Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Support .name Top Level Domain with third level registration #194

Closed
coughingmouse opened this issue Jun 4, 2020 · 1 comment
Closed

[Feature Request] Support .name Top Level Domain with third level registration #194

coughingmouse opened this issue Jun 4, 2020 · 1 comment

Comments

@coughingmouse
Copy link

.name TLD has a few third level registrations and .lee.name which I'd like to use HSTS preloaded on is one of them.

https://hstspreload.org/ considers my website a subdomain. If you can, would you let individuals using .name get it preloaded?
@nharper
Copy link
Collaborator

nharper commented Jun 4, 2020

In cases where the the .name Registry is allowing registrations of third level domains, they should be putting the corresponding second level domains on the public suffix list. Doing so would result in hstspreload.org recognizing your domain as a registered domain instead of a subdomain.

More importantly, this affects the security of your domain: If you register foo.lee.name and someone else controls bar.lee.name (and lee.name isn't on the public suffix list), then bar.lee.name can set cookies on lee.name which results in them getting injected into requests sent to foo.lee.name.

@nharper nharper closed this as completed Jun 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nharper @coughingmouse