Hacker News new | past | comments | ask | show | jobs | submit login

Arbitrarily picking web standards seems like an abuse of power. If this is the direction in which they want the internet to steer (a great one as far as I’m concerned) Google should advocate for the deprecation of HTTP in the appropriate bodies instead though.

It baffles me that TLDs are at the mercy of private companies... I guess I should read more about the history of the internet to understand how this came to be.

Finally, maybe the management of authoritative DNS is one of the few applications for which a blockchain could actually make sense. Still pondering on the specific model though, does anybody know of existing projects in this direction?




It's not arbitrarily. You can use the standard HSTS to be applied domain wide https://hstspreload.org/#tld


That’s fair, given that HSTS is after all a standard itself and Google is merely applying it.

Then I guess my perplexity is towards IETF in that they allow for two conflicting standards to exist.

What if I want to use local.my.app for development; Or, in a more textbook example, i want to use workstation-1.building-a.my.internal.my.app without https?


>What if I want to use local.my.app for development; Or, in a more textbook example, i want to use workstation-1.building-a.my.internal.my.app without https?

uh... don't do that?

if you're developing locally or internally, use my.app.local or workstation-1.building.internal. If you want to use public domains for non-public things i guess go ahead, but you can't expect everybody else to support your weird thing. Or if you really need to run your internal dev stuff on public domains, get a certificate for it.



Well, disabling HSTS is a badidea as long as the logical (or legal) entity creating the subdomain is the same one that enforces HSTS, which was the case up until this point, (in that being the same entity they know which subdomains need HSTS and which ones don't).


Anyone registering a .app domain knows it will have HSTS, so they feel it's appropriate for their site to use it.


Arbitrarily across an entire TLD.

Because IANA decided to start selling off the web for companies to abuse.

> What if I want to use local.my.app for development;

You can switch to .dev... oh right.


RFC-6761 [1] reserves .example, .invalid, .localhost, and .test — the latter two seem like nice alternatives.

[1]: https://tools.ietf.org/html/rfc6761


What makes .net OK but .app is "selling off the web"? I mean, besides traditionalist conservatism?


> Google should advocate for the deprecation of HTTP in the appropriate bodies instead though

I agree with your larger point. For instance, I believe Google purposefully avoided implementing some privacy-preserving features in its QUIC protocol.

However, in this case, it was the ISPs and wireless carriers that fought against deprecating HTTP, while Google and Mozilla wanted to deprecate it. It's why I think they only enabled the HTTPS version of HTTP/2 in their browsers. The carriers and ISPs wanted the web to stay on HTTP so they can mine everyone's data, as they're already doing with the sites that have remained on HTTP.


How about namecoin ? You can use it to buy .bit domains, but ICANN doesn't recognize those, so users need a special addon to access .bit websites.


> does anybody know of existing projects in this direction?

namecoin




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: