Public Suffix List

From MozillaWiki
Jump to: navigation, search

The Public Suffix List (PSL) is an attempt to build a database of Top-Level Domains (TLDs) including the respective registry's policies on domain registrations at different levels.

While the Public Suffix List has no opinion on alternative root systems, the list recognizes as authoritative and complies with ICP-3: A Unique, Authoritative Root for the DNS (ICANN, September 2001), allowing TLDs under the ICANN Root as well as inclusive sub-domain entries, and cookie apexes that comply with ICP-3 in a non-discriminatory manner.

Entries addition/updates/deletions are put through a loose process of vetting, curation, and validation by the community volunteers who help maintain the list.

Purpose(s)

Previously, browsers used an algorithm which basically only denied setting wide-ranging cookies for top-level domains with no dots (e.g. com or org). However, this did not work for top-level domains where only third-level registrations are allowed (e.g. co.uk). In these cases, websites could set a cookie for co.uk which will be passed onto every website registered under co.uk.

Clearly, this was a security risk as it allowed websites other than the one setting the cookie to read it, and therefore potentially extract sensitive information.

Since there is no algorithmic method of finding the highest level at which a domain may be registered for a particular top-level domain (the policies differ with each registry), the only method is to create a list of all top-level domains and the level at which domains can be registered. This is the aim of the effective TLD list.

As well as being used to prevent cookies from being set where they shouldn't be, the list can also potentially be used for other applications where the registry controlled and privately controlled parts of a domain name need to be known, for example when grouping by top-level domains.

Website

The website for the Public Suffix List is at http://publicsuffix.org/. Updates and maintainence is conducted on GitHub at the following URL: https://github.com/publicsuffix/list/

Registries

Maintaining an up-to-date list of all top-level domains and policies is clearly a vast task, and therefore each registry has been asked to maintain their own section of the database and email any changes to the effective TLD list maintenance team, who will then merge it with the master database.


Outreach to Registries

Some outreach has been performed to help expand the awareness of the Public Suffix List within the ICANN Community - to bridge the divide between registries and the PSL community. Here are some presentations that have been made to the ccTLD community and to gTLDs at ICANN meetings since 2011.

  • ccTLD Tech Day, June 2011 - ICANN #41, Singapore [1]
  • ccTLD Tech Day, November 2013 - ICANN #48, Buenos Aires, Argentina [2]
  • Tech Day, March 2017 - ICANN #58, Copenhagen, Denmark
  • Tech Day, March 2019 - ICANN #64, Kobe, Japan

ICANN Reviews

The ICANN Office of the CTO (OCTO)

Members of the OCTO collaborated with the PSL Volunteers to make a document available that helps inform Registries on the process of reviewing and maintaining their PSL entries.

ICANN Security and Stability Advisory Committee (SSAC)

ICANN has a Security and Stability Advisory Committee [4], with the role of advising the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems.

They created a working group which convened 2014-2015 to review the use of Public Suffix Lists, and how to impliment them within software, in security, and in language libraries and other systems. This ultimately resulted in SAC070, an advisory on the use of Public Suffix Lists.

Although it is slightly dated and not current and entirely applicable to the Mozilla PSL, it does contain good practices and advise. Please familiarize yourself with their findings and consider them in your use of these lists. The review included u:jothan and User:Gerv

  • SAC070 (In Japanese / 日本語) [5]
  • SAC070 (In English) [6]

Links

TLD Lists

Mozilla Bug Reports

Articles