search

publicsuffix / list

The Public Suffix List
https://publicsuffix.org/
Mozilla Public License 2.0
2.03k stars 1.22k forks source link

Add `com.mp` #1993

Closed serverless-domain-registry closed 3 months ago

serverless-domain-registry commented 3 months ago

Public Suffix List (PSL) Pull Request (PR) Template

Each PSL PR needs to have a description, rationale, indication of DNS validation and syntax checking, as well as a number of acknowledgements from the submitter. This template must be included with each PR, and the submitting party MUST provide responses to all of the elements in order to be considered.

Checklist of required steps

Submitter affirms the following:

For Private section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

Description of Organization

The Com.mp Registry is a free domain name provider, and we'd like to offer domain to every people in each corner of the world, for free.

Organization Website:

www.registry.com.mp

Reason for PSL Inclusion

We need to be admitted and accepted by DNS providers, And most of them is respecting PSL.

Number of users this request is being made to serve:

com.mp domains' registration number is about 826 before PR created. And according to Certificate Transparency Log(https://crt.sh/?q=%25.com.mp), com.mp subdomain requested ssl certificate for 34 domains until 12th Jun(excluded com.mp itself).

DNS Verification via dig

dig +short TXT _psl.com.mp @1.1.1.1
"https://github.com/publicsuffix/list/pull/1993"
dig +short TXT _psl.com.mp @8.8.8.8
"https://github.com/publicsuffix/list/pull/1993"

Results of Syntax Checker (make test)

============================================================================
Testsuite summary for libpsl 0.21.5
============================================================================
# TOTAL: 5
# PASS:  5
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
groundcat commented 3 months ago

Under the third-party limits, you have listed both Cloudflare and Let's Encrypt. If you are trying to get around limitations by Cloudflare and Let's Encrypt, you should contact them. If not, you should remove those entries, as per the guidelines.

Number of users this request is being made to serve: com.mp domains population is about 826, As so far.

Per crt.sh records of com.mp indicating the dates of SSL certificate issuance, which isn't a rigorous approach but usually indicative of a SLD/website's lifecycle, the registry's website www.registry.com.mp appears to be newly established today on 2024-06-08. So far, there have been 6 subdomains with separate SSL certificates issued, compared to the "826" reported by the submitter. As of today, there is 1 entry observed through Google site:com.mp, suggesting a potentially low user count, so there might be a relevance issue.

serverless-domain-registry commented 3 months ago
  • The sorting looks good to me.
  • Expiry: The .mp registry (Saipan DataCom, Inc.) at http://get.mp doesn't have a WHOIS service to check expiry.
  • The _psl record exists and is valid.
  • The registry website http://www.registry.com.mp/ provides subdomain registration services, matching the organization description provided.

Under the third-party limits, you have listed both Cloudflare and Let's Encrypt. If you are trying to get around limitations by Cloudflare and Let's Encrypt, you should contact them. If not, you should remove those entries, as per the guidelines.

Number of users this request is being made to serve: com.mp domains population is about 826, As so far.

Per crt.sh records of com.mp indicating the dates of SSL certificate issuance, which isn't a rigorous approach but usually indicative of a SLD/website's lifecycle, the registry's website www.registry.com.mp appears to be newly established today on 2024-06-08. So far, there have been 6 subdomains with separate SSL certificates issued, compared to the "826" reported by the submitter. As of today, there is 1 entry observed through Google site:com.mp, suggesting a potentially low user count, so there might be a relevance issue.

@groundcat Thank you to check my PR, For the conflicts, domains population, we're checking it from our DB directly. It stands for the domains count which claimed by our users.

If PSL's requirements need, that domains population stands for activity for who owns website, has HTTP, HTTPS, i admit we're counting wrong.

Cloudflare Serverless D1 domains table count

simon-friedberger commented 3 months ago
simon-friedberger commented 3 months ago

Could you elaborate why so few people use HTTPS or why they don't use CT?

serverless-domain-registry commented 3 months ago

Could you elaborate why so few people use HTTPS or why they don't use CT?

We're opened recently only for a few days. for a user, few days is too short to build a website. And there is another critical factor stopped them to build a website: DNS providers dis-admission. As for now, mostly DNS providers reject their subscribers to add subdomain.com.mp. i.e: Cloudflare, Route 53, DNS.com... by our community evaluation only few supports, i.e CloudDNS. The DNS provider's admission is the very critical before user can build their website. BTW, for most of domain subscribers, They want to take control better domains exclusively before others do, because it's for free.

We also expect the conversion rate of subscribers to utilizers of this service to change in the near future.

groundcat commented 3 months ago

As I re-checked the registry website (https://www.registry.com.mp) today, it appears that the submitter has added a "petition" call-to-action request at the top of the homepage with a link to this pull request.

From my understanding, encouraging users to submit more requests to the PSL project will not help your domain get listed. The PSL project is maintained by unpaid volunteers.

Asking users to submit a "petition" and send requests to PSL would flood this pull request with spam and increase the volunteers' workload unnecessarily.

I kindly suggest respecting the volunteers' time and efforts. If you have already followed the guidelines and met all the requirements, please be patient and avoid submitting further requests or encouraging others to do so.

image

Additionally, adding a domain to a PSL is not a "root inclusion." The PSL is merely a file of strings and nothing more than that. Adding a domain to the PSL will never make it equivalent to an ICANN section domain. Using the term "root inclusion" on your website could be potentially misleading.

serverless-domain-registry commented 3 months ago

As I re-checked the registry website (https://www.registry.com.mp) today, it appears that the submitter has added a "petition" call-to-action request at the top of the homepage with a link to this pull request.

From my understanding, encouraging users to submit more requests to the PSL project will not help your domain get listed. The PSL project is maintained by unpaid volunteers.

Asking users to submit a "petition" and send requests to PSL would flood this pull request with spam and increase the volunteers' workload unnecessarily.

I kindly suggest respecting the volunteers' time and efforts. If you have already followed the guidelines and met all the requirements, please be patient and avoid submitting further requests or encouraging others to do so.

image

Additionally, adding a domain to a PSL is not a "root inclusion." The PSL is merely a file of strings and nothing more than that. Adding a domain to the PSL will never make it equivalent to an ICANN section domain. Using the term "root inclusion" on your website could be potentially misleading.

Thank you for clarify, we removed the link. we just want user to list their domain registered and declare their purpose for the domain here.

simon-friedberger commented 3 months ago

And there is another critical factor stopped them to build a website: DNS providers dis-admission. As for now, mostly DNS providers reject their subscribers to add subdomain.com.mp. i.e: Cloudflare, Route 53, DNS.com... by our community evaluation only few supports, i.e CloudDNS. The DNS provider's admission is the very critical before user can build their website.

Please list any such restrictions in the initial comment under

We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see https://github.com/publicsuffix/list/issues/1245 as a well-documented example)

and make sure to remove restrictions which are not relevant to you and to remove the <UPDATE THIS LIST WITH YOUR LIMITATIONS!>.

BTW, for most of domain subscribers, They want to take control better domains exclusively before others do, because it's for free.

Because it is free is also why people often grab such domains but then never use them, so number of registrations is not a great estimate for the actual usage. Anyway, if you could provide a link to a site with a list of registered domains that would be very helpful. If you are providing hosting and you could also display the number of actual requests, that would be even better.

serverless-domain-registry commented 3 months ago

Please list any such restrictions in the initial comment under

We've listed our initial motivation in the comment, including 3rd party list involved

and make sure to remove restrictions which are not relevant to you and to remove the <UPDATE THIS LIST WITH YOUR LIMITATIONS!>.

We've removed which not relevant.

Because it is free is also why people often grab such domains but then never use them, so number of registrations is not a great estimate for the actual usage. Anyway, if you could provide a link to a site with a list of registered domains that would be very helpful. If you are providing hosting and you could also display the number of actual requests, that would be even better.

We've re-estimate actual users in the initial comment and ctlog link.

TY again @simon-friedberger

groundcat commented 3 months ago

com.mp subdomain requested ssl certificate for 34 domains until 12th Jun(excluded com.mp itself).

@serverless-domain-registry According to the subdomain discovery scan result, there are currently 34 domains pointing to the same IP address. Could you help clarify why they share the same IP address? Is it possible that the registry is also providing a shared hosting service somewhere, although the website (https://www.registry.com.mp) doesn't mention offering hosting services. Thanks.

image

serverless-domain-registry commented 3 months ago

com.mp subdomain requested ssl certificate for 34 domains until 12th Jun(excluded com.mp itself).

@serverless-domain-registry According to the subdomain discovery scan result, there are currently 34 domains pointing to the same IP address. Could you help clarify why they share the same IP address? Is it possible that the registry is also providing a shared hosting service somewhere, although the website (https://www.registry.com.mp) doesn't mention offering hosting services. Thanks.

image

Hello, @groundcat. Thank you for giving feedback to my PR.

Domain IP Address
888.com.mp 162.210.101.36
ai.com.mp 162.210.101.36
blog.com.mp 162.210.101.36
china.com.mp 162.210.101.36
cn.com.mp 162.210.101.36
d.com.mp 162.210.101.36
e.com.mp 162.210.101.36
f.com.mp 162.210.101.36
free.com.mp 162.210.101.36
loli.com.mp 162.210.101.36
me.com.mp 162.210.101.36
news.com.mp 162.210.101.36
p.com.mp 162.210.101.36
qm.com.mp 162.210.101.36
sex.com.mp 162.210.101.36
tv.com.mp 162.210.101.36
www.888.com.mp 162.210.101.36
www.ai.com.mp 162.210.101.36
www.blog.com.mp 162.210.101.36
www.china.com.mp 162.210.101.36
www.cn.com.mp 162.210.101.36
www.d.com.mp 162.210.101.36
www.e.com.mp 162.210.101.36
www.f.com.mp 162.210.101.36
www.free.com.mp 162.210.101.36
www.loli.com.mp 162.210.101.36
www.me.com.mp 162.210.101.36
www.news.com.mp 162.210.101.36
www.p.com.mp 162.210.101.36
www.qm.com.mp 162.210.101.36
www.sex.com.mp 162.210.101.36
www.tv.com.mp 162.210.101.36
www.xxx.com.mp 162.210.101.36
xxx.com.mp 162.210.101.36

Totally 34 domains, that's right. but we'd divide 2. Because there consist subdomain's www and themselves so it should 17 domains.

By my team's preliminary judgment:

Those domains are pointing to a virtual web hosting(Vhost) provider.

Here is the proof: https://2ip.io/domain-list-by-ip/162.210.101.36/, We can see there're 500+ website on the same server, that's much more than situation what a normal company/individual demands. Very much like a web hosting operator, and those com.mp domains' owner are its customers.

Currently, there are very few providers that support our suffixes, and my team believes that it is normal for domain name resolution to be concentrated in a few DNS and hosting companies. We have also seen users in several communities who hope to be included into PSL as soon as possible so that they can add domain by our suffix into more providers to begin diversified services.

If more specifically is required, we can get in touch with those customers for what's their real business running.

Best regards!

serverless-domain-registry commented 3 months ago

@simon-friedberger Hello Simon, Do you have time to take a re-check for our PR? I'see no any passing or reject label tagged in this PR but PRs after us got.

Appreciate for your contribute again!

dnsguru commented 3 months ago

I am reading this as .com.mp wants to specifically use the Pull Request to bypass third party limits at Cloudflare and others, and also that there are not thousands or tens of thousands of affected sites at this time. Between those two major factors and the inability to obtain whois information that demonstrates the domain is registered for a period of more than 2y, I am struggling to see where this PR gets merged due to an abundance of non-compliance with some of the requirements.

serverless-domain-registry commented 3 months ago

@dnsguru

No where to check domain expiry, yes the upstream mp NIC doesn't provide whois services anymore. But we're certain about the COM.MP's validity is more than two years.

And, We're trying to bypass third party limits at Cloudflare and others, yes, we are. We think it is a reasonable intention for a free subdomain service provider. (COM.MP provides every subdomain for free, we didn't expect a penny from this service, and all our source code was opened at https://github.com/serverless-domain-registry/registry). And we think PSL's acceptance is good for every com.mp subdomain holder's benefit, because it will reduce the difficulty for a com.mp subdomain holder to use global services.

Anyway, Thank you for your preciously attention.

groundcat commented 3 months ago

And, We're trying to bypass third party limits at Cloudflare and others, yes, we are. We think it is a reasonable intention for a free subdomain service provider.

@serverless-domain-registry Your clients can add their subdomains to a Cloudflare account using a Cloudflare "Enterprise" account (not the free plan).

However, as stated in the guidelines under the "Validation and Non-Acceptance Factors" section, PSL is not for the purpose of bypassing third-party limits. If you need to bypass Cloudflare's limits, you may want to reach out to Cloudflare for their assistance.