[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

Elliotte Harold elharo at metalab.unc.edu
Tue Sep 30 08:02:58 PDT 2008


Kristof Zelechovski wrote:
> If you set up a mirror with the same host name as the content provider has,
> you will probably get sued for identity theft, cybersquatting, forgery or
> whatever.
>

No, only the content provider (really the domain name owner) can set up 
these mirrors. This is nothing new. This is how the web and DNS work 
*today*. Many high volume sites such as www.google.com, www.amazon.com, 
www.nytimes.com, and so forth--send you to different physical boxes 
depending on where you're connecting from. These boxes are usually 
chosen to be close to the end user. For instance, a reader on the east 
Coast might get www.nytimes.com in New York but one on the West Coast 
might get a box in Los Angeles. A reader in Japan might get a box in 
Japan.  (I don't know if this is actually how the NYT seets up its 
servers or not. Some tracerouting from different locations might find 
out quickly.)

Large content providers already move their content closer to the end 
user. They do this by physically locating boxes with the same host name 
and fancy DNS and router tricks. The details are complex, which is why 
CCNAs get the big bucks. But they do not do this by linking to 3rd party 
content.

-- 
Elliotte Rusty Harold  elharo at metalab.unc.edu
Refactoring HTML Just Published!
http://www.amazon.com/exec/obidos/ISBN=0321503635/ref=nosim/cafeaulaitA



More information about the whatwg mailing list