Getting listed in the PublicSuffixList #170
Comments
|
IONOS / 1and1 has apparently recognised the problem and submitted a corresponding PR: publicsuffix/list#2083 It's a pity that mittwald doesn't see a (security) problem here. |
|
First of all thank you @14x4 for reaching out and to suggest security improvements!
Please keep in mind that this repository isn't necessary set up for security related content - therefor issues that should be looked up with a higher priority duo to security might be overlooked or delayed - so please report new suggestions as our imprint or security.txt suggests (Your follow up email (correct way 👍) is the reason why i was pointed to here in the first place).
You're right that participating in the PublicSuffixList would increase the overall security - so we will take the necessary steps forward to open a PR and include our wildcard domains in there. I will keep this Issue Open and Public to let you know when there are new updates in this manner. Thanks for your report and also for the persistence to get this topic resolved! Cheers @14x4 |
|
I can announce that our domains are now included in the PSL. Thanks @14x4 for bringing this topic up and hardinging our security. KuDos! |
Welches Problem möchtest du lösen? Wann tritt es auf?
I am writing to suggest that mittwald considers getting listed in the Public Suffix List (PSL). The PSL is a list of all domain suffixes under which Internet users can (in-)directly register names. This list is maintained by Mozilla and is used by browsers, libraries, and software to determine domain boundaries. Being listed in the PSL is especially important for companies offering wildcard domains accessible to customers. Below are a few reasons why this step is advantageous:
Enhanced Security
The Public Suffix List helps improve security by defining the boundaries of acceptable domain name hierarchies. By being listed, you can protect your customers from certain classes of web vulnerabilities, such as cookie injection and improper domain handling.
Improved Cookie Management
Browsers and other web clients rely on the PSL to determine the scope of cookies. Being listed ensures that cookies set by your customers' domains are appropriately scoped, preventing them from inadvertently affecting unrelated subdomains.
Increased Trust and Credibility
Having mittwald listed in the PSL demonstrates your commitment to best practices and security. This move can enhance your reputation among potential customers who prioritize security and reliability in their web hosting provider.
Seamless User Experience
Many modern applications and tools depend on the PSL to function correctly. By being part of the list, you help ensure that these tools work seamlessly with domains hosted by mittwald, providing a better experience for your customers.
Simple Process with Long-Term Benefits
The process to get listed is straightforward. It involves submitting a pull request to the PSL repository on GitHub, detailing the domain suffixes you wish to add. The long-term benefits far outweigh the initial effort required to get listed.
It’s surprising and shocking that mittwald isn't already on the list given the benefits and security improvements it provides. This is a crucial step that can no longer be overlooked.
To proceed, you can follow the Public Suffix List Guidelines for submission. The GitHub repository for the PSL is located here. Should you need any assistance, the PSL community and maintainers are typically very supportive and can help guide you through the process.
Welche Lösungsideen hast du?
Add
*.project.space&*.webspaceconfig.de(and any other wildcard domain useable by customers) to the public suffix list.Hast du zusätzliche Informationen (wie z.B. Screenshots)?
Some competitors (among thousand others) are already listed:
wixstudio.compublicsuffix/list#1971The text was updated successfully, but these errors were encountered: