Public Suffix List: Difference between revisions
No edit summary |
m (→TLD Lists: added IANA database link so people can look up apex at authority ~~~~) |
||
| Line 23: | Line 23: | ||
* [http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/src/effective_tld_names.dat?raw=1 Current Effective TLD List] | * [http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/src/effective_tld_names.dat?raw=1 Current Effective TLD List] | ||
* [http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains Wikipedia: List of Internet top-level domains] | * [http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains Wikipedia: List of Internet top-level domains] | ||
* [http://www.iana.org/domains/root/db/ IANA Root Zone Database] | |||
=== Mozilla Bug Reports === | === Mozilla Bug Reports === | ||
Revision as of 00:42, 17 November 2011
The public suffix list is an attempt to build a database of top-level domains and their respective registry's policies on domain registrations at different levels.
Previously, browsers used an algorithm which basically only denied setting wide-ranging cookies for top-level domains with no dots (e.g. com or org). However, this did not work for top-level domains where only third-level registrations are allowed (e.g. co.uk). In these cases, websites could set a cookie for co.uk which will be passed onto every website registered under co.uk.
Clearly, this was a security risk as it allowed websites other than the one setting the cookie to read it, and therefore potentially extract sensitive information.
Since there is no algorithmic method of finding the highest level at which a domain may be registered for a particular top-level domain (the policies differ with each registry), the only method is to create a list of all top-level domains and the level at which domains can be registered. This is the aim of the effective TLD list.
As well as being used to prevent cookies from being set where they shouldn't be, the list can also potentially be used for other applications where the registry controlled and privately controlled parts of a domain name need to be known, for example when grouping by top-level domains.
Website
The website for the Public Suffix List is at http://publicsuffix.org/.
Registries
Maintaining an up-to-date list of all top-level domains and policies is clearly a vast task, and therefore each registry has been asked to maintain their own section of the database and email any changes to the effective TLD list maintenance team, who will then merge it with the master database.
Links
TLD Lists
Mozilla Bug Reports
- Bug 9422 - Unsafe handling of illegal cookie domain attributes
- Bug 252342 - fix cookie domain checks to not allow .co.uk
- Bug 342314 - Need effective-TLD file