Public Suffix List: Difference between revisions

Jump to navigation Jump to search

Public Suffix List (view source)

Revision as of 21:08, 14 February 2007

218 bytes added ,  14 February 2007
no edit summary
No edit summary
No edit summary
Line 1: Line 1:
The effective TLD list is an attempt to build a database of top-level domains and their policies on domain registrations at different levels.
The effective TLD list is an attempt to build a database of top-level domains and their respective registry's policies on domain registrations at different levels.


Currently, most browsers, including Mozilla ones, use an algorithm which basically only denies setting cookies for top-level domains with no dots (e.g. com or org). However, this does not work for top-level domains where only third-level registrations are allowed (e.g. co.uk). In these cases, websites can set a cookie for co.uk which will be passed onto every website registered under co.uk.
Currently, browsers use an algorithm which basically only denies setting wide-ranging cookies for top-level domains with no dots (e.g. com or org). However, this does not work for top-level domains where only third-level registrations are allowed (e.g. co.uk). In these cases, websites can set a cookie for co.uk which will be passed onto every website registered under co.uk.


Clearly, this is a security risk as it allows websites other than the one setting the cookie to read it, and therefore potentially extract sensitive information.
Clearly, this is a security risk as it allows websites other than the one setting the cookie to read it, and therefore potentially extract sensitive information.
Line 7: Line 7:
Since there is no algorithmic method of finding the highest level at which a domain may be registered for a particular top-level domain (the policies differ with each registry), the only method is to create a list of all top-level domains and the level at which domains can be registered. This is the aim of the effective TLD list.
Since there is no algorithmic method of finding the highest level at which a domain may be registered for a particular top-level domain (the policies differ with each registry), the only method is to create a list of all top-level domains and the level at which domains can be registered. This is the aim of the effective TLD list.


As well as being used to prevent cookies from being set when they shouldn't be, the list can also potentially be used for other applications where the registry controlled and privately controlled parts of a domain name need to be known, for example when grouping by top-level domains.
As well as being used to prevent cookies from being set where they shouldn't be, the list can also potentially be used for other applications where the registry controlled and privately controlled parts of a domain name need to be known, for example when grouping by top-level domains.


== Data collection ==
== Data collection ==


Maintaining an up-to-date list of all top-level domains and policies is clearly a vast task, and therefore each registry will be asked to maintain their own section of the database and post any changes to the effective TLD list maintenance team, who will then merge it with the master database and make the updated file available at regular intervals.
Maintaining an up-to-date list of all top-level domains and policies is clearly a vast task, and therefore each registry will be asked to maintain their own section of the database and email any changes regularly to the effective TLD list maintenance team, who will then merge it with the master database.


Once details have been sorted out, registries for all top-level domains will be contacted and directed to a website that will inform them of the intentions of the effective TLD list, how to participate and formats for data files.
Once fine details have been sorted out, registries for all top-level domains will be contacted by email (possibly via an ICANN mailing list) that will inform them of the intentions of the effective TLD list, how to participate and formats for data files.


== Tasks to do ==
== Tasks to do ==


# Choose a name for the effective TLD list to present to the registries
# Make the website for registries
# Make the website for registries
# Sort out a contact email address
# Sort out a contact email address
# Define the file format for the effective TLD list
# Decide on how to prevent email forgery (Gerv recommends "pinging" each registry that sends an email and get them to confirm that they actually send it)
# Find a way of easily contacting all registries
# Define the file format for the effective TLD list (copy from [http://wiki.mozilla.org/Gecko:Effective_TLD_Service#The_domain_file])
# Author an email and send it to all registries
# Author an email and send it to all registries
# Monitor the email address regularly and manage changes
# Monitor the email address regularly and manage changes
# Update pages below marked with (update)
# Make the effective TLD list file available to other browser manufacturers
# Make the effective TLD list file available to other browser manufacturers


== Possible names ==
== Names ==


* Public Suffix List
In order to prevent the effective TLD list being seen as an authoritative database of effective TLDs, it will be called the Public Suffix List. Internally, however, the list and the service which uses it will continue to be known as the effective TLD list and effective TLD service respectively.
* Verified TLD List
* Authoritative TLD List


== Possible content ==
== Content of email ==


* What is the Effective TLD List?
* What is the Public Suffix List?
* Format to submit records and examples
* Format to submit records and trivial examples (there may be a website with examples that we can link to from the email)
* Email address for submissions
* Email address for submissions
 
== Things to remember ==
 
* A single point of contact for all browser makers
* Clear, obvious instructions as to what information to submit
* Clear documentation of the format to use


== Links ==
== Links ==
Line 49: Line 39:
=== TLD Lists ===
=== TLD Lists ===


* [http://lxr.mozilla.org/mozilla/source/netwerk/dns/src/effective_tld_names.dat?raw=1 Current Effective TLD List] (update)
* [http://lxr.mozilla.org/mozilla/source/netwerk/dns/src/effective_tld_names.dat?raw=1 Current Effective TLD List]
* [http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains Wikipedia: List of Internet top-level domains]
* [http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains Wikipedia: List of Internet top-level domains]
* [http://wiki.mozilla.org/TLD_List TLD list - MozillaWiki] (update)
* [http://wiki.mozilla.org/TLD_List TLD list - MozillaWiki]


=== Mozilla Bug Reports ===
=== Mozilla Bug Reports ===
Line 70: Line 60:
* [http://weblogs.mozillazine.org/gerv/archives/2007/01/effective_tld_list_help_wanted.html Hacking for Christ: "Effective TLD" List: Help Wanted]
* [http://weblogs.mozillazine.org/gerv/archives/2007/01/effective_tld_list_help_wanted.html Hacking for Christ: "Effective TLD" List: Help Wanted]
* [http://my.opera.com/yngve/blog/show.dml/267415 How to make sure the cookies don't burn your fingers? - Implementer's notes - by Yngve Nysaeter Pettersen]
* [http://my.opera.com/yngve/blog/show.dml/267415 How to make sure the cookies don't burn your fingers? - Implementer's notes - by Yngve Nysaeter Pettersen]
--[[User:Rubena|Rubena]] 13:08, 14 February 2007 (PST)
Rubena
27

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/49124"

Navigation menu