On Fri, Jul 12, 2013 at 11:02 AM, Paul Wouters <paul(_at_)nohats(_dot_)ca>
wrote:
On Fri, 12 Jul 2013, Phillip Hallam-Baker wrote:
I notice you are missing .oracle and .exchange and .mail. Is that
because you can't take any more slaps on the back or because you know
too many companies that have servers in their domain that would get
bypassed by your awesome magic three software vendors listed above?
No, I limited it to them only because those three companies can flood the
market with software that makes the decision by force majeur. I don't think
the domains you list have the market
power on the desktop to be a sufficient quorum.
avoiding answering the implicit question about huge collateral damage
when exchange.company.TLD and oracle.company.TLD start resolving to
company external IPs..... Even if just _one_ airline company would
fall into this trap, it would be millions of dollars of damage alone.
Paid for by vanity domains that make turning clearly visible domain names
into a confusion about what's a single word and what's a domain name.
Which in my view is an excellent argument for the IAB to issue an advisory
warning that such domains are a terrible idea and that ICANN should not
issue such domains under any circumstance.
Unfortunately the IAB is not going to give that advice. They seem to have
passed on advising ICANN not to issue .corp which is going to be a total
security meltdown. It's not 20 pieces of silver at stake here is a quarter
million bucks or more a pop.
I think that there is actually very good reason to believe that the two
domains you cite will not be a problem as Microsoft and Oracle both have
very competent and aggressive legal departments and can be expected to rip
ICANN apart legally limb from limb were they to be silly enough to issue
them to any one else in flagrant violation of their longstanding trademarks.
But there are hundreds of other TLDs that are going to be causing a huge
amount of damage and these are not going to be understood at first.
You think that users know and/or can set a default domain suffix?
That programmers twenty years ago knew and/or understood what that even
meant (or you think no one runs 20 year old software?)
That everyone knows about suffix manipulation through their DHCP
connections?
And VPN connections?
That is my point precisely. I think the domain search lists should be
eliminated completely in the platform code because they are a little used
feature with significant and non obvious security implications.
Apart from that, were you a proponent of the file extension and mime
type wars too? Because as soon as one company takes something like
.profitable as dotless, someone else will claim profitable:// and
all the browsers will just be giant pools of local policy causing
utter confusion and at best will yield a totally unpredictable
user experience for dotless domains. Don't expect a pat on the
shoulder from me in twenty years.
For what it is worth I have always considered using file extensions to
specify the file type to be an unscalable hack. Mime types are a lot
better.
--
Website: http://hallambaker.com/