[dns-operations] Monday rant againt the uses of the Public Suffix List
Warren Kumari
warren at kumari.net
Mon Jan 21 20:29:28 UTC 2013
On Jan 21, 2013, at 2:12 PM, Vernon Schryver <vjs at rhyolite.com> wrote:
>> From: Paul Vixie <paul at redbarn.org>
>
>> Stephane Bortzmeyer wrote:
>
>>>> used by numerous software developers, programming languages,
>>>> browsers (cookies), search engines, security software, and many
>>>> other places.
>>>
>>> And 95 % of these uses are bad ideas: it creates false positives
>>> (.CW...) and false negatives (it's not because .COM exists that
>>> anything.com has a meaning).
>>
>> passionate +1.
>
> Why is anyone using such lists to validate domain suffixes? I recently
> discovered a global, distributed database with nearby caching that
> allows HTTP and SMTP servers to check whether the right hand side of
> user at example.com is valid. It does not require that servers act exactly
> miscreants doing dictionary attacks to find spam targets ("sender
> address verification") or exactly like spammers sending unsolicited
> bulk mail.
>
> Continuing the sarcasm is too much effort, so I'll simply ask why not
> do DNS MX and A requests? (both because of the fall-back-to-A-if-no-MX
> rule) If you get NXDOMAIN or NODATA for both MX and A, you know it
> is invalid in an SMTP Rcpt_To command (unless you still believe in
> SMTP source routing). If you get A or MX records, then it is at least
> as likely to be valid as a name in other list.
Please sir, if I run www.images.example.co.uk, can I set a cookie at images.example.co.uk? How about example.co.uk? Fine… Now .co.uk? Hmm…
There is no DNS query that will (or should) tell me that...
W
>
>
> Vernon Schryver vjs at rhyolite.com
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
--
"I think perhaps the most important problem is that we are trying to understand the fundamental workings of the universe via a language devised for telling one another when the best fruit is." --Terry Prachett
More information about the dns-operations
mailing list