[Feature Request] Support .name Top Level Domain with third level registration

Question

[Feature Request] Support .name Top Level Domain with third level registration

coughingmouse opened this issue 4 years ago · 1 comments

.name TLD has a few third level registrations and .lee.name which I'd like to use HSTS preloaded on is one of them.

https://hstspreload.org/ considers my website a subdomain. If you can, would you let individuals using .name get it preloaded?

Answer 1 · 2020-06-04T19:26:24.000Z

In cases where the the .name Registry is allowing registrations of third level domains, they should be putting the corresponding second level domains on the public suffix list. Doing so would result in hstspreload.org recognizing your domain as a registered domain instead of a subdomain.

More importantly, this affects the security of your domain: If you register foo.lee.name and someone else controls bar.lee.name (and lee.name isn't on the public suffix list), then bar.lee.name can set cookies on lee.name which results in them getting injected into requests sent to foo.lee.name.