However, this is for a specific use-case: when determining what part of the domain is the public suffix. Using this rule when determining whether the suffix is "known" is a huge security hole, as it essentially treats all domains as "known".
Specifically the "type" should be None, if the wildcard rule is used as a fallback.
This is a security vulnerability, as programs may rely on this to screen out local domains, eg. "example.svc.local".
I understand that the algorithm described on https://publicsuffix.org/list/ specifies that:
However, this is for a specific use-case: when determining what part of the domain is the public suffix. Using this rule when determining whether the suffix is "known" is a huge security hole, as it essentially treats all domains as "known".
Specifically the "type" should be
None
, if the wildcard rule is used as a fallback.