W3C home > Mailing lists > Public > public-web-security@w3.org > May 2012

Re: same-origin assertions in the DNS (Fwd: [apps-discuss] draft-sullivan-domain-origin-assert-00)

From: Andrew Sullivan <ajs@anvilwalrusden.com>
Date: Thu, 10 May 2012 09:40:18 -0400
To: Gervase Markham <gerv@mozilla.org>
Cc: Eric Rescorla <ekr@rtfm.com>, Peter Saint-Andre <stpeter@stpeter.im>, Thomas Roessler <tlr@w3.org>, public-web-security <public-web-security@w3.org>
Message-ID: <20120510134008.GA14275@mail.yitter.info>
On Thu, May 10, 2012 at 11:08:16AM +0100, Gervase Markham wrote:
> On 08/05/12 17:14, Andrew Sullivan wrote:
> > For instance, the current list has a large number of entries of
> > domains held by Dyn (my employer), but not a list of similar entries
> > for at least some names offered by freedns.afraid.org.  We now know
> > that ICANN has at least 1200 pending applications for TLDs, which
> > they'll be awarding in batches starting some time in the next year;
> > the policies under all of those will also need to be reflected in the
> > publicsuffix list.  
> Not so; only if they offer non-flat registration, i.e. they implement
> some sort of subdomain structure.

Adding only the one label itself is still reflecting those policies,
no?  Someone is going to have to look at all of them and make a
decision.  ICANN will process them in batches (either of 500 or no
more than 500 -- ICANN's process on this is not exactly clear), so
this will have to be done at least three times.  And of course, the
domains will need to be monitored to keep track of what happens in them.

I understand and appreciate the work that has gone into the
publicsuffix list, and I think it was an important step in addressing
some pretty serious problems.  But I don't see how it scales, given
that it already has maintenance problems before the planned increase
in the root zone size.



Andrew Sullivan
Received on Thursday, 10 May 2012 13:40:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:20 UTC