Add c01.kr / eliv-dns.kr

[Renyu106]

Public Suffix List (PSL) Submission

Checklist of required steps

• Description of Organization
• Robust Reason for PSL Inclusion
• DNS verification via dig
• Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter affirms the following:

• We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)

• This request was not submitted with the objective of working around other third-party limits.

• The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.

• The Guidelines were carefully read and understood, and this request conforms to them.

• The submission follows the guidelines on formatting and sorting.

• A role-based email address has been used and this inbox is actively monitored with a response time of no more than 30 days.

Abuse Contact:

• Abuse contact information (email or web form) is available and easily accessible.

  URL where abuse contact or abuse reporting form can be found:
  https://abuse.eliv.kr (or abuse@eliv.kr)

---

• Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

---

Description of Organization

PROJECT ELIV is a domain and CDN startup based in South Korea. We collaborate with multiple KRNIC registrars to distribute domains and CDN services to our clients, enabling them to build secure and efficient online environments.

I am the CTO of PROJECT ELIV, submitting this request to enhance the security and reliability of the domains and subdomains we provide to our customers.

Organization Website:
https://eliv.kr (for customers)
https://eliv.co.kr (for company use)

Reason for PSL Inclusion

PROJECT ELIV plans to provide subdomains under c01.kr or eliv-dns.kr to customers using our CDN services. Beyond simple CDN offerings, we aim to offer these domains as free options for customers to enhance service accessibility. Inclusion in the PSL will ensure cookie security and consistency in subdomain management, benefiting our clients' security needs. The domains c01.kr and eliv-dns.kr currently have over two years of registration remaining and will be maintained accordingly. This request is a critical step to meet our clients’ security requirements and improve their user experience.

Number of users this request is being made to serve:
10,000+ (current and estimated)

DNS Verification

Below are examples of DNS TXT record verifications for the domains we wish to add. The actual PR number (XXXX) will be updated upon submission.

dig +short TXT _psl.c01.kr
"https://github.com/publicsuffix/list/pull/2403"

dig +short TXT _psl.eliv-dns.kr
"https://github.com/publicsuffix/list/pull/2403"

[groundcat]

@Renyu106 A few questions:

1. Could you provide more specific information about your existing customer base using these two domains? We generally encourage PSL inclusion requests only after a service has established a significant user base. Can you share:

   • More precise numbers of existing users who are currently using their subdomains
   • Examples of live sites currently using these domains
   • Any other evidence demonstrating current usage (public references or documentation, etc.)

2. Have you considered implementing alternative security measures before pursuing PSL inclusion? For example:

   • Using __Host- prefixed cookies as an initial security measure for subdomain isolation or
   • Implementing similar application-level controls that could provide boundaries between customer apps without relying on the PSL

3. I noticed from Certificate Transparency logs (CT for eliv-dns.kr, CT for c01.kr) that you have the CA issuing a new SSL certificate on a daily basis, each valid for 3 months. While this isn't directly related to your PSL request, I'm simply curious about this approach.

Thank you for your patience as we work through the PSL review process.

[Renyu106]

1. Customer Base Information and Evidence
   The c01.kr domain has been in use since 2020, originally operated by an individual providing a free domain service. At its peak, it had approximately 1,500 DNS records registered, indicating a significant user base. However, after PROJECT ELIV took over operational rights from the individual due to their management limitations, we transitioned it to our system. As part of this migration, we notified customers and cleared all existing records to align with our infrastructure. We are now preparing to relaunch c01.kr as a free subdomain service, consistent with the original operator’s vision, with subdomains planned for rollout soon. On the other hand, eliv-dns.kr began being utilized relatively recently and is currently provided to enterprise clients (e.g., leveraging Cloudflare Enterprise). It is actively used by three companies, each with over 50 employees. We are compiling public documentation to demonstrate past and future usage, which will be shared shortly.

2. Alternative Security Measures
   Our goal is to issue SSL certificates, register these domains with Cloudflare, and allow end customers to freely use subdomains under c01.kr and eliv-dns.kr just like any standard domain we own. While we have implemented SSL and Cloudflare integration as initial security measures, we realized that for customers to fully and securely utilize these subdomains across various applications, inclusion in the PSL is necessary to ensure proper isolation and cookie security. After exploring options like __Host- prefixed cookies, we concluded that PSL inclusion provides a more robust and standardized solution for our diverse customer base, which includes both individuals and enterprises. This step aligns with our vision of making subdomain usage seamless and secure without requiring complex application-level controls on the customer side.

3. SSL Certificate Issuance Approach
   Initially, we issued certificates every N months, but we encountered issues where certificates failed to deploy to all servers, leading to frequent system outages. To resolve this, we adopted daily issuance of SSL certificates using Google Trust Services, which offers more lenient rate limits compared to other providers. These certificates, each valid for 3 months, are then distributed across our infrastructure and CDN. This approach ensures greater reliability and flexibility for our customers’ subdomains, supporting the dynamic nature of our operations.

[Renyu106]

Please note that enterprise clients of PROJECT ELIV are not necessarily required to use the eliv-dns.kr domain. However, eliv-dns.kr is provided by default to all enterprises utilizing our cloud or CDN services. This domain is leveraged within PROJECT ELIV’s infrastructure to identify and manage our customers effectively.

Depending on how the origin server handles cookies, there is a potential issue where cookie or session values may inadvertently be shared across different subdomains. This underscores the need for proper subdomain isolation to prevent such conflicts.

[groundcat]

• Expiration (Note: Must STAY >2y at all times)
  • c01.kr 사용 종료일 : 2027. 04. 27.
  • eliv-dns.kr 사용 종료일 : 2027. 11. 21.
• DNS _psl entries (Note: Must STAY in place)
• Reasoning/Organization description
• Non-personal email address
• Abuse contact
  • https://eliv.kr/ redirects to https://eliv.kr/ where abuse contact information can be found
  • https://eliv-dns.kr/ displays Running into trouble? Don't sweat it - the ELIV team has got your back! Drop us a line anytime at support@eliv.kr where contact information can be found, while a more formally designed information could be better. redirects to https://eliv.kr/ where abuse contact information can be found

[Renyu106]

Hi there, thanks for the quick reply!
Under the KR ccTLD policy, domain renewals can only be done once a day. Yesterday, we accidentally renewed for just one year, but today we added another year of extension. Here’s the updated info:

eliv-dns.kr: 2027.11.21  
c01.kr: 2027.04.27  

We’ve set things up so that all abuse requests can be handled through support@eliv.kr, and so far, we’ve only listed support@eliv.kr at the bottom of our site. However, to make abuse reporting clearer, we’ve updated the site footer to include abuse@eliv.kr (linked to https://abuse.eliv.kr).

For eliv-dns.kr, if the domain isn’t connected to a customer’s CDN, all requests point to support@eliv.kr as the contact. We’ve also added a header value to all responses: report-to: For abuse reports, visit https://abuse.eliv.kr. I know this might not be the most accessible approach, but as I mentioned earlier, we’re fully equipped to handle abuse reports through support@eliv.kr as well.

Please feel free to reply anytime if everything meets the requirements or if there’s anything else we need to address!