Changes

Jump to: navigation, search

Public Suffix List

3 bytes removed, 19:11, 25 March 2007
no edit summary
As well as being used to prevent cookies from being set where they shouldn't be, the list can also potentially be used for other applications where the registry controlled and privately controlled parts of a domain name need to be known, for example when grouping by top-level domains.
 
== Data collection ==
 
Maintaining an up-to-date list of all top-level domains and policies is clearly a vast task, and therefore each registry will be asked to maintain their own section of the database and email any changes to the effective TLD list maintenance team, who will then merge it with the master database.
 
Registries for all top-level domains will be contacted by email (possibly via an ICANN mailing list) that will inform them of the intentions of the effective TLD list, how to participate and formats for data files.
== Tasks to do ==
# Choose and set up a contact email address
# Decide on how to prevent forgery of replies (Gerv recommends "pinging" each registry that sends an email and get them to confirm that they actually send it)
# Send the email to all TLD registries
# Decide on how to prevent forgery of replies (Gerv recommends "pinging" each registry that sends an email and get them to confirm that they actually send it)
# Monitor the contact email address regularly and manage changes
# Make the effective TLD list file available to other browser manufacturers
The email address for submissions has not yet been decided.
The email address must be monitored regularly, and submissions, after being verified as originating from the registry, must be integrated with the master list in time for the next browser update. == Email address monitoring Registries ==
The email address must Maintaining an up-to-date list of all top-level domains and policies is clearly a vast task, and therefore each registry will be monitored regularly, asked to maintain their own section of the database and submissions, after being verified as originating from email any changes to the registryeffective TLD list maintenance team, must be integrated who will then merge it with the master database. Registries for all top-level domains will be contacted by email (possibly via an ICANN mailing list in time ) that will inform them of the intentions of the effective TLD list, how to participate and formats for the next browser updatedata files.
=== Email to registries ===
Dear Sir,
The Mozilla Project (http://www.mozilla.org/) is making a list of all "Public Suffixes". A Public Suffixes is a domain label or set of labels under which end users can directly register domains. Examples of Public Suffixes are ".net", ".org.uk" and ".pvt.k12.ca.us".
This information is needed by web browsers in order to have secure cookie-setting policies, and for other security and user interface purposes. A more detailed rationale for this work can be found hereat http: <url>//www.publicsuffix.org/learn/.
We have compiled an initial list of Public Suffixes, which includes data for each TLD. However, it is in your interest as a registry to make sure that your entry is correct and complete. Any errors may either cause your customers to not be able to set cookies when they should, or cause cookie information to be leaked between two domains without a trust relationship. Neither of these things is desirable.
Therefore, we are writing to ask you to view the current list and, if it is incorrect, to submit updated data. A description of the format of the list, and details for sending updates is <here>at http://www.publicsuffix.org/submit/; the list itself is <here>http://www.publicsuffix.org/list/.
We would also ask you, for the reasons given above, to institute a policy of sending updated data as soon as possible if your registration policies change in a way which requires a change in the Public Suffix List.
The Mozilla Public Suffix List Team
 
== Browser manufacturers ==
 
We have to decide how browser manufacturers can implement the effective TLD list in their browsers. There needs to be a licence that allows this applied to the list, and a method for manufacturers to know when the list is updated and update their browsers.
== Links ==
* [https://bugzilla.mozilla.org/show_bug.cgi?id=252342 Bug 252342 - fix cookie domain checks to not allow .co.uk]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=342314 Bug 342314 - Need effective-TLD file]
 
=== Internet Drafts ===
 
* [http://files.myopera.com/yngve/blog/draft-pettersen-dns-cookie-validate-00.txt Enhanced validation of domains for HTTP State Management Cookies using DNS]
* [http://files.myopera.com/yngve/blog/draft-pettersen-subtld-structure-00.txt The TLD Subdomain Structure Protocol and its use for Cookie domain validation]
=== Articles ===
* [http://my.opera.com/yngve/blog/show.dml/267415 How to make sure the cookies don't burn your fingers? - Implementer's notes - by Yngve Nysaeter Pettersen]
--[[User:Rubena|Rubena]] 1412:3811, 6 25 March 2007 (PSTPDT)
Rubena
27
edits
Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/52923"

Navigation menu