publicsuffix / list

The Public Suffix List
https://publicsuffix.org/
Mozilla Public License 2.0
2.06k stars 1.22k forks source link

.ml / .presse.ml And ICANN Section #1191

Closed nic-ml closed 3 years ago

nic-ml commented 3 years ago

Hello, I am new to the team and from now on I will be responsible for the projects on Github.

I would like to understand a little more about PSL.

Is it necessary to change the ICANN section that contains the .ml?

The delegation is currently divided into:

.gouv.ml - is delegated and operated by AGETIC.

.presse.ml - is delegated to NIC du Mali, in other words, is with us.

.ml - delegated to AGETIC, however it is operated by Freenom.

com.ml, org.ml and gov.ml, no longer appear delegated and registered. (I believe they were extinct).

Thanks

Att. Andres H.

dnsguru commented 3 years ago

Hello, I am new to the team and from now on I will be responsible for the projects on Github.

Welcome back - It looks like we had some dialog in #1009 and #1028

I would like to understand a little more about PSL.

OK. not much has changed since last time we reviewed things.
Start here : Read the Wiki, then ask questions

It seems like you're asking about how to re-arrange / segment the entry or update it.

For applying any changes, there is a need to confirm the authorittative administrator of the zone is involved, so there is a requirement to add a _psl.ml txt record into the DNS that can be publicly verified. If that is not you, loop them in on this, as they will need to be involved.

Is it necessary to change the ICANN section that contains the .ml?

Only if, as administrator of a namespace you believe it needs to be modified

Here is the current listing within the file, which appears to be the legacy information that came together as the PSL formed, and came from a couple of sources, (including wikipedia):

// ml : http://www.gobin.info/domainname/ml-template.doc
// see also: https://en.wikipedia.org/wiki/.ml
ml
com.ml
edu.ml
gouv.ml
gov.ml
net.ml
org.ml
presse.ml

The delegation is currently divided into: .gouv.ml - is delegated and operated by AGETIC. .presse.ml - is delegated to NIC du Mali, in other words, is with us. .ml - delegated to AGETIC, however it is operated by Freenom.

com.ml, org.ml and gov.ml, no longer appear delegated and registered. (I believe they were extinct).

What about edu.ml, net.ml ?

There is not a very clear path between IANA website entry and presse.ml or Freenom, so there will need to be DNS entries to help demonstrate administration for validation / verification purposes.

To make following changes within the IANA listing for .ml would need to have these three DNS entries set up in the repsective zone files. _psl.ml IN TXT "https://github.com/publicsuffix/list/issues/1191" _psl.gouv.ml IN TXT "https://github.com/publicsuffix/list/issues/1191" _psl.presse.ml IN TXT "https://github.com/publicsuffix/list/issues/1191"

// ml : http://www.dot.ml/en/ (IANA Listed Authority)
// AGETIC Agence des Technologies de l’Information et de la Communication
// http://www.point.ml/ 
ml
gouv.ml
// NIC DU MALI http://www.nicdumali.presse.ml/ ml@nicdumali.presse.ml
presse.ml
// Legacy (initial) entries
com.ml
edu.ml
gov.ml
net.ml
org.ml

Once _psl.ml txt record is present to validate, removing the legacy stub domains can be discussed.

If you are only able to accomplish demonstrating admin over presse.ml by adding this into the zone _psl.presse.ml IN TXT "https://github.com/publicsuffix/list/issues/1191"

We would be able to split out presse.ml into the PRIVATE section, removing it from the ICANN section if you are only able to demonstrate administrative control over that zone at its apex.

Hope this helps. If so it was worth donating some of my Saturday afternoon to do.

nic-ml commented 3 years ago

@dnsguru Thank you for your attention and your help! I learned a lot by reading what you wrote!

I took over my job from the former employee who opened these calls.

In a brief history:

Since the .ml was re-delegated from SOTELMA to AGETIC, it seems to me that several SLDs have been extinguished or have been sold so that others could operate them.

In the case of presse.ml, it continues to be operated in the same way as years ago and however, presse.ml was purchased by us, who continue to operate it and offer domains.

I do not have the power to make .ml records e.g.ouv.ml.

However I have powers to administer presse.ml. Which section do you want him to be in?

.presse.ml must go to the private section or can it remain in the ICANN section?

If it is okay to keep presse.ml in the ICANN section, I will end this call.

In case there is a need to migrate it to the private section, I will do this registration.

dnsguru commented 3 years ago

It would probably be wisest to move the presse.ml to the private section if there is not a direct delegation of authority from the .ml TLD (ie if this is just a second level registration that your organization happened to find had been released for registration accitdentally by the NIC and your organization picked it up).

Moving it would keep it in the PSL and make it less prone to being removed by .ml if/when they come through and clear out the legacy stub zone etlds (com.ml etc).

As far as the core function of the PSL with respect to its purpose - all entries are treated identically, but there may be undocumented use cases that we have no control over or say which may hold specific bias for names based upon the section that they are in. (ie. may ignore PRIVATE section, may treat ICANN section as "Official" 'TLDs' associated with the IANA delegated authority. Such things, we have absolutely no control over)

You might decide that no change is the right approach to take, you might decide to move. This is entirely your decision.

nic-ml commented 3 years ago

@dnsguru Thanks again for your clarification and information. :D

nic-ml commented 3 years ago

@dnsguru Hello, we decided to stay in the ICANN section, because due to the good relationship and the sympathy that AGETIC has with us, it will not be necessary, as there was only one delegation exchange.

The Team explained to me that by the time presse.ml was re-delegated, everyone was already aware that we would have to operate it openly so that any person or organization could register.

They also explained to me that AGETIC can only delete or add SLDs belonging to it. She has no intention of making these changes, as the Malian government has other concerns. :)

Therefore, as they had informed, since it is only a matter of re-delegation, they will maintain it.

Thank you!

nic-ml commented 3 years ago

@dnsguru I would just like to make a correction!

The team informed me this morning that the other extensions, including net.ml and org.ml, were removed from the DNS.

In the case of presse.ml, we have some support, as they informed me that due to good relations, it will be up to us to decide whether to keep or remove from the ICANN section.

In this case, I would like to know if it is possible to create a distinction similar to .us.

That is, keep presse.ml in the ICANN section, stating that we are the operator for it and the rest under AGETIC?

Example:

// ICANN SECTION //

// ml : http://www.dot.ml/en/ (IANA Listed Authority) // AGETIC Agence des Technologies de l’Information et de la Communication // http://www.point.ml/ ml gouv.ml

// NIC DU MALI http://www.nicdumali.presse.ml/ ml@nicdumali.presse.ml presse.ml

// Legacy (initial) entries com.ml edu.ml gov.ml net.ml org.ml

Is it possible to do this?

This way, presse.ml would remain in the ICANN section, but as an updated new operator.

dnsguru commented 3 years ago

As I mentioned, there is a path A or path B here. Path A requires .ml DNS entries. It is conditionally possible, and with all of the good relations described that sounds like it will be possible for presse.ml to get this requirement met by .ml for Path A. Given that there are no policies at the point.ml or dot.ml websites that outline their sub-TLD tree or the maintainers, there seems no alternative method to corroborate the story and prove the relationship.

Condition: Have them add this to the .ml zone to demonstrate the awareness and consent.

_psl.ml  IN TXT "https://github.com/publicsuffix/list/issues/1191"

To update the .ml section at the highest level entries (which is what is being requested) there would need to have the proof validated at the highest level.

Otherwise, we can go Path B and move presse.ml to the PRIVATE section with the header as discussed. This would require an entry:

_psl.presse.ml  IN TXT "https://github.com/publicsuffix/list/issues/1191"

Path C is to leave the entry as-is.

That adminstrative proof for validation is something that must be present in order to verify in some public and repeatable way, It protects each entry, so that sub-ordinate entries cannot affect change above their admininstrative horizon.

A story about how great and positive the relationship is cannot replace these requirements. What would stop someone with a subdomain of presse.ml signing up a github account, stating they have a great relationship with nicdumali and requesting to alter the press.ml entry because they say that they were told it is ok to do so?

The policy on this is in place to protect everyone and ensure that there is both administrative awareness and consent at the apex level on affected entries.

nic-ml commented 3 years ago

@dnsguru There is a presentation of the .ml SLDs, which in a presentation at one of the AFTLD meetings.

The PDF file link for the presentation of the .ml hierarchy at AFTLD, is:

http://www.aftld.org/bk/cairo2007/docs/ML_ccTLD.pdf

Or

http://web.archive.org/web/20160417134918/http://www.aftld.org/bk/cairo2007/docs/ML_ccTLD.pdf

.presse.ml and tm.ml had 0 domains in 2007.

nic-ml commented 3 years ago

@dnsguru I thought about it and I think moving to the private section Plan B, but it's also a great idea.

Is there also a public suffix to add to this issue in addition to presse.ml?

Well, I would do the TXT record in presse.ml and in the other domain.

There is still time?

dnsguru commented 3 years ago

Just make a pull request that includes presse.ml and set up the DNS txt entry with the entry URL showing its number or this issue's number (1191) as I have shown in our dialog.

You can include the other domain within the same request or make one later. It will also require a TXT record either way.

Names submitted must also have an expiry date >2y from submission, or an attestation bythe submitting party that it will be kept renewed.

nic-ml commented 3 years ago

Thank you very much!

nic-ml commented 3 years ago

@dnsguru I have new information!

It seems that we will leave everything as it is, because in the future, the other extensions (SLDs) will be released again!

After discussions with the people of Mali, we will leave it as is. That is, all .ml extensions will be maintained until another decision is made.

Thank you for your excellent help! :D