I am concerned about the privacy and security implications of this proposal.For
instance, does this proposal intend to use secure DNS? If not then I am very
concerned as it seems to be trying to become a source for information, personal and
private information, about e-commerce consumers.
(And if this system is collecting
and disseminating personally identifiable information, what protections are being
offered by the applicants to the data subjects?)
Also, one of the weakness of certificate
and crypto systems is the distribution of false public keys. Without secure
DNS there is no way to validate that responses from purported .dir servers are authentic.
In
another area - I'm thinking that this proposal doesn't need the nicely semantic string
".dir" but could do just as well with something entirely outside of human comprehension
- like .q3Mz. The reason I say this is that it seems that the primary engines
that will be doing queries to this domain are software engines, not people.
And software could care less about the nice semantic of the string "dir". Am
I wrong that this TLD is intended to be used primarly by applications and not by
people?
In addition, given the probably changes that will occur by experience,
how is versioning to be done? Why not have a ver1.dir and a ver2.dir as top
level prefixes so that when the initial application needs to be revised we don't
need to allocate a new TLD?