TLDs and file extensions (Re: DNS and potential energy)
David Conrad
drc at virtualized.org
Tue Jul 1 13:08:43 UTC 2008
On Jun 30, 2008, at 10:43 PM, James Hess wrote:
>> Sure, nefarious use of say .local could cause a few problems but
>> this is
>
> I'd be more concerned about nefarious use of a TLD like ".DLL",
> ".EXE", ".TXT"
> Or other domains that look like filenames.
Like .INFO, .PL, .SH, and, of course, .COM?
People keep making the assertion that top-level domains that have the
same strings as popular file extensions will be a 'security disaster',
but I've yet to see an explanation of the potential exploits. I could
maybe see a problem with ".LOCAL" due to mdns or llmnr or ".1" due to
the risk of someone registering "127.0.0.1", but I've yet to see any
significant risk increase if (say) the .EXE TLD were created. Can
someone explain (this is a serious question)?
> Seeing as a certain popular operating system confounds local file
> access via
> Explorer with internet access...
I gather you're implying MS Windows does this?
> You may think "abcd.png" is an image on your computer... but if you
> type that into your address, er, location bar, it may be a website
> too!
Is there a browser (Internet Explorer? I don't run Windows) that
looks on the local file system if you don't specify 'file://'?
Wouldn't that sort of annoy the folks who run (say) help.com?
Regards,
-drc
More information about the NANOG
mailing list