Government Keeping Its .Gov Domain Names Secret

Cricket Liu, VP of architecture at Infoblox, an Internet infrastructure management company, agrees that security through obscurity won't work. "DNS is a public, worldwide naming system," he said in an e-mail. "If a subdomain of .gov is used at all on the Internet, there's some evidence of it. Even if the subdomain isn't visible at all on the Internet, the fact that it's hidden doesn't improve the security of hosts in that subdomain."

Frank Hayes, senior VP of marketing at Nitro Security, said security through obscurity "is not necessarily something that we'd recommend to implement solely." He added, "A lot of times, it's just policy to try to keep those things secret." He speculated that some .gov sites might only allow traffic from whitelisted sites and that publication of those domain names might undermine that strategy.

Another possible reason for the government's reluctance to reveal the list of .gov domains might be that the GSA, which administers the .gov domain, has come under fire for allowing government domains to be politicized and for allowing exceptions to the naming policy for .gov domains.

Aftergood said he thinks there's a good chance that a court would overturn the GSA's decision. "But the move illustrates the temptation of secrecy for some government officials," he said. "It's their first instinct."

Take part in InformationWeek's Government IT survey before March 6 and be eligible to win an iPod Touch. Find out more.