On Mar 12, 2008, at 3:18 PM, Paul Vixie wrote:
>> So you must be terrified of .COM (and .PL and .SH and .INFO and ...).

> no

But with the exception of .INFO, all of those extensions are
executable on one system or another. Where do you (or rather, ICANN)
draw the line?

> the most unreliable and insecure element in any computing system, and
> especially distributed computing systems, is the human.

Of course.

> humans won't
> nec'ily click on something with .INFO on the end but they will,
> without
> hesitation, click on something with .EXE on the end of its name.

Sorry, still confused.

Users today click on "click here to have your machine compromised".
I'm confused how the allocation of a host in a top-level domain that
corresponds to an executable file extension increases the risk,
particularly since browser hostname namespace and file name namespace
are completely disjoint (even in IE).

This isn't rhetorical: people have blasted ICANN because they have not
disallowed EXE as a possible top-level domain. I don't understand the
threat model that is exposed by the allocation of that TLD (if were to
come to pass which I doubt). Namedroppers is probably not the best
forum to be discussing this, so if anyone can clue me in as to why
this would doom the Internet (so to speak), please tell me privately.


to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.