search

publicsuffix / list

The Public Suffix List
https://publicsuffix.org/
Mozilla Public License 2.0
2.03k stars 1.22k forks source link

add rrr.re and ah.ink domains to PSL #1990

Closed bbxyz closed 3 months ago

bbxyz commented 4 months ago

Public Suffix List (PSL) Pull Request (PR) Template

Each PSL PR needs to have a description, rationale, indication of DNS validation and syntax checking, as well as a number of acknowledgements from the submitter. This template must be included with each PR, and the submitting party MUST provide responses to all of the elements in order to be considered.

Checklist of required steps

Submitter affirms the following:

For Private section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

Description of Organization

We are an organization that provides free third-level domain names to webmasters, tech-savvy individuals, and developers. Currently, we primarily offer them convenient tools and navigation website services. I am the founder of SayNav.com.  We've noticed that many people (from forums like hostloc.com and nodeseek.com) are unable to establish their own websites due to the high cost of domain names. We do not charge any fees from our users. This is a non-profit project aimed at public welfare, and we plan to provide this service for the long term. We are currently using rrr.re and ah.ink to offer free third-level domain names for them to set up their websites. In the future, we plan to add more domain names for webmasters, tech individuals, and developers to use for free, either for formal scenarios or for testing purposes.  Organization website: https://www.saynav.com Subdomain registration URL: https://nic.rrr.re

Reason for PSL Inclusion

All Third Level Domains are completely independent and should be protected by browsers' security features. (e.g. to prevent setting cookies on the parent domain and hostname highlighting where supported)

Number of users this request is being made to serve: 5,000 to 10,000+ We currently have 300 active subdomains, stable and continuous increase.

ah.ink expires on 2029-02-23 > 2 years remaining. rrr.re expires on 2029-05-16 > 2 years remaining.

DNS Verification via dig

dig +short TXT _psl.ah.ink
"https://github.com/publicsuffix/list/pull/1990"
dig +short TXT _psl.rrr.re
"https://github.com/publicsuffix/list/pull/1990"

Results of Syntax Checker (make test)


Making check in tests
  CC       test-is-public.o
  CC       common.o
  CC       test-is-public-all.o
  CC       test-is-cookie-domain-acceptable.o
  CC       test-is-public-builtin.o
  CC       test-registrable-domain.o
  CCLD     test-is-public
  CCLD     test-is-cookie-domain-acceptable
  CCLD     test-is-public-builtin
  CCLD     test-is-public-all
  CCLD     test-registrable-domain
PASS: test-is-public-builtin
PASS: test-registrable-domain
PASS: test-is-cookie-domain-acceptable
PASS: test-is-public
PASS: test-is-public-all
============================================================================
Testsuite summary for libpsl 0.21.5
============================================================================
# TOTAL: 5
# PASS:  5
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
Making check in msvc
groundcat commented 3 months ago

The "Reasoning/Organization description" section is missing the number of users this request is intended to serve.

Although I'm not a PSL maintainer, I believe the PSL maintainers would appreciate it if you could clarify the planned number of users who will register subdomains under .rrr.re, as required by the template and guidelines. Please do not remove this from the pull request template.

You removed ah.ink from your PR's title. Are you planning to submit only rrr.re or both? If only rrr.re, please update the commit and comments to reflect the removal of ah.ink as well.

I might be missing something, but the services you described under "Description of Organization" does not seem to be provided at saynav.com. From what I can see, saynav.com appears to be a directory or a navigation site for many third-party online services, rather than a "public welfare organization" as described in your PR. It doesn’t seem to offer free domain names. It would be great if you could clarify this and provide a link where the described subdomain registration service is provided so volunteers can verify your intentions for this request.

groundcat commented 3 months ago

Under the third-party limits that you seek to work around, you have listed both Cloudflare and Let's Encrypt. If you are trying to circumvent limitations imposed by Cloudflare and Let's Encrypt, you should contact them directly instead of adding the domain to the PSL. If this is not your intention, please remove those entries.

groundcat commented 3 months ago

Your title says "add .rrr.re to PSL," but your commit shows rrr.re and ah.ink instead of .rrr.re. Please note that adding *.rrr.re versus adding rrr.re has different implications for the PSL. Please clarify.

bbxyz commented 3 months ago
  • The sorting looks correct.
  • rrr.re expires on 2029-05-16 > 2 years remaining.

The "Reasoning/Organization description" section is missing the number of users this request is intended to serve.

Although I'm not a PSL maintainer, I believe the PSL maintainers would appreciate it if you could clarify the planned number of users who will register subdomains under , as required by the template and guidelines. Please do not remove this from the pull request template..rrr.re

You removed from your PR's title. Are you planning to submit only or both? If only , please update the commit and comments to reflect the removal of as well.ah.ink``rrr.re``rrr.re``ah.ink

I might be missing something, but the services you described under "Description of Organization" does not seem to be provided at saynav.com. From what I can see, saynav.com appears to be a directory or a navigation site for many third-party online services, rather than a "public welfare organization" as described in your PR. It doesn’t seem to offer free domain names. It would be great if you could clarify this and provide a link where the described subdomain registration service is provided so volunteers can verify your intentions for this request.

Thank you very much for your patient answer. My native language is not English, so there may have been some issues during the translation process. I am very sorry for this issue.

I have renewed the ah. ink and hope to submit both domains simultaneously.

I will now update the content of the PR and carefully review it before submitting it again.

Under the third-party limits that you seek to work around, you have listed both Cloudflare and Let's Encrypt. If you are trying to circumvent limitations imposed by Cloudflare and Let's Encrypt, you should contact them directly instead of adding the domain to the PSL. If this is not your intention, please remove those entries.

I missed this place when deleting, and it has now been corrected. Thank you for your reminder

Your title says "add .rrr.re to PSL," but your commit shows rrr.re and ah.ink instead of .rrr.re. Please note that adding *.rrr.re versus adding rrr.re has different implications for the PSL. Please clarify.

Yes, I understand. I have completed the correction. Thank you again.

simon-friedberger commented 3 months ago
simon-friedberger commented 3 months ago

https://nic.rrr.re/ also offers ggg.name is that an oversight?

bbxyz commented 3 months ago

https://nic.rrr.re/ also offers ggg.name is that an oversight?

Thank you for your reminder. We plan to offer registration for the ggg.name subdomain in the future. According to the requirements of this PR, we have updated https://nic.rrr.re to only provide registration for the rrr.re and ah.ink subdomains.

groundcat commented 3 months ago

Upon closer look of the registry website at https://nic.rrr.re/ , it appears to be an iframe embedding of a Jotform form. While having terms of service listed in the application form is beneficial, there is currently a lack of abuse contact and a privacy policy. This is potentially important as security vendors and browsers often rely on the PSL to separate websites, and adversaries might exploit PSL domains for malicious purposes. At the very least, it would be beneficial if there is a way to contact the administrator of the namespaces when issues like abuse, phishing, pharming, or malware arise, requiring prompt action (#1813).

Implementing these information and policies would improve the security and indicate the long-term commitment of your project.

Additionally, the form appears to be using a free version of Jotform, which limits submissions to 100 per month (a paid version would not have Jotform branding). I'm not a PSL maintainer, so I'm not sure what level of user activity the PSL project is expecting, but a low number of users could potentially pose a relevance issue.

image
bbxyz commented 3 months ago

Upon closer look of the registry website at https://nic.rrr.re/ , it appears to be an iframe embedding of a Jotform form. While having terms of service listed in the application form is beneficial, there is currently a lack of abuse contact and a privacy policy. This is potentially important as security vendors and browsers often rely on the PSL to separate websites, and adversaries might exploit PSL domains for malicious purposes. At the very least, it would be beneficial if there is a way to contact the administrator of the namespaces when issues like abuse, phishing, pharming, or malware arise, requiring prompt action (#1813).

Implementing these information and policies would improve the security and indicate the long-term commitment of your project.

Additionally, the form appears to be using a free version of Jotform, which limits submissions to 100 per month (a paid version would not have Jotform branding). I'm not a PSL maintainer, so I'm not sure what level of user activity the PSL project is expecting, but a low number of users could potentially pose a relevance issue.

image

We attach great importance to network security and have always had abuse report pages. We will add abuse report links to the domain registration website as soon as possible. We understand and agree that this is crucial for ensuring website security and preventing abuse.

Regarding the issue of using the free Joplatform, based on the current user application situation, there are approximately 60 submissions per month. We are currently evaluating and considering upgrading to a paid Joplatform version or building it ourselves in order to handle more submissions and maintain relevance in PSL.

simon-friedberger commented 3 months ago

There don't seem to be more than 5 active subdomains according to CT logs.

Projects that are smaller in scale or are temporary or seasonal in nature will likely be declined. Examples of this might be private-use, sandbox, test, lab, beta, or other exploratory nature changes or requets. It should be expected that despite whatever site or service referred a requestor to seek addition of their domain(s) to the list, projects not serving more then thousands of users are quite likely to be declined.