Re: What do people use public suffix for?

On 4/19/13, Dave Crocker wrote: That is only theoretically possible, if every boundary keeper participates. In reality, you would wind up with some zones having explicit marking, and most zones not having any marking at all, just because the admin didn't bother to pick up on the new idea and i

Re: What do people use public suffix for?

1. Explicitly marking an administrative boundary is not inherently a 'security' function, although properly authorizing and protecting the marking no doubt would be. 2. Defining a marking mechanism that is built into a security mechanism that is designed for other purposes is overloading funct

Re: What do people use public suffix for?

On 4/19/13, Dave Crocker wrote: > On 4/19/2013 4:33 PM, Jimmy Hess wrote: [snip] > Absent a view that somehow says all metadata is a security function, I > don't see how the marking of administrative boundaries qualifies as a > security function. The security function comes in immediately, when y

Re: What do people use public suffix for?

On 4/19/2013 4:33 PM, Jimmy Hess wrote: It seems this is more about providing a security function to DNS, to inform the public, about where the responsible parties change. Absent a view that somehow says all metadata is a security function, I don't see how the marking of administrative bound

Re: What do people use public suffix for?

>If the DS record identifies a different signer, then you have an >administrative split, >or if the e-mail address field in the SOA fields of the parent zone >are different, then you have an administrative split, OR if one of the >two zones has RP (responsible party records), and the list of RP

Re: What do people use public suffix for?

On 4/19/13, Dave Crocker wrote: > On 4/19/2013 12:57 PM, Tony Finch wrote: >> To reinforce Joe's point, there doesn't even need to be a zone cut for >> there to be an administrative cut. There are various ISPs and dynamic DNS >> providers that put all their users in the same zone, and the common [

Re: What do people use public suffix for?

On 4/19/2013 12:57 PM, Tony Finch wrote: To reinforce Joe's point, there doesn't even need to be a zone cut for there to be an administrative cut. There are various ISPs and dynamic DNS providers that put all their users in the same zone, and the common suffix of a zone like this should be trea

Re: What do people use public suffix for?

Joe Abley wrote: > > If the rule was just "the nameservers need to be the same and the SOA > RDATA needs to be the same, for some well-documented meaning of 'same'" > then gaming that rule (e.g. for purposes of cookie injection) as a > miscreant is unpleasantly straightforward. To reinforce Joe's

Re: What do people use public suffix for?

On 2013-04-19, at 14:17, Bjørn Mork wrote: > It is already, isn't it? The NS and SOA records will tell you all there > is to know about zone splits and cross zone relations. Not really. In general, just because a zone is served by the same nameservers as another zone doesn't mean that they a

Re: What do people use public suffix for?

Jay Ashworth writes: > - Original Message - >> From: "John Levine" > >> The public suffix list contains points in the DNS where (roughly >> speaking) names below that point are under different management from >> each other and from that name. It's here: http://publicsuffix.org/ >> >> Th

Re: What do people use public suffix for?

On Apr 15, 2013, at 5:34 PM, Geoffrey Keating wrote: > > CAs use it as part of a procedure to determine whether it's safe to > issue a wildcard domain (as in, if it's on the list, it's not safe). See > , section 11.1.3. > > They'd reall

Re: What do people use public suffix for?

On Mon, Apr 15, 2013 at 11:34 PM, Geoffrey Keating wrote: > They'd really like to have a process which is less ad-hoc. For > example, it'd be great if these points were annotated in the DNS > itself, perhaps with a record which points to the corresponding > whois server > Btw., this would simil

Re: What do people use public suffix for?

"John Levine" writes: > The public suffix list contains points in the DNS where (roughly > speaking) names below that point are under different management from > each other and from that name. It's here: http://publicsuffix.org/ > > The idea is that abc.foo.com and xyz.foo.com have the same man

Re: What do people use public suffix for?

They'd really like to have a process which is less ad-hoc. For example, it'd be great if these points were annotated in the DNS itself, perhaps with a record which points to the corresponding whois server. I've been thinking about a way to do that, but I want to understand the use cases first.

Re: What do people use public suffix for?

On Apr 15, 2013, at 9:30 AM, Joe Abley wrote: > [...] > If you need the mechanism to work (...) then I can see why fetching and > caching a browser list over SSL (and perhaps shipping with a baseline version > of it) seems attractive. Sounds like this could've been good logic for the use of HOS

Re: What do people use public suffix for?

On 2013-04-15, at 12:00, Jay Ashworth wrote: > Seems to me that it's a crock because *it should be in the DNS*. > > I should be able to retrieve the AS (administrative split) record > for .co.uk, and there should be one that says, "yup, there's an > administrative split below me; nothing under

Re: What do people use public suffix for?

- Original Message - > From: "John Levine" > The public suffix list contains points in the DNS where (roughly > speaking) names below that point are under different management from > each other and from that name. It's here: http://publicsuffix.org/ > > The idea is that abc.foo.com and x

Re: What do people use public suffix for?

dnswl.org should look at publicsuffix.org to correct errors. On Mon, Apr 15, 2013 at 7:55 AM, Matthias Leisi wrote: > On Mon, Apr 15, 2013 at 3:10 PM, John Levine wrote: > > > > You don't have to tell me that it's a gross crock, but it seems to > > be a useful one. What do people use it for?

Re: What do people use public suffix for?

On Mon, Apr 15, 2013 at 3:10 PM, John Levine wrote: > You don't have to tell me that it's a gross crock, but it seems to > be a useful one. What do people use it for? Here's what I know of: > At dnswl.org, we use a heuristic (and manual checks) to derive different "levels" of management (ie,