Re: Canonical list of overly general domains?
Daniel E. Renfer wrote: While I haven't been able to find a good list of domains that meet this requirement, what does everybody think of the idea that if you can't find a DNS entry for the domain part of the trust root then it's not a good candidate for a trust root. Maybe it's just my DNS servers, but I'm not getting a response for things such as com or co.uk any thoughts? The DNS lookup is interesting, but I feel a relying party should white-list the sites it accepts and only accept those. Any other mechanical trust relationships (such as generic blacklists) are likely to be worth next to nothing, so the RP might as well ignore checking for return address being in the trust root's set. Hans ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Canonical list of overly general domains?
On 1/6/07, Daniel E. Renfer [EMAIL PROTECTED] wrote: can't find a DNS entry for the domain part of the trust root then it's not a good candidate for a trust root. Maybe it's just my DNS servers, but I'm not getting a response for things such as com or co.uk You mean a lack of an A record implies that it's overly general? I think that would have both false positives and false negatives. For example, googlepages.com is probably too general, but certainly has an A record. AGL -- Adam Langley [EMAIL PROTECTED] http://www.imperialviolet.org 650-283-9641 ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Canonical list of overly general domains?
What about somebody take a stab at it (on the wiki, perhaps) and let others shoot at it? On Jan 8, 2007, at 14:34, Adam Langley wrote: On 1/6/07, Daniel E. Renfer [EMAIL PROTECTED] wrote: can't find a DNS entry for the domain part of the trust root then it's not a good candidate for a trust root. Maybe it's just my DNS servers, but I'm not getting a response for things such as com or co.uk You mean a lack of an A record implies that it's overly general? I think that would have both false positives and false negatives. For example, googlepages.com is probably too general, but certainly has an A record. AGL -- Adam Langley [EMAIL PROTECTED] http://www.imperialviolet.org 650-283-9641 ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs Johannes Ernst NetMesh Inc. http://netmesh.info/jernst ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs