DNS tree bounds

Both users and applications make inferences from domain names, usually in an effort to make some determination about identity or the correct security stance to take. Such inferences, however, are usually based on heuristics, rules of thumb, and large static lists describing parts of the DNS name space. The DNS root is expanding rapidly, and the existing mechanisms -- primarily the public suffix list ( and related systems -- are unlikely to be sustainable in the medium term. Most of the existing mechanisms are managed semi-manually, and there are good reasons to suppose that the limits of such management are either about to be exceeded, or already have been. Moreover, the existing mechanisms are made without regard to the semantics of domain name boundaries, and sometimes miss subtle but important parts of those semantics (in particular, the public suffix list has sometimes failed to take into account so-called empty non-terminals). Perhaps most importantly, the public suffix list puts the control of policy assertions about a given name outside of the control of the domain operator, and in the hands of the operator of the list.

The purpose of this mailing list is to discuss this issue and to identify as completely as we can the cases in need of addressing, to identify the necessary lines of work to address each case, and to determine whether there is sufficient interest and energy to set up a working group to complete that work.

To contact the list owners, use the following email address:


IETF Mailarchive

Subscription / Unsubscription

To subscribe or unsubscribe from this list, please sign in first. If you have not previously signed in, you may need to set up an account with the appropriate email address.

Sign In

You can also subscribe without creating an account. If you wish to do so, please use the form below.