[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Overly permissive hostname matching

From: Daniel Kahn Gillmor
Subject: Re: [Bug-wget] Overly permissive hostname matching
Date: Wed, 19 Mar 2014 12:11:19 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.2.0

On 03/19/2014 11:55 AM, Jeffrey Walton wrote:
> Also, be careful of where you are pulling the list from. I got burned
> by pulling a list that was not being updated
> (https://bugzilla.mozilla.org/show_bug.cgi?id=968064).

i've been similarly burned before too, but i settled on the mxr address
i just posted after trying a few other places.

> The Mozilla folks state the canonical list is at
> http://publicsuffix.org/list/effective_tld_names.dat. See Comment 11
> at https://bugzilla.mozilla.org/show_bug.cgi?id=968064#c11.

i just followed up there to point out that the canonical location for
the data needs to have some form of cryptographic integrity mechanism.
thanks for pointing that out.


Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]