What do ablockers use this list for?
101 views
Skip to first unread message
J John
Jul 5, 2024, 11:41:23 AM7/5/24
to psl-discuss
Jothan Frakes
Jul 5, 2024, 12:37:47 PM7/5/24
to J John, psl-discuss
We have no control over how the PSL is used. That important statement made, because it is the most elegant, least awful, no-cost resource of its kind, it gets a diversity of use, due to the fundamental importance of domain names and developers always seeking to have more elegant engagement and interaction with them.
I'd want to have answers from that community, but one area is in how cookies get split, another to flag a given namespace as a 'multi-tenant' namespace, such that legitsite.foo.example and a-holeperp.foo.example get treated differently. Should the party using a-holeperp.foo.example be doing some bad stuff while legitsite.foo.example is an upstanding netizen, rather than all subdomains of foo.example getting blocked by foo.example being blocked, the specific bad-actor spaces can be blocked.
This keeps good actors from being punished for their neighbor's actions, as software could notice through the PSL entry that it is multi-tenant. This type of use of the PSL by developers improves their elegance because that foo.example domain had attempted to express the preferences of how their namespace should be interacted with, as a subdivided namespace.
This keeps good actors from being punished for their neighbor's actions, as software could notice through the PSL entry that it is multi-tenant. This type of use of the PSL by developers improves their elegance because that foo.example domain had attempted to express the preferences of how their namespace should be interacted with, as a subdivided namespace.
We don't prescribe this type of use of the PSL, it just happens. Crucially, it incorrectly assumes that there is any security inferred by any entry being present within the PSL. While we do a significant amount of work to ensure that there is a reasonable amount of guard rails around submissions meeting certain standards, there should never be any assumption that an entry on the PSL is any more or less secure than anything else.
Hope this answers the question
-J
On Fri, Jul 5, 2024 at 8:41 AM J John <journe...@gmail.com> wrote:
https://github.com/ryanbr/uAssets/blob/master/thirdparties/publicsuffix.org/list/effective_tld_names.dat
--
You received this message because you are subscribed to the Google Groups "psl-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to publicsuffix-dis...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/publicsuffix-discuss/9a69d14a-7387-437e-934c-1dea1a286ae5n%40googlegroups.com.
Daniel Veditz
Jul 8, 2024, 8:47:44 PM7/8/24
to J John, psl-discuss
Browsers use this list in different ways (it's built in). It's quite likely this kind of extension wants to make decisions about domain groupings to match the decisions that the browser itself would make as close as possible.
The extension version of the list is almost certainly not going to be an exact match for the version built into the browser, and differences could lead to bugs or even minor security issues. I wonder if this is a utility Web Extension APIs should expose so individual extensions don't have to ship their own copies?
-Dan Veditz
Simon Friedberger
Jul 26, 2024, 5:16:01 AM7/26/24
to psl-discuss
I thought I had already mentioned this here but adding a web extension API for the in-browser PSL is already being worked on: https://github.com/w3c/webextensions/issues/231
Reply all
Reply to author
Forward
0 new messages