Re: [DNSOP] Public Suffix List

Edward Lewis <> Mon, 09 June 2008 12:33 UTC

Return-Path: <>
Received: from [] (localhost []) by (Postfix) with ESMTP id 480113A685D; Mon, 9 Jun 2008 05:33:28 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6822F3A685D for <>; Mon, 9 Jun 2008 05:33:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[AWL=0.701, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6CW6Ry07LNck for <>; Mon, 9 Jun 2008 05:33:23 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 4987F3A6778 for <>; Mon, 9 Jun 2008 05:33:22 -0700 (PDT)
Received: from [] ( []) by (8.13.1/8.13.1) with ESMTP id m59CXXrc078608; Mon, 9 Jun 2008 08:33:34 -0400 (EDT) (envelope-from
Mime-Version: 1.0
Message-Id: <a06240800c472cfe28042@[]>
In-Reply-To: <>
References: <> <> <B33086268D53A0429A3AA2774C83892C028E1694@KAEVS1.SIDN.local> <>
Date: Mon, 9 Jun 2008 08:33:30 -0400
From: Edward Lewis <>
X-Scanned-By: MIMEDefang 2.63 on
Subject: Re: [DNSOP] Public Suffix List
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

(Responding only on the DNS list to avoid cross posting.)

At 14:11 +0200 6/9/08, bert hubert wrote:
>On Mon, Jun 09, 2008 at 02:02:05PM +0200, Antoin Verschuren wrote:
>>  I'm very afraid that Mozilla is trying to hijack the authority model here.
>You can't hijack something that does not exist though, which is what I think
>is the problem here.

Yes you can hijack something that doesn't exist (for varying values 
of existence).

This is the same situation that the RIRs faced with the bogon lists 
for IP address prefixes.  (The problem peaked as recently as 2005 - 
i.e., it was a recent one.)  ISPs would filter out all traffic to the 
unallocated slash-8's (as listed by IANA as inactive).  When an RIR 
was allocated a slash-8, even an announcement on mailing lists wasn't 
enough to get all filters changed.  Now the RIR's put in test 
addresses for traceroutes and pings to allow checks for bad filters.

If the browsers do implement a check based on TLD name, I bet they 
are also gullible enough to implement RFC 3514.

Keep in mind that there is more than just the ICANN root zone DNS in 
the world.  Perhaps the thought is that it is the only legitimate 
root zone on the global public Internet but there are other global 
inter-networks.  These networks also employ DNS albeit operating 
under a private administration.  A browser that is hard-wired for the 
global public Internet would be a problem on these private networks.

Edward Lewis                                                +1-571-434-5468

Never confuse activity with progress.  Activity pays more.
DNSOP mailing list