lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: rgerhards at hq.adiscon.com (Rainer Gerhards)
Subject: Verisign abusing .COM/.NET monopoly, BIND releases new

big oops. Thanks for pointing this out to me. Actually, I read the RFC
incorrectly. It says:

####
 The Internet Assigned Numbers Authority (IANA) also currently has the
   following second level domain names reserved which can be used as
   examples.
####

The important part is "The ... IANA ... has the follwoing domain names
reserved...". 

So, in theory, .test and the other TLDs could also be put into
"production" and this would still be right as of the RFC. Mhh... 

Rainer

> > I don't like what Verisign does. But 
> localhost.localdomain.com is not a
> > safe domain name. I'd recommend either to use one registered to your
> > organization or use one of those from
> > http://www.faqs.org/rfcs/rfc2606.html. Actually, I would go 
> for ".test".
> 
> That's an RFC to be careful of since some numpty decided that
> example.com|.org|.net should not only actually resolve, but 
> have some Redhat
> box running a webserver answer for it as well.   At least it 
> points you to
> RFC2606 which I find somewhat ironic.   I always used to use 
> example.com for
> docs but I can't really anymore though as Rainer said, 
> example.test seems to
> be OK.
> For now...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ