From:  Gervase Markham <>
Date:  02 Oct 2012 18:13:36 Hong Kong Time

Re: Mozilla and dotless domains


On 28/09/12 16:02, Ehsan Akhgari wrote:
> Out of curiosity, would you please expand a little bit on why this is a
> bad idea?

Here are some of the reasons.

People expect dotless computer names to be on their intranet.

If someone has the "mail" TLD, and my intranet has a computer called 
"mail", then there is potential (if DNS servers are not correctly 
configured, which I'm sure they are often not) for my private mail to 
get sent to the wrong place by my machine, possibly across international 
borders, and possibly causing me to breach confidentiality rules.

In addition, if people want to put an Internet site on http://mail/, 
they may well also want https://mail/, which requires issuing a cert for 
a dotless name. Again, there is a clash with intranets. Although the CAB 
Forum is trying to phase it out, there are a lot of legacy uses for 
internal server certs with dotless names, and so anyone can get one. 
This means that the Internet https://mail/ could be spoofed by anyone 
who pays $20 for such a cert.

DNS is a canonical namespace. The dotless part is the naming equivalent 
of "private use" IP addresses. Making them suddenly publicly resolvable 
could have all sorts of unexpected consequences.

It's going to be bad enough when someone gets e.g. the TLD ".corp" and 
thousands of businesses who had been using that as an unofficial 
internal suffix have to reconfigure their networks. But allowing dotless 
names to resolve means that there is no namespace which is safe for 
internal use _at all_.