Modernizing Authentication — What It Takes to Transform Secure Access
Startup Artemis Internet has proposed a new .secure TLD that would require registrants to submit identity documentation, agree to a code of conduct for meaningful security standards, and ensure compliance with those standards on an ongoing basis.
"Sites that wanted to be a part of this exclusive domain would have to undergo rigorous screening to verify their identity," writes Wired's Dan Goodin. "Physical addresses, trademark registrations, articles of incorporation, and other legal documents would be reviewed by human beings. Upon approval, applicants would receive two-factor authentication hardware to register online. They would also be required to meet a minimum set of security practices, including end-to-end encryption of virtually all Web and e-mail traffic."
"Those operating subdomains within .secure would be individually vetted, required to abide by acceptable use and security control policies, and subject to disconnection, said Alex Stamos, chief technology officer of Artemis Internet Inc," writes Government Computer News' William Jackson. "'If you are not in compliance, we will turn your site off until you fix it,' Stamos said."
"Stamos expects financial institutions and other security-sensitive businesses to adopt the new domain for their pages that handle transactions, for example, or sensitive data," writes Dark Reading's Kelly Jackson Higgins. "'We're not trying to tell people to throw away your .com. You can create a namespace where you can do more secure things, so if you are a bank that runs hundreds of websites and have some website for users who do billion-dollar transactions,' that site could go to the .secure domain, he says."
"The goal is to offer a place on the Web where sites have higher security standards and Web surfers can have more faith that their data and communications will stay out of the hands of malicious hackers and criminals," writes CNET News' Elinor Mills.