On 2012-05-30 11:24 , Jed Laundry wrote:
Q3, Q4: Certainly .bank.nz would seem logical from a security perspective, if the banks were willing to move their domains.
FWIW, my recollection is that after delaying many years InternetNZ eventually approved bank.nz, but then the retail trading banks concluded that they were too invested in their existing domain names from a branding/security perspective to be willing to try to shift to different ones (even a moderated .bank.nz) and educate their customers as to the new domain names. IIRC no banks ever used bank.nz, and someone told me it'd been removed again for disuse (and/or never delegated). I suspect if the approval process had taken months instead of years (with multiple applications) the outcome might have been different. But at this point it seems a lost cause.
Q5: Absolutely. Any regional variant (.com.nz, .edu.nz) or obvious keystroke error (.oc.nz would be obvious, .moc.nz would not) of any current or future 2LD should be restricted.
It occurs to me that "${DOMAIN}-${2LD}.nz" (for any existing 2ld of .nz, and domain in that 2ld) is probably nearly as good for phishing. For yet another unintended side effect. (Several other plausible variations, eg, ${BANK}bank.nz, ${BANK}-bank.nz, would probably also fool enough users to be worth the domain cost.) Ewen