On Fri, Apr 13, 2018 at 5:15 PM, Matthew Hardeman via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > I only named Let's Encrypt as an example of a CA that maintains a scrubbing > "blacklist". In their case, it appears to require exact match to a label > including TLD and TLD+1. I was kind of surprised that they didn't just > take all the high value domain names as to the TLD+1 field and decline all > combinations of (0...n_labels.)HIGH_VALUE_TLD+1.ANY_TLD_HERE, but I'm sure > there's a reasonable case either way. >
Reading the DNS policy discussions (over the past two decades) provides an adequately ample understanding of the problems with, and complexities of, such a naieve policy. The discussion around 'sunrise' and 'early registration' periods for TLDs, or the UDRP, should be mandatory comprehension for anyone arguing in favor of "popularity contests" or "big domain holders > small domain holders" or "trademark holders > free speech" or... well, the list goes on with the bad ideas proposed here that have been roundly rejected by civil society and technologists regarding the administration of the DNS :) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
