[dns-operations] the real reason for ICANN's gTLD expansion seems to be...

Lanlan Pan abbypan at gmail.com
Wed Dec 13 09:13:15 UTC 2017 

Viktor Dukhovni <ietf-dane at dukhovni.org>于2017年12月13日周三 上午3:38写道:

>
>
> > On Dec 12, 2017, at 8:11 AM, Phil Regnauld <regnauld at nsrc.org> wrote:
> >
> >> My $0.02, find some way to make initial domain acquisition be a
> >> more costly longer commitment (perhaps with fees for remaining
> >> years transferable between registrars to avoid registrar lock-in).
> >
> >       I may be naive, but this bugs me as much as people complaining
> >       that LetsEncrypt (including soon to be available wildcard certs)
> >       is somehow undermining the security of the Internet.
> >
> >       If something is broken by design, say, SMTP authentication, or
> >       the whole idea of X.509 CAs, then complaining that more gTLDS
> >       or free TLS certs is making things worse is like saying that
> >       higher speed limits on the road make cars more dangerous (yeah,
> >       analogies suck).
>
> Well, here we have apples and oranges.  Abuse of gTLDs by crooks is a
> problem of economic externalities, and calls for an economic solution.
> There's no reason to make domain ownership cheap for crooks who cycle
> through (10s, 100s, ... of) thousands of domains.
>
> I personally have no issues at all with LE issuing DV certificates to
> all domains, trustworthy or otherwise.  TLS provides secure transport,
> not an honest peer.  If some expect an honest peer, that's a problem
> with misleading marketing, and the solution will require updated user
> interfaces and training, that do not lull users into a false sense of
> "security".
>

TLS provides secure transport, not an honest peer.  +1


> As for SMTP authentication (I assume you really mean message rather than
> transport authentication), that's a difficult architectural issue. Email
> delivery is asynchronous, and supports forwarding and redistribution via
> lists, ...  And list users seem to really prize subject tags and footers
> that break digital signatures.  No amount of message authentication tech
> will stop scams so long as buying and dumping domains by the boatload is
> cheap.
>
> Mind you, many receiving systems are taking matters into their own hands
> and blocking a bunch of the new gTLDs wholesale.  If they also block
> HTTP/HTTPS to those domains, or just configure their resolvers to block
> resolution, we end up with a somewhat balkanized DNS, but at least some
> economic consequences for gTLDs whose business model is primarily shady
> domains.
>
> --
>         Viktor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-- 
致礼  Best Regards

潘蓝兰  Pan Lanlan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20171213/198dff37/attachment.html>

More information about the dns-operations mailing list