- From: sleevi <notifications@github.com>
- Date: Fri, 25 May 2018 06:24:00 -0700
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/url/pull/391/c392056396@github.com>
@annevk The PSL fundamentally can't scale, unless our goal is to deliver a snapshot of the Internet domains to users in real time, which we sort of put to bed when RFC 952 was obsoleted. I don't want to derail this thread, so apologies if it comes off there - but definitely wanted to push back on the notion of exposing this as part of the platform. Anyone that is making security assumptions about the presence or non-presence of a domain on the PSL is making a flawed security decision. To the extent browsers are doing it, they're wrong - and while I understand they may be doing so for legacy reasons, we should push back. But as a concept for exposing it to/as part of the platform, as much as possible, we should be trying to hide it from the platform and developers, because it's a concept that should go away / should not be relied on. If there is anything authors would do differently (based on non-presence), they should do that, and if there's anything they would do based on presence, they should stop doing that :) Hopefully that would obviate the need for API exposure. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/pull/391#issuecomment-392056396
Received on Friday, 25 May 2018 13:24:22 UTC