Hello and welcome to the Friday, February 2nd, 2024 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Today in my diary I expand a little bit on what top level domains are and what this means for identifying domain names.

Typically, of course, a domain name would be two labels, the domain name and then the top level

domain, but that's not always strictly true. Typically, a domain name is sort of considered

something that belongs to an entity, a company,

an organization, and then they may assign host names, subdomains within that domain name,

but those domain names then have some trusts with respect to each other.

Well, there are some interesting domains like, for example, CO.U.K.

That behave like a top-level domain, meaning, as Mozilla puts it, that domains being assigned

within CO.U.K. may be owned by mutually untrusting parties, basically different organizations.

So if you are trying to define a domain, then you first need to figure out what are these

sort of pseudo top-level domain, I want to call it, or as they're officially called, public suffixes.

Luckily, Mozilla maintains a list of public suffixes.

There are about 9,500 domains in that list that should be treated as top-level domains when it comes

to security. One effect of this is cookies.

You cannot assign a cookie in current browsers to a public suffix,

just like you can't to a traditional top-level domain.

So if you're writing some scripts that, for example,

try to identify unique domains or what's the most

frequently visited domains and the like, you need to consider this public suffix list.

Luckily, there are Python libraries and such that will read it for you and then extract

...