Canonical list of overly general domains?
Adam Langley
alangley at gmail.com
Fri Jan 5 18:51:58 UTC 2007
>From the v1.1 spec:
"It is RECOMMENDED Identity Provider's protect their End Users from
requests for things like http://*.com/ or http://*.co.uk/."
Is there a list of such domains? Of course, one can take the list of
TLDs and ccTLDs, but as the *.co.uk example shows, there may be other
domains which should be considered too general to trust.
Thanks
AGL
--
Adam Langley agl at imperialviolet.org
http://www.imperialviolet.org 650-283-9641
More information about the specs
mailing list