The mission of .Secure is to enable people to navigate the Internet with safety and confidence. This safety will be insured through a combination of operational excellence, a culture of continuous security improvement and technical innovation.
Unlike other gTLDs, .Secure is not a category. It is an expression of a user’s intent. Our goal is to honor a user’s request to browse safely without bombarding them with obtuse technical language, making them look for subtle user interface clues or asking them questions they are not qualified to answer.
Here are three examples of situations that will be safer with .Secure:
- A woman in Kenya receives an SMS message regarding her online payments balance. The limited screen space of her phone makes it difficult for her to trust a link in a text message, so she types in the .Secure address of her provider to guarantee that she is communicating with the intended party.
- A political activist is trying to access a social network and check in with his friends. There have been rumors of widespread monitoring of social network activity and possible repercussions based upon private messages, but he feels confident that while using the .Secure address his traffic will not be hijacked and monitored.
- A business executive in Singapore receives a confidential message from an accountant in Tokyo. She is pleased to see that her vendor sent the sensitive spreadsheet from a .Secure domain to her .secure email address, so she knows that it was encrypted in transit.
How does .Secure provide these individuals with confidence to go about their business online? Through three principals: Verify, Secure and Enforce.
Verify – The .Secure registry will require registrants to submit identity documentation and will perform a human-powered verification and search for related IP rights. There will be multiple levels of validation for commercial, non-profit and personal domains, and the verified identity of the owner will be available to the end-user via innovations described herein.
Secure – All registrants will be required to agree to a code of conduct and to live up to substantial security standards for services offered under the .Secure namespace. These standards will, at a minimum, include mandatory DNSSEC signing of their zone, the use of TLS for all HTTP sessions, DKIM signing and required TLS for SMTP transport.
Enforce – The .Secure Registry will continuously scan sub-domains for compliance with our security standards, as well as for violations of our Code of Conduct. Such violations would include the hosting of malware or phishing sites, and the Registry team will swiftly respond to violations and abuse complaints.
Internet users will immediately benefit from the identity verification and Code of Conduct enforcement, with additional security benefits appearing as software vendors adopt our technical innovations. To foster such innovation we are working with leading technology firms to form the Domain Policy Working Group (DPWG): an open, non-profit organization that will coordinate security protections between gTLD registries, Internet software providers and domain end-users. The DPWG will create a suite of new security standards for submission to the IETF.
The DPWG’s first standard will be the DPF, Domain Policy Framework, a DNS-based language that describes the security posture of a domain and provides the verified identity of the domain holder. Combined with DNSSEC and DANE, DPF could allow for any TLD registry to secure communication with its registrant customers and optionally enforce a minimum standard for sub-domains. DPF will also contain a mechanism for communicating the verified identity of a domain registrant. The website of the Domain Policy Working Group is available at http:⁄⁄www.domainpolicy.org.
The .Secure registry will be operated by Artemis Internet Inc., a subsidiary of NCC Group plc. The NCC Group is an international provider of security and software escrow services, and is trusted to solve the security problems of many of the world’s most selective enterprises. The technological and financial strength of NCC Group will be a key component of establishing the trustworthiness of the .Secure brand. More information about the NCC Group is available at http:⁄⁄www.nccgroup.com, and updates on Artemis and the .Secure registry will be available at http:⁄⁄www.artemis.net.