Jump to: navigation, search

Public Suffix List

3,935 bytes added, 01:39, 12 February 2007
no edit summary
The effective TLD list is an attempt to build a database of top-level domains and their policies on domain registrations at different levels.

Currently, most browsers, including Mozilla ones, use an algorithm which basically only denies setting cookies for top-level domains with no dots (e.g. com or org). However, this does not work for top-level domains where only third-level registrations are allowed (e.g. In these cases, websites can set a cookie for which will be passed onto every website registered under

Clearly, this is a security risk as it allows websites other than the one setting the cookie to read it, and therefore potentially extract sensitive information.

Since there is no algorithmic method of finding the highest level at which a domain may be registered for a particular top-level domain (the policies differ with each registry), the only method is to create a list of all top-level domains and the level at which domains can be registered. This is the aim of the effective TLD list.

As well as being used to prevent cookies from being set when they shouldn't be, the list can also potentially be used for other applications where the registry controlled and privately controlled parts of a domain name need to be known, for example when grouping by top-level domains.

== Data collection ==

Maintaining an up-to-date list of all top-level domains and policies is clearly a vast task, and therefore each registry will be asked to maintain their own section of the database and post any changes to the effective TLD list maintenance team, who will then merge it with the master database and make the updated file available at regular intervals.

Once details have been sorted out, registries for all top-level domains will be contacted and directed to a website that will inform them of the intentions of the effective TLD list, how to participate and formats for data files.

== Tasks to do ==

# Make the website for registries
# Sort out website hosting and a contact email address
# Define the file format for the effective TLD list
# Find a way of easily contacting all registries
# Author an email and send it to all registries
# Monitor the email address regularly and manage changes
# Update pages below marked with (update)
# Make the effective TLD list file available to other browser manufacturers

== Links ==

=== TLD Lists ===

* [ Current Effective TLD List] (update)
* [ Wikipedia: List of Internet top-level domains]
* [ TLD list - MozillaWiki] (update)

=== Mozilla Bug Reports ===

* [ Bug 9422 - Unsafe handling of illegal cookie domain attributes]
* [ Bug 252342 - fix cookie domain checks to not allow]
* [ Bug 342314 - Need effective-TLD file]

=== Internet Drafts ===

* [ Enhanced validation of domains for HTTP State Management Cookies using DNS]
* [ The TLD Subdomain Structure Protocol and its use for Cookie domain validation]

=== Articles ===

* [ Gecko: Effective TLD Service - MozillaWiki] (update)
* [ Hacking for Christ: DNS Structure]
* [ Hacking for Christ: "Effective TLD" List: Help Wanted]
* [ How to make sure the cookies don't burn your fingers? - Implementer's notes - by Yngve Nysaeter Pettersen]

Navigation menu