Saturday, May 05, 2007

New tld of ".bank" proposed


Mikko Hypponen, Finnish security expert and founder of F-secure, makes an interesting suggestion for internet security on page 47 of the May/June 2007 edition of Foreign Policy. He suggests that banks stop using “.com” as the TLD of their domains, and that ICANN create a special TLD “.bank” for them, very expensive (perhaps $50000) that only legitimate financial institutions could afford. He claims that this would make phishing more difficult.

Home users who receive suspicious emails can preview the links embedded in the emails, and even check them on WHOIS registries. In Hypponen’s system, banks would not be allowed to use any other TLD than “.bank” and it would be easier for consumers to spot fraud.

The following link is ICANN’s discussion of TLD’s. .com. .net. and .org are unrestricted, although originally .net was supposed to be used for networks and .org’s for non-profits. Here is the link. Individuals have tended to use .com, although at times the suggestion has been made that .org is also appropriate.

One of the reasons why there has been controversy over domain names is the non-specific nature of “.com”. It is not possible to determine whether a domain is a real transaction-processing business with reportable revenues, or simply a soap box. “.biz
became a partial solution to this issue, being more expensive and limited to genuine commercial businesses.

Sometimes different entities do have the same root with different tld’s. Try wm.com and wm.edu. Or aaa.org and aaa.com. Or even brainbox.com and brainbox.tv. Same root domain names with different tld's do not seem, in practice, to cause much confusion for the public.

What is more common is intentional misspellings of well known names to create “parked domains” with advertising links for easy revenue, or even the use of different tld’s for the same root. The legal status of this practice has always been unclear, but it does not fool reasonably educated web users.

ICANN does have a relatively inexpensive administrative process for resolving domain name disputes and generally requires that a domain name holder show “good faith” and provide legitimate content or substance or else commercial or processing capacity (or both) if challenged.

Notification companies tell existing domain name owners when additional tld’s based on their roots are released. For example, I have johnwboushka.com but recently got a notification for johnwboushka.us . I don’t need this, and I don’t think it could be attractive to anyone else.