fbpx
Wikipedia

Public Suffix List

October 24, 2023

The Public Suffix List (PSL) is a catalog of certain Internet domain names. Entries on the list are also referred to as effective top-level domains (eTLD).[1]

The Mozilla Foundation initiated the suffix list for the security and privacy policies of its Firefox web browser, but it is widely applied, with varying success, to a variety of other purposes under the Mozilla Public License (MPL).

List Edit

The list is used by Mozilla browsers (Firefox), by Google in Chrome and Chromium projects on certain platforms,[2] and by Opera.[3]

According to Mozilla,[4]

A "public suffix" is one under which Internet users can directly register names. Some examples of public suffixes are ".com", ".co.uk" and "pvt.k12.ma.us".

While com, uk, and us are top-level domains (TLDs), Internet users cannot always register the next level of domain, such as "co.uk" or "wy.us", because these may be controlled by domain registrars. By contrast, users can register second level domains within com, such as example.com, because registrars control only the top level. The Public Suffix List is intended to enumerate all domain suffixes controlled by registrars.[5]

An internet site consists of the online resources which can be controlled by the registrant of a domain name. That includes resources available via the domain and all its sub-domains. Two domains are related if they are in the same site, i.e. they share a suffix that is not included in the Public Suffix List.

Security issues like a same-site attack can arise if the Public Suffix List is incorrect, or if browsers or sites are not properly configured.[6][7]

Some uses for the list are:

  • Avoiding "supercookies", HTTP cookies set by related-domain attackers for high-level domain name suffixes. In other words, a page at foo.example.co.uk might normally have access to cookies at bar.example2.co.uk, but example.co.uk should be walled off from cookies at example2.co.uk, to prevent a same-site attack, since the latter two domains could be registered by different owners.
  • Finding DMARC policy records for email subdomains.
  • Highlighting the most important part of a domain name in the user interface.
  • Improving the sorting of browser history entries by site.

Issues Edit

The PSL has been seen as a tool for a variety of goals related to security, privacy, usability and resource management which can be in tension with each other, leading to maintenance difficulties and operational challenges.[8][9][10] Ideas for effective approaches such as dbound, HTTP Stake Tokens and First Party Sets have been explored without consensus yet on good alternatives.[11]

In 2021, privacy enhancements in iOS 14.5 related to Apple's Identifier for Advertisers and unclear guidance from Facebook led to a flood of inappropriate requests for domains to be added to the Public Suffix List.[12][13]

References Edit

  1. ^ "Public Suffix List - MozillaWiki". wiki.mozilla.org. Retrieved 18 May 2017.
  2. ^ "364745 - Treat PSL matching consistently across all platforms". bugs.chromium.org. Retrieved 18 May 2017.
  3. ^ "Cookies and the Public Suffix List". Heroku. 11 October 2013. Retrieved 19 January 2014.
  4. ^ "Public Suffix List". publicsuffix.org. Retrieved 18 May 2017.
  5. ^ Murray Kucherawy (13 April 2015). "Additional Background Information for dbound". IETF working group. The PSL is maintained by a web browser producer and is kept current by volunteers on a best-effort basis. It contains a list of points in the hierarchical namespace at which registrations take place, and is used to identify the boundary between so-called "public" names (below which registrations can occur, such as ".com" or ".org.uk") and the private names (organizational names) that domain registrars create within them.
  6. ^ Dobberstein, Laura. "Subdomain security is substandard, say security researchers". www.theregister.com. Retrieved 2021-07-04.
  7. ^ "Can I take Your Subdomain? Exploring Same-Site Attacks in the Modern Web". Can I Take Your Subdomain?. Retrieved 2021-07-04.
  8. ^ Kumari, Warren; Akkerhuis, Jaap; Fältström, Patrik (2015), "SAC070 - ICANN SSAC Advisory on the Use of Static TLD / Suffix Lists" (PDF), ICANN Security and Stability Advisory Committee (SSAC) Reports and Advisories, p. 32, retrieved 2021-07-05
  9. ^ "SSAC Advisory on the Use of Static TLD / Suffix Lists | ICANN Features". features.icann.org. Retrieved 2021-07-05.
  10. ^ Sleevi, Ryan (2021-06-17), sleevi/psl-problems, retrieved 2021-07-04
  11. ^ Huston, Geoff (2020-09-10). "DNS Query Privacy Revisited | blabs.apnic.net". Retrieved 2021-07-05.
  12. ^ "Mozilla flooded with requests after Apple privacy changes hit Facebook". BleepingComputer. Retrieved 2021-07-04.
  13. ^ "New interaction between IOS 14.5 PCM and Facebook Pixel causing increase in PSL inclusion requests · Issue #1245 · publicsuffix/list". GitHub. Retrieved 2021-07-04.

External links Edit

  • Official website  

October 24, 2023
public, suffix, list, catalog, certain, internet, domain, names, entries, list, also, referred, effective, level, domains, etld, mozilla, foundation, initiated, suffix, list, security, privacy, policies, firefox, browser, widely, applied, with, varying, succes. The Public Suffix List PSL is a catalog of certain Internet domain names Entries on the list are also referred to as effective top level domains eTLD 1 The Mozilla Foundation initiated the suffix list for the security and privacy policies of its Firefox web browser but it is widely applied with varying success to a variety of other purposes under the Mozilla Public License MPL Contents 1 List 2 Issues 3 References 4 External linksList EditThe list is used by Mozilla browsers Firefox by Google in Chrome and Chromium projects on certain platforms 2 and by Opera 3 According to Mozilla 4 A public suffix is one under which Internet users can directly register names Some examples of public suffixes are com co uk and pvt k12 ma us While com uk and us are top level domains TLDs Internet users cannot always register the next level of domain such as co uk or wy us because these may be controlled by domain registrars By contrast users can register second level domains within com such as example com because registrars control only the top level The Public Suffix List is intended to enumerate all domain suffixes controlled by registrars 5 An internet site consists of the online resources which can be controlled by the registrant of a domain name That includes resources available via the domain and all its sub domains Two domains are related if they are in the same site i e they share a suffix that is not included in the Public Suffix List Security issues like a same site attack can arise if the Public Suffix List is incorrect or if browsers or sites are not properly configured 6 7 Some uses for the list are Avoiding supercookies HTTP cookies set by related domain attackers for high level domain name suffixes In other words a page at foo example co uk might normally have access to cookies at bar example2 co uk but example co uk should be walled off from cookies at example2 co uk to prevent a same site attack since the latter two domains could be registered by different owners Finding DMARC policy records for email subdomains Highlighting the most important part of a domain name in the user interface Improving the sorting of browser history entries by site Issues EditThe PSL has been seen as a tool for a variety of goals related to security privacy usability and resource management which can be in tension with each other leading to maintenance difficulties and operational challenges 8 9 10 Ideas for effective approaches such as dbound HTTP Stake Tokens and First Party Sets have been explored without consensus yet on good alternatives 11 In 2021 privacy enhancements in iOS 14 5 related to Apple s Identifier for Advertisers and unclear guidance from Facebook led to a flood of inappropriate requests for domains to be added to the Public Suffix List 12 13 References Edit Public Suffix List MozillaWiki wiki mozilla org Retrieved 18 May 2017 364745 Treat PSL matching consistently across all platforms bugs chromium org Retrieved 18 May 2017 Cookies and the Public Suffix List Heroku 11 October 2013 Retrieved 19 January 2014 Public Suffix List publicsuffix org Retrieved 18 May 2017 Murray Kucherawy 13 April 2015 Additional Background Information for dbound IETF working group The PSL is maintained by a web browser producer and is kept current by volunteers on a best effort basis It contains a list of points in the hierarchical namespace at which registrations take place and is used to identify the boundary between so called public names below which registrations can occur such as com or org uk and the private names organizational names that domain registrars create within them Dobberstein Laura Subdomain security is substandard say security researchers www theregister com Retrieved 2021 07 04 Can I take Your Subdomain Exploring Same Site Attacks in the Modern Web Can I Take Your Subdomain Retrieved 2021 07 04 Kumari Warren Akkerhuis Jaap Faltstrom Patrik 2015 SAC070 ICANN SSAC Advisory on the Use of Static TLD Suffix Lists PDF ICANN Security and Stability Advisory Committee SSAC Reports and Advisories p 32 retrieved 2021 07 05 SSAC Advisory on the Use of Static TLD Suffix Lists ICANN Features features icann org Retrieved 2021 07 05 Sleevi Ryan 2021 06 17 sleevi psl problems retrieved 2021 07 04 Huston Geoff 2020 09 10 DNS Query Privacy Revisited blabs apnic net Retrieved 2021 07 05 Mozilla flooded with requests after Apple privacy changes hit Facebook BleepingComputer Retrieved 2021 07 04 New interaction between IOS 14 5 PCM and Facebook Pixel causing increase in PSL inclusion requests Issue 1245 publicsuffix list GitHub Retrieved 2021 07 04 External links EditOfficial website nbsp Retrieved from https en wikipedia org w index php title Public Suffix List amp oldid 1177352150, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.