Process: https://github.com/publicsuffix/list/wiki/Guidelines
See https://github.com/publicsuffix/list/pull/284 for the wmflabs.org request
The reason for this is twofold:
- browsers will see 'a.wmcloud.org' and 'b.wmcloud.org' as two completely seperate security domains (i.e. no cookie sharing, no cross-site requests)
- letsencrypt uses the suffix list for rate limiting (i.e. the number of certs requested per unit time for *.wmcloud.org is limited; if wmcloud.org is in de suffix list, the limit will be for *.A.wmcloud.org, but B.wmcloud.org is not affected