On Jun 27, 2008, at 2:02 PM, Scott Francis wrote:
what little assurance we have that e.g. bankofamerica.com is the legitimate (or should I say, _a_ legitimate) site for the financial institution of the same name becomes less certain when we have e.g. bank.of.america, www.bankofamerica.bank, www.bankofamerica, www.bofa, and other variants.
I agree, but we already face that problem now. Is bankofamerica. {org,net,us} the same thing as bankofamerica.com? I would agree that a flood of new TLDs would exacerbate the problem, but I suspect the difference is between a run over on a two lane street versus being run over on a five lane highway. In both cases, you're road pizza....
Perhaps the solution is to devalue names (through the introduction of some theoretically unlimited number of variants) to the point that users come to rely upon reputation-based systems (e.g. PageRank) exclusively.
I suspect the right answer is to rely not on reputation or labels, but rather stronger security credentials, e.g., valid X.509 certs, PGP/GPG signatures, etc. Of course, that's been true for a while now. Regards, -drc