Add DevZero domains

[ellie-idb]

Public Suffix List (PSL) Submission

Checklist of required steps

• Description of Organization

• Robust Reason for PSL Inclusion

• DNS verification via dig

• Run Syntax Checker (make test)

• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter affirms the following:

• We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)

• Cloudflare
• Let's Encrypt

• This request was not submitted with the objective of working around other third-party limits.

• The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.

• The Guidelines were carefully read and understood, and this request conforms to them.

• The submission follows the guidelines on formatting and sorting.

Abuse Contact: DevZero Support ([email protected])

• Abuse contact information (email or web form) is available and easily accessible.

---

• Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

---

Description of Organization

Hi! I'm Ellie from DevZero - I'm a staff software engineer here, working primarily on our networking & compute infrastructure. At DevZero, we're looking to provide cloud development environments, in the form of a Linux-based workspace and a virtual ephemeral Kubernetes cluster. This (unfortunately) makes us a hosting provider, and as part of that, we also are in the business of maintaining a globally distributed fleet of reverse proxies to expose our customer's services to the public internet. With that, we also aim to keep everything secure & encrypted, by means of automagically conjuring HTTPS certificates out of thin air, so that our customers don't need to think about all of that nonsense.

Organization Website: https://devzero.io

Reason for PSL Inclusion

As part of conjuring HTTPS certificates out of thin air, we've come to realize that providers like Let's Encrypt & Cloudflare impose limitations on what you're able to do - namely, how many certificates you're able to provision for a single domain within a certain span of time (typically a week). We haven't run into those limitations yet, and as such, we haven't started conversations with Let's Encrypt / Cloudflare yet.

It's important to note that we're not only interested in just the SSL certificates. We will start those conversations with those providers directly when we've started hitting those rate-limits, and we're not looking to be listed for the sole purpose of circumventing third-party limits. We're also interested in keeping each subdomain isolated from each other (i.e. we don't want cookies from *.team-foo.dv0.io to be present on *.team-bar.dv0.io), as we expect that users will be hosting their own web applications through our networking services.

Number of users this request is being made to serve: According to our product analytics, approximately ~1600 users.

DNS Verification

; dig +short @1.1.1.1 TXT _psl.dv0.io
"https://github.com/publicsuffix/list/pull/2229"
;

Results of Syntax Checker (make test)

PASS: test-is-public-builtin
PASS: test-is-public
PASS: test-is-cookie-domain-acceptable
PASS: test-registrable-domain
PASS: test-is-public-all
============================================================================
Testsuite summary for libpsl 0.21.5
============================================================================
# TOTAL: 5
# PASS:  5
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
Making check in msvc

[ellie-idb]

Currently waiting on the CEO to renew our domains - will update here when that's done.

Domains are renewed until 2029! Please let me know if there's anything else necessary :-)

[wdhdev]

Hey Ellie, unfortunately we probably won't be able to approve this as it doesn't meet our minimum user requirement we normally enforce (1,000+). We also don't allow adding a domain to the PSL for the sole purpose of evading third parties' limits.

[ellie-idb]

Right, right. Sorry. Let me fix the description.

[ellie-idb]

Fixed! I underestimated our user count by a lot - it's been a while since I took a look at our analytics 😅

[dnsguru]

Please work directly with Let's Encrypt.

[ellie-idb]

Please work directly with Let's Encrypt.

As we’ve stated above, we do plan on working with Let’s Encrypt. Our needs are beyond just working around third-party rate-limits. I detailed that they are only one aspect of why we are trying to get this subdomain listed as a public subdomain. We are, after all, hosting end-user content on this subdomain, not unlike virtually everyone else who has been listed here. I’m not quite certain where the disconnect is here, please let me know if I can clarify anything.

[groundcat]

Please use a non-personal email address.

[groundcat]

1. Relevance: The Certificate Transparency did not report many subdomains under dv0.io. Could you please clarify the basis for the "approximately ~1600 users" mentioned in the rationale?

• I noticed from the CT logs that the subdomains seem to be randomized strings, like guided-zebra-mwfh.team-2e22878c42ae4f96b-be5471a7705d4653b5a50a56f180c607.dv0.io. I assume team-{unique id} represents a "team" that belongs to one of your clients. Based on the number of distinct teams, it appears to be fewer than 10, which suggests that not many separate entities are using your domain.
• If your "1600 users" refers to internet users who have visited your clients' websites, what is the source of this data, and how is it counted? For instance, some web analytics tool might count any HTTP request, including those from bots or scanners, so this type of data may not fully represent the actual number of browser users benefiting (e.g. cookies security) from this domain being added to the PSL.
• Additionally, what is the timeframe for this figure (1600 users per day, week, month, etc.)?
• What is the number of subdomains, i.e., how many subdomains of dv0.io are actively in use by your clients?

2. Third-party: You mentioned below the "Submitter affirms the following" line that you are attempting to bypass both Cloudflare and Let's Encrypt by including a domain in PSL, which is not permitted; please review PSL guidelines for details and reasons why.

[dnsguru]

After careful review of this whole submission, it really appears that the order of operations would be to CLOSE this, and have you re-open it once your organization has already made arrangements with Let's Encrypt or any other organizations that your org needs rate limit expansions on.