27
edits
Changes
no edit summary
As well as being used to prevent cookies from being set where they shouldn't be, the list can also potentially be used for other applications where the registry controlled and privately controlled parts of a domain name need to be known, for example when grouping by top-level domains.
== Tasks to do ==
# Choose and set up a contact email address
# Decide on how to prevent forgery of replies (Gerv recommends "pinging" each registry that sends an email and get them to confirm that they actually send it)
# Send the email to all TLD registries
# Monitor the contact email address regularly and manage changes
# Make the effective TLD list file available to other browser manufacturers
The email address for submissions has not yet been decided.
The email address must be monitored regularly, and submissions, after being verified as originating from the registry, must be integrated with the master list in time for the next browser update. == Email address monitoring Registries ==
=== Email to registries ===
Dear Sir,
The Mozilla Project (http://www.mozilla.org/) is making a list of all "Public Suffixes". A Public Suffixes is a domain label or set of labels under which end users can directly register domains. Examples of Public Suffixes are ".net", ".org.uk" and ".pvt.k12.ca.us".
This information is needed by web browsers in order to have secure cookie-setting policies, and for other security and user interface purposes. A more detailed rationale for this work can be found hereat http: <url>//www.publicsuffix.org/learn/.
We have compiled an initial list of Public Suffixes, which includes data for each TLD. However, it is in your interest as a registry to make sure that your entry is correct and complete. Any errors may either cause your customers to not be able to set cookies when they should, or cause cookie information to be leaked between two domains without a trust relationship. Neither of these things is desirable.
Therefore, we are writing to ask you to view the current list and, if it is incorrect, to submit updated data. A description of the format of the list, and details for sending updates is <here>at http://www.publicsuffix.org/submit/; the list itself is <here>http://www.publicsuffix.org/list/.
We would also ask you, for the reasons given above, to institute a policy of sending updated data as soon as possible if your registration policies change in a way which requires a change in the Public Suffix List.
The Mozilla Public Suffix List Team
== Browser manufacturers ==
We have to decide how browser manufacturers can implement the effective TLD list in their browsers. There needs to be a licence that allows this applied to the list, and a method for manufacturers to know when the list is updated and update their browsers.
== Links ==
* [https://bugzilla.mozilla.org/show_bug.cgi?id=252342 Bug 252342 - fix cookie domain checks to not allow .co.uk]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=342314 Bug 342314 - Need effective-TLD file]
=== Articles ===
* [http://my.opera.com/yngve/blog/show.dml/267415 How to make sure the cookies don't burn your fingers? - Implementer's notes - by Yngve Nysaeter Pettersen]
--[[User:Rubena|Rubena]] 1412:3811, 6 25 March 2007 (PSTPDT)