Before you begin to make use of the PSL, consider some of its problems: <a href="https://github.com/sleevi/psl-problems" rel="nofollow">https://github.com/sleevi/psl-problems</a><p>FWIW, the link above successfully convinced me and a coworker <i>not</i> to use the PSL.
I see the value of this, but I find the wisdom of it to be highly questionable for anything but the highest-level TLDs.<p>For example, it enumerates the domains of many US state school districts:<p><pre><code> k12.pr.us
// k12.ri.us Removed at request of Kim Cournoyer <netsupport@staff.ri.net>
k12.sc.us
// k12.sd.us Bug 934131 - Removed at request of James Booze <James.Booze@k12.sd.us>
k12.tn.us
k12.tx.us
k12.ut.us
k12.vi.us
k12.vt.us
k12.va.us
k12.wa.us
k12.wi.us
// k12.wv.us Bug 947705 - Removed at request of Verne Britton <verne@wvnet.edu>
k12.wy.us
</code></pre>
These seem like awfully specific subdomains to be hardcoded into general-purpose software and entirely reasonable ones to want to set a cookie on or otherwise treat as not-TLDs. The list itself includes evidence of this in the form of exclusions due to bug reports and even makes this point specifically in the case of Hawaii:<p><pre><code> // k12.hi.us Bug 614565 - Hawaii has a state-wide DOE login
</code></pre>
It’s regrettable that browser vendors, even generally responsible ones like Mozilla, feel an incentive to do this.
FWIW, this is the same list Facebook told[0] businesses “not” <i>(wink, wink)</i> to add their domain to after Apple announced all the tracking restrictions.<p>[0] <a href="https://www.facebook.com/business/help/331612538028890" rel="nofollow">https://www.facebook.com/business/help/331612538028890</a>
The public suffix list is an abomination --- a useful, pragmatic, largely successful abomination, but an abomination nevertheless. The PSL centralizes and makes static a database that should be dynamic and distributed. It's a throwback to the bad old pre-DNS internet where everyone would copy around /etc/hosts files and rely on ad hoc human updating to keep host->address mapping up to date.<p>The information in the public suffix list belongs in DNS.
The IETF WG DBOUND tried to find a better solution to this problem and did not reach any consensus. fwiw.<p><a href="https://datatracker.ietf.org/wg/dbound/about/" rel="nofollow">https://datatracker.ietf.org/wg/dbound/about/</a><p>The current way most of this is handled is via a list published at
publicsuffix.org (commonly known as the "Public Suffix List" or "PSL"),
and the general goal is to accommodate anything people are
using that for today. However, there are broadly speaking two use
patterns. The first is a "top ancestor organization" case. In this case,
the goal is to find a single superordinate name in the DNS tree that can
properly make assertions about the policies and procedures of
subordinate names. The second is to determine, given two different
names, whether they are governed by the same administrative authority.
The goal of the DBOUND working group is to develop a unified solution,
if possible, for determining organizational domain boundaries. However,
the working group may discover that the use cases require different
solutions. Should that happen, the working group will develop those
different solutions, using as many common pieces as it can.
Couldn't this be done in DNS? The same way zone delegations appear in there, a way to encode what's a public suffix?<p>For example (I'm bad at DNS)<p>_suffix.gitlab.io TXT "type=public,cookies=restrict,cross-origin=forbid"<p>would tell everyone that remram44.gitlab.io is under the gitlab.io public suffix, and how to deal with cookies etc?
Getting a domain listed is pretty hard.<p>Getting vendors to update their PSL in less ubiquitous products is near impossible. For instance, 1Password hasn't shipped a new version in years.
Small plug for a random python tool I maintain that uses this.<p>Parsing domains is a pain in the ass. It can be impossible to know what is part of tld, what is a subdomain etc without a canonical list and parser.<p>Here's a sansio domain / tld splitter: <a href="https://github.com/theelous3/sansio-tld-parser" rel="nofollow">https://github.com/theelous3/sansio-tld-parser</a><p>Usecase: you want to block all edu domains - but tlds like wa.edu.au exists - gotta parse it out.