresistible
target for hackers, denial of service attacks, and all manner of other

The concept of .secure is essentially 180 degrees away from the model
I believe we should be working towards. Rather than centralizing
security, we need to be distributing it, and doing this effectively
means more fundamental changes than new policy frameworks can provide,
and certainly cannot take place if we buy into the .secure sort of

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Data Wisdom Explorers League: http://www.dwel.org
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren 
Tel: +1 (818) 225-2800 / Skype: vortex.com
nnsquad mailing list