DNSO Mailling lists archives


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [ga] Collisions in RFC 1535 space

Thanks, Harald for confirming this with the weight of your authority and
a good live example.
This also shows that some RFCs may be quite outdated...
... as 1591 or 920.

On 21:49 13/04/01, Harald Tveit Alvestrand said:
>At 02:02 12.04.2001 -0700, Roeland Meyer wrote:
>> > The Panel notes RFC 1535, which points out that domain names
>> > with two alpha
>> > characters (eg. au.com.au) could 'trick' some types of client
>> > software, thereby
>> > giving rise to possible security problems where the domain
>> > name is the same as a
>> > ccTLD.  Potentially, a domain name that is the same as a gTLD
>> > (eg. com.net.au)
>> > could be misused in the same manner.  The Panel therefore recommends a
>> > prohibition on domain names that match TLDs.
>>The panel is stoned, or should be. Both the decision and the reason are pure
>>horseshit. CERT (www.cert.org) has never documented an exploit of that
>>nature, nor has anyone else, AFAICT. If I had any part of whatever they've
>>been smoking, I couldn't do my job. Apparently, they can't either. You can
>>quote me, verbatum.
>The problem WAS very real in 1993 when RFC 1535 was issued - not as an 
>exploit (it was a friendlier net back then), but as an user confusion problem.
>One of the first publicly acknowleded victims was apparently the owners of 
>A few years back (Sept 1998), the .no domain owners did a survey - 
>sniffing traffic in the UNINETT backbone, looking for queries that 
>targeted .com.no, .no.no and similar domains, which you would expect to 
>see if this was still a problem in Norway.
>The number of queries was microscopic (approximately 0.54% of the number 
>of .com queries observed).
>As a result, the Norwegian domain name owners dropped the blanket refusal 
>to register two-character domains.
>It was once a sensible thing to forbid. It does not seem to be terribly 
>relevant any more.
>                  Harald
>This message was passed to you via the ga@dnso.org list.
>Send mail to majordomo@dnso.org to unsubscribe
>("unsubscribe ga" in the body of the message).
>Archives at http://www.dnso.org/archives.html

This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html

<<< Chronological Index >>>    <<< Thread Index >>>