Posts Tagged ‘gTLD’

Could be Problems with New gTLDs

Tuesday, May 14th, 2013 | Bruce Morton

The PayPal information risk management team warns that the introduction of new generic top-level domains, or gTLDs, could impact security.Generic Top Level Domains

For many years it has been common for enterprises to configure DNS domains with suffixes that are not in the set of public TLDs. The practice has been recommended by software vendors and security experts. The public delegation of these suffixes as new gTLDs will impose serous security risks on unprepared systems and roaming enterprise laptops.

Domains to be concerned are the top-10 invalid queries from the ICANN SAC 045 report, plus those gTLD suffixes identified in RFC 6762 for Multicast DNS. They are: belkin, corp, domain, home, internal, intranet, invalid, lan, local, localdomain, localhost, private and wpad.

The CAs are particularly concerned with .corp. This suffix is proposed as a new gTLD that is most often used by CA customers. If .corp is approved as a new gTLD, then correcting its use in an enterprise will have the greatest cost; and not correcting will carry the greatest risk.

Any domains that are approved as new gTLDs will have to be addressed by the CAs. The CAs will have to review the certificates they have issued and advise customers that have certificates with a new gTLD. The customers will then have to register their domain. If the customer cannot or does not register the domain, then the CA must revoke the certificates within 120 days from the gTLD being approved, as required in the CA/Browser Forum Baseline Requirements.

If you have certificates that use a proposed new gTLD, then please take precautions. You will have to make plans to either register the domain, change to a domain that you already have registered, or obtain your certificate from a non-publicly trusted CA.

Image Source:

http://news.dot-nxt.com/sites/news.dot-nxt.com/files/gtld-letterpress-s.jpg

Tags: , , ,
Posted in Certificate Management, SSL Deployment | Add Comment | No Comments »

First New gTLD Requests

Thursday, June 14th, 2012 | Bruce Morton

ICANN has published the first new gTLD requests. If approved, these gTLDs will add to the current 22 generic TLDs and the 280 country code TLDs. The new gTLDs have mostly been requested by companies and governments. We see that Google has asked for .youtube and Ford has requested .ford. Amsterdam and London have asked for .amsterdam and .london. There are many other requests such as .beer and .sucks.

As I stated in my previous post, if your websites have SSL certificates using internal domain names with one of the requested new gTLDs, then you should start making plans to either move off of those names or register them in the future. If you don’t own your domains ending with the new gTLD, then your public SSL CA will not be able to issue you a certificate with that name.

Screenshot from ICANN

Tags: , ,
Posted in Certificate Management, SSL Deployment, Secure Browsing | Add Comment | No Comments »

Secure gTLD

Friday, May 18th, 2012 | Bruce Morton

As a follow to my post on new gTLDs, here is an interesting request for a gTLD called .secure.

Artemis Internet is planning to provide secure domain names. Security will be provided through human verification, security policies, and enforcement. The .secure gTLD would be available to any organization or individual. The users would have to follow a strict code of conduct including rigorous identity screening, two factor authentication, meet a minimum set of security practices, and end-to-end encryption of most traffic.

The Artemis CTO says, “We have a chance to create a neighborhood on the Internet where security is required, and users know that. We have the ability since we’re starting from scratch to have a floor.”

This could be a great implementation for a new gTLD. As I said before, the requests for the gTLDs must be assessed and approved and there is more than one request for .secure. We’ll see what happens.

Attribution: Photo is a screen capture from Artemis.net

Tags: ,
Posted in Certificate Management, SSL Deployment, Secure Browsing | Add Comment | No Comments »

New gTLDs

Tuesday, May 15th, 2012 | Bruce Morton

Over the next year or so, some new generic Top-Level Domain (gTLD) names will be released. Just to catch everybody up, we currently have about two dozen generic TLDs that you can use to register a domain name. TLDs such as .com, .net and .org. There are also country specific TLDs (ccTLD) such as .ca, .us, and .uk.

ICANN is coordinating the approval of the New Generic Top-Level Domains. The new gTLDs won’t be in use until 2013. The new gTLDs will be registered by companies, governments, and other organizations to help support their goals and causes. For instance, Amsterdam has requested a new gTLD of .amsterdam. This would allow government and businesses in Amsterdam to register their own domains ending in .amsterdam. How about cityhall.amsterdam, thebestcoffeeshop.amsterdam or woodenshoes.amsterdam? There are many other gTLD requests, see New generic Top-Level Domains for more.

(more…)

Tags: , ,
Posted in Certificate Management, SSL Deployment | Add Comment | No Comments »