Good point, John! I'm guessing the reasoning here is that some companies
have an instance of their domain in each of many countries. Google has
google.ac, google.ad, google.ae, and so on, as seen at
https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json.
Although Google has a listing they keep up to date, for most companies
it would be hard to generate this list and keep it up to date.
Perhaps a more explicit implementation would allow you to specify:
<target host="www.google.PUBLIC_SUFFIX">
HTTPS Everywhere could bundle the latest version of the Public Suffix
List ( http://publicsuffix.org/). Then, to look up a given hostname it
would first try the literal hostname, then replace any public suffix at
the end of the hostname with the string ".PUBLIC_SUFFIX" and try again.
BTW, I was surprised how many rules follow this pattern - 1899 by my
naive grep!
_______________________________________________
HTTPS-Everywhere mailing list
[email protected]
https://lists.eff.org/mailman/listinfo/https-everywhere
