simon-friedberger
commented
4 months ago User numbers are required!
Closed KV-GmbH-dev closed 3 months ago
simon-friedberger
commented
4 months ago User numbers are required!
yahesh
commented
4 months ago I don't understand how "This inclusion is crucial for [...] improving SSL certificate issuance processes." and "This submission aims to bolster the reliability [...] of our domain and hosting services without circumventing third-party limits." fit together. I'd assume that selling *.co.de subdomains could sooner or later trigger limits of... say... Let's Encrypt during the "SSL" certificate issuance. 🤔
KV-GmbH-dev
commented
4 months ago While that theoretically could be the case, to come anywhere near the new order limit we would need to have more than 200.000 subdomains (assuming the validity period is 3 months).
yahesh
commented
4 months ago While that theoretically could be the case, to come anywhere near the new order limit we would need to have more than 200.000 subdomains (assuming the validity period is 3 months).
I'd argue that it's much likelier that you'd run into the main limit which would be the Certificates per Registered Domain limit that could be reached with just 50 sold subdomains (or even less, considering that your users might use several 4th level domains with Let's Encrypt certificates which all count against the registered domain limit). The new order limit you're referring to would only be relevant if your customers would spread out their certificate requests evenly over time so that they enter a period in which they only do certificate renewals without altering the respective subdomains.
After all, your inclusion request still sounds as if you're trying to circumvent this 3rd party limit due to your own wording, stating that "[t]his inclusion is crucial for [...] improving SSL certificate issuance processes" and that "[t]his submission aims to bolster the reliability [...] of [your] domain and hosting services".
yahesh
commented
4 months ago Did some digging and found out that the current general manager of the KV GmbH already tried to push .de owners to also pay for .co.de subdomains in 2009, which lead to somewhat of a backlash back then (leaving out the links to less well-worded blog posts about the incident):
KV-GmbH-dev
commented
4 months ago Apologies for any confusion. The main goal was to enable listing of *.co.de domains on platforms like Sedo, DAN, Bodis or parkingcrew, which use the public suffix list to identify valid domain endings. The articles you referenced describe subdomains as scams, which is misleading (e.g. domain.co.de instead of domain.de). Since we only offer first level subdomains and our customers are responsible for their SSL certs, the LetsEncrypt limit should not be an issue.
yahesh
commented
4 months ago The articles you referenced describe subdomains as scams, which is misleading (e.g. domain.co.de instead of domain.de).
The articles are specifically about today's general manager of the KV GmbH who - in 2009 - sent letters to owners of .de domains regarding "legal clarifications" and tried to push them to also register the corresponding .co.de subdomain to protect their trademarks from being registered by third parties.
KV-GmbH-dev
commented
4 months ago The behavior at that time was legally permissible and also necessary in the then new market of subdomain allocation in order to avoid legal problems. The articles mentioned are all individual opinions that probably no one would hold today 15 years later. Even back then, the protection of intellectual property and brands was important to our managing director and this idea was later taken up by other services and service providers.
dnsguru
commented
3 months ago Apologies for any confusion. The main goal was to enable listing of *.co.de domains on platforms like Sedo, DAN, Bodis or parkingcrew, which use the public suffix list to identify valid domain endings.
This sounds exactly like using the PSL to bypass third party limits.
KV-GmbH-dev
commented
3 months ago A lot of platforms use the PSL to determine valid domain endings. Our request to add *.co.de to the PSL aims to enable listings on platforms like Sedo, DAN, Bodis, and ParkingCrew, not to bypass any limits. Right now only a couple of platforms allow co.de subdomains.
yahesh
commented
3 months ago I'd question that the actual change in your PR does what you think it does (as the asterisk has a specific meaning and it doesn't sound as if that's what you want).
simon-friedberger
commented
3 months ago A lot of platforms use the PSL to determine valid domain endings. Our request to add *.co.de to the PSL aims to enable listings on platforms like Sedo, DAN, Bodis, and ParkingCrew, not to bypass any limits. Right now only a couple of platforms allow co.de subdomains.
That is something that you should take up with those platforms. It seems inappropriate to use the PSL for this. Domains on the PSL will never be full public suffixes. That is exactly why the PSL exists. Such services should rely on the ICANN TLDs.
simon-friedberger
commented
3 months ago Closing due to low user numbers.
Public Suffix List (PSL) Pull Request (PR) Template
Each PSL PR needs to have a description, rationale, indication of DNS validation and syntax checking, as well as a number of acknowledgements from the submitter. This template must be included with each PR, and the submitting party MUST provide responses to all of the elements in order to be considered.
Checklist of required steps
[x] Description of Organization
[x] Robust Reason for PSL Inclusion
[x] DNS verification via dig
[x] Run Syntax Checker (make test)
[x] Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _PSL txt record in place in the respective zone(s) in the affected section
Submitter affirms the following:
For Private section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.
To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.
PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.
(Link: about propagation/expectations)
[x] Yes, I understand. I could break my organization's website cookies etc. and the rollback timing, etc is acceptable. Proceed.
Description of Organization
KV GmbH specializes in offering comprehensive domain and hosting services. Our core operation includes facilitating users in registering subdomains under co.de, aiming to establish it as a recognized custom TLD for diverse online projects and platforms. As an engineer at KV GmbH, my role encompasses overseeing and ensuring the secure and efficient management of domain registrations, including the submission of *.co.de to the Public Suffix List to enhance the security and reliability of subdomains registered by our clients.
Organization Website: https://kv-gmbh.de/
Reason for PSL Inclusion
KV GmbH requests the addition of *.co.de to the Public Suffix List to enhance cookie security and domain isolation for our users. This inclusion is crucial for enabling secure, isolated environments across subdomains, thereby mitigating security risks and improving SSL certificate issuance processes. We affirm that all subdomains under co.de are registered for terms exceeding two years, with a commitment to maintaining these terms to comply with PSL guidelines. This submission aims to bolster the reliability and security of our domain and hosting services without circumventing third-party limits.
Number of users this request is being made to serve: 300
DNS Verification via dig
dig +short TXT _psl.co.de "https://github.com/publicsuffix/list/pull/1967"
Results of Syntax Checker (
make test)Testsuite summary for libpsl 0.21.5
TOTAL: 5
PASS: 5
SKIP: 0
XFAIL: 0
FAIL: 0
XPASS: 0
ERROR: 0