New domain zones will weaken the protection of SSL certificates
This week, ICANN received research results, according to which, new domain zones can pose a serious threat to the security of many Internet users. Some of them may have to be banned from registering at all.
The problem is that the names of new top-level domains coincide with the names of internal domains that are protected by security certificates (Internal name certificates). At their core, these are the same SSL certificates that are used to protect common domain names from cyber attacks. But certificates for internal names are designed to protect domains in their own domain name systems installed on personal servers or in local networks.
For a long time, most companies specify non-existent domain zones, such as .corp, .home or .mail, as internal addresses, and establish their own or use the services of local companies to protect them.
')
However, if these domains appear in the root zone, browsers and other programs will be able to access the protected content. Users will be able to intercept traffic, steal passwords and other personal information.
We have already mentioned one case , which clearly shows what can happen if a “non-existent” domain actually turns out to be real. But now we are talking about the security of many thousands of users.
As the root zone server administrators recently reported, the .home and .corp zones pose the greatest threat. Huge volumes of traffic come to these, as yet non-existent, zones every day.
ICANN has long been aware of this issue and is actively cooperating with browser and security certificate developers to minimize potential risk. But at the same time, the company does not exclude the possibility of a ban on the registration of certain domain zones. First of all, we are talking about domains .home and .corp, for which 10 and 5 applicants submitted applications, respectively.
The problem is that the names of new top-level domains coincide with the names of internal domains that are protected by security certificates (Internal name certificates). At their core, these are the same SSL certificates that are used to protect common domain names from cyber attacks. But certificates for internal names are designed to protect domains in their own domain name systems installed on personal servers or in local networks.
For a long time, most companies specify non-existent domain zones, such as .corp, .home or .mail, as internal addresses, and establish their own or use the services of local companies to protect them.
')
However, if these domains appear in the root zone, browsers and other programs will be able to access the protected content. Users will be able to intercept traffic, steal passwords and other personal information.
We have already mentioned one case , which clearly shows what can happen if a “non-existent” domain actually turns out to be real. But now we are talking about the security of many thousands of users.
As the root zone server administrators recently reported, the .home and .corp zones pose the greatest threat. Huge volumes of traffic come to these, as yet non-existent, zones every day.
ICANN has long been aware of this issue and is actively cooperating with browser and security certificate developers to minimize potential risk. But at the same time, the company does not exclude the possibility of a ban on the registration of certain domain zones. First of all, we are talking about domains .home and .corp, for which 10 and 5 applicants submitted applications, respectively.
Source: https://habr.com/ru/post/180625/
All Articles