On 23 Sep 2012, at 09:38, Fred Morris wrote:
I don't understand this entire debate. I am sorry. Can somebody please frame it?
Read the SSAC report: http://www.icann.org/en/groups/ssac/documents/sac-053-en.pdf .
So what, exactly, *is* the security implication?
There are many. You even mention some of them yourself. The short answer is the behaviour of much application software (and stub resolvers) is unpredictable and/or broken whenever they are presented with a domain name which does not contain a dot. Amongst other things, this can mean DNS lookups for QNAMEs which are not the same as that original single label => getting directed to the wrong location or being told that something doesn't exist when it actually does or vice versa. Read that SSAC report.
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
