Both users and applications make inferences from domain names, usually
in an effort to make some determination about identity or the correct
security stance to take. Such inferences, however, are usually based
on heuristics, rules of thumb, and large static lists describing parts
of the DNS name space. The DNS root is expanding rapidly, and the
existing mechanisms -- primarily the public suffix list
(http://publicsuffix.org/) and related systems -- are unlikely to be
sustainable in the medium term. Most of the existing mechanisms are
managed semi-manually, and there are good reasons to suppose that the
limits of such management are either about to be exceeded, or already
have been. Moreover, the existing mechanisms are made without regard
to the semantics of domain name boundaries, and sometimes miss subtle
but important parts of those semantics (in particular, the public
suffix list has sometimes failed to take into account so-called empty
non-terminals). Perhaps most importantly, the public suffix list puts
the control of policy assertions about a given name outside of the
control of the domain operator, and in the hands of the operator of
the list.
The purpose of this mailing list is to discuss this issue and to
identify as completely as we can the cases in need of addressing, to
identify the necessary lines of work to address each case, and to
determine whether there is sufficient interest and energy to set up a
working group to complete that work.
To see the collection of prior postings to the list,
visit the dbound
Archives.
|
Subscribe to dbound by filling out the following
form.
You will be sent email requesting confirmation, to
prevent others from gratuitously subscribing you. This is a private list, which means that the
list of members is not available to non-members.
|