David Conrad wrote:
People keep making the assertion that top-level domains that have the same strings as popular file extensions will be a 'security disaster'
Microsoft, in its infinite wisdom and desire to not abide by standards it has not set decided that instead of relying on the Mime type (content type:) field in the HTTP response to determine how this particular content should be rendered,, it would look at the letters following the last dot in the URL. There were many viruses which were transmitted this way, with URLs ending in .EXE which meant that Microsoft blindly executed the contents fed over the web. Often, the content type: field would point to a image/jpeg type and standards compliant browsers would simply handle this as a picture with invalid contents. I am now sure if Microsoft continues to based data type decisions on what it interprets as a file extension in a URL or not. But it should not stop the world from moving on because to those who abide by standards, such things are not a problem. However, the issue of http://museum/ is an interesting one. This may affect certain sites who would have to ensure their resolver firsts tests a single node name and only add the local domain name if the first test failed. There may be sites/systems that just automatically tag on the domain name if they just see what looks like a node name.