Dotless Domains ‘Inherently Harmful To Internet Security': IAB

Internet Architecture Board logoThe Internet Architecture Board (IAB) has come out against dotless domains, saying they “will not work as intended by TLD operators in the vast majority of cases.”

In their statement, the IAB said “it has come to the attention of the IAB that there are proposals for so-called ‘dotless’ domains in the root zone, and that some existing top-level domains (TLDs) are already operating in such a mode. TLD operators of dotless domains are intending that single label names — those containing no dots — resolve to the TLD itself, rather than be resolved locally, within the context of the local site at which the user resides.”

The IAB, a committee of the Internet Engineering Task Force (IETF), issued a statement, titled “Dotless Domains Considered Harmful”. In the executive summary, the IAB say they “strongly [recommend] against considering, implementing, or deploying dotless domains. As well, “the IAB believes that dotless domains are inherently harmful to Internet security.”

In the third point noting the problems with dotless domains, the IAB says “applications and platforms that apply a suffix search list to a single-label name are in conformance with IETF standards track RFCs. Furthermore, applications and platforms that do not query DNS for a TLD are in conformance with IETF standards track recommendations intended to minimize security vulnerabilities and reduce load on the root servers.”

The full report from the IAB is available from:
www.iab.org/documents/correspondence-reports-documents/2013-2/iab-statement-dotless-domains-considered-harmful