back to article In dot we trust: If you keep to this 124-page security rulebook, you can own yourname.trust

NCC Group has published a set of security standards that you'll have to follow if you want to operate a .trust website. The company owns the rights to sell dot-trusts, and uploaded the 124-page policy document [PDF] earlier this month. It provides a technical rundown covering network security to secure DNS settings, and NCC …

  1. solo

    Trust?

    Trust is on opposite side of the word Secure. More you (the internet surfers) trust your society, smaller the locks (passwords) are.

    1. Charles 9 Silver badge

      Re: Trust?

      But it's also essential to a safe Internet. Without Trent, how can Alice and Bob prove their identities if they've never met before?

      1. Lexxy
        Pint

        Re: Trust?

        Without Trent, how can Alice and Bob prove their identities if they've never met before?

        They could use Duffman. Oh yeah.

  2. Bronek Kozicki
    Paris Hilton

    124 pages?

    Seems like more than "a handful of rules"

  3. Charlie Clark Silver badge

    .trust as a "gated community"?

    Sounds just right for China or Saudi Arabia!

    On a more serious note: all the new TLDs are a solution in search of a problem. The initial set and the countries providing enough of a taxonomy to work with.

  4. Peter 26

    Nice in theory, but I can't see how this can work in the long run as they have a conflict of interest.

    Nobody wants to lose a paying customer, and ultimately that's what they'd have to force themselves to do if they want to have a trusted service. With targets to meet they will ultimately be inclined to keep the customer.

    1. Anonymous Coward
      Anonymous Coward

      The worst bit that anyone in this domain does is make themselves beholden to the TLD owner. If you've built a business on the fact that it has .trust, you'll be screwed if they start jacking your domain fees up, and they will.

  5. txhackertracker

    The rest of the story

    Without divulging my employer, I'll simply say we we received a visit from the NCC group encouraging us to register ourcompany.trust. What the story doesn't overtly say is that you can't register a .trust simply by meeting all the rules... you must ALSO pay the NCCGroup more than $100,000 USD/year to monitor your organization to see that you are complying with their requirements.

    I suggest it's a business model that's doomed to fail- ESPECIALLY if something like ".secure" is available that isn't so monopolistic in nature. Finally, the whole .trust model only works if nothing in the .trust domain is ever compromised. However, the moment something in the .trust domain *is* compromised, I no longer have reason to ".trust" the system/process/registrar (pun intended).

    1. John Smith 19 Gold badge
      Meh

      Re: The rest of the story

      "r a .trust simply by meeting all the rules... you must ALSO pay the NCCGroup more than $100,000 USD/year to monitor your organization to see that you are complying with their requirements."

      How interesting.

      You've registered this name specifically to make the world aware of this.

      How very public spirited of you.

    2. Charlie Clark Silver badge

      Re: The rest of the story

      I don't see what either .trust or .secure bring to the party and like you, I'm sceptical that the business model will ever fly.

      NCC should stick to making security reviews and penetration testing so relevant that every site uses them.

      1. Charles 9 Silver badge

        Re: The rest of the story

        The problem with the scenario is that, in spite of all the safeguards in place, a Trent is still needed. Thing is, as we've seen, Gene and Mallory have gotten smart and are now starting to target Trent in an attempt to subvert or impersonate Trent (think dodgy CAs). The bigger he is, the bigger the target is on his back.

      2. Anonymous Coward
        Anonymous Coward

        Re: The rest of the story

        I expect banks will sign up in droves.

        Many are keen to address the worries that lots of their customers have about online security. $100k a year isn't even small change for them, and you can imagine the hype they will use with it to reinforce their "your security is our priority" message.

        It doesn't really matter whether .trust sites are more secure or not, only that the bank customers believe that they are.

        1. jonathanb Silver badge

          Re: The rest of the story

          But does it address the main security risk, that people are willing to visit a site like 例子.cn/saajkshkj/www.barclays.co.uk/ajsdklfjaksdjflkj and enter their bank login details.

  6. Anonymous Coward
    Anonymous Coward

    Yeah, right

    Until they decide they can get bigger bucks by just selling them to anyone with $1000 or $100...

  7. Jonathan Morton

    Ignoring the cost of .trust itself, the guidelines in the policy document make a LOT of sense, and they are not excessively onerous. I'd go so far as to say that every website - indeed every Internet-connected organisation - should implement them.

    The trick is with auditing. Surely someone can do that for less than $100K per annum?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021