Firefox now also forces .dev TLD to HTTPS

Does nobody read the RFCs before deciding on using a TLD for private use? Everyone seems to know private address space but why does nobody bother to learn private DNS names?<p><a href="https:&#x2F;&#x2F;tools.ietf.org&#x2F;html&#x2F;rfc2606" rel="nofollow">https:&#x2F;&#x2F;tools.ietf.org&#x2F;html&#x2F;rfc2606</a><p><pre><code> .test .example .invalid .localhost </code></pre> &quot;.test&quot; is recommended for use in testing of current or new DNS related code.<p>&quot;.example&quot; is recommended for use in documentation or as examples.<p>&quot;.invalid&quot; is intended for use in online construction of domain names that are sure to be invalid and which it is obvious at a glance are invalid.<p>The &quot;.localhost&quot; TLD has traditionally been statically defined in host DNS implementations as having an A record pointing to the loop back IP address and is reserved for such use. Any other use would conflict with widely deployed code which assumes this use.

I&#x27;m not sure anyone should have been given the .dev TLD. However since Google has it, it makes sense for them to pin HSTS for the domain. Anyone else with a .dev domain is potentially impersonating a Google domain.