CircleID

One of my staff members pointed me to an article by Mikko Hyppönen in Foreign Policy. In this article Mikko argues that a new top level domain (TLD) like .bank for some reason would prevent on-line fraud, at least partially. Mikko seems to be arguing that with a dedicated TLD registry for financial institutions and a fee high enough to act as an entry barrier you would have a trustworthy bank domains that would be immune against today's phising attempts.

I don't believe in this for a second. If we decide to ignore the fact that creating a rule-set that would identify all the worlds known financial institutions would be really hard, and the fact that a barrier entry fee would most likely keep developing countries out - a fact that goes counter to all current Internet policy related development - it still can't be made to work.

First of all, Mikko suggest that $50,000 somehow would deter criminals. I don't think it will, it just raises the price for production of phising sites.

Second of all, with the suggested system, a "compromised" domain that managed to get registered under this TLD would be invaluable to the criminals as it would come with automatic trust to the end-users.

Third, without a wider look at security, route monitoring, signed web-sites (why are only the part of the bank's web-sites where I do my transactions signed?), DNSSEC etc, any form of validation at the point of registration is more or less meaningless.

No, I think the proposal is trying to reach higher end-user confidence levels through security obfuscation. This will work until the registry gets compromised (and it will), and then the effects are much worse and far reaching.

By Kurtis Lindqvist, CEO. Visit the blog maintained by Kurtis Lindqvist here.

Related topics: DNS, DNS Security, Security, Top-Level Domains