nanog mailing list archives
TLDs and file extensions (Re: DNS and potential energy)
From: David Conrad <drc () virtualized org>
Date: Tue, 1 Jul 2008 06:08:43 -0700
On Jun 30, 2008, at 10:43 PM, James Hess wrote:
Sure, nefarious use of say .local could cause a few problems but this isI'd be more concerned about nefarious use of a TLD like ".DLL", ".EXE", ".TXT"Or other domains that look like filenames.
Like .INFO, .PL, .SH, and, of course, .COM?People keep making the assertion that top-level domains that have the same strings as popular file extensions will be a 'security disaster', but I've yet to see an explanation of the potential exploits. I could maybe see a problem with ".LOCAL" due to mdns or llmnr or ".1" due to the risk of someone registering "127.0.0.1", but I've yet to see any significant risk increase if (say) the .EXE TLD were created. Can someone explain (this is a serious question)?
Seeing as a certain popular operating system confounds local file access viaExplorer with internet access...
I gather you're implying MS Windows does this?
You may think "abcd.png" is an image on your computer... but if youtype that into your address, er, location bar, it may be a website too!
Is there a browser (Internet Explorer? I don't run Windows) that looks on the local file system if you don't specify 'file://'? Wouldn't that sort of annoy the folks who run (say) help.com?
Regards, -drc
Current thread:
- TLDs and file extensions (Re: DNS and potential energy) David Conrad (Jul 01)
- RE: TLDs and file extensions (Re: DNS and potential energy) michael.dillon (Jul 01)
- Re: TLDs and file extensions (Re: DNS and potential energy) Tony Finch (Jul 01)
- Re: TLDs and file extensions (Re: DNS and potential energy) Jay R. Ashworth (Jul 01)
- Re: TLDs and file extensions (Re: DNS and potential energy) Jean-François Mezei (Jul 01)