[dns-operations] Browser Public suffixes list

rubensk at nic.br rubensk at nic.br
Sun Aug 28 11:04:50 UTC 2022


The list of malicious websites in browsers is constantly updated without having to follow the release cycle... where there's a will, there's a way.


Rubens


> On 27 Aug 2022, at 22:43, Jothan Frakes <jothan at gmail.com> wrote:
> 
> I am really frustrated that the materials developed for IANA to share to avoid things like this were not distributed, as awareness would have led to earlier request, which in turn would have diminished the propagation timing gap with the browser side.
> 
> Not saying all the planets would have lined up, but the odds would have improved.
> 
> "Browsers gonna browse" - love that Vixie quote.
> 
> The performance of the combined 'omnibox' that mashed up search and location was also a driver, although screen real estate on mobile/tablet certainly made this a practical argument for omnibox vs them sweet, sweet search dollas
> 
> Anyways, as far as the propagation timing goes, PSL is just a drop in component that is *relatively* static, and we're quite mindful of keeping the file size modest for a number of reasons.  I am glad that the team at ISOC.IL <http://isoc.il/> were able to find waldo within Mozilla and Google.  I think with Safari it is important to note that updates to it are typically done at the time of their OS upgrades as a 'whole cloth' update, and it seems Apple likes to make modest update frequency, so Safari internals are one of the train cars attached to the OS Train but not the train itself, and this is just an efficiency thing.
> 
> The performance benefit is the best argument I have been presented as to why there is a static list baked in on the browser.
> 
> Generally speaking, the PSL being used as a static list incorporated into software kind of perpetuates the hosts.txt dilemma that DNS started to distribute better, and the DBOUND began a good direction but we ended up with a low 'juice to squeeze' ratio and could not quite work out what flavor either.
> 
> There is some activity inside of the W3C WhatWG kind of as a parallel evolution to DBOUND (bridge being built from other side of canyon).
> 
> Crucially, there are a number of ways in addition to administrative boundaries that overlap, and there are other projects like DKIM DMARC HSTS etc that have a lot of overlap in ways a common project might be helpful in allowing an administrator of a namespace for a domain name in having some means to express to the internet how they would prefer their domain name be interacted with.
> 
> -Jothan
> 
> 
> On Sat, Aug 27, 2022 at 11:26 AM Paul Vixie via dns-operations <dns-operations at dns-oarc.net <mailto:dns-operations at dns-oarc.net>> wrote:
> 
> 
> 
> ---------- Forwarded message ----------
> From: Paul Vixie <paul at redbarn.org <mailto:paul at redbarn.org>>
> To: DNS Operations List <dns-operations at lists.dns-oarc.net <mailto:dns-operations at lists.dns-oarc.net>>
> Cc:
> Bcc:
> Date: Sat, 27 Aug 2022 11:20:53 -0700
> Subject: Re: [dns-operations] Browser Public suffixes list
> 
> 
> Viktor Dukhovni wrote on 2022-08-27 11:06:
> > On Sat, Aug 27, 2022 at 10:48:46AM -0700, Paul Vixie wrote:
> >>  ...
> >> see: https://www.ietf.org/mailman/listinfo/dbound <https://www.ietf.org/mailman/listinfo/dbound>
> >
> > Another aspect of the problem, is that the browsers unified the address
> > bar and the search bar in order to "improve" (make simpler than
> > possible) the browser user interface.  This creates a fundamental
> > ambiguity about user intent.  Did the user type a URL sans scheme prefix
> > or a search term?  Using the PSL to "disambiguate" is a hack.
> 
> browsers gonna browse. there's nothing we can do about that in the
> protocols. time was, any character-by-character current value in the
> browser bar which was syntactically valid as a domain name (by regex
> without reference to a PSL or any other dictionary) would be sent to the
> DNS resolver. apparently this wasn't monetizing enough. we march on.
> 
> --
> P Vixie
> 
> 
> 
> 
> ---------- Forwarded message ----------
> From: Paul Vixie via dns-operations <dns-operations at dns-oarc.net <mailto:dns-operations at dns-oarc.net>>
> To: DNS Operations List <dns-operations at lists.dns-oarc.net <mailto:dns-operations at lists.dns-oarc.net>>
> Cc:
> Bcc:
> Date: Sat, 27 Aug 2022 11:20:53 -0700
> Subject: Re: [dns-operations] Browser Public suffixes list
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net <mailto:dns-operations at lists.dns-oarc.net>
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations <https://lists.dns-oarc.net/mailman/listinfo/dns-operations>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net <mailto:dns-operations at lists.dns-oarc.net>
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations <https://lists.dns-oarc.net/mailman/listinfo/dns-operations>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20220828/5312c8b5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 529 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20220828/5312c8b5/attachment.sig>


More information about the dns-operations mailing list