Re: FW: .safe TLD idea from ICANN from Thomas Roessler on 2007-04-16 (public-wsc-wg@w3.org from April 2007)

From: Thomas Roessler <tlr@w3.org>
Date: Mon, 16 Apr 2007 14:48:47 +0200
To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc: "<michael.mccormick" <michael.mccormick@wellsfargo.com>, public-wsc-wg@w3.org
Message-ID: <20070416124847.GI24645@raktajino.does-not-exist.org>

On 2007-04-16 08:27:36 -0400, Mary Ellen Zurko wrote:

> I can't quite tell what it is that will make sites with .safe
> safe for e banking. I assume some sort of policy, much like EV
> promises something?

Well, I'm not very surprised by the idea (after [not doing] .xxx,
and .mobi, that's just the logical next step).  From a bit of
googling, though, the idea seems to come from F-Secure, not ICANN
itself.

If you look closely, though, what this essentially boils down to is
one bit of metainformation ("safe" vs. "unsafe") that I'd guess is
deployable far easier through certificate metainformation (or other
mechanisms) than through a TLD.  In terms of communicating security
to users, the idea seems to rely on users parsing URIs -- and we
seem to be leaning toward saying that's a bad idea.

Finally, getting a new TLD in place (in particular one fraught with
policy questions like this one) is a task that takes many years and
a huge lobbying budget.

Cheers,
-- 
Thomas Roessler, W3C  <tlr@w3.org>

> Which reminds me of an error I was a bit suprised at (though not on 
> reflection). I typed in my bank's home page with https, but with .com 
> (it's really a .org). So I got an SSL error telling me "the name on the 
> security certificate is invalid or does not match the name of the site". 
> Neither of which is quite accurate. The cert matches the site that is 
> being brought up; I'm just being redirected because I made a common 
> mistake. So, oddly, won't all those users used to typing .com get SSL 
> errors when redirected to .safe (if https is specified)? 
> 
> Perhaps we need another sentence on ErrorHandling about the error matching 
> the user's model or view of the task. 
> 
>           Mez
> 
> Mary Ellen Zurko, STSM, IBM Lotus CTO Office       (t/l 333-6389)
> Lotus/WPLC Security Strategy and Patent Innovation Architect
> 
> 
> 
> 
> <michael.mccormick@wellsfargo.com> 
> Sent by: public-wsc-wg-request@w3.org
> 04/12/2007 06:23 PM
> 
> To
> <public-wsc-wg@w3.org>
> cc
> 
> Subject
> FW: .safe TLD idea from ICANN
> 
> 
> 
> 
> 
> 
> 
> http://securityblog.itproportal.com/?p=791 
> 
>

Received on Monday, 16 April 2007 12:48:22 UTC