[105785] in North American Network Operators' Group
RE: TLDs and file extensions (Re: DNS and potential energy)
daemon@ATHENA.MIT.EDU (michael.dillon@bt.com)
Tue Jul 1 10:32:41 2008
Date: Tue, 1 Jul 2008 15:30:51 +0100
In-Reply-To: <D40E8162-56C1-4055-9911-7863A74154E6@virtualized.org>
From: <michael.dillon@bt.com>
To: <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> People keep making the assertion that top-level domains that=20
> have the same strings as popular file extensions will be a=20
> 'security disaster', but I've yet to see an explanation of=20
> the potential exploits. I could maybe see a problem with=20
> ".LOCAL" due to mdns or llmnr or ".1" due to the risk of=20
> someone registering "127.0.0.1", but I've yet to see any=20
> significant risk increase if (say) the .EXE TLD were created.=20
> Can someone explain (this is a serious question)?
Many years ago there was a wonderful web browser named Lynx.
It could do all kinds of nifty things and you could build an
entire information systems interface with it, including things
like a menu that allowed you to select an executable program=20
that would be run on the same remote system that was running
Lynx.
People who lived through this era have a vague memory that=20
executables and URLs are in sort of the same namespace. Of course
that's not true because executable files are referred to as
lynxexec:script.pl instead of http://script.pl
> > Seeing as a certain popular operating system confounds local file=20
> > access via Explorer with internet access...
>=20
> I gather you're implying MS Windows does this?
Not mine.=20
--Michael Dillon
