Home page logo

nanog logo nanog mailing list archives

Re: What do people use public suffix for?
From: Danny McPherson <danny () tcb net>
Date: Tue, 16 Apr 2013 22:19:21 -0400

On Apr 15, 2013, at 5:34 PM, Geoffrey Keating wrote:

CAs use it as part of a procedure to determine whether it's safe to
issue a wildcard domain (as in, if it's on the list, it's not safe).  See
<https://www.cabforum.org/Baseline_Requirements_V1_1_3.pdf>, section 11.1.3.

They'd really like to have a process which is less ad-hoc.  For
example, it'd be great if these points were annotated in the DNS
itself, perhaps with a record which points to the corresponding
whois server.

Concur - I think codifying DNS's dynamic structure in an outside medium is only going to cause problems down the road 
(e.g., especially with namespace diffusion from the likes of new gTLDs, etc..).

While an unfortunate naming collision here (i.e., the "SOPA" RR), I think an approach such as [1] has some merit - but 
much work needs to be done.  


[1] http://tools.ietf.org/html/draft-sullivan-domain-origin-assert-02

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]