32
DBX12
4y

You know what I envy Americans about? Your .gov domain.
It is so difficult here to detect if the website is honest or a scam because our government is too dense to put all their sites as subdomains of one trusted domain. Like dod.country.tld for the department of defense or justice.ministry.country.tld for the ministry of justice.
No, these idiots buy ministry-of-justice.tld, because no scammer ever could conceive the idea of buying ministryofjustice.tld to host a scam site.

At least publish an up2date list with domains I can trust.

Comments
  • 16
    I had no idea this wasn't standard everywhere. In the UK we use gov.uk, I kind of assumed everywhere used gov.tld for official stuff.
  • 8
    And then there is Belgium...

    Federal: xyz.fgov.be
    Flemish region: xyz.vlaanderen.be OR xyz.vlaanderen OR xyz.vla
    Walloon region: xyz.wallonie.be OR xyz.wal
    German speaking region: ignored

    Oh and lets not forget that direct interaction vetween the regions over SSL/TLS requires adding the custom CA to thz chain of trust of all parties involved and guess what! The certificates are only valid for like 100 days since some folks make keys by copy pasta from SO and thus in default settings.
    So i already set a reminder to myself 99 days after a new dance macabre, to remind everyone from the regions to fi ally submit a cert and ca that is valid for at least a year...

    I am at my third reminder already.

    And i am on vacation....
  • 1
    Here it is called admin.ch and generally all names of cities or departments are already owned by the state. If it is admin it is legit.
  • 1
    The problem is not that their too dense to make it happen, it’s that there is no structure in place to coordinate it.

    It’s too much effort and involvement of people who don’t relate to the desired subdomain.
  • 1
    Here(Israel) it's either .gov or .gov.il so definitely not a USA only thing
  • 0
    Here in Brazil we use .gov.br
  • 0
    Ok, if setting up a subdomain is too much pain, could they at least use ONE trusted CA for all government stuff? That I can trust the page based on "it got a cert from the gov CA, that page should be good"?

    Currently, it's a god damned treasure hunt finding a renown page mentioning the page you are trying to validate.
  • 0
    .gov.<<two letter country code>>

    seems perfect to me.
Add Comment