On Jun 6, 2012, at 2:32 AM, John Nagle wrote: > On 6/5/2012 9:34 AM, Gervase Markham wrote: >> On 04/06/12 19:10, John Nagle wrote: >>> Single-word domain names are about to become a common form of >>> URL. >> >> IMO, Mozilla should not be in favour of this type of word hijacking. >> "www.nike", fine. Bare "nike", no. But then, maybe it's up to the user's >> DNS configuration rather than us... > > It's not theoretical. Some of the country-code TLDs have A > records now. "AC" and "AI", for example, have A records, and web > sites behind then. "AI" resolves to "209.59.119.34", > and really is a valid domain with a web site. > > In Firefox 12, putting a plain "ai" into the URL box > results in a Google search. At least the first time. > "ai." (the rarely used rooted domain format) brings up the web > site "ai", which is Offshore Information services. But now that > "ai." has been found as a domain, Firefox will, if asked for > "ai" again, will return the domain, not a Google search. > That's clearly a bug. > > Until now, this was mostly a curiosity, but if there's a "FACEBOOK" > TLD, people are going to scream if it behaves like that.
Yep. That's a problem. It sounds to me like we want to do the DNS lookup on barewords, even knowing it will fail the vast majority of the time. That slows down round trips for those loads, but I don't think that rooted domain format is something we should expect users to attempt. The other option is to just tell those domain owners "too bad", but I think John's right that we are going to see more, not fewer, of these. The nikes and facebooks of the world will have the .com presence as well, and 302 their users to victory, but I don't know if that's a healthy assumption to keep baking into our software in the general case. I'd like to know what UX thinks, though, since I'm on the fence myself about whether the solution is worth it to fix the smallness of the problem. John, can you file a bug with this information and I'll add some people to the cc? J --- Johnathan Nightingale Sr. Director of Firefox Engineering @johnath _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
