Add walrus.site and blob.store

[rjs-mysten]

Public Suffix List (PSL) Submission

Checklist of required steps

• Description of Organization
• Robust Reason for PSL Inclusion
• DNS verification via dig
• Run Syntax Checker (make test)
• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).
• This request was not submitted with the objective of working around other third-party limits.
• The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.
• The Guidelines were carefully read and understood, and this request conforms to them.
• The submission follows the guidelines on formatting and sorting.

Abuse Contact:

• Abuse contact information (email or web form) is available and easily accessible.

  URL where abuse contact or abuse reporting form can be found: [email protected]

---

For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

• Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

---

Description of Organization

Mysten Labs is a company creating Web3 decentralized infrastructure. It is the main developer of the Sui blockchain and Walrus, a decentralized storage solution powered by the network. Walrus allows anyone to store long-living blobs, and one of the applications is to allow for publication of sites using those blobs and general retrieval via https via the walrus.site and blob.store, the domains mentioned in this request.

Reginaldo Silva, the submitter, is a security engineer working on behalf of Mysten Labs.

Organization Website:
https://www.mystenlabs.com/

Reason for PSL Inclusion

There is a mapping between storage ids / SuiNS names and subdomains of walrus.site and blob.store, which makes the subdomains effectively publicly controlled. The reason for PSL inclusion is to isolate the cookie scope of subdomains.

Number of users this request is being made to serve:

There are thousands of ids / hundreds of developers testing the product, which is in testnet at the moment. We expect this number to grow to tens of thousands of sites or more in the near future.

DNS Verification

dig +short TXT _psl.walrus.site
"https://github.com/publicsuffix/list/pull/2232"

dig +short TXT _psl.blob.store
"https://github.com/publicsuffix/list/pull/2232"

Results of Syntax Checker (make test)

reginaldosilva@MacBook-Pro list % make test
cd linter;                                \
	  ./pslint_selftest.sh;                     \
	  ./pslint.py ../public_suffix_list.dat;
-n test_NFKC: 
OK
-n test_allowedchars: 
OK
-n test_dots: 
OK
-n test_duplicate: 
OK
-n test_exception: 
OK
-n test_punycode: 
OK
-n test_section1: 
OK
-n test_section2: 
OK
-n test_section3: 
OK
-n test_section4: 
OK
-n test_spaces: 
OK
-n test_wildcard: 
OK
test -d libpsl || git clone --depth=1 https://github.com/rockdaboot/libpsl;   \
	  cd libpsl;                                                                    \
	  git pull;                                                                     \
	  echo "EXTRA_DIST =" >  gtk-doc.make;                                          \
	  echo "CLEANFILES =" >> gtk-doc.make;                                          \
	  autoreconf --install --force --symlink;
Already up to date.
autopoint: using AM_GNU_GETTEXT_REQUIRE_VERSION instead of AM_GNU_GETTEXT_VERSION
glibtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'build-aux'.
glibtoolize: linking file 'build-aux/ltmain.sh'
glibtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
glibtoolize: linking file 'm4/libtool.m4'
glibtoolize: linking file 'm4/ltoptions.m4'
glibtoolize: linking file 'm4/ltsugar.m4'
glibtoolize: linking file 'm4/ltversion.m4'
glibtoolize: linking file 'm4/lt~obsolete.m4'
configure.ac:1: warning: file 'version.txt' included several times
configure.ac:4: warning: file 'version.txt' included several times
aclocal.m4:767: AM_INIT_AUTOMAKE is expanded from...
configure.ac:4: the top level
configure.ac:369: warning: file 'version.txt' included several times
configure.ac:10: installing 'build-aux/compile'
configure.ac:4: installing 'build-aux/missing'
fuzz/Makefile.am: installing 'build-aux/depcomp'
cd libpsl && ./configure -q -C --enable-runtime=libicu --enable-builtin=libicu --with-psl-file=/Users/reginaldosilva/ML/list/public_suffix_list.dat --with-psl-testfile=/Users/reginaldosilva/ML/list/tests/tests.txt && make -s clean && make -s check -j4
configure: WARNING: --enable-builtin=libicu is deprecated, use --enable-builtin (enabled by default)
config.status: creating po/POTFILES
config.status: creating po/Makefile
Making clean in po
Making clean in include
Making clean in src
rm -f ./so_locations
Making clean in tools
Making clean in fuzz
Making clean in tests
Making clean in msvc
Making check in po
Making check in include
Making check in src
  CC       libpsl_la-psl.lo
  CC       libpsl_la-lookup_string_in_fixed_set.lo
  CCLD     libpsl.la
Making check in tools
  CC       psl.o
  CCLD     psl
Making check in fuzz
  CC       libpsl_fuzzer.o
  CC       main.o
  CC       libpsl_load_fuzzer.o
  CC       libpsl_load_dafsa_fuzzer.o
  CCLD     libpsl_icu_fuzzer
  CCLD     libpsl_icu_load_fuzzer
  CCLD     libpsl_icu_load_dafsa_fuzzer
PASS: libpsl_icu_load_dafsa_fuzzer
PASS: libpsl_icu_fuzzer
PASS: libpsl_icu_load_fuzzer
============================================================================
Testsuite summary for libpsl 0.21.5
============================================================================
# TOTAL: 3
# PASS:  3
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
Making check in tests
  CC       test-is-public.o
  CC       common.o
  CC       test-is-public-all.o
  CC       test-is-cookie-domain-acceptable.o
  CC       test-is-public-builtin.o
  CC       test-registrable-domain.o
  CCLD     test-is-public
  CCLD     test-is-cookie-domain-acceptable
  CCLD     test-is-public-all
  CCLD     test-is-public-builtin
libtool: warning: '-no-install' is ignored for aarch64-apple-darwin23.6.0
libtool: warning: '-no-install' is ignored for aarch64-apple-darwin23.6.0
libtool: warning: assuming '-no-fast-install' instead
libtool: warning: assuming '-no-fast-install' instead
libtool: warning: '-no-install' is ignored for aarch64-apple-darwin23.6.0
libtool: warning: '-no-install' is ignored for aarch64-apple-darwin23.6.0
libtool: warning: assuming '-no-fast-install' instead
libtool: warning: assuming '-no-fast-install' instead
  CCLD     test-registrable-domain
libtool: warning: '-no-install' is ignored for aarch64-apple-darwin23.6.0
libtool: warning: assuming '-no-fast-install' instead
PASS: test-is-public-all
PASS: test-is-public
PASS: test-is-cookie-domain-acceptable
PASS: test-is-public-builtin
PASS: test-registrable-domain
============================================================================
Testsuite summary for libpsl 0.21.5
============================================================================
# TOTAL: 5
# PASS:  5
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
Making check in msvc

[groundcat]

Please use a non-personal email address so we can contact your organization even if you leave.

[groundcat]

• Expiration (Note: Must STAY >2y at all times)
  • walrus.site expires 2027-06-04
  • blob.store expires 2027-08-08
• DNS _psl entries (Note: Must STAY in place)
• Tests pass
• Sorting
• Reasoning/Organization description
• Non-personal email address
• Abuse contact

---

You stated that

There are thousands of ids / hundreds of developers testing the product, which is in testnet at the moment. We expect this number to grow to tens of thousands of sites or more in the near future.

I searched Google for live examples of subdomains using site:walrus.site, but no results were found. The same applies to site:blob.store. Can you explain why no subdomains or active examples can be found? If this is an estimate of future users and not based on production data, we typically request that submitters close the PR and resubmit it once they have actually reached the required number of users in the production environment.

Please note:

Projects that are smaller in scale or are temporary or seasonal in nature will likely be declined. Examples of this might be private-use, sandbox, test, lab, beta, or other exploratory nature changes or requets. It should be expected that despite whatever site or service referred a requestor to seek addition of their domain(s) to the list, projects not serving more then thousands of users are quite likely to be declined.

Please use a non-personal email address so we can contact your organization even if you leave.

Additionally, review the abuse contact requirements in the PR template and clarify how someone can contact you regarding abuse. We need to understand how an internet user can report abuse. Simply providing us with an abuse email address does not resolve this concern, as the PSL does not handle abuse for you. I checked your organization's website at https://www.mystenlabs.com/ and the site at https://walrus.site/, but I could only find marketing materials and no easily accessible contact form or abuse email details. If I missed anything, please help explain how a user visiting a subdomain like yourclientsweb3sitename.walrus.site who encounters abuse would be able to report the issue to your organization starting from there.

[rjs-mysten]

Hi @groundcat, thanks for the review so far. I'll add a link to the abuse form to walrus.site.

Also getting a script to get stats about subdomains so it's easier to verify that enough people will benefit from us being in the PSL.

In the mean time, I'm moving this to draft so it is not in your queue.

Best regards,

Reginaldo