Want to Spend $150K? Get a .trust Domain
British information assurance firm NCC Group has acquired the right to issue yet another General Top-Level Domain, .trust.
Also read: Tor Network May Face Disabling Attack
Information assurance firms are in the business of making sure data is authentic, and that systems are secure. To get a .trust will be no small task. To begin with, you’ll need $150,000. That’s right. Where simply using a .com and securing it on your own will cost around $20 plus various fees, NCC is straight facing the world with a price tag never heard of before.
Under the .trust domain, organizations can protect their brand, reputation and sensitive customer information with the highest level of security and reliability. […] Through .trust, organizations can utilize a unique policy and technology driven process to protect and increase public confidence with their sites, reads the “who’s it for” section of their website.
A Solution Without a Real Problem?
While it’s true that the Internet is a sea of malware sites, poor content, and bad advertising, NCC doesn’t point to any studies demonstrating why the creation of a new gTLD will increase and/or improve business relations. At the end of the day, anyone serious about doing business in the digital age will have to use the Internet anyway. Using such an expensive gTLD may guarantee that your domain will be available, and having a third party vet your information and security practices can never hurt, but in the end it only comes off as frivolous. In essence, this seems like a solution without a real problem to solve.
What Will it Really Do?
The current generation of security compliance requirements (at their very best) encapsulates principles that were designed to battle the unsophisticated threats of a decade ago. The threat spectrum has evolved and so too has the way in which customers and business partners interact with organizations. In a world filled with weekly mega-breach announcements, reconfirming arbitrary compliance standards or placing a third-party tick-mark logo on a website does not provide enough to address consumer concerns. […] A core tenet of the .trust Technical Policy is transparency, and with that, compliance with the security requirements should be externally verifiable – e.g. no more self-accredited checkboxes. Businesses that follow the .trust Technical Policy can be externally measured and rated against the compliance criteria. Such transparency in compliance – against a security policy that constantly reflects current best practices in the industry – is designed to let customers, clients and business partners know that real and measurable steps have been taken by an organization to secure and protect both their transactions and personal information, hence the “dot trust” name.
If a company purchases a .trust domain name, it seems, what they will really be paying for is the services behind it – verification that they are who they are they are, although trademark law makes it hard to register a domain for a trademark bearing company anyway. Companies who have this kind of money lying around can join a club of a select few who are “verified.”
Of course, there will still be “weekly mega-breach announcements,” but at least companies will have the cool NCC seal of approval. Little surprise, then, that they’re targeting the financial industry.
But the best part is the zombie methodology: in order to sell .trust domains, registrars will have to have to their own .trust. A brilliant sales tactic, in this writer’s book, but likely a turn-off for many of the domain salesmen.
Images from Pixabay and Shutterstock.