Public Suffix List/Use Cases
Jump to navigation
Jump to search
The PSL is being used for more things than was originally intended, and various edge cases, which need to be "in" for one use but "out" for another, are causing people difficulty. This page attempts to gather those potential use cases and help us make a decision on which ones to support, and how.
The current definition according to publicsuffix.org is: 'A "public suffix" is one under which Internet users can directly register names.'
| Name | Description | Question | In List | Not In List |
|---|---|---|---|---|
| Cookie-Setting | Deciding whether a cookie should be allowed to be set for a suffix of a given domain | Are this domain and its suffix controlled by the same entity? | com, appspot.com, co.uk | |
| 'Responsible Domain' Highlighting/Browser History Sorting | Deciding which parts of a domain to highlight or sort on in a UI - "Public Suffix + 1" | Are this domain and its suffix controlled by the same entity? | com, appspot.com, co.uk | |
| Navigability | Deciding whether a browser should attempt to navigate to a given URL without consulting DNS | Is there (likely to be) an A record for this domain? | com, co.uk | appspot.com |
| SSL Wildcards | Deciding whether to issue or accept an SSL wildcard certificate for *.public.suffix. | Are the servers of this domain and its suffix operated by the same entity? | com, co.uk | appspot.com |
[pkasting] Three questions:
- I don't know whether the cookie "question" is precisely correct. Are there situations where one organization should be able to read/write another organization's cookies? For example, should a page on appspot.com be able to read a page on foo.appspot.com?
- I don't think I understand the "history sorting" case completely. What are some concrete examples of this? In an ideal world, would this distinguish between subdomains which are conceptually "different sites" from the parent domain (e.g. mail.google.com versus google.com) and those which are not?
- We should probably consider hypothetical future cases involving ICANN's new "sell anyone their own TLD" policy, like whether we need to do anything special if someone buys a TLD and tries to make it directly navigable via an A record. (Is there some organization which has the authority to approve or reject such actions?)