I think it's particularly interesting that the US use .gov and not .gov.us (as a Brit). I'm sure there are oversights on who can acquire an inherently international .gov domain, but for example here in the UK .gov.uk domains have a strict application process [0] managed by central government.
It just seems to me that it would be more secure, and more reassuring to citizens and visitors that they are on the correct site it's under a cctld that's clearly affiliated to and managed by that government.
My guess is that it’s because the US built the thing, they decided .gov was to be for US Government sites. Then when other countries joined they got their own TLDs, which they added a .gov.<tld> to for their own purposes.
Right, I assumed it was the same principle by which UK, having issued the first postage stamps, is the only country that doesn't say the country name on the stamp.
For how many decades is this going to be a reasonable argument?
In 100 years, will it still be reasonable for the USA to say "we built the thing, so it is appropriate for us to continue to be the default country in domain names. The rest of you must use your ccTLDs, but we remain special."
In 200 years?
The only non-pathetic option is for the United States to transition to using its .us ccTLD for governmental and military domains in particular, with .edu and probably some others not far behind. The only question is how gradual the process is, and when it starts.
Country calling codes date from the 60s and yet the US (and Canada?) are still +1.
The real answer is that it’s way too much work to change now for essentially no benefit, so it will probably continue indefinitely unless a new system supplants the current internet.
> That's silly; registering new domain names and putting redirects in place is much simpler than changing a freakin' country code.
Cool, here's a $50,000 firm fixed contract for you to go fix all the hardcoded .gov references in every single federal website, knowing how many of them will fail to handle redirects gracefully.
Here’s the reasonable argument: US citizens are now used to .gov domain names being solely used by US government entities. They won’t change it, nor should they, as forcing domain name changes will simply add confusion for Americans.
Just because you don’t like that the US government has first mover advantage isn’t a good reason to change this.
I don't really think this is much of an issue. It's not like the change would happen immediately. Each .gov website is likely run by different agencies, so they wouldn't end up switching all at the same time.
It's a pretty simple matter to register a corresponding .gov.us domain for each existing .gov domain. Then each .gov domain owner would have to configure their web server properly, and can phase in a redirect from the old .gov to the new .gov.us.
Prior to this happening, the .gov site could have a big banner across the top of the page informing visitors of the change. This could remain for as long as seems reasonable before changing, even multiple years.
> Just because you don’t like that the US government has first mover advantage isn’t a good reason to change this.
As an American, I think the current setup with .gov (and .mil) is super weird. The fact that there are so many US government websites that are under .com, .org, and even .us, is weird too. The US shouldn't hold any kind of privileged place when it comes to TLDs; it's clearer for everyone concerned -- including Americans -- to put all these under .gov.us.
MS still hasn't gotten all of their users to transition to outlook.com in order to be rid of hotmail.com, which they bought in 1997.
Do you have the US Government doing it quicker? The only way it ever occurs is if they effectively CNAME .gov to .gov.us to run them both side-by-side.
Why do you think other government/country want to use an English abbreviation for their government entities ? Even for Latin language that use a similar word "gouv" (french), "gob" (spanish) or "guv" (romanian) would be more natural.
Various government departments of those countries use domains under .gouv.fr, .gob.es, .gov.ro respectively. The argument is that fairness and clarity would suggest that the US likewise use .gov.us or some other convention of their choice under .us.
.com and .net and .org are only "internationally available" because the registrars didn't care to restrict them (IIRC, one of them was moderately restrictive in the beginning, perhaps .org requiring an actual organization of some sort).
The TLD .org was originally for non-profits, to distinguish them from the for-profit companies found over at the .com TLD. In the beginning, you had to prove nonprofit status to get a .org domain.
That’s no longer required, but still there was a big fight a few years ago when the .org registrar was set to be sold to a private equity firm. It’s the TLD of choice for nonprofits, as an echo of that early restriction.
There was an interesting use case for the early zero language code. It allowed the checksum to remain intact when switching from early SBN to ISBN, all you had to do was prefix with zero. It isn't quite so simple today, if you find an old British book you can't simply tack a zero on the front.
It is mentioned in the Wikipedia link, but buried a little. I realise ISBN history is the epitome of super-nerdy, but the evolution path from $just_some_retailer through to the Bookland "country" is really quite interesting from an interoperability perspective.
.gov is managed by the US government in the exact way you describe. There is nothing "inherently international" about it. It isn't meant for anyone outside of US government agencies.
Let's be specific though: .gov is available for any government within these United States, whether it be federal, state, local municipality, territorial, or tribal government. In fact, all major cities I just spot-checked have .gov domains. I wonder how many are clinging to <city>.<state>.us? At least as a CNAME? ...none of those which I just spot-checked.
I remember back in the day when the highschool website & email was: school.district.k12.ca.us . Basically no one uses those because they were too long and hard to remember. My old school district doesn't use the higher level, the school doesn't use the full name. In fact, they don't even resolve in DNS anymore. Some districts now have the schools under their new domain, some schools do their own thing.
I never had a problem remembering such domains, because I found them logical. In fact, in 1996, I registered such a domain that was <street address>.<city>.<state>.us. I figured this was the most accessible one for all four of our roommates to use, and there was no cost at the time.
Come to find out that the k12.ca.us. domain is completely defunct! There is no SOA for it, and WHOIS indicates it's inactive. k12.ny.us. seems to be in the same condition. However, there are still k12.<state>.us. domains in other parts of these USA. If you search for them, you can find websites and email addresses under that hierarchy.
Huh, same! I remember the changeover happened sometime around fifth grade, so 2011-12 for our district? (Strangely enough our school's wifi used WEP until 2014ish. I remember the password was obviously contrived to the right length)
The MBTA (transit authority) in MA in the US uses .com. (MA state government seemingly still uses .ma.us as well. And town.ma.us seems pretty standard in MA at least based on my town.
.com, .org and nearly all original TLDs are used internationally, though there are also local derivatives like co.uk. Even .edu used to be available internationally. I suppose most people have realized by now that .gov is strictly US, but it's not like that was obvious from the naming scheme alone.
> Why doesn't the United Kingdom have the name of the country on its stamps?
> Because the United Kingdom had the privilege of being the first country in the world to introduce postage stamps, meaning that they did not need to be identified as coming from that country, especially when used domestically.
I don't think thats clear at all. We have three people in this thread already confused on the issue.
I think the poster wasn't talking of the US government but of knowing which government a domain is related to by just looking at it. ".gov" is not clear while ".gov.uk" is clear due to the ccTLD.
> but isn't .gov "clearly affiliated to and managed by" the US government
Honestly, I don't believe that anyone is truly "confused" about the source of a .gov website, especially folks who are reading HN on a weekend. They might view it as arbitrary (it's not, really) but it's certainly not a "oh man I just don't understand how this could be the case" level of confusion.
I won't go so far as to say that the internet is an American invention but it was certainly primarily American in origin. .gov has been managed by the US government since the beginning.
Not the OP, but also American. For me it's clear because I've never seen a US government site on a non-.gov domain (though apparently some obscure ones exist as this submission points out), nor have I ever seen a non-US-government site on .gov.
The submission includes over 400 domains for the federal only list. That is more than "some obscure ones"
> nor have I ever seen a non-US-government site on .gov
How often are you going to non-US-government government sites? Being an American I could imagine you hardly if ever interact with any other government sites so maybe that could be attributed to selection bias.
> The submission includes over 400 domains for the federal only list. That is more than "some obscure ones"
The number has nothing to do with how obscure they are.
> Being an American I could imagine you hardly if ever interact with any other government sites
I have interacted with them many times. (1) to fill out various Covid-related entry forms when those were widely required, (2) to apply for visas, (3) purely out of curiosity (e.g. I’m sometimes curious what travel warnings/advisories other countries’ foreign ministries put out and how they compare with our own).
I suspect it depends on whether you know your early Internet history. The Internet was a US research and military project at first. It was US-centric for a long time. The original top level domains are all US-centric. Walmart.ca is Walmart Canada. Walmart.com is Walmart America. Similarly, .mil, .edu are for the US military and American universities. .gov fits into that scheme and if you know the rest it would follow that it's for the US gov.
All the documentation is very clear and the behavior is consistent. It’s sub optimal for countries utilizing a .gov.{country code} scheme, but it would be extremely expensive to change. Many non English speaking countries use a different abbreviation for their word for government, so it’s hard to argue that the status quo has to change to benefit “everyone.”
The us also has .mil locked up for mostly purposes.
> I'm sure there are oversights on who can acquire an inherently international .gov domain,
There's .INT if you have a use for one.
> turns out .gov is exclusively for the US, not sure I feel good about that, particularly as .com and .net are very much not just for the US.
This goes back to when the DNS was designed in the late 70s. Things were different back then (remember the big-endian british addresses, gb.corp.foo IIRC).
And I see you haven't learnt about .MIL yet either...
This got me thinking about cookie scope, and I have a feeling that domaina.tld. and domainb.tld. is always safer than domaina.gov.tl. and domainb.gov.tld.
I might be way off here, but I think that means either domain could set a gov.tld cookie which is sent to all domains, and if one of them is reading cookies without checking scope it could be a way to send whatever to another server. Or even worse, if one of the sites is using gov.uk cookies for something sensitive, then any of the others could read it.
Does anyone know if browsers have special cookie scope considerations for things like .gov.uk and .co.uk?
Browsers use the public suffix list to determine cookie scope. So .co.uk domains are just as isolated from each other as .com domains.
You can even get your own domains added to it, typically because you allow users to host their own content on a subdomain (like github.io for github pages).
Interestingly, .edu is mostly only for US universities, but there are a bunch of exceptions. Basically, there used to be several "generic TLDs"[1] in addition to the "country code TLDs" (of which ".su" for Soviet Union still exists), but they mostly got converted into sponsored TLDs.
the gov TLD is managed by the US government. It's very rare that you renew anything with ICANN, since you're almost always going at least to the entity that manages a TLD (unless you run a TLD, then I guess there'd be an ICANN fee).
If you have a .com domain, you're renewing with VeriSign, the company that owns the com TLD.
I'll pay for the domain if you find a way to buy a .gov as easily as you can buy a .com. I don't even think a regular citizen can get a .gov unless you incorporate a new city or something like that.
During the government shutdown some TLS certificates expired, so depending how long it goes a domain renewal could get missed because nobody is working or the check bounces.
I went through the process of registering a .gov domain recently and it definitely takes a couple of months. It requires a letter of intent, wet signatures from elected official(s) on official letterhead, a phone call to a publicly listed number of an elected official, 2FA enrollment for the management of DNS/WHOIS, and a period of time in between some of these steps for some behind-the-scenes verification to take place. Despite the many steps, I did find it relatively straightforward and appropriate given the exclusivity of the TLD. In fact, the most difficult part (that I'm still working through) is convincing management that we should make the full migration to the .gov now that we have it registered...
What type of organization are you operating where you'd need a .gov? Is this a government organization (like a local government or city hall)? Or is it possible for even random non-government related non-profits to have legitimate uses for .govs?
Edit: I was mostly commenting on this.
> In fact, the most difficult part is convincing management that we should make the full migration to the .gov
It sounds like the most difficult part of getting a .gov is having a legitimate government entity and having a purpose that needs one.
You must be an official government entity at a local, state, or federal level. This can include cities, counties, special districts, joint power authorities, state offices, etc.
I would hope that random "non-government related non-profits" aren't using .gov domains. Isn't the whole point of the domain that it's just for government entities?
USPS is (since 1970) an Independent Agency rather than an agency of the executive branch. This was sort of a semi-privatization measure that isolates USPS from the federal government, USPS operates mostly as a government-owned independent corporation. There are a number of other independent agencies as well, they way they relate to .gov domains varies. I don't think there's a well-settled policy on whether independent agencies should use .gov domains. Amtrak doesn't, the CIA does, NCUA does, Federal Reserve mostly doesn't (except the board which is a federal agency). I think it depends mostly on brand identity and how much they want to be perceived as private sector vs. government agencies, since independent agencies often straddle a line between the two.
USPS I think from a branding perspectives wants to be compared to retail shipping and not come across and some stuffy/slow bureaucratic agency, even though they totally are.
Interesting related thing from India: the official TLDs as per the guidelines are .gov.in and .nic.in, and both are registered as a public suffix (legacy, from when the list was created).
However the government created a separate Section 8 company called Digital India corporation that runs a separate group of websites for Citizen Outreach called MyGov, which runs a separate subdomain for these: mygov.in. Unfortunately, they haven’t gotten around to registering it as a public suffix, so there are concerns around security (cookies are shared between completely separate sites). The public suffix list doesn’t accept contributions without authorisation anymore, so it’s unlikely to be fixed.
There’s also the interesting case of some government sites preferring .org.in to showcase independence from government interference- RBI, for eg (the central bank) runs at rbi.org.in.
This sounds like a decent idea until you realize that means one of two options:
- A US Government controlled CA root preinstalled on computers. Privacy advocates would be in arms.
- Constant untrusted CA warnings when trying to access any government site.
The pentagon takes approach 2. Most people never need to access a .mil anyways, but if you need to work with their office (I had a dealership leasing cars to them needing to use a web portal) then you have to install their cert bundle.
I am unfortunately aware. To make matters worse, the preferred install mechanism is a .exe that adds all of the opaquely named DOD CAs to your machine.
Regardless, this puts you back at a US Government controlled CA being on your machine.
Why is it annoying? Because it means you have to add it manually, and manually added root certificates have more power than the root certificates that come with the browser! In particular, they can bypass HPKP (security.cert_pinning.enforcement_level defaults to 1).
> Do you really trust the turkish government with the ability to sign for any domain.
No, but I don’t have to. To be included in the root CA list, they have to participate in cert transparency logging. So I can just pick a log to monitor, and check to make sure they haven’t issued a cert for one of my domains.
So you don't trust them to not issue an unexpected cert but you do trust them to always log it?
edit: I just read the spec. the cert needs to be logged to be considered valid by the browser. which has fun connotations where google is effectively monitoring everything you access. basically the mother of all analytics. well... I mean... that is.. if they were not already monitoring everything you do on the web. so it's ok I guess.
What exactly are you (or they) afraid of? NSA/FBI/CIA/DHS/etc impersonating other sites using the government CA?
Before Certificate Transparency, I'm pretty sure they already could do that relatively easily by forcing a private CA to make them a cert. (National Security Letters and all that fun)
Even now, with CT, I think they'd be more inclined to use a private or at least an "unofficial" CA, instead of basically leaving "your's truly, The Government" in the CT log. If you already know you'll leave a trace, why would you want to make that trace extra obvious?
NameConstraints seem to be well supported now, although the farther away from browsers you go, the harder it is to know for sure. That said, I'm not aware of any active use. Some root programs constrain some of the roots within, but afaik, not by having an x.509 cert with name constraints.
GSA had that chance when they wrote the rules for all government services to use https. They didn’t even offer letsencrypt, much less build their own CA. The corporate CAs wanted their cut of more tax money.
.ca is open for registration by anyone, and people are used to seeing that TLD. Combine that with the bilingual super long domain names and every once in a while you’ll see a phishing scam like:
.gc.ca exists for that exact purpose. It has the advantage of being bilingual ("GC" expands to both "Government of Canada" and "Gouvernement du Canada", .gov.ca omits the "u" in the French word gouvernement).
I believe the canada.ca thing relates to the centralization of federal government IT under Shared Services Canada (SSC) in 2011. SSC is an attempt to make a "one stop shop" for government IT services, and Canada.ca is an extension of that philosophy to web presence.
As an aside, SSC is very controversial in the Canadian federal government. They have a reputation for glacially slow delivery of services and inflexibility in IT policies. The head of StatCan actually resigned in 2016 in protest as a result of problems with SSC [1]. They have gotten better since then but it's still rocky.
I completely forgot about gc.ca. I'm surprised they haven't kept with it! Didn't know about SCC, resigning over that is a pretty strong indicator of how the internals of the federal government's IT decision makers work haha.
They have. Canada.ca is the "marketing site", basically, and all of the federal internal systems and departmental apps are in .gc.ca, usually on a cryptic subdomain which is the English and French acronyms for the department.
> CIRA could set up a .gov.ca second level or something if they really wanted to keep the .ca
As has been noted elsewhere in the thread, Canada wouldn't be eligible to use bare .gov if they wanted to, because it's only for US government entities.
Nothing out of the ordinary for individual government departments to turn to private contractors when the GSA doesn't offer them a service they need when they need it.
GSA has since developed login.gov, but there hasn't been a mandate that other agencies have to use it over third-parties.
There was another one (census, maybe? can't recall which agency it was) using a .gd for a while, too... don't see it on the list anymore. Not sure who signed off on putting government services behind the "control" of a country we've invaded before.
I got an official email from New York State's Office Of The Comptroller with a link to osc.state.ny.us. It came from an email address @osc.ny.gov. I don't understand why they couldn't use an official TLD in the URL too.
state.$STATE.us is an official domain, too. In the before times, .gov was intended for the US Federal government, and states were expected to use space within .us.
It got rather messy when the Feds started letting states get delegations under .gov and .us was opened to registration of second level domains and new multilevel delegates became discouraged or disallowed.
state.ny.us and www.state.ny.us don't even resolve though. What a mess.
The net result is that the Comptroller's new program trying to get everyone their missing funds is sending email that exclusively arrive in people's spam folders.
I used to do contracting work for a state government agency (that also owned the .gov and .us domains), and they had rules about what could be hosted on .gov vs. .us that were sufficiently restrictive that I was told on the first day that we only ever deploy things to .us. Perhaps something similar exists for NY, and/or that "rule" was actually federal?
I saw a similar problem at dhs. The contractors who run email & office software don’t talk with the contractors who run their web presence, on two completely separate domains. Lots of US gov orgs use way too many contracts instead of staff.
The Bureau of Engraving and Printing just produces paper. Pretty paper that looks a lot like US dollars, but isn't in fact US dollars until the Federal Reserve Bank takes possession and issues it.
In any case, moneyfactory.com is just a redirect to bep.gov, so I'm not sure what the big deal is. The average person's interaction with the BEP, aside from handling paper money, is probably at their gift shop. Having a cutesy name probably made sense at some level.
It redirects to bep.gov now, but a decade+ ago it was their preferred URL.
You can still find the URL in older press releases on treasury.gov, other US government sites, and older news sites, and all I meant is that it reads very a little naïve and "off brand" to me these as a modern reader:
This is becoming quite clear, and it's fascinating. I'm an old timer and assumed that people mostly had an idea how the Internet worked, especially on HN. Apparently not. The history is getting forgotten.
I'm aware of this. I'm just slightly offended by the title. None of my government's URLs end in a .gov. By not acknowledging this, the title ignores my country's existence. It's like I wrote a blog post "Government URLs that don't end in .gov.pl")
> Such is the US's reward for building out the nascent infrastructure of the early Internet.
Like the world-wide-web we're all using to discuss this topic via? Oh, wait.
> Also, this is a US centric site run by a US based company. The "American" part is implied unless explicitly stated otherwise.
It is unfortunate that the point you are trying to express here has been worded in a way which does nothing but to reinforce stereotypes that Americans are arrogant and excessively nationalistic, since I'm sure that wasn't your intention.
As dang has pointed out previously, Americans only make up about half of the audience here - and they may even be a minority today (this comment and the data referenced within it is a good 3 months old): https://news.ycombinator.com/item?id=35464697
United States Government, a wholly owned subsidiary of Halliburton™, brought to you by Walmart® in partnership with McDonalds™ and Coca-Cola®, if you want to be pedantic.
“annualcreditreport.com” is in the list but it’s not a government website. It’s run by a lovely alliance from equifax/transunion/experian, asking you to check the info they hold on you to avoid other people stealing money from banks.
Very odd indeed. In Australia, government departments almost always use .gov.au unless there are exceptional reasons. In the States, it is .[state].gov.au, eg .nsw.gov.au.
Here are all domains, extracted:
94
army
as
biz
cc
cfm
ch
cn
co
com
com
de
Domain name
edu
gov
gu
helenapj
htm
info
int
io
me
mn
mobi
mp
ms
net
nl
online
org
org
pr
sc
tips
travel
tv
tw
us
vg
vi
wiki
ws
xyz
Gov is a horrible because it is exclusively for US.
It would be better if all governmental intitutions in the world could have a gov domain. Much better trust and verification
The word for government in most languages doesn't start with gov-, so no thanks.
I'd personally suggest the opposite, the US switching to .gov.us and .edu.us, but consensus in this thread seems to be that "everyone" already knows those are US-only anyway, where "everyone" of course means Americans; even "too late to change" is a better argument than that, IMO.
Had another country had a primary role in inventing the internet, they would probably have it (or more likely, the US would be .gov.us and everyone else would be whatever they are today).
I don’t understand this argument. Are you saying the internet should be organised in a way that benefits the US, even if it is confusing for people in other countries? By your reasoning, it would make sense for .com to be US-exclusive because the US had a primary role in inventing the internet. Let’s pause to ask ourselves “what is an actually good system?” instead of “how can we justify US privilege?”.
Other countries could create their gTLD as they see fit: .gouv, .ukgov, etc.
They instead prefer using a SLD (like .gouv.fr) because they’re complete owner of their ccTLD. ccTLDs are not affiliated in anyway with ICANN. I’m guessing .gov is a special case nowadays, and probably considered like a ccTLD from the ICANN point of view, I’ll have to look into it
Edit: it seems like gov is considered as a Sponsored TLD[1] (sTLD). Not sure what it implies.
While its true there is still a relationship back to ICANN for ccTLDs, politically it would be a shitstorm of epic proportions if the US/ICANN interfered in the administration of ccTLDs - most countries (understandably!) see their ccTLD as an increasingly sovereign thing that is naturally owned by the State, not the registrars or domain name registration system.
While it might be technically possible for ICANN to make certain adjustments to the ccTLD system or the registration requirements, politically its much much harder and gets harder still with time. Imagine the response from most soverign states etc if their own ccTLD was meddled with in a manner they didn't appreciate.
ICANN has slowly tried to move more and more of the ccTLD stuff to international working groups ("Governmental Advisory Committee") to put clean air between the US and ccTLDs, but the link is still there:
"Federal executive branch agencies must ensure their non-.gov or .mil domains are on the list."
Also on this page, there is an "out of scope" list which only includes 4 things: SaaS, cloud resources, SNS sites, and code repos. I take the govt at its word--it has never lied before--so naturally covert ops must be "in-scope".
It’d be more interesting to see a list of sites that end in .gov but aren’t government associated. I feel like the creation of such a site would involve some inside connections and shady backroom deals.
Sort of funny that the README never mentions which government they're talking about. Classic USA trying to make sure everyone knows they're the most important country in the history of planet Earth
It's implied which government they are talking about because 1) .gov is only used by the US; and 2) The GitHub account is GSA - U.S. General Services Administration.
Same here, it took me few seconds to realize it was a US only. Usually this is the mindset of “Murricans”, on the internet or otherwise, where sometimes you ask someone “where are you from?” And they proceed to mention the state or worse, the state nickname/short name as if you are living in US, it’s hilarious when they are meeting with people who aren’t in the Americas continent at all :)
You might argue that, but the point isn’t about the receiver/listener side, but rather the speaker, obviously knowing where X will be about that person knowledge in geography, but for the speaker to assume that everyone you are talking to as if they are living in the same country as him/her, imagine you are talking to someone from .. say Thailand, and instead of mentioning the country, they say they from Phayao -a province name, of course, if you happen to be knowledgeable in that region geography or visited before you might know, but it’s still a communication hurdle to assume everyone will.
Without fail when someone asks me internationally where I’m from and I say the US they inevitably ask what state. Saying the state merely short circuits a follow up question that, in my personal experience, is likely to happen.
It just seems to me that it would be more secure, and more reassuring to citizens and visitors that they are on the correct site it's under a cctld that's clearly affiliated to and managed by that government.
0: https://www.gov.uk/apply-for-and-manage-a-gov-uk-domain-name
--
Edit: turns out .gov is exclusively for the US, not sure I feel good about that, particularly as .com and .net are very much not just for the US.
The possibility of the US government creating a .gov specifically to confuse uses in a foreign country isn't ideal.
I get it, you invented the internet, but the special status you have over it is a little frustrating.
https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-1...