On Friday, 9 May 2025 20:20:49 CEST John Levine wrote: > It's easy enough to check the PSL repo and see that .internal isn't there. > As I think I said in another message, it's probably a heuristic that TLDs > only contain letters. > > In any event, I don't see why this is important. On my network I have > repurposed one of the ISO user defined codes as a local TLD, and browsers > can reach the local web sites easily enough give or take complaints about > self-signed SSL certs. They can do the same thing with .internal names > with no changes.
I think this addresses a few issues at play here - why .internal is matching in some places and in others it's not being the first. In Firefox it does match for me, while in MS Edge it does not. Nor does it in Telegram, where I did a few manual attempts so far. However, http:// prefix does format to URL regardless of what follows - including both .lan and .internal. The point here is that neither are currently very "standard", and only one of those is in the process of becoming so. In terms of importance of this - I'll admit that it is something specific to having used .lan until now, along with a slew of minutiae of my own network and system configurations. Similarly - and because of that same reason, I also fail to see why DNSSEC is so important here. Just like TLS, I see no reason to use it internally. Internal networks just aren't intended to work like that, at least for TLS - in my own belief. Self-signed.. it can be done, yes, it's even possible to be one's own CA. But then it requires pushing that CA to every system in that network, where things get messy. Nonetheless, that doesn't mean that it shouldn't be possible to do, or even be dismissed as irrelevant. So that's where I return back to why I did the research, as laid out in the previous email. The goal I'm trying to achieve is to provide rationale for inclusion into the SUDN registry. This is something that Kim's draft seems to hint at, but may have left until IETF WG consensus to actually put in there. I dunno, my name is not Kim. But if it is to go into the PSL, then probably it should go into the IANA doc first. I mean, the more consensus on this .internal name, the higher the chance it gets actually adopted, right? -- Met vriendelijke groet, Michael De Roover Mail: [email protected] Web: michael.de.roover.eu.org _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
