New domain zones will weaken the protection of SSL certificates

    This week, ICANN received the results of studies according to which, new domain zones can pose a serious threat to the security of many Internet users. Some of them may have to be prohibited to register at all.

    The problem is that the names of the new top-level domains coincide with the names of the internal domains that are protected by Security certificates (Internal name certificates). At its core, these are the same SSL certificates that are used to protect common domain names from cyber attacks. But certificates for internal names are designed to protect domains in their own domain name systems installed on personal servers or on local networks.

    For a long time, most companies indicate non-existent domain zones, such as .corp, .home or .mail, as internal addresses, and install certificates for their protection themselves or use the services of local companies.

    However, if these domains appear in the root zone, browsers and other programs will be able to access protected content. Users will be able to intercept traffic, steal passwords and other personal information.

    We have already mentioned one case that shows well what can happen if a “nonexistent” domain actually turns out to be real. But now it's about the security of many thousands of users.

    As root zone server administrators have recently reported, the .home and .corp zones pose the greatest threat. Huge volumes of traffic come to these zones, which are still non-existent.

    ICANN has been aware of this issue for a long time and is actively working with developers of browsers and security certificates to minimize the possible risk. But at the same time, the company does not exclude the possibility of a ban on the registration of certain domain zones. First of all, we are talking about .home and .corp domains, for which 10 and 5 applicants have applied.

    Also popular now: