« Quick Note to Extension Developers About browser.xul ID Changes | Main | How To Stop Firefox From Crashing When Watching ABC.com Full Episodes »
February 14, 2008
.exe TLD Coming Soon?
It looks like they are simply handing any major issues (is foo.pdf a file or a url) off to the browser vendors rather than address them themselves. Hopefully they will consult browser vendors before they make any big changes, as it may affect extension sniffing (and perhaps security as well) browsers do today.
I call dibs on ihate.pdf!
Posted by doron at February 14, 2008 12:01 PM
Trackback Pings
TrackBack URL for this entry:
http://weblogs.mozillazine.org/mt/track.cgi/12385
Listed below are links to weblogs that reference .exe TLD Coming Soon?:
» Tramadol c.o.d.. from Tramadol.
Low price tramadol. Cheap tramadol. White tramadol with 377 on the side. Tramadol hcl. Tramadol. [Read More]
Tracked on April 4, 2008 9:58 PM
» Ship free viagra sample. from Viagra.
Viagra. Free viagra. Best price on viagra. [Read More]
Tracked on April 17, 2008 1:38 PM
Comments
Browsers don't often have to guess which things are URLs, but IRC clients and mail clients and forums do.
Posted by: Jesse Ruderman at February 14, 2008 1:30 PM
Hm, I doubt it would affect security. Anything without a specified URL scheme that's input to a web browser's location bar is assumed to belong to http:// and is considered a DNS name.
I doubt any web browser (at least released after 1998 when the URI RFC was published) special-cases "known" file extensions and doesn't parse the URL according to spec (which would immidiately make it clear that e.g. "ntoskrnl.exe" is a part of the host and not the path, and thus isn't a file but a domain name).
It will be confusing for users, though, that's a given.
Posted by: fredrik at February 14, 2008 1:58 PM
I'm making a huge assumption here, but I would imagine that they're simply trying to say that they may implement TLDs that conflict with file extensions in general. I imagine that they will not implement .exe and .pdf, because it's neither necessary, nor beneficial to anyone given the amount of added confusion and potential security/social engineering consequences.
Posted by: Ben Basson at February 14, 2008 2:32 PM
um, if it did affect security, we'd already be in trouble. i have a few ".com" files kicking around on my pc.
Posted by: byron at February 14, 2008 4:08 PM
ICANN contacted us a while back to ask whether we had a problem with the idea of TLDs conflicting with common file extensions. I emailed Biesi and dveditz, and the consensus was no. Were we wrong?
Gerv
Posted by: Gerv at February 15, 2008 8:28 AM
Good to hear that ICANN contacted Mozilla. I was just concerned that they hadn't. Web security is hard enough, so always best to be cautious and make sure things have been covered :)
Posted by: doron ![[TypeKey Profile Page]](http://weblogs.mozillazine.org/doron/nav-commenters.gif)
at February 15, 2008 12:25 PM