1 / 21

TLD Security Forum

TLD Security Forum. Thank you for joining the. We will begin the event at 9:00am Pacific Time (1600 UTC). Making the Internet Better with New TLDs Alex Stamos , CTO. Today’s Goals. To have an open , productive and professional discussion on:

mingan
Download Presentation

TLD Security Forum

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. TLD Security Forum • Thank you for joining the We will begin the event at 9:00am Pacific Time (1600 UTC)

  2. Making the Internet Better with New TLDs Alex Stamos, CTO

  3. Today’s Goals To have an open, productive and professional discussion on: The measurable, real risks of TLD delegation How we move forward together How new TLDs can make things better This is not a complaints session.

  4. Morning Agenda

  5. You are expecting something on SSR Total counts of name collisions are useless without context and definite risks. Vast majority of collision problems are easily fixed. Applicants need a lot of help with this. We will be publishing more detailed responses when our analysis is complete. The Internet is already a disaster. Let’s keep that in mind when weighing risks…

  6. Isn’t everything fine the way it is? Every time a user… …enters a café …associates to the wifi …does something important online They are lying to themselves…

  7. Why? The Internet is already a hive of scum and villainy There is no man behind the curtain helping you We do not make safely usable systems

  8. http://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2012.pdfhttp://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2012.pdf

  9. http://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2012.pdfhttp://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2012.pdf

  10. http://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2012.pdfhttp://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2012.pdf

  11. Do domains even mean anything? *Cisco and HSBC removed from this list

  12. This isn’t a usable system

  13. http://www.rijksoverheid.nl/ministeries/bzk/documenten-en-publicaties/rapporten/2011/09/05/diginotar-public-report-version-1.htmlhttp://www.rijksoverheid.nl/ministeries/bzk/documenten-en-publicaties/rapporten/2011/09/05/diginotar-public-report-version-1.html

  14. Innovations are not sticking

  15. We can do better Nowhere is it written that the Internet must maintain bug compatibility with the past. Your new TLD can be: More trustworthy than the incumbents More advanced than the incumbents Make the Internet a better place

  16. What we are doing with .secure Strong Verification of Identity Community Based Security Standards Continuous Enforcement of Net, Web, Email and Abuse Policies We do not claim that these protections are appropriate for you, only possible.

  17. Take a look at the .secure standards doc Our goal was to create a policy regime that: • Is technically specific • Is self-evident • Is remotely testable This is not everything you need to be safe Full draft to be posted soon for public comment • This is a draft, please don’t redistribute • You are welcome to use the public drafts

  18. What would this mean for… webmail? Bob knows webmail.secure is legit Bob’s browser knows how to safely connect • HSTS, HPKP, Pre-Loaded ICA Pinning and someday DANE Webmail.secure tries hard to be safe • Net, web policies. CSP, minimization, X-* headers Bank.secure mail is authenticated and secret • DKIM, DMARC, SMTPS with .secure certs Vulnerabilities happen still, are found and fixed

  19. Not just us webmail webmail ? bank bank broker broker .secure .example

  20. What would that take? Base standards for interoperability Central registry of TLD standards Technical standards for advertising capabilities Continuous compliance mechanisms Unified messaging and enhanced consumer experience You won’t get a second chance, let’s talk before you launch!

  21. Conclusion On SSR: This too shall pass Decision makers: please look at the big picture NTAG: Aim higher than what’s expected of us Use trust to delineate your TLD from the legacy experience

More Related