I recently visited a page using a DynDNS domain (specifically, one under homelinux.org). That page used an SSL certificate, and Firefox displayed the domain as "homelinux.org", rather than "example.homelinux.org". The DynDNS domains should appear in the Public Suffix list. This will ensure that the SSL domain indicator in the location bar shows the right domain, avoid allowing cookies across such domains, and otherwise help ensure that these sites get properly treated as separate domains rather than subdomains. Since submissions to the Public Suffix list must come from the registry itself, I've filed this evangelism bug in the hopes that someone might contact DynDNS to get them to make such a submission.
From: Ruben Arakelyan <email@example.com> To: firstname.lastname@example.org Subject: Adding DynDNS domains to the Public Suffix List Date: Sat, 25 Jun 2011 14:56:09 +0100 Hello, I am contacting you on behalf of the Public Suffix List project. A "public suffix" is one under which Internet users can directly = register names. Some examples of public suffixes are ".com", ".co.uk" = and "pvt.k12.wy.us". The Public Suffix List is a list of all known = public suffixes. The Public Suffix List is an initiative of the Mozilla Project, but is = maintained as a community resource. It is available for use in any = software, but was originally created to meet the needs of browser = manufacturers. It allows browsers to, for example: * Avoid privacy-damaging "supercookies" being set for high-level domain = name suffixes * Highlight the most important part of a domain name in the user = interface * Accurately sort history entries by site We are aware that your organisation provides DNS services to the public = via a number of domain names (such as dyndns-free.com), under which = customers are able to create subdomains pointing to their computers. Currently, there is nothing stopping customers from creating web pages = in these subdomains that set cookies for the top-level domains, and = reading any other cookies set in this manner. Since each subdomain = belongs to a different customer, this may result in data leaks. Listing the domain names you provide for subdomain registration in the = Public Suffix List means that users of browsers such as Firefox, Chrome = and Opera will be protected from such data leaks, as well as SSL = certificates showing the correct domain that they are registered for. Listing and updating your domain names is an easy process, and more = information is available at http://publicsuffix.org/. I look forward to your reply. Ruben Arakelyan
Jeremy Hitchcock from DynDNS got back to me regarding my email above - he says there are no objections to having their domains in the PSL. This attachment adds the free domains as listed at http://www.dyndns.com/services/dns/dyndns/domains.html to the list. There is a much larger list of premium domain names at http://www.dyndns.com/services/dns/dyndns/premium.html which I wasn't sure about adding since there are so many. Email follows: ---- Ruben, > Listing the domain names you provide for subdomain registration in > the Public Suffix List means that users of browsers such as Firefox, > Chrome and Opera will be protected from such data leaks, as well as > SSL certificates showing the correct domain that they are registered > for. > > Listing and updating your domain names is an easy process, and more > information is available at http://publicsuffix.org/. Thanks for the note. We wouldn't be opposed to people publishing our names in various directories like the Public Suffix List. For information, we publish the domains used for dynamic DNS at this address: http://www.dyndns.com/services/dns/dyndns/domains.html http://www.dyndns.com/services/dns/dyndns/premium.html Jeremy -- Jeremy Hitchcock Dyn :: http://dyn.com/ email@example.com :: +1.603.391.4494 1230 Elm Street, Manchester, NH 03101, USA
Attachment #542047 - Flags: feedback?
Ruben: are you sure Jeremy understands the technical implications here? He calls the PSL a "directory", as if it's just a list for people to read - but it does affect the technical operation of his domain. Is that email you sent something you drafted, or something we drafted centrally? It has a ring of familiarity to it... but I think it should say more about what listing will mean technically, so people are aware. Gerv
Gerv: I tried in my email to describe it as fully as possible, but maybe I wasn't completely clear, so I have sent a follow-up email to Jeremy stating in plain language that cookies will not be able to be set for the domains that we list, but that subdomains of those will be free to set and read their own cookies. Once I receive a reply I will update this bug. The content of the email itself is mostly taken from the PSL website (since this provides a nice summary) and then I added some context-specific information to do with DynDNS. Maybe it would be a thought to have some sort of centrally-drafted email template that we can all agree on and can be used in the future. Ruben
I have now received some emails that clarify the situation somewhat - firstly, one from Jeremy: --- > Thanks for your email. Just to make things clear before we go ahead, > this will mean that no cookies will be able to be set for those > domains that we list, but individual subdomains of those will be > free to set and read their own cookies. Since you seem to redirect > any access to those domains to your central website, this should not > be a problem for you but it's always good to confirm. Ruben, Understood. The only place where I see this as an issue is someone's home router software using the list and it interferes with a login. Should be good. Thanks for reaching out and asking! Jeremy ---- He also put me in contact with their NOC, which replied a few days later (cc'ing the PSL submissions email address) with: ---- Attached is a diff including all our free and premium Dynamic DNS zones. This list is collected from the following pages: http://www.dyndns.com/services/dns/dyndns/domains.html http://www.dyndns.com/services/dns/dyndns/premium.html -- Chip Marshall NOC Administrator Dynamic Network Services, Inc. http://www.dyn.com/ ---- I have attached to this comment the diff that Chip sent over, listing all of their free and premium domain names.
Attachment #544992 - Flags: review?(gerv) → review+
Thanks for the review Gerv. Anyone to check in please?
Committed changeset 72958:55d37af25b3d to mozilla-inbound. Gerv
http://hg.mozilla.org/mozilla-central/rev/55d37af25b3d I have no idea how to set the target milestone... I've used the current month.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → Jul
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.