Re: [DNSOP] Public Suffix List from Gervase Markham on 2008-06-11 (ietf-http-wg@w3.org from April to June 2008)

From: Gervase Markham <gerv@mozilla.org>
Date: Wed, 11 Jun 2008 10:15:19 +0100
To: Dean Anderson <dean@av8.com>
CC: "dnsop@ietf.org" <dnsop@ietf.org>, David Conrad <drc@virtualized.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <484F97A7.6020709@mozilla.org>

Dean Anderson wrote:
>> That's unfortunate; but I must say this upset was not communicated to me.
> 
> Probably that's because you are using SORBS to filter your email. SORBS
> has an unusually high number of false positives, and for example,
> falsely claims that that 130.105/16 and 198.3.136/21 are hijacked. You 
> can find more information about SORBS on http://www.iadl.org/

No-one can have control over and knowledge of everything their ISP does
with relation to the services they provide. I confess I've only ever
vaguely heard the name SORBS, and had no idea that my provider was using
it. But I don't believe that using it makes me uncontactable. My phone
number and address are on my personal web page.

I can hardly imagine some TLD administrator saying "I'm so irritated
about Firefox's TLD IDN whitelist. I'm going to send Gerv a nasty email.
Hang on, my email's been rejected. Oh well, I guess I'll just have to
live with it."

>> That policy of ours should have no effect whatsoever on TLDs with a
>> responsible attitude to homographs. Our registration requirements are
>> not onerous.
> 
> ??? This statement doesn't seem very credible. What authority do you
> have to decide what a 'responsible attitude to homegraphs' would be?  

What's your answer to that question? (Hint: the answer "no-one" is
equivalent to the answer "the registries", which has been shown not to
work. See http://www.shmoo.com/idn/ .)

> Mozilla.org doesn't represent the internet industry nor any government
> or governing organization. 

No, we represent our users, and we make all sorts of security decisions
for them on a regular basis. One of the reasons Firefox is popular is
precisely because it doesn't wimp out of security decisions with
user-irritating popup questions they have no information to answer. But,
as someone else has said, if people don't like the decisions we make,
they can either become part of "we" and seek to change them, or they can
change or build their copy, or can distribute an alternative browser.

> Why should TLD's think they need to register
> with Mozilla.org? 

They don't have to. Why should TLDs think they have an automatic right
to have Firefox display domains they have issued which allow our users
to be fooled or defrauded?

Gerv

Received on Wednesday, 11 June 2008 09:16:04 UTC