[9870] in bugtraq
Re: More Internet Explorer zone confusion
daemon@ATHENA.MIT.EDU (Jim Frost)
Wed Mar 10 12:22:03 1999
Date: Tue, 9 Mar 1999 17:15:07 -0500
Reply-To: Jim Frost <jimf@FROSTBYTES.COM>
From: Jim Frost <jimf@FROSTBYTES.COM>
X-To: Tilman Schmidt <Tilman.Schmidt@SEMA.DE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3.0.3.32.19990309085843.009263d0@igate.sema.de>
|This is of course the correct way to implement an "intranet zone".
|It has, however, one serious drawback: you have to configure it.
|Consumer product manufacturers like Microsoft want their product
|to work as much "out of the box" as possible.
Since there is no intranet for most consumers this seems like largely a
non-issue. Those with intranets in their home probably know enough to
configure it properly. And businesses should have IT departments whose job it
is to manage it.
So what's the problem?
|It doesn't even work with the default configuration of Windows,
|because the basic assumption that every host with an FQDN in the
|same DNS domain as the client is also in the intranet zone is
|flawed. There are perfectly legitimate configurations where this
|is not the case.
Not only legitimate, but increasingly common. Cable modem customers, for
instance, tend to have their entire region in the same "intranet": eg
customer.ne.mediaone.net. I assure you that you don't want to treat the entire
northeast region of MediaOne customers as trusted in any way, shape, or form.
jim
