Slashdot Mirror
Generic TLDs Threaten Name Collisions and Information Leakage
CowboyRobot writes "As the Internet Corporation for Assigned Names and Numbers (ICANN) continues its march toward the eventual approval of hundreds, if not more than 1,000, generic top-level domains (gTLDs), security experts warn that some of the proposed names could weaken network security at many companies. Two major issues could cause problems for companies: If domain names that are frequently used on a company's internal network — such as .corp, .mail, and .exchange — become accepted gTLDs, then organizations could inadvertently expose data and server access to the Internet. In addition, would-be attackers could easily pick up certificates for domains that are not yet assigned and cache them for use in man-in-the-middle attacks when the specific gTLD is deployed."
Another way to look at it: why were they using invalid domains in the first place?
Currently, 25 percent of queries to the domain name system are for devices and computers that do not exist, suggesting the companies are already leaking information to the Internet
And how many of those are due to actual people as opposed to confused webcrawlers looking up dead links?
"Oh hai, a new webpage. Lookie, a link. hddp://mywobsite.youspace.com/forum/?post=1. Oh, there's nothing there.
Lookie, another link. hddp://mywobsite.youspace.com/forum/?post=2. Oh, there's nothing there
Lookie, another link. hddp://mywobsite.youspace.com/forum/?post=3. Oh, there's nothing there"
I read TFA and all I got was this lousy cookie
No. .local is for different usage:
http://tools.ietf.org/html/rfc6762
Sure took them a long while to reserve that too.
I proposed reserving a "RFC1918" like TLD about 12+ years ago, but there was not enough interest: http://tools.ietf.org/html/draft-yeoh-tldhere-01
I did try via the ICANN (emailed them to ask them to reserve it). But the ICANN were more interested in "yet another dotcom tld" like .biz .info.
And I didn't have a spare USD100k lying around to apply for the TLD through ICANN, and give it to the world if I even succeeded in getting it.
I do realize it's inconceivable, but some people do not own domain names. Well, I do, but they don't really match my internal naming scheme. So, my internal domain is something that wasn't valid until they came up with the stupid gTLD concept: shark species as hostname, domain "sharks" on my network and in a similar vein Kiplings Jungle Book characters as hostnames and "jungle" as domain for my parents network. This works fine, looks pretty and works.
Now of course, I could use jawtheshark.com for my internal network. As a direct consequence, I'd have to either slave my LAN DNS to a public DNS and expose my internal IP numbering to the world, or keep my LAN DNS manually synchronized with my global DNS. You see, all kind of problems I didn't have because my internal domain was completely not used on the Internet. For my parents network, I don't even have a domain name that would match the naming scheme. My dad has our surname.lu, but that hardly will match the jungle naming scheme. Well, I could just buy yet another domain name and use it only internally, but that's added cost I didn't use to have.
The gTLD stuff is just stupid. That's my opinion.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
I wonder which three letter organization icann will be giving .onion to :/
I think .biz was helpful, in that I don't trust any domain name that ends in .biz.
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!