Canonical list of overly general domains?

Adam Langley alangley at gmail.com
Fri Jan 5 18:51:58 UTC 2007


>From the v1.1 spec:
"It is RECOMMENDED Identity Provider's protect their End Users from
requests for things like http://*.com/ or http://*.co.uk/."

Is there a list of such domains? Of course, one can take the list of
TLDs and ccTLDs, but as the *.co.uk example shows, there may be other
domains which should be considered too general to trust.


Thanks

AGL

-- 
Adam Langley                                      agl at imperialviolet.org
http://www.imperialviolet.org                       650-283-9641



More information about the specs mailing list