Moin! On 29 Jan 2014, at 08:10, Paul Hoffman <paul.hoff...@vpnc.org> wrote: >> There is a huge, easily-identifiable difference between adding a token >> *before* the application process that started in 2012 and then later asking >> for a hold-back, and adding it *after*. > > All names in draft-chapin-additional-reserved-tlds were in widespread use > before the application process. If someone wants to start using a new TLD > now, they know where to go ask for it. That they where in use before the new GTLD process doesn't change the fact that they were not supposed to be asked on the global DNS namespace.
>> I also don't think there are risks in delegation these other than >> the applicants will get lots of traffic. > > Others disagree. ICANN has documented many scenarios where there are security > problems when what was earlier expected to either get local resolution or an > NXDOMAIN starts getting real answers. By risks I meant risks to the Internet as a whole. There surely is a security problem when you answer with an A record where you before gave back NXDomain for the person doing that. But that hasn't stopped people deploying NXDomain redirections and again the real problem is that you are using something in the global name space that is not supposed to be there. There are other uses of DNS where giving out an record instead of NXDomain has security implications (NXR redirections, fat finger domains, searchlists) and none of them have been treated special here. Also there are IMHO currently other more pressing security issues with the Internet than people getting an A record back for router.home. So long -Ralf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
