trust root sanity

[meepbear *]

I don't think you can make any reasonable assumption about what's sane and 
what's not. Even com/net aren't safe: *.myprivatedomain.com is sane, but 
*.eu.com isn't, nor is *.uk.net to list just two.
I currently test against my list of "official" delegated second level 
domains (about 700 of them), if trust_root matches and root isn't third 
level I reject it, if it doesn't match anything on the list I accept it. 
That's as much as I think I'm able to do :).

Trusting *.somedomain.com to ID you also carries the unspoken implication 
that anyone somedomain hosts is able to ID you as well. In the case of 
Livejournal users for example, that's fine since they can't do scripting, 
but that isn't universally the case.

_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/