Accountapprovers, antispam, confirm, emeritus
4,925
edits
Changes
no edit summary
This page attempts to list all the things people are using the Public Suffix List for. For each use, it also attempts to outline some caveats with using the PSL for that purpose.
In this document, the "registered domain" is the part of a domain consisting of the public suffix plus one additional label. ("Registered" can also be "RegistrableRegisterable" if the domain is not yet registered; we ignore this for linguistic convenience.)
The modern PSL has two sections, the ICANN area and the PRIVATE area, delimited by structured comments. Most applications use both areas without distinction; if an application uses only one or the other, that is noted (where known). The PRIVATE area exists because some registered domain owners wish to delegate subdomains to mutually-untrusting parties, and find that being added to the PSL gives their solution more favourable security properties. Entries in this part of the PSL come from many pseudo-NICs such as CentralNIC (owner of e.g. eu.com and us.org), and companies such as Amazon, Google, GitHub, Heroku, Microsoft and Red Hat, who provide cloud services. They are segregated into a different part of the PSL because some applications need to distinguish between the two types.
==Same Origin Policy==
The [https://en.wikipedia.org/wiki/Same_origin_policy Same Origin Policy] is the bedrock of the browser security model. It defines which domain names trust one another and which do not. This use case was the original one for which the PSL was created.
===Caveats===
Like all uses of the PSL, using an out-of-date PSL may have negative effects. The PSL algorithm says that if the TLD of a domain name does not appear at all in the PSL, you should fall back on the default "*" rule - i.e. treat that TLD like .com or .net, where registrations happen directly below the root. This provides some measure of forward compatibility.
===Browser Uses===
==Determining Valid Domains==
Some browsers and applications use the PSL for determining whether a particular string is "name-shaped" - i.e. whether it is, or could be, a domain that someone could navigate to. There is advantage are speed and privacy (and perhaps other) advantages in being able to do this with some degree of accuracy without needing to consult the DNS.
===Caveats===
