According to Bill Woodcock <woody@pch.net>:
-=-=-=-=-=-
On Jul 6, 2024, at 22:41, Paul Ebersman <list-nanog2@dragon.net> wrote: I've been surprised that none of the folks that got TLDs seem to be leveraging the technical/security brand protection like they could.
A few are. A very few. SNCF. A few banks.
I can't help but note that if I connect to https://oui.sncf, it now immediately redirects to https://www.sncf-connect.com. http://restaurationabord.sncf/ is 404. https://www.abonnement-regional.sncf leads to a fairly lame login page that quickly switches to sncf.com. All the other ones I checked are dead. Wonder if they're getting ready to be #138.
If I have an LG TV and it wants to update to <mumble>.LG and LG is DNSSEC signing the whole chain, that sure seems more likely to be legit than <mumble>.lg.tv or some such.
Ayup. Particularly if they don’t allow downgrade attacks to CA certs.
I think there are a few more brands looking to make this move to higher security in the new ngTLD round. At least everybody’s a lot more educated this time around.
I dunno, if they were better educated they'd realize it's a total waste of money. R's, John -- Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly