[dns-operations] Monday rant againt the uses of the Public Suffix List

Matthew Ghali mghali at snark.net
Tue Jan 22 01:36:23 UTC 2013

On Jan 21, 2013, at 3:01 PM, Colm MacCárthaigh <colm at stdlib.net> wrote:

> For similar reasons, Certificate authorities take precautions when
> signing wildcard certificates, to ensure that the level of the domain
> being signed is appropriate. If a CA were to give Nominet a
> certificate for *.co.uk - that would be a problem. But giving me
> *.stdlib.net certificate is fine, even though it's the same number of
> dots.
> So in theses cases, the suffix lists are used to help protect privacy.

I see. So for decades now we've all agreed that calculating trust based on domain names was a bad idea. Then someone (at Mozilla?) came up with the  revolutionary new "public suffix" which we can go forth and use for the same purpose. This is awesome, I'm going to go dust off my .rhosts files. 


More information about the dns-operations mailing list