Over a year ago, the Internet Corporation for Assigned Names and Numbers (ICANN), the organization that is responsible for coordinating Internet domain names and IP addresses, announced that it would accept applications for new generic top-level domains (gTLDs). [See 4cast #235.] Current gTLDs include .com and .org, but now companies and organizations have submitted applications for a wide range of proposed new gTLDs – such as .book. Google has gone one step further and proposed a “dotless” domain that would consist of only one word: “search” (http://search/). And that proposal has stirred up the debate about the wisdom of allowing dotless domains on the Internet and Google’s motives.
- Google wants to operate .search as a “dotless” domain, plans to open .cloud, .blog and .app to others (TechCrunch/Frederic Lardinois) “Google plans to run http://search/ as a redirect service that ‘allows for registration by any search website providing a simple query interface.’ ‘The mission of the proposed gTLD, .search, is to provide a domain name space that makes it easier for Internet users to locate and make use of the search functionality of their choice,’ Google writes in its amended application.”
- On dotless domains and domainless TLD’s (The Rolled-Up Newspaper/Andrew Johnson) “So why would Google want to promote a way to search elsewhere when there’s no real threat to their position as top dog in search? […] ICANN is probably much more amenable to allowing a dotless TLD–a risky and huge departure from standard practice–knowing its operator is tied to a promise to include others. In this case, Google would just be investing in familiarizing people with the concept of a domain-less TLD, dotted or not, and they plan to do this to additional TLD’s down the road: first proprietary TLD’s (‘google,’ ‘android’) and maybe later generic TLD’s in a proprietary manner, if they could swing it (‘maps’ being exclusive to Google Maps, or ‘translate’ from Google Translate, for instance).”
- SSAC report on dotless domains [pdf] (ICANN Security and Stability Advisory Committee) “Other security issues may arise if dotless domains are permitted to host content directly. The advent of such hosting will violate a longstanding (more than 20 year) assumption that a dotless hostname is within an organization’s trust sphere. In Windows, for instance, this means that a dotless host may be considered to be in the Intranet zone, and is accorded the security privileges conveyed to sites in that zone. These privileges are significant and may, depending on the user’s configuration, permit code execution.”
- ICANN, the GAC, SSAC and gTLDs: Challenges with dotless domains and closed generics (MSDN Blogs/M3 Sweatt) “As we summarized in our comments [pdf], Microsoft supports and endorses the report’s recommendations against use of dotless domains. There are significant security considerations around the use of dotless domains with new gTLDs, generally a bad idea that would create significant security risks for people using the Internet. Dotless domain names are often resolved by operating systems, browsers and other products to addresses on the local network / intranet. Our recommendation is to use Fully Qualified Domain Names (FQDNs) – sometimes referred to an absolute domain name – to ensure that people get where they are expecting when they type in an address on the Internet URL.”
At the very least, handling dotless domains would require extensive revisions to current web browsers and Internet apps. Such software typically interprets and completes shortened domain names and does not insist on use of fully qualified domain names.