TLDs and file extensions (Re: DNS and potential energy)

David Conrad drc at virtualized.org
Tue Jul 1 13:08:43 UTC 2008


On Jun 30, 2008, at 10:43 PM, James Hess wrote:
>> Sure, nefarious use of say .local could cause a few problems but  
>> this is
>
> I'd be more concerned about nefarious use of a TLD like  ".DLL",   
> ".EXE", ".TXT"
> Or other domains that look like filenames.

Like .INFO, .PL, .SH, and, of course, .COM?

People keep making the assertion that top-level domains that have the  
same strings as popular file extensions will be a 'security disaster',  
but I've yet to see an explanation of the potential exploits.  I could  
maybe see a problem with ".LOCAL" due to mdns or llmnr or ".1" due to  
the risk of someone registering "127.0.0.1", but I've yet to see any  
significant risk increase if (say) the .EXE TLD were created.  Can  
someone explain (this is a serious question)?

> Seeing as a certain popular operating system confounds local file  
> access via
> Explorer with internet access...

I gather you're implying MS Windows does this?

> You may think "abcd.png"  is an image on your computer... but if you
> type that into your address, er, location bar,  it may be a website  
> too!

Is there a browser (Internet Explorer?  I don't run Windows) that  
looks on the local file system if you don't specify 'file://'?   
Wouldn't that sort of annoy the folks who run (say) help.com?

Regards,
-drc





More information about the NANOG mailing list