Be careful here in asuming things that have more facets; * the PSL is divided into an official ICANN part and a PRIVATE section * there are Applications that use the PRIVATE part and there are Applications that activly don't use it * the DMARC RFC does not say that an DMARC validator has to use the PSL from "Mozilla", if they manage their own, they are free to do so and it will still be fine from a standards perspective * the Mozilla Wiki even references the fact that the PSL maintainers think, that the PRIVATE area should not be used for DMARC * Google Chrome and most likely other Browsers do not accept WILDCARD certs für domains on the ICANN part oft he PSL * CAB Forum Guidelines say that CAs should only consult the ICANN part of the PSL
-----Ursprüngliche Nachricht----- Von: mailop <[email protected]> Im Auftrag von Jaroslaw Rafa via mailop Gesendet: Dienstag, 21. September 2021 13:37 An: [email protected] Betreff: Re: [mailop] what is the PSL, was Gmail putting messages to spam Dnia 20.09.2021 o godz. 23:41:11 John Levine via mailop pisze: > It appears that Jaroslaw Rafa via mailop <[email protected]> said: > >It is possible, but eu.org is on the Public Suffix List, so different > >subdomains of it shouldn't be "merged", like for any other domain in the PSL. > > The PSL, despite being used by pretty much every web browser in the > world, is a small project run by volunteers using a github site. It is > not official or authoritative for anthing. > > Its only purpose is to prevent cross-site cookie attacks, which it > does pretty well. Many people try to use it for other purposes, which > it does a lot less well. In particular, if anyone imagines that the > PSL would be a get-out-of-jail free card for domains that have > terrible mail reputations because they give away subdomains to anyone > for free, it isn't. But what is the meaning of a domain being on PSL? It means that if example.org is on PSL, then one should be aware that sub1.example.org and sub2.example.org have nothing in common, ie. they *should not* be treated as being parts of the same entity (like for example sub1.company.com and sub2.company.com, when "company.com" is NOT on PSL, *should* be considered parts of the same entity company.com). That is the semantics behind PSL, and that is the reason why PSL has any sense at all in preventing cross-site attacks. But if PSL is good enough to distinguish independent domains for the purpuse of preventing cross-site attacks, it is also good enough for distinguishing independent domains with regard to their reputation. What I want to say is, when example.org is on PSL, reputation of sub1.example.org SHOULD NOT have impact on reputation of sub2.example.org, as they are usually independent entities. -- Regards, Jaroslaw Rafa [email protected] -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
