publicsuffix / publicsuffix.org Goto Github PK
View Code? Open in Web Editor NEWThe publicsuffix.org website
Home Page: https://publicsuffix.org/
The publicsuffix.org website
Home Page: https://publicsuffix.org/
the Algorithm section of https://publicsuffix.org/list/ contains this step:
7. The registered or registrable domain is the public suffix plus one additional label.
..but "registered domain" and "registrable domain" are not defined.
Discussion with <[email protected]>
yielded these definitions:
- The registered (or registrable) domain is the public suffix plus one additional label, where:
- A registered domain is a domain that is registered, which is a process defined within the domain name system related to IANA functions, ICANN, and domain name registries.
- A registrable domain is a formally valid domain name that can be registered at a registry, i.e., it is not presently registered.
Perhaps the above definitions (or refinements thereof) could be added to https://publicsuffix.org/list/ ? various folks are using the term "registrable domain" in various specs where they likely mean "registered domain" (but the original text of step 7 made it easier to latch onto the term "registrable domain" by default).
Please see also PR #2.
[this issue supersedes publicsuffix/list#236]
It looks to me like there's a cert mismatch on https://publicsuffix.org
0 dkg@alice:~$ gnutls-cli publicsuffix.org
Processed 151 CA certificate(s).
Resolving 'publicsuffix.org:443'...
Connecting to '63.245.213.24:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `C=US,ST=California,L=Mountain View,O=Mozilla Foundation,CN=generic-san.mozilla.org', issuer `C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA', serial 0x089aa9d33b20dcf91654488f87af40fe, RSA key 2048 bits, signed using RSA-SHA256, activated `2013-10-16 00:00:00 UTC', expires `2016-10-20 12:00:00 UTC', SHA-1 fingerprint `0ca5fba64d2dea36120e906db4f24a366b0aafc6'
Public Key ID:
0803136629504256d7c02e266030aee2b255c195
Public key's random art:
+--[ RSA 2048]----+
|O+O+.o+. |
|=*.+.oE. |
|oo * |
|.. o = . |
|o o o . S |
|o . |
|... |
|.o |
|. |
+-----------------+
- Certificate[1] info:
- subject `C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA', issuer `C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert Global Root CA', serial 0x01fda3eb6eca75c888438b724bcfbc91, RSA key 2048 bits, signed using RSA-SHA256, activated `2013-03-08 12:00:00 UTC', expires `2023-03-08 12:00:00 UTC', SHA-1 fingerprint `1fb86b1168ec743154062e8c9cc5b171a4b7ccb4'
- Status: The certificate is NOT trusted. The name in the certificate does not match the expected.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** handshake has failed: Error in the certificate.
1 dkg@alice:~$
Looking at the offered cer, i see it has the following SANs:
DNSname: generic-san.mozilla.org
DNSname: inform.mozilla.org
DNSname: air.mozilla.org
DNSname: basket.mozilla.org
DNSname: blog.mozilla.com
DNSname: boardwiki.mozilla.org
DNSname: creative.mozilla.org
DNSname: foundationwiki.mozilla.org
DNSname: join.mozilla.org
DNSname: mpl.mozilla.org
DNSname: outgoing.mozilla.org
DNSname: securitywiki.mozilla.org
DNSname: wiki.mozilla.org
DNSname: tbpl.mozilla.org
DNSname: basket.mozilla.com
DNSname: air.mozilla.com
DNSname: dragnet.mozilla.org
DNSname: www.itisatrap.org
DNSname: itisatrap.org
DNSname: calendar.mozilla.org
DNSname: allizom.org
DNSname: www.allizom.org
DNSname: moztrap.mozilla.org
DNSname: careers.mozilla.com
DNSname: openstandard.mozilla.org
DNSname: pto.mozilla.org
DNSname: dnt-dashboard.mozilla.org
DNSname: mx.thunderbird.net
DNSname: broker.thunderbird.net
DNSname: intranet.mozilla.org
DNSname: iplimit.irc.mozilla.org
DNSname: m.wiki.mozilla.org
DNSname: affiliates.mozilla.org
DNSname: fb-affiliates.mozilla.org
DNSname: getfirebug.com
DNSname: www.getfirebug.com
DNSname: phonebook.mozilla.org
DNSname: passwordreset.mozilla.org
DNSname: mozillians.org
Mozilla wants to move the static content storage for the publicsuffix.org website and the list from S3 to Googe Cloud Storage. We would also like to start using GitHub Actions to sync the files.
@Flipez will file a pull request with the Actions workflow. I already added the bucket name and some project identifiers as secrets in the repository settings. (They aren't actually secrets, but we'd prefer to keep them private.) We will use workload identity federation to authenticate to GCP, so we won't need any GCP access keys in the secrets.
Once these workflows are working as expected, I will drop my permissions on the repositories again.
On the area "Uses" (https://publicsuffix.org/learn/)
Microsoft Edge can add see
https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/networking-and-connectivity/ (Top-Level Domains)
It would be convenient to be able to update the public suffix list from within a progressive web app. This would just require Access-Control-Allow-Origin: *
in the HTTP response headers. Is this possible or is it intentionally disallowed?
Make sure we have no references to [email protected] and that folks are steered towards psl-discuss@
If yes, how?
On https://www.publicsuffix.org/list/:
The very first paragraph ends with:
Please note that the list is encoded using UTF-8.
and the fifth bullet under Specification includes this note:
(Note: the list uses Unicode, not Punycode forms, and is encoded using UTF-8.)
On the other hand, the Formal specification section starts with the following:
The domain and all rules must be canonicalized in the normal way for hostnames - lower-case, Punycode (RFC 3492).
Looking through the list, it seems like the bit in Formal specification is wrong (or outdated). Every punycode in the list is part of a comment. There are no entries using Punycodes.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.