<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [ga] Collisions in RFC 1535 space
At 02:02 12.04.2001 -0700, Roeland Meyer wrote:
> > The Panel notes RFC 1535, which points out that domain names
> > with two alpha
> > characters (eg. au.com.au) could 'trick' some types of client
> > software, thereby
> > giving rise to possible security problems where the domain
> > name is the same as a
> > ccTLD. Potentially, a domain name that is the same as a gTLD
> > (eg. com.net.au)
> > could be misused in the same manner. The Panel therefore recommends a
> > prohibition on domain names that match TLDs.
>
>The panel is stoned, or should be. Both the decision and the reason are pure
>horseshit. CERT (www.cert.org) has never documented an exploit of that
>nature, nor has anyone else, AFAICT. If I had any part of whatever they've
>been smoking, I couldn't do my job. Apparently, they can't either. You can
>quote me, verbatum.
The problem WAS very real in 1993 when RFC 1535 was issued - not as an
exploit (it was a friendlier net back then), but as an user confusion problem.
One of the first publicly acknowleded victims was apparently the owners of
edu.com.
A few years back (Sept 1998), the .no domain owners did a survey - sniffing
traffic in the UNINETT backbone, looking for queries that targeted .com.no,
.no.no and similar domains, which you would expect to see if this was still
a problem in Norway.
The number of queries was microscopic (approximately 0.54% of the number of
.com queries observed).
As a result, the Norwegian domain name owners dropped the blanket refusal
to register two-character domains.
It was once a sensible thing to forbid. It does not seem to be terribly
relevant any more.
Harald
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|