Update existing Replit entries, add firewalledreplit.co

[lincoln-replit]

• Description of Organization

• Reason for PSL Inclusion

• DNS verification via dig

• Run Syntax Checker (make test)

• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _PSL txt record in place in the respective zone(s) in the affected section

Submitter affirms the following:

• We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)

• This request was not submitted with the objective of working around other third-party limits

• The Guidelines were carefully read and understood, and this request conforms

• The submission follows the guidelines on formatting and sorting

• Yes, I understand. I could break my organization's website cookies etc. and the rollback timing, etc is acceptable. Proceed.

---

Description of Organization

Replit is an online programming environment that allows users to create and host their own websites and applications. I am an engineer at Replit.

In order to make our product safer for children, we are launching a new product called Firewalled Replit. It will behave similarly to Replit, but user's applications will not be able to access arbitrary internet services.

Organization Website: https://replit.com

The new website for Firewalled Replit (which has not launched to external users yet) will be https://firewalledreplit.com

Reason for PSL Inclusion

Users can use Replit to host their own websites on various subdomains:

• repl.co (already in the PSL)
• id.repl.co (already in the PSL)
• repl.run (already in the PSL)
• firewalledrepl.co (added in this PR)
• id.firewalledrepl.co (added in this PR)

We would like to have consistent behavior between the existing hosting domains and the new hosting domains, especially with regards to cookie isolation. Users must not be able to use their websites to access the cookies from other users' websites.

The previous editor of this section of the PSL was Luis (#1239), and before him Mason (#748). Luis can vouch for these changes, but Mason is no longer an employee at Replit and therefore cannot.

Number of users this request is being made to serve: a subset of all Replit users (of which there are millions) will use the
new firewalled domains -- primarily students, but we will place no restriction on that.

DNS Verification via dig

Updated the previous entries as well to prove ownership over these records

$ dig +short TXT _psl.firewalledreplit.co
"https://github.com/publicsuffix/list/pull/1568"
$ dig +short TXT _psl.repl.co
"https://github.com/publicsuffix/list/pull/1568"
$ dig +short TXT _psl.id.repl.co
"https://github.com/publicsuffix/list/pull/1568"

Results of Syntax Checker (make test)

cd linter;                                \
  ./pslint_selftest.sh;                     \
  ./pslint.py ../public_suffix_list.dat;
test_NFKC: OK
test_allowedchars: OK
test_dots: OK
test_duplicate: OK
test_exception: OK
test_punycode: OK
test_section1: OK
test_section2: OK
test_section3: OK
test_section4: OK
test_spaces: OK
test_wildcard: OK
test -d libpsl || git clone --depth=1 https://github.com/rockdaboot/libpsl;   \
  cd libpsl;                                                                    \
  git pull;                                                                     \
  echo "EXTRA_DIST =" >  gtk-doc.make;                                          \
  echo "CLEANFILES =" >> gtk-doc.make;                                          \
  autoreconf --install --force --symlink;
Already up to date.
autopoint: using AM_GNU_GETTEXT_REQUIRE_VERSION instead of AM_GNU_GETTEXT_VERSION
configure.ac:1: warning: file `version.txt' included several times
configure.ac:4: warning: file `version.txt' included several times
/usr/share/aclocal-1.16/init.m4:29: AM_INIT_AUTOMAKE is expanded from...
configure.ac:4: the top level
configure.ac:403: warning: file `version.txt' included several times
configure.ac:1: warning: file `version.txt' included several times
configure.ac:4: warning: file `version.txt' included several times
/usr/share/aclocal-1.16/init.m4:29: AM_INIT_AUTOMAKE is expanded from...
configure.ac:4: the top level
configure.ac:403: warning: file `version.txt' included several times
configure.ac:1: warning: file `version.txt' included several times
configure.ac:4: warning: file `version.txt' included several times
aclocal.m4:763: AM_INIT_AUTOMAKE is expanded from...
configure.ac:4: the top level
configure.ac:403: warning: file `version.txt' included several times
libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'build-aux'.
libtoolize: linking file 'build-aux/ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: linking file 'm4/libtool.m4'
libtoolize: linking file 'm4/ltoptions.m4'
libtoolize: linking file 'm4/ltsugar.m4'
libtoolize: linking file 'm4/ltversion.m4'
libtoolize: linking file 'm4/lt~obsolete.m4'
configure.ac:1: warning: file `version.txt' included several times
configure.ac:4: warning: file `version.txt' included several times
/usr/share/aclocal-1.16/init.m4:29: AM_INIT_AUTOMAKE is expanded from...
configure.ac:4: the top level
configure.ac:403: warning: file `version.txt' included several times
configure.ac:1: warning: file `version.txt' included several times
configure.ac:4: warning: file `version.txt' included several times
/usr/share/aclocal-1.16/init.m4:29: AM_INIT_AUTOMAKE is expanded from...
configure.ac:4: the top level
configure.ac:403: warning: file `version.txt' included several times
configure.ac:1: warning: file `version.txt' included several times
configure.ac:4: warning: file `version.txt' included several times
aclocal.m4:763: AM_INIT_AUTOMAKE is expanded from...
configure.ac:4: the top level
configure.ac:403: warning: file `version.txt' included several times
configure.ac:1: warning: file `version.txt' included several times
configure.ac:4: warning: file `version.txt' included several times
aclocal.m4:763: AM_INIT_AUTOMAKE is expanded from...
configure.ac:4: the top level
configure.ac:403: warning: file `version.txt' included several times
configure.ac:1: warning: file `version.txt' included several times
configure.ac:4: warning: file `version.txt' included several times
aclocal.m4:763: AM_INIT_AUTOMAKE is expanded from...
configure.ac:4: the top level
configure.ac:403: warning: file `version.txt' included several times
configure.ac:10: installing 'build-aux/compile'
configure.ac:4: installing 'build-aux/missing'
fuzz/Makefile.am: installing 'build-aux/depcomp'
cd libpsl && ./configure -q -C --enable-runtime=libicu --enable-builtin=libicu --with-psl-file=/home/lincoln/list/public_suffix_list.dat --with-psl-testfile=/home/lincoln/list/tests/tests.txt && make -s clean && make -s check -j4
config.status: creating po/POTFILES
config.status: creating po/Makefile
Making clean in po
Making clean in include
Making clean in src
rm -f ./so_locations
Making clean in tools
 rm -f psl
Making clean in fuzz
 rm -f libpsl_icu_fuzzer libpsl_icu_load_fuzzer libpsl_icu_load_dafsa_fuzzer
Making clean in tests
 rm -f test-is-public test-is-public-all test-is-cookie-domain-acceptable test-is-public-builtin test-registrable-domain
Making clean in msvc
Making check in po
Making check in include
Making check in src
  CC       libpsl_la-psl.lo
  CC       libpsl_la-lookup_string_in_fixed_set.lo
  CCLD     libpsl.la
Making check in tools
  CC       psl.o
  CCLD     psl
Making check in fuzz
  CC       libpsl_fuzzer.o
  CC       main.o
  CC       libpsl_load_dafsa_fuzzer.o
  CC       libpsl_load_fuzzer.o
  CCLD     libpsl_icu_load_fuzzer
  CCLD     libpsl_icu_fuzzer
  CCLD     libpsl_icu_load_dafsa_fuzzer
PASS: libpsl_icu_load_dafsa_fuzzer
PASS: libpsl_icu_fuzzer
PASS: libpsl_icu_load_fuzzer
============================================================================
Testsuite summary for libpsl 0.21.1
============================================================================
# TOTAL: 3
# PASS:  3
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
Making check in tests
  CC       test-is-public.o
  CC       test-is-public-all.o
  CC       test-is-cookie-domain-acceptable.o
  CC       test-is-public-builtin.o
  CC       test-registrable-domain.o
  CCLD     test-is-cookie-domain-acceptable
  CCLD     test-is-public-builtin
  CCLD     test-is-public
  CCLD     test-is-public-all
  CCLD     test-registrable-domain
PASS: test-is-public-builtin
PASS: test-is-cookie-domain-acceptable
PASS: test-is-public
PASS: test-registrable-domain
PASS: test-is-public-all
============================================================================
Testsuite summary for libpsl 0.21.1
============================================================================
# TOTAL: 5
# PASS:  5
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
Making check in msvc

[lhchavez]

FYI: Mason is no longer at Replit. I opened #1239 and I can approve this (hopefully that paper trail is enough to authenticate this request)

Is there any process to replace this metadata going forward?

[dnsguru]

to replace the metadata, add the DNS validation record to the email address for repl.it matching this PR as done for entries. This would allow us to validate, and then (if needed) update the contact in that header line

[dnsguru]

Please replace the point of contact with a current one as part of this

[lincoln-replit]

Done!

[dnsguru]

Can you put the DNS TXT record in to validate the domain repl.it and/or replit.com so that there's record of verifying the 'owner' change here on the section

[lincoln-replit]

Added that to the PR description as well

[lincoln-replit]

@dnsguru Just bumping this, I believe I've done everything you've asked for here

[dnsguru]

there's a queue, please no bumps, we're volunteers here

[dnsguru]

Can you put the DNS TXT record in to validate the domain repl.it and/or replit.com so that there's record of verifying the 'owner' change here on the section

Not seeing the _psl TXT on those domains for the point of contact change.

[lincoln-replit]

Ah, I misunderstood. The new records are up now as requested.

lincoln@lincolnval:~$ dig +short TXT _psl.replit.com
"https://github.com/publicsuffix/list/pull/1568"
lincoln@lincolnval:~$ dig +short TXT _psl.repl.it
"https://github.com/publicsuffix/list/pull/1568"

[dnsguru]

Ah, I misunderstood. The new records are up now as requested.

lincoln@lincolnval:~$ dig +short TXT _psl.replit.com
"https://github.com/publicsuffix/list/pull/1568"
lincoln@lincolnval:~$ dig +short TXT _psl.repl.it
"https://github.com/publicsuffix/list/pull/1568"

Verifying that DNS validates on these header domain changes to illustrate ownership

[dnsguru]

• DNS Validates
• Follows Guidelines
• No Conflict w Base
• Tests Pass

Additionally, header domain validated as well for contact change

Approved

[lincoln-replit]

Thank you!