On 28/09/12 16:02, Ehsan Akhgari wrote:
> Out of curiosity, would you please expand a little bit on why this is a
> bad idea?
Here are some of the reasons.
People expect dotless computer names to be on their intranet.
If someone has the "mail" TLD, and my intranet has a computer called
"mail", then there is potential (if DNS servers are not correctly
configured, which I'm sure they are often not) for my private mail to
get sent to the wrong place by my machine, possibly across international
borders, and possibly causing me to breach confidentiality rules.
In addition, if people want to put an Internet site on http://mail/,
they may well also want https://mail/, which requires issuing a cert for
a dotless name. Again, there is a clash with intranets. Although the CAB
Forum is trying to phase it out, there are a lot of legacy uses for
internal server certs with dotless names, and so anyone can get one.
This means that the Internet https://mail/ could be spoofed by anyone
who pays $20 for such a cert.
DNS is a canonical namespace. The dotless part is the naming equivalent
of "private use" IP addresses. Making them suddenly publicly resolvable
could have all sorts of unexpected consequences.
It's going to be bad enough when someone gets e.g. the TLD ".corp" and
thousands of businesses who had been using that as an unofficial
internal suffix have to reconfigure their networks. But allowing dotless
names to resolve means that there is no namespace which is safe for
internal use _at all_.