Re: [DNSOP] Public Suffix List

bert hubert <> Mon, 09 June 2008 12:33 UTC

Return-Path: <>
Received: from [] (localhost []) by (Postfix) with ESMTP id B6DC528C0FA; Mon, 9 Jun 2008 05:33:57 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8080C3A6778 for <>; Mon, 9 Jun 2008 05:33:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.194
X-Spam-Status: No, score=0.194 tagged_above=-999 required=5 tests=[AWL=-0.698, BAYES_00=-2.599, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, WEIRD_QUOTING=1.396]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id CBS3yuAhnVDX for <>; Mon, 9 Jun 2008 05:33:52 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 6EA913A6C54 for <>; Mon, 9 Jun 2008 05:33:52 -0700 (PDT)
Received: by (Postfix, from userid 1000) id BC2944574; Mon, 9 Jun 2008 14:34:23 +0200 (CEST)
Date: Mon, 9 Jun 2008 14:34:23 +0200
From: bert hubert <>
To: Antoin Verschuren <>
Message-ID: <>
Mail-Followup-To: bert hubert <>, Antoin Verschuren <>,,
References: <> <> <B33086268D53A0429A3AA2774C83892C028E1694@KAEVS1.SIDN.local> <> <B33086268D53A0429A3AA2774C83892C028E1696@KAEVS1.SIDN.local>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <B33086268D53A0429A3AA2774C83892C028E1696@KAEVS1.SIDN.local>
User-Agent: Mutt/1.5.9i
Subject: Re: [DNSOP] Public Suffix List
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

On Mon, Jun 09, 2008 at 02:24:30PM +0200, Antoin Verschuren wrote:
> > You can't hijack something that does not exist though, which is what I
> > think
> > is the problem here.
> Agree, but when this global list of local DNS policy would exist and used, which would be authoritative, the list or the DNS ? 

The DNS of course. Compare whois for example - that is also
'non-authoritative' for real DNS lookups.

If I understand correctly, Mozilla wants to use this for security purposes:

  The usefulness of this can be seen if we take the example of cookies.
  Currently, browsers use an algorithm which basically only denies setting
  wide-ranging cookies for top-level domains with no dots (e.g. com or org).

  However, this does not work for top-level domains where only third-level
  registrations are allowed (e.g. In these cases, websites can set
  a cookie for which will be passed onto every website registered

  Since there is no algorithmic method of finding the highest level at which
  a domain may be registered for a particular top-level domain (the policies
  differ with each registry), the only method is to create a list. This is
  the aim of the Public Suffix List.

  Software using the Public Suffix List will be able to detemine where
  cookies may and may not be set, protecting the user's data from theft.

So the instaflaming and ""technology"" jokes appear to be out of place. 

If "we" DNS people think we have a better way of encoding "public
delegations", we should move quickly to make that happen. In the meantime,
the public suffix list is probably a great idea.


--      Open source, database driven DNS Software              Open and Closed source services
DNSOP mailing list