.safe, the .xxx of the Banking Industry

There sure are a lot of if’s in this article. I don’t propose to have the solution to phishing, but SSL certificate issuance was original supposed to imply verification of identity and we’ve seen how well that worked when handled by a single or very small set of entities. How would the proposed TLD fare any better?

Dick Hardt said something in our interview that I think really hints at a better solution that we see very few people pursuing. If the identity data we give to banks and the like were reduced in its value by a mature, identity protocol (machine negotiated, customer auditable, provider accountable, etc.), then that would direct take on the single greatest incentive phishers have.

As long as this data remains such a juicy target, i.e. it has general value outside of the specific relationship with a single vendor, then phishers will always find ways to surpass defenses and barriers. I am not arguing against making it harder for them to do so, but I just don’t see how the cost of setting up a new TLD is worth a very slight, if any, benefit.

Oh, yeah, the .xxx connection. Like The Treachery of Images, simply saying it is safe does not make it so. And once the system is gamed, is a substantial risk. And, like the .xxx TLD, the converse is also true–just because it does not say safe, or xxx, doesn’t mean that is any more true, either.

Technorati Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *