This confusion is especially dangerous because TLD and registry suffix have
crisp, formal definitions, while public suffix does not. In the end, a public
suffix is something that a credible source has asked the PSL maintainers to add
to the list. Credible sources include ICANN and country-domain managers, but
also include private companies offering services that share the characteristics
that (fuzzily) define a public suffix -- independent subdomains and
supercookie suppression.
So, for example, many Google-owned domains (e.g. blogspot.com
) are included in
the PSL.
Getting back to InternetDomainName
, as long as we limit ourselves to using
hasPublicSuffix()
to validate that the domain is a plausible Internet domain,
all is well. The danger arises from the methods that identify or extract the
"top private domain". From a technical point of view, the top private domain is
simply the rightmost superdomain preceding the public suffix. So for example,
www.foo.co.uk
has a public suffix of co.uk
, and a top private domain of
foo.co.uk
.
As noted in the documentation on isUnderPublicSuffix()
,
isTopPrivateDomain()
, and topPrivateDomain()
, the only thing these methods
are (mostly) reliable for is determining where one can set cookies. However,
what many people are actually trying to do is find the "real" domain, or the
"owner" domain, from a subdomain. For example, in mail.google.com
they would
like to identify google.com
as the owner domain. So they write