Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add oninferno.net #2402

Merged
merged 1 commit into from
Mar 6, 2025
Merged

Add oninferno.net #2402

merged 1 commit into from
Mar 6, 2025
+4 −0

Conversation

ConnorMcF
Copy link
Contributor

@ConnorMcF ConnorMcF commented Mar 3, 2025
edited
Loading

Public Suffix List (PSL) Submission

Checklist of required steps

  • Description of Organization

  • Robust Reason for PSL Inclusion

  • DNS verification via dig

  • Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter affirms the following:

  • We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)
    We do not intend to work around the rate-limits of any other services.
  • This request was not submitted with the objective of working around other third-party limits.
    Please see reason section below.
  • The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.

  • The Guidelines were carefully read and understood, and this request conforms to them.

  • The submission follows the guidelines on formatting and sorting.

  • A role-based email address has been used and this inbox is actively monitored with a response time of no more than 30 days.

Abuse Contact:

For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

  • Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

Description of Organization

Inferno Communications provides server hosting and telecommunications infrastructure. This infrastructure covers our own services as well as our customers. I am a director of the firm.

Organization Website: https://inferno.co.uk

Reason for PSL Inclusion

Our networks have a common *.oninferno.net domain for anything on our network that is the resource of a customer, for this reason sharing of cookies between these domains is a security risk which inclusion would resolve.

Number of users this request is being made to serve: ~50k

DNS Verification

dig +short TXT _psl.oninferno.net
"https://github.com/publicsuffix/list/pull/2402"

@groundcat
Copy link
Contributor

@ConnorMcF A few questions to better understand the rationale:

  1. Could you provide more specific details about how you're currently using the *.oninferno.net domain for customer resources? Examples of typical use cases would be helpful for us to understand the isolation needs (e.g., customer-specific applications, hosting environments, or services). What types of applications or services are running on these subdomains that require this level of isolation?

  2. If applicable, have you considered implementing __Host- prefixed cookies as an initial security measure for your subdomain isolation needs, while also exploring other application-level controls that could provide boundaries between apps without relying on the Public Suffix List? Since PSL changes can take considerable time to propagate to all browser and application environments, are there any interim measures you are currently using to protect customers whose browsers may not have updated PSL ?

Thank you for your patience as we work through the PSL review process.

@ConnorMcF
Copy link
Contributor Author

  1. The primary use of this domain is for applications and hosts that we do not control ourselves as they are part of a hosting environment, customers may use these domains to access their own services which may act in their own ways and should be isolated from one-another to prevent intentional or mistaken leakage of data. Any authenticated application which is incorrectly setting cookies could leak or interfere with another domain.

  2. We do not have application-level control over any services hosted on this domain and therefore cannot control or enforce prefixes on cookies.

@groundcat
Copy link
Contributor

  • Expiration (Note: Must STAY >2y at all times)
    • oninferno.net Registry Expiry Date: 2028-05-20T21:36:34Z
  • DNS _psl entries (Note: Must STAY in place)
  • Reasoning/Organization description
  • Non-personal email address
  • Abuse contact

@simon-friedberger simon-friedberger merged commit 9146b37 into publicsuffix:main Mar 6, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ConnorMcF @groundcat @simon-friedberger