On Fri, Apr 13, 2018 at 5:15 PM, Matthew Hardeman via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I only named Let's Encrypt as an example of a CA that maintains a scrubbing
> "blacklist".  In their case, it appears to require exact match to a label
> including TLD and TLD+1.  I was kind of surprised that they didn't just
> take all the high value domain names as to the TLD+1 field and decline all
> combinations of (0...n_labels.)HIGH_VALUE_TLD+1.ANY_TLD_HERE, but I'm sure
> there's a reasonable case either way.

Reading the DNS policy discussions (over the past two decades) provides an
adequately ample understanding of the problems with, and complexities of,
such a naieve policy. The discussion around 'sunrise' and 'early
registration' periods for TLDs, or the UDRP, should be mandatory
comprehension for anyone arguing in favor of "popularity contests" or "big
domain holders > small domain holders" or "trademark holders > free speech"
or... well, the list goes on with the bad ideas proposed here that have
been roundly rejected by civil society and technologists regarding the
administration of the DNS :)
dev-security-policy mailing list

Reply via email to