TLDs and file extensions (Re: DNS and potential energy)
michael.dillon at bt.com
michael.dillon at bt.com
Tue Jul 1 14:30:51 UTC 2008
> People keep making the assertion that top-level domains that
> have the same strings as popular file extensions will be a
> 'security disaster', but I've yet to see an explanation of
> the potential exploits. I could maybe see a problem with
> ".LOCAL" due to mdns or llmnr or ".1" due to the risk of
> someone registering "127.0.0.1", but I've yet to see any
> significant risk increase if (say) the .EXE TLD were created.
> Can someone explain (this is a serious question)?
Many years ago there was a wonderful web browser named Lynx.
It could do all kinds of nifty things and you could build an
entire information systems interface with it, including things
like a menu that allowed you to select an executable program
that would be run on the same remote system that was running
Lynx.
People who lived through this era have a vague memory that
executables and URLs are in sort of the same namespace. Of course
that's not true because executable files are referred to as
lynxexec:script.pl instead of http://script.pl
> > Seeing as a certain popular operating system confounds local file
> > access via Explorer with internet access...
>
> I gather you're implying MS Windows does this?
Not mine.
--Michael Dillon
More information about the NANOG
mailing list