I am aware it is a business decision, but the problem with the current limit of 50 domains is very simple and obvious:
To enable SSL certificate revocation checks (OCSP, CRL), you should allow about 30 TLDs of various certificate authorities (such as geotrust.com,globalsign.com, globalsign.net, comodoca.com, comodoca3.com, comodoca4.com etc etc...).
Then you will have to allow another 25 TLDs or so (for example windowsupdate.com, microsoft.com etc etc), just to get updates for your router, computer, any smart devices or certain applications like browsers, or any other piece of software that needs to be updated from time to time.
That means if you want to follow common security practice, you will have to whitelist more than 50 TLDs just for all these background connections.
I would therefore suggest to look into the following options:
1) Establish "whitelist categories" together with a category like "software updates and security checks".
There is a similar idea here already
2) Offer a new package like "Super-VIP" for those customers who want more.
I certainly would spend more money if I could protect my whole home network with a whitelist of about 500-1000 TLDs.
3) For obvious reasons the current quota limit for VIP users should be raised to 100, so that customers can whitelist the few websites they need together with the background connections that their devices need.
To me personally OpenDNS VIP is a very valuable cloud service even without the whitelist feature, and I am happy with STATS and the other configuration options.
However, a "whitelist only"-mode that covers only 50 TLDs doesn't seem to make any sense these days.
Please sign in to leave a comment.