[162421] in North American Network Operators' Group
Re: What do people use public suffix for?
daemon@ATHENA.MIT.EDU (Geoffrey Keating)
Mon Apr 15 18:21:47 2013
To: "John Levine" <johnl@iecc.com>
From: Geoffrey Keating <geoffk@geoffk.org>
Date: 15 Apr 2013 14:34:16 -0700
In-Reply-To: <20130415131017.9047.qmail@joyce.lan>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
"John Levine" <johnl@iecc.com> writes:
> The public suffix list contains points in the DNS where (roughly
> speaking) names below that point are under different management from
> each other and from that name. It's here: http://publicsuffix.org/
>
> The idea is that abc.foo.com and xyz.foo.com have the same management,
> but abc.co.uk and xyz.co.uk do not.
>
> You don't have to tell me that it's a gross crock, but it seems to
> be a useful one. What do people use it for?
...
CAs use it as part of a procedure to determine whether it's safe to
issue a wildcard domain (as in, if it's on the list, it's not safe). See
<https://www.cabforum.org/Baseline_Requirements_V1_1_3.pdf>, section 11.1.3.
They'd really like to have a process which is less ad-hoc. For
example, it'd be great if these points were annotated in the DNS
itself, perhaps with a record which points to the corresponding
whois server.
