On 10/12/12 12:59 PM, Justin Dolske wrote: > Though neither does it make it automatically make it safe. :) > > Grandfathering makes me a bit wary, but I'd agree that it's also hard to > tell how much of a problem it really is.
I'm only a little concerned about grandfathering. I _am_ concerned that the whitelisting mechanism supersedes the proposed algorithm and allows for arbitrary charaters on labels above the level of the domain that the registrar issues and can vet. Can we do a hybrid system, where for whitelisted TLDs we accept registered domains as found and then apply the algorithm to the rest of the labels (effectively eTLD+2, though I don't know if we want to drag the public suffix list into this). -Dan Veditz _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
