TLDs and file extensions (Re: DNS and potential energy)

michael.dillon at bt.com michael.dillon at bt.com
Tue Jul 1 09:30:51 CDT 2008


> People keep making the assertion that top-level domains that 
> have the same strings as popular file extensions will be a 
> 'security disaster', but I've yet to see an explanation of 
> the potential exploits.  I could maybe see a problem with 
> ".LOCAL" due to mdns or llmnr or ".1" due to the risk of 
> someone registering "127.0.0.1", but I've yet to see any 
> significant risk increase if (say) the .EXE TLD were created. 
>  Can someone explain (this is a serious question)?

Many years ago there was a wonderful web browser named Lynx.
It could do all kinds of nifty things and you could build an
entire information systems interface with it, including things
like a menu that allowed you to select an executable program 
that would be run on the same remote system that was running
Lynx.

People who lived through this era have a vague memory that 
executables and URLs are in sort of the same namespace. Of course
that's not true because executable files are referred to as
lynxexec:script.pl instead of http://script.pl

> > Seeing as a certain popular operating system confounds local file 
> > access via Explorer with internet access...
> 
> I gather you're implying MS Windows does this?

Not mine. 

--Michael Dillon




More information about the NANOG mailing list