Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add isolated.page to the PSL #1350

Closed
wants to merge 1 commit into from
Closed

Add isolated.page to the PSL #1350

wants to merge 1 commit into from

Conversation

iangcarroll
Copy link

@iangcarroll iangcarroll commented Jun 12, 2021
edited
Loading

  • Description of Organization

  • Reason for PSL Inclusion

  • DNS verification via dig

  • Run Syntax Checker (make test)

  • Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _PSL txt record in place

Submitter affirms the following:

  • We are listing any third party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)
  • This request was not submitted with the objective of working around other third party limits
  • The Guidelines were carefully read and understood, and this request conforms
  • The submission follows the guidelines on formatting

For Private section requests that are submitting entries for domains that match their organization website's primary domain:

Seriously, carefully read the downline flow of the PSL and the guidelines.
Your request could very likely alter the cookie and certificate (as well as other) behaviours on your 
core domain name in ways that could be problematic for your business.

Rollback is really not predicatable, as those who use or incorporate the PSL do what they do, and when.
It is not within the PSL volunteers' control to do anything about that.  

The volunteers are busy with new requests, and rollbacks are lowest priority, so if something gets broken 
it will stay that way for an indefinitely long while.

(Link: about propogation/expectations)

  • Yes, I understand. I could break my organization's website cookies etc. and the rollback timing, etc is acceptable. Proceed.

Description of Organization

Organization Website: https://ian.sh

I am an individual security researcher and developer.

Reason for PSL Inclusion

I would like to isolate the subdomains of isolated.page for various experiments with web security. For example, creating simple conformance tests like https://badssl.com, and for testing third-party PSL implementations.

The domain is specifically registered for this purpose (so that my main domain ian.sh is not impacted), hence the name.

The domain will be kept at 2+ years at all times; currently it is registered past 2025.

% whois isolated.page | grep Expiry
Registry Expiry Date: 2025-06-12T09:13:07Z

DNS Verification via dig

% dig +short TXT _psl.isolated.page @8.8.8.8
"https://github.com/publicsuffix/list/pull/1350"

make test

Ran it locally and all tests passed.

@dnsguru
Copy link
Member

dnsguru commented Jun 14, 2021

Hi this is something that goes against the filesize modesty - we typically decline PR for individual and even moderate sized labs or CTF activities. We have someone submitting a more widely applicable suggestion in issue #1349 that was proposed as a non-proprietary manner of achieving this without contributing to bloat of the PSL for individual or small projects.

@dnsguru dnsguru self-assigned this Jun 14, 2021
@dnsguru dnsguru added ❌invalid Invalid due to the formatting, premise, or other factor NOT IOS FB Submitter attests PR is not #1245 related labels Jun 14, 2021
@dnsguru dnsguru linked an issue Jun 14, 2021 that may be closed by this pull request
Add a generic public-service namespace suffix for sandbox testing / lab use #1349
Open
@iangcarroll
Copy link
Author

Hi @dnsguru, understandable. Unfortunately I do not think #1349 is fully generalizable -- it does help for some cases (i.e. one could use two IP addresses to test if a browser isolates the origins correctly), but for my purposes I was also hoping to examine how relying parties like CAs handle the root domain of PSL entries, which wouldn't be possible with something like that. If it is not possible, no worries.

@dnsguru
Copy link
Member

dnsguru commented Sep 20, 2021

@iangcarroll I think we're both right... but this is one we can't incorporate because of other declines we're doing, just to be consistent. We have been working to keep the bloat down generally and are going to become more aggressively tight about what gets allowed with respect to things like this.

Thank you for the submission and your interests in working to test and harden through ethical hacking.

@dnsguru dnsguru closed this Sep 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@dnsguru dnsguru

Labels
❌invalid Invalid due to the formatting, premise, or other factor NOT IOS FB Submitter attests PR is not #1245 related
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add a generic public-service namespace suffix for sandbox testing / lab use
2 participants
@iangcarroll @dnsguru