Removal of education.tas.edu.au

[kris-esa]

• Description of Organization
• Reason for PSL Inclusion
• DNS verification via dig
• Run Syntax Checker (make test)

Description of Organization

Education Services Australia (ESA) is a national not-for-profit company owned by the state, territory and Australian Government education ministers. ESA is the sole organization authorised to deliver registrar services for edu.au and its child zones by .au Domain Administration Ltd (auDA), the policy authority and industry self-regulatory body for the .au domain space as endorsed by the Australian Government.

Organization Websites:
Primary - https://www.esa.edu.au
Registrar services - https://www.domainname.edu.au

Please refer to the Administrative Arrangements listed on the auDA website, specifically:

2015-02 Governance Arrangements for the edu.au 2LD
https://www.auda.org.au/policies/index-of-published-policies/2015-02

Reason for PSL Exclusion

While within the .au registry system education.tas.edu.au is a public suffix not a private domain name registration, eligibility and allocation policies within the edu.au space means names using the education.tas.edu.au suffix are exclusively used by the Education Department Tasmania.

Following a review post the addition of the suffix under PL #825 last year, the Education Department Tasmania has requested that it be removed from the PSL.

See #924 handled by @dnsguru and @sleevi for a recent, similar request that was approved.

DNS Verification via dig

As per the authentication guidelines on the Wiki, this is a child zone of the .au ccTLD sub-delegated to auDA - not a private domain - with a representative of the registry in auDA and Afilias having previously confirmed that Education Services Australia the appropriate body to be requesting changes to the listings for edu.au and its child zones as per #825 (where this public suffix was first added by us) and #924.

If however you require further verification, please advise.

Make Test

PASS: libpsl_icu_fuzzer
PASS: libpsl_icu_load_dafsa_fuzzer
PASS: libpsl_icu_load_fuzzer
Testsuite summary for libpsl 0.21.0
TOTAL: 3
PASS: 3
SKIP: 0
XFAIL: 0
FAIL: 0
XPASS: 0
ERROR: 0
PASS: test-is-public-builtin
PASS: test-registrable-domain
PASS: test-is-cookie-domain-acceptable
PASS: test-is-public
PASS: test-is-public-all
Testsuite summary for libpsl 0.21.0
TOTAL: 5
PASS: 5
SKIP: 0
XFAIL: 0
FAIL: 0
XPASS: 0
ERROR: 0

[dnsguru]

Placing the respective _PSL TXT record of the PR # into the zone for DNS validation will always aid the reviewing volunteers in ensuring that requests come from the appropriate party that holds administrative control of the namespace in question.

Great care is taken to ensure requests are validated. We don't see that DNS entry in place, so it unfortunately triggers further review and outreach and thus takes longer. In future requests, having these present can help to reduce the amount of review time.

>nslookup -q=txt _psl.education.tas.edu.au
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find _psl.education.tas.edu.au: Non-existent domain

Trying one level up:

>nslookup -q=txt _psl.tas.edu.au
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find _psl.tas.edu.au: Non-existent domain

Email is being sent to the team at AUDA to validate this request in the absence of the DNS proof.

[dnsguru]

@kris-esa can you please set up the DNS validation - we are unable to validate

>nslookup -type=TXT _psl.education.tas.edu.au
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find _psl.education.tas.edu.au: Non-existent domain

[dnsguru]

@kris-esa has Patrick contacted you about this? We need the DNS stuff to validate on this

>nslookup -type=txt _psl.education.tas.edu.au
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find _psl.education.tas.edu.au: Non-existent domain

[dnsguru]

Not seeing the DNS validation against the _PSL txt record

>nslookup -type=txt _psl.education.tas.edu.au
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find _psl.education.tas.edu.au: Non-existent domain

[kris-esa]

I am unsure why nslookup queries given previous information provided, and prior pull requests.

1. As per Update to include all current 3LD/4LD edu.au suffixes #825 this request is simply to remove a suffix that we had previously added under this same account, and that we had previously been verified as being authorised to request changes for by auDA as sub-delegated responsibility for .au ccTLD / Afilias, as a representative of the .au registry.

2. As per Urgent removal of eq.edu.au #924 the suffix .education.tas.edu.au is implemented within the .au ccTLD registry system in the same way as .eq.edu.au and have provided information as to why a TXT record is not in place - have registered the below domain name and provided the WHOIS response from the .au registry ( https://whois.auda.org.au ) to further demonstrate that .education.tas.edu.au is a child zone within the .au ccTLD and not a private domain, with registry contact handle matching the pull request.

Domain Name: PSL.EDUCATION.TAS.EDU.AU
Registry Domain ID: D407400000093511041-AU
Registrar WHOIS Server: whois.auda.org.au
Registrar URL: https://www.domainname.edu.au
Registrar Name: EDUCATION SERVICES AUSTRALIA LIMITED
Registrar Abuse Contact Email: registrar@esa.edu.au
Registrar Abuse Contact Phone: +61.399109829
Registrant Contact ID: PSL-977
Registrant Contact Name: kris-esa - #977
Registrant: EDUCATION SERVICES AUSTRALIA LIMITED
Registrant ID: ABN 18007342421
Eligibility Type: Government Body
Eligibility Name: #977

[dnsguru]

@weppos (or @sleevi) please review and merge if you agree with me on the whois as an acceptable substitute for the _PSL DNS verification. The name itself is a removal and cannot get the _psl DNS set up, but they did put in a workaround via whois to verify/validate

[dnsguru]

@sleevi or @weppos nudge
I believe that the whois information sufficiently demonstrates validation in this case as a sufficient and acceptable workaround to verify chain of administration on this name due to the circumstances of the manner in which .AU is administratively delegated. Please squash/merge

[weppos]

@dnsguru is there a reason we should leave it commented vs remove it entirely? We generally comment if the entry was added as part of a list or registry docs, but I could not immediately determine if that's the case here. It seems more a legacy of the past.

[kris-esa]

@weppos and @dnsguru - .education.tas.edu.au exists as a suffix within the official specification for the .au registry system as was also the case for .eq.edu.au which was removed via being commented out as per the previous pull request #924 referenced above.

However, at this point we simply need .education.tas.edu.au removed from the list as a matter of urgency - whether commented out or removed entirely.

[weppos]

For future reference, the reason the suffix is in this list is because of https://www.auda.org.au/assets/Uploads/auDA-au-namespace-implementation-rules.pdf

I continue to believe that the name should be in the list, as it's clearly a public suffix according to the current usage.

The decision to request a removal from the owner is caused by a particular CA now willing to issue a certificate. I think that's an issue with the specific CA, and those issues should not lead to the owner requesting a delisting.

In fact, by doing so you are trading one problem with another. Removing the item from the list may get you a workaround for the CA, but then you will open the door to cross-site cookies and other issues.

Requesting listing or delisting to please a particular consumer X internal design decision is simply wrong. You may ultimately end up in an unsolvable solution, where consumer X wants the name in the list and consumer Y doesn't want the name in the list. That will create an unsolvable problem.

Instead, if consumer is using the list incorrectly, the problem should be raised to them for evaluation.

Ultimately, the choice to be removed from the list is the owner responsibility. So I have no objection to move it forward, just beware of the consequences. Also note, we are not responsible for when the consumers update the list, so there's a chance they won't be issuing a cert anyways until they pull the update.

[kris-esa]

Thank you for approving the changes.

The education.tas.edu.au suffix had not been in the list prior to our request under pull #825 which has resulted in issues for the user of that suffix, and how they choose to utilise it.

The auDA document cited relates to the introduction of second level domains registrations within the .au ccTLD where currently names can only be registered at the third level and above, with .education.tas.edu.au having registrations at the fifth level. References to .education.tas.edu.au in that document are to ensure the names that already exist at that suffix are eligible to participate in the priority allocation process once second level registrations launch within the .au ccTLD.

As per the information provided initially in this request, policies within the edu.au space means names using the education.tas.edu.au suffix are exclusively used by (and subject to the approve of) the Education Department Tasmania. For auDA documentation relating to this, please see their proposed consolidation of the licensing rules at https://www.auda.org.au/policies/index-of-published-policies/2019/auda-licensing-rules, Schedule A, Section 3.4.

Effectively, there being a single "consumer" for this suffix, and a single operator of the sites available via this suffix.

[wgb-tasedu]

Thanks for your efforts on this one @kris-esa and co.

Warwick from Department of Education Tasmania here.

Now that the change has been approved, can you please advise the timeframes involved from here? How long until it is likely to be merged?

[kris-esa]

Ultimately, the choice to be removed from the list is the owner responsibility. So I have no objection to move it forward, just beware of the consequences. Also note, we are not responsible for when the consumers update the list, so there's a chance they won't be issuing a cert anyways until they pull the update.

@weppos @sleevi @dnsguru - just in case my previous reply was not the confirmation required...

• We acknowledge the concerns raised.

• Yes, we would like to move forward with removing this suffix / merging this request as soon as possible.

• While as the suffix exists in the .au registry specification, we believe it is appropriate that this be done via it being commented out, if it is the preference of those responsible for maintaining the list that it be removed completely we have no issue with that.

[dnsguru]

Submitter has confirmed this comment to be intentionally included

[dnsguru]

I merged the PR, as the following was the only clarification/response about the DNS workaround where the other criterion had been met meriting a merge under standard circumstances.

@weppos had asked the following:

@dnsguru is there a reason we should leave it commented vs remove it entirely? We generally comment if the entry was added as part of a list or registry docs, but I could not immediately determine if that's the case here. It seems more a legacy of the past.

The submitting party has sufficiently addressed their rationale in response to this request for clarification.

@kris-esa @wgb-tasedu This change is now reflected in the PSL