On Thursday, 12 October 2017 23:55:00 UTC+1, Andrew R. Whalley wrote: > This assumes the number of labels in domains appearing in the Public Suffix > List, which is inadvisable.
An illustrative example, probably worth using by any CAs which have humans involved in the domain verification process as software engineers or directly as agents for individual verifications is www.me.uk me.uk is a Public Suffix operated by Nominet in the UK alongside more famous examples like .gov.uk or .co.uk and so www.me.uk is simply one of a great many different sub-domains within that suffix owned by completely unrelated parties. In that particular case Adrian "RevK" Kennard the owner of a small but significant UK Service Provider and someone who enjoys making mischief. Kennard doesn't own or run .me.uk and has no legitimate claim over most other names in that suffix (obvious exceptions include revk.me.uk) but he received the www.me.uk name because nobody saw fit to prohibit it from being registered under this suffix and he was the first to ask. And so it sure _looks_ to anyone who hasn't consulted the Public Suffix List and isn't familiar with the history of these names, as though Kennard's "www.me.uk" is the web site of an entire domain under Kennard's control named simply me.uk _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
