effective TLD list is an attempt to build a database of top-level domains and their respective registry's policies on domain registrations at different levels.
Currently, browsers use an algorithm which basically only denies setting wide-ranging cookies for top-level domains with no dots (e.g. com or org). However, this does not work for top-level domains where only third-level registrations are allowed (e.g. co.uk). In these cases, websites can set a cookie for co.uk which will be passed onto every website registered under co.uk.
is a security risk as it allows websites other than the one setting the cookie to read it, and therefore potentially extract sensitive information.
Since there is no algorithmic method of finding the highest level at which a domain may be registered for a particular top-level domain (the policies differ with each registry), the only method is to create a list of all top-level domains and the level at which domains can be registered. This is the aim of the effective TLD list.
As well as being used to prevent cookies from being set where they shouldn't be, the list can also potentially be used for other applications where the registry controlled and privately controlled parts of a domain name need to be known, for example when grouping by top-level domains.
== Tasks to do ==
# Send the email to all TLD registries
# Monitor the contact email address regularly and manage changes
# Make the effective TLD list file available to other browser manufacturers via a suitable licence
== Name ==
The words "Effective TLD" are, for several good reasons, politically charged. In public and in external communications, the list will be known as the "Public Suffix List". Internally, however, the list and the service which uses it will continue to be known as the effective TLD list and effective TLD service respectively.
== Email addresses ==
The email address for submissions is email@example.com. The email address for general contact is firstname.lastname@example.org.
This email address must be monitored regularly, and submissions, after being verified as originating from the registry, must be integrated with the master list in time for the next browser update.
At the moment, emails to these addresses are redirected to Gerv.
== Website ==
== Registries ==
Maintaining an up-to-date list of all top-level domains and policies is clearly a vast task, and therefore each registry
will be asked to maintain their own section of the database and email any changes to the effective TLD list maintenance team, who will then merge it with the master database . Registries for all top-level domains will be contacted by email (possibly via an ICANN mailing list) that will inform them of the intentions of the effective TLD list, how to participate and formats for data files. === Email to registries === Dear Sir, The Mozilla Project (http://www.mozilla.org/) is making a list of all "Public Suffixes". A Public Suffixes is a domain label or set of labels under which end users can directly register domains. Examples of Public Suffixes are ".net", ".org.uk" and ".pvt.k12.ca.us". This information is needed by web browsers in order to have secure cookie-setting policies, and for other security and user interface purposes. A more detailed rationale for this work can be found at http://publicsuffix.org/learn/. We have compiled an initial list of Public Suffixes, which includes data for each TLD. However, it is in your interest as a registry to make sure that your entry is correct and complete. Any errors may either cause your customers to not be able to set cookies when they should, or cause cookie information to be leaked between two domains without a trust relationship. Neither of these things is desirable. Therefore, we are writing to ask you to view the current list and, if it is incorrect, to submit updated data. A description of the format of the list, and details for sending updates is at http://publicsuffix.org/submit/; the list itself is http://publicsuffix.org/list/. We would also ask you, for the reasons given above, to institute a policy of sending updated data as soon as possible if your registration policies change in a way which requires a change in the Public Suffix List. Our data is made freely available under a liberal licence, and so can be used by other browser manufacturers and software authors who wish to institute similar security policies. We therefore hope that you will not have to notify any organisation other than us about such changes, thereby keeping the workload to a minimum. Thanking you in advance, The Mozilla Public Suffix List Team == Browser manufacturers == We have to decide how browser manufacturers can implement the effective TLD list in their browsers. There needs to be a licence that allows this applied to the list, and a method for manufacturers to know when the list is updated and update their browsers.
== Links ==
* [http://weblogs.mozillazine.org/gerv/archives/2007/01/effective_tld_list_help_wanted.html Hacking for Christ: "Effective TLD" List: Help Wanted]
* [http://my.opera.com/yngve/blog/show.dml/267415 How to make sure the cookies don't burn your fingers? - Implementer's notes - by Yngve Nysaeter Pettersen]
--[[User:Rubena|Rubena]] 04:10, 19 April 2007 (PDT)