On 10/2/2012 6:21 AM, Gervase Markham wrote:
> On 05/07/12 16:39, Daniel Veditz wrote:
>>> However, given that it was a .com domain which started all this fuss, I
>>> thought it was worth posting publicly in case anyone had any comments.
>>
>> Have they revoked all the previously spoofing domains? Have they
>> audited all their existing domains to make sure there aren't
>> additional ones in there that violate their new rules? What is their
>> transition plan for the domains that do exist?
>>
>> Their new rules going forward sound fine, it's any grand-fathered
>> mess I'm worried about. I'm especially worried if you proceed with
>> your currently stated plan of preserving the whitelist even after
>> the new algorithm lands.
I would argue against this exception for ".com" and ".net".
If someone is mounting an attack, it would probably be in those TLDs.
If Network Solutions wants an exception for "grandfathered"
domain names, let them publish a list of those domains for public
comment. Is the problem big enough to worry about?
John Nagle
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
