Cute.
As ICANN starts to roll out extended domain names, folks are starting to notice potential collisions with domain names that have long been used on internal networks (e.g. ".corp".) This leads to all sorts of problems when those domains suddenly start resolving to addresses outside the internal network.
Some of those problems include significant security problems, for example with certificates.
This article nicely lays out the problem: http://arstechnica.com/security/2013/04/possible-security-disasters-loom-with-rollout-of-new-top-level-domains/
The obvious solution is for ICANN to designate certain domain names as reserved for internal use, similar to RFC 1918 non-routable IP addresses. As suggested in the letter referenced in the article linked above, surveys of internal domains already in use provides a list of likely candidate.
No comments:
Post a Comment