Hacker News new | ask | show | jobs
by hiharryhere 3919 days ago
There's a number of comments here about this making phishing easier. The bigger issue is that the US gov doesn't consistently use .gov domain names.

http://www.ustraveldocs.com/

This is the official US gov site for applying for a visa. Given there are so many dodgy immigration agents operating with .com addresses it makes no sense as to why the official site is not just 'visa.gov'.
2 comments
toxican 3919 days ago
Can anyone think of any reasons that any and all interaction with the US Government via the web shouldn't take place via a .gov website? If something like healthcare takes place on a .gov site, visas definitely should.
link
acdha 3919 days ago
Good reasons, no, but check out what getting a .gov domain looks like:

https://www.dotgov.gov/portal/web/dotgov/registration-proces... https://www.dotgov.gov/portal/web/dotgov/policy#10217335

It's really easy to imagine a lowly staffer with an unrealistic deadline or contractor deciding to register a .com to use for a demo and thinking they'll go through simply learning who the official contact is, getting the agency CIO / agency head to sign off, dealing with internal politics[1], etc. later and then never actually getting around to that part. At some point the argument probably became “Now we've advertised it too much to change”.

1. At large organizations both public and private I've seen this kind of fragmentation happen because person A wanted a project to exist and person B, who controlled DNS, thought it should be included in their application (horrible vendorware, the first big Cold Fusion project they personally managed which will be upgraded over their dead body, etc.).

link
toxican 3919 days ago
The process looks about as bureaucratically complicated as I would expect.
link
acdha 3919 days ago
Yeah, and I'm not even sure that's wrong: trusted top-level domains should be hard to get since they'd make great phishing sites.

There are something like 5,300 domains on the list currently:

https://github.com/GSA/data/blob/gh-pages/dotgov-domains/201...

I'm curious how many of those are actively supported and secure – I'd bet there are a least a few where almost nobody even remembers registering it.

link
huac 3919 days ago
"© CGI Group Inc" - looks contracted out. Agree that something this important needs to look more official.
link