trust root sanity

meepbear * meepbear at
Wed Jun 22 11:31:21 PDT 2005

I don't think you can make any reasonable assumption about what's sane and 
what's not. Even com/net aren't safe: * is sane, but 
* isn't, nor is * to list just two.
I currently test against my list of "official" delegated second level 
domains (about 700 of them), if trust_root matches and root isn't third 
level I reject it, if it doesn't match anything on the list I accept it. 
That's as much as I think I'm able to do :).

Trusting * to ID you also carries the unspoken implication 
that anyone somedomain hosts is able to ID you as well. In the case of 
Livejournal users for example, that's fine since they can't do scripting, 
but that isn't universally the case.

Don’t just search. Find. Check out the new MSN Search!

More information about the yadis mailing list