"... transforms politically in to implementations."
Is this list controlled by Mozilla. Or perhaps some group of browser oranisations/companies.
Personally, not speaking for any other user, I am not really a fan of the browser deciding what is or is not an "acceptable" TLD, because the browser is not the only program I use for generating and sending HTTP. I use a variety of programs. Perhaps if I have some control over the browser's list. For example, I the user can add or subtract "TLDs".
In the past I have done this by running an edited copy of the root.zone on the local network. I think it is a cleaner, less application-specific, solution than relying on a list compiled by a browser vendor(s).
Browsers can easily override the "IANA TLD list" as well as the DNS I set up on the local network. I am not saying they are doing this through this list, but the capability is there. Browsers like Firefox are certainly not shy about constantly manipulating how domains and urls display in an address bar, Chrome wants to "protect" the user from "evil" pages, etc. It is a slippery slope. I like the idea of overriding the IANA but not the idea of this being outside the control of the user, decided by some browser vendor(s). I do not want/need applications making decisions about what is or is not a TLD, or in this case what is a legitimate subdomain for purposes of cookies. I already do that through control over the zone files I serve and system resolver settings; I control, i.e. filter, cookies through a local proxy.
The root.zone has grown exponentially and is full of cruft now thanks to the "gTLD" scheme, as others have noted. If you really care about this stuff, I don't think you can rely on someone else to address the problem for you. Mozilla or whomever produces the "public suffix list" is no doubt tied to the online ad industry in some way, directly or indirectly.
It's not just cookies, it defines pretty much all aspects of a browser's security between websites. It sets the boundaries for cross-site scripting. It limits the scope of SSL wildcard certificates. And it's used to determine which part of the domain name gets highlighted in the URL bar.
Which kinda sucks because this is functionality that should be supported but and not require a global list to work. I should be able to set origin policy on any domain I control.
This is a case of the browser vendor trying to solve a problem for the user that the browser vendor itself created. In this case, cookies from Netscape. At some point the risk outweighs the benefit. That's why you have GDPR.
Is this list controlled by Mozilla. Or perhaps some group of browser oranisations/companies.
Personally, not speaking for any other user, I am not really a fan of the browser deciding what is or is not an "acceptable" TLD, because the browser is not the only program I use for generating and sending HTTP. I use a variety of programs. Perhaps if I have some control over the browser's list. For example, I the user can add or subtract "TLDs".
In the past I have done this by running an edited copy of the root.zone on the local network. I think it is a cleaner, less application-specific, solution than relying on a list compiled by a browser vendor(s).
Browsers can easily override the "IANA TLD list" as well as the DNS I set up on the local network. I am not saying they are doing this through this list, but the capability is there. Browsers like Firefox are certainly not shy about constantly manipulating how domains and urls display in an address bar, Chrome wants to "protect" the user from "evil" pages, etc. It is a slippery slope. I like the idea of overriding the IANA but not the idea of this being outside the control of the user, decided by some browser vendor(s). I do not want/need applications making decisions about what is or is not a TLD, or in this case what is a legitimate subdomain for purposes of cookies. I already do that through control over the zone files I serve and system resolver settings; I control, i.e. filter, cookies through a local proxy.
The root.zone has grown exponentially and is full of cruft now thanks to the "gTLD" scheme, as others have noted. If you really care about this stuff, I don't think you can rely on someone else to address the problem for you. Mozilla or whomever produces the "public suffix list" is no doubt tied to the online ad industry in some way, directly or indirectly.