Public Suffix List: Difference between revisions

Jump to navigation Jump to search

Public Suffix List (view source)

Revision as of 19:11, 25 March 2007

3 bytes removed ,  25 March 2007
no edit summary
No edit summary
No edit summary
Line 8: Line 8:


As well as being used to prevent cookies from being set where they shouldn't be, the list can also potentially be used for other applications where the registry controlled and privately controlled parts of a domain name need to be known, for example when grouping by top-level domains.
As well as being used to prevent cookies from being set where they shouldn't be, the list can also potentially be used for other applications where the registry controlled and privately controlled parts of a domain name need to be known, for example when grouping by top-level domains.
== Data collection ==
Maintaining an up-to-date list of all top-level domains and policies is clearly a vast task, and therefore each registry will be asked to maintain their own section of the database and email any changes to the effective TLD list maintenance team, who will then merge it with the master database.
Registries for all top-level domains will be contacted by email (possibly via an ICANN mailing list) that will inform them of the intentions of the effective TLD list, how to participate and formats for data files.


== Tasks to do ==
== Tasks to do ==


# Choose and set up a contact email address
# Choose and set up a contact email address
# Decide on how to prevent forgery of replies (Gerv recommends "pinging" each registry that sends an email and get them to confirm that they actually send it)
# Send the email to all TLD registries
# Send the email to all TLD registries
# Decide on how to prevent forgery of replies (Gerv recommends "pinging" each registry that sends an email and get them to confirm that they actually send it)
# Monitor the contact email address regularly and manage changes
# Monitor the contact email address regularly and manage changes
# Make the effective TLD list file available to other browser manufacturers
# Make the effective TLD list file available to other browser manufacturers
Line 31: Line 25:
The email address for submissions has not yet been decided.
The email address for submissions has not yet been decided.


== Email address monitoring ==
The email address must be monitored regularly, and submissions, after being verified as originating from the registry, must be integrated with the master list in time for the next browser update.
 
== Registries ==


The email address must be monitored regularly, and submissions, after being verified as originating from the registry, must be integrated with the master list in time for the next browser update.
Maintaining an up-to-date list of all top-level domains and policies is clearly a vast task, and therefore each registry will be asked to maintain their own section of the database and email any changes to the effective TLD list maintenance team, who will then merge it with the master database.
 
Registries for all top-level domains will be contacted by email (possibly via an ICANN mailing list) that will inform them of the intentions of the effective TLD list, how to participate and formats for data files.


== Email to registries ==
=== Email to registries ===


Dear Sir,
Dear Sir,
Line 41: Line 39:
The Mozilla Project (http://www.mozilla.org/) is making a list of all "Public Suffixes". A Public Suffixes is a domain label or set of labels under which end users can directly register domains. Examples of Public Suffixes are ".net", ".org.uk" and ".pvt.k12.ca.us".
The Mozilla Project (http://www.mozilla.org/) is making a list of all "Public Suffixes". A Public Suffixes is a domain label or set of labels under which end users can directly register domains. Examples of Public Suffixes are ".net", ".org.uk" and ".pvt.k12.ca.us".


This information is needed by web browsers in order to have secure cookie-setting policies, and for other security and user interface purposes. A more detailed rationale for this work can be found here: <url>
This information is needed by web browsers in order to have secure cookie-setting policies, and for other security and user interface purposes. A more detailed rationale for this work can be found at http://www.publicsuffix.org/learn/.


We have compiled an initial list of Public Suffixes, which includes data for each TLD. However, it is in your interest as a registry to make sure that your entry is correct and complete. Any errors may either cause your customers to not be able to set cookies when they should, or cause cookie information to be leaked between two domains without a trust relationship. Neither of these things is desirable.
We have compiled an initial list of Public Suffixes, which includes data for each TLD. However, it is in your interest as a registry to make sure that your entry is correct and complete. Any errors may either cause your customers to not be able to set cookies when they should, or cause cookie information to be leaked between two domains without a trust relationship. Neither of these things is desirable.


Therefore, we are writing to ask you to view the current list and, if it is incorrect, to submit updated data. A description of the format of the list, and details for sending updates is <here>; the list itself is <here>.
Therefore, we are writing to ask you to view the current list and, if it is incorrect, to submit updated data. A description of the format of the list, and details for sending updates is at http://www.publicsuffix.org/submit/; the list itself is http://www.publicsuffix.org/list/.


We would also ask you, for the reasons given above, to institute a policy of sending updated data as soon as possible if your registration policies change in a way which requires a change in the Public Suffix List.
We would also ask you, for the reasons given above, to institute a policy of sending updated data as soon as possible if your registration policies change in a way which requires a change in the Public Suffix List.
Line 54: Line 52:


The Mozilla Public Suffix List Team
The Mozilla Public Suffix List Team
== Browser manufacturers ==
We have to decide how browser manufacturers can implement the effective TLD list in their browsers. There needs to be a licence that allows this applied to the list, and a method for manufacturers to know when the list is updated and update their browsers.


== Links ==
== Links ==
Line 68: Line 70:
* [https://bugzilla.mozilla.org/show_bug.cgi?id=252342 Bug 252342 - fix cookie domain checks to not allow .co.uk]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=252342 Bug 252342 - fix cookie domain checks to not allow .co.uk]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=342314 Bug 342314 - Need effective-TLD file]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=342314 Bug 342314 - Need effective-TLD file]
=== Internet Drafts ===
* [http://files.myopera.com/yngve/blog/draft-pettersen-dns-cookie-validate-00.txt Enhanced validation of domains for HTTP State Management Cookies using DNS]
* [http://files.myopera.com/yngve/blog/draft-pettersen-subtld-structure-00.txt The TLD Subdomain Structure Protocol and its use for Cookie domain validation]


=== Articles ===
=== Articles ===
Line 81: Line 78:
* [http://my.opera.com/yngve/blog/show.dml/267415 How to make sure the cookies don't burn your fingers? - Implementer's notes - by Yngve Nysaeter Pettersen]
* [http://my.opera.com/yngve/blog/show.dml/267415 How to make sure the cookies don't burn your fingers? - Implementer's notes - by Yngve Nysaeter Pettersen]


--[[User:Rubena|Rubena]] 14:38, 6 March 2007 (PST)
--[[User:Rubena|Rubena]] 12:11, 25 March 2007 (PDT)
Rubena
27

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/52923"

Navigation menu