Add dweb.link to publicsuffix.org

Question

Add dweb.link to publicsuffix.org

lidel opened this issue 5 years ago · comments

Parent issues: https://github.com/ipfs/ipfs/issues/337, ipfs/in-web-browsers#89
cc #391, #81, ipfs/kubo#5982, ipfs/ipfs-companion#527, @mburns, @lgierth, @Stebalien

Context

As noted in #81, we will be setting up cid-in-subdomain proxying at <cidv1b32>.ipfs.dweb.link

I believe getting it right means adding it to The Public Suffix List (publicsuffix.org), to ensure websites loaded via dweb.link gateway can't interfere with each other's cookies.

Proposal

Changes I want to submit in a PR to publicsuffix/list are in lidel/list#dweb.link branch:

Add public suffix entries for dweb.link

Anyone can effectively create the following subdomains by adding content to IPFS:

*.ipfs.dweb.link (eg: bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq.ipfs.dweb.link)

Other protocols will be supported in the future, for example:

*.dat.dweb.link (eg: 778f8d955175c92e4ced5e4f5563f69bfec0c86cc6f670352c457943666fe639.dat.dweb.link)

To ensure websites loaded via dweb.link gateway can't interfere with each other's cookies,
I suggest adding the following public suffix record:

*.dweb.link

Tasks

Based on https://github.com/publicsuffix/list/wiki/Guidelines#submitting-amendments I've split this endeavor into small subtasks:

Fork publicsuffix/list and add suffix for *.dweb.link
Someone from infra team reviews proposed change to publicsuffix.org and confirms noc@ email listed there is valid for this use (just add comment in this issue).

[..] make sure that the email you listed in the pull request is valid, as we may use it for validation or private follow ups.
We need to make http://<cidv1b32>.ipfs.dweb.link work (this should return wikipedia, right now returns 404):

When submitting private domains, provide expected input/output to help us validate the correctness of the request
PR against publicsuffix/list and writes down the PR number
- Done in publicsuffix/list#766
Infra team adds DNS TXT record to authorize the PR number created in the previous step (details)
```
$ dig TXT _psl.dweb.link
https://github.com/publicsuffix/list/pull/<TBD>
```
update the PR marking it ready for review and we wait for it to be approved

Michael Burns · Answer 1 · Fri Mar 01 2019 05:51:11 GMT+0800 (China Standard Time)

I've actually got this ball rolling already: publicsuffix/list#766

Happy to tweak my PR to match yours (apex + subdomains vs your use of wildcard, etc)

Marcin Rataj · Answer 2 · Fri Mar 01 2019 09:14:57 GMT+0800 (China Standard Time)

@mburns 🤦‍♂️ I probably made a typo in search and that is why I did not found already existing PR – sorry!
I am closing this in favour of #83 (comment)

ps. If we swap subdomains with wildcard it will save us time waiting for another PR when we want to add a gateway for dat or something else – but its up to you :)