What do people use public suffix for?

Jimmy Hess mysidia at gmail.com
Sat Apr 20 02:58:44 UTC 2013


On 4/19/13, Dave Crocker <dhc2 at dcrocker.net> wrote:
> On 4/19/2013 4:33 PM, Jimmy Hess wrote:
[snip]
> Absent a view that somehow says all metadata is a security function, I
> don't see how the marking of administrative boundaries qualifies as a
> security function.

The security function comes in immediately, when you consider any
actual uses for said kind of metadata.

The issues are alleviated only by assuming that an administrative
division always exists, unless you can show otherwise,   and showing
that the records are in the same zone is one way of showing otherwise.


When you come to rely on it, there are new security issues.

It becomes such that;   It   is perfectly safe to assume that there is
an administrative division when there is not   (in the worst case, you
break some desired function, such as the sharing of cookies  across
subdomains within the same administrative boundary).

But if you assume no administrative division exists, when there is
supposed to be one -- you have some kind of access control permit
leakage or data leaking through permissions that are supposed to block
operations across the administrative boundaries.


Only a zone signed with DNSSEC can really be trusted not to be
tampered with;  therefore,  any declaration of an administrative
division cannot be proven, and should not be relied upon,  if   any
parent zone up the tree is not signed with delegation validated using
signed records.



> Let's be careful not to overload functions here.

The function becomes pretty useless,  if you cannot safely rely on it
in the real world.
Because tampering can occur through lack of integrity validation,

Or by a child domain claiming to not be administratively divided (when
actually, there is supposed to be an administrative division).


In those cases,  a static list is safer.



> d/
--
-JH




More information about the NANOG mailing list