You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In cases where the the .name Registry is allowing registrations of third level domains, they should be putting the corresponding second level domains on the public suffix list. Doing so would result in hstspreload.org recognizing your domain as a registered domain instead of a subdomain.
More importantly, this affects the security of your domain: If you register foo.lee.name and someone else controls bar.lee.name (and lee.name isn't on the public suffix list), then bar.lee.name can set cookies on lee.name which results in them getting injected into requests sent to foo.lee.name.
.name TLD has a few third level registrations and .lee.name which I'd like to use HSTS preloaded on is one of them.
https://hstspreload.org/ considers my website a subdomain. If you can, would you let individuals using .name get it preloaded?
The text was updated successfully, but these errors were encountered: