
Really?
Soon you might be able to trust that financial email
That surely depends whether you trust Symantec not to make a pigs breakfast of it in the first place?
The launch of new .bank domain names is one step closer with the announcement [PDF] that Symantec has been chosen to act as the credentials verifier for the top-level domain. Dot-bank domains represent a new type of domain name - one restricted to a very specific group of people in order to enhance security. Banks and …
Totally true, and I consider that a huge flaw.
However, if the bank domain is strictly controlled it should be much easier for an email agent or client to check that the mail is actually sent from an authorized sender for that domain. No idea if they've actually implemented anything to do this. If not then it's worthless, or worse than worthless because it introduces a false trust in emails from bank addresses
Is when banks send legitimate email with links in them.
I've finally convinced my old man to not trust any links in email. He's now happy to go to the web address he knows or use his mobile app to go and look at stuff.
And like others have said it's not like you can't spam a from address.
You can finally trust our e-mails... all you need to do is you install an e-mail client with GPG and set up a public key.
It's easy. For more information on how to do this please visit our security centre at http://www.weblogin.tk@natwest.bank/ to download our easy setup installer. To be sure that this link is secure, you may copy it and paste it in your browser instead of clicking on it.
Now if ISP mail servers would only accept mail signed by the bank from an authorised mail server we might at least have some confidence that the originator was correct.
Oh, hang on, that doesn't require a special ".bank" domain, just a certificate.
So what exactly does this offer beyond a nice little earner for the owner of the TLD?
Oh, yes, a whole new flood of SPAM with spoofed originator addresses.
In the days when SSL was young the Certificate Authorities charged more for 'high assurance' certificates that required a little bit of proof before they were issued. This was all about TRUST.
Roll the clock forward a bit... the Certificate Authorities are now offering certificates with higher assurance that will show up with a green background to prove they can be trusted....trade in your old high assurance certificates for these new green ones.
Fast forward to today...the Certificate Authorities are going to issue certificates to a special domain to prove that they are trusted...trade in your green certificates for these new ones that will really be trustworthy this time.
And tomorrow?
They just keep failing to deliver and then turn around and take more money so they can fail to deliver again.
Nice business model.