W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2006

Thoughts about how to improve the domain security of cookies

From: Yngve Nysaeter Pettersen <yngve@opera.com>
Date: Fri, 04 Aug 2006 20:06:38 +0200
To: ietf-http-wg@w3.org
Message-ID: <op.tdrtxcu4vqd7e2@killashandra-ii.oslo.opera.com>

Hello all,

A few months ago I posted two drafts suggesting how to use DNS or a new  
information repository to prevent cookies from being set for Registry like  
domains like co.uk and city.state.us.

I've now posted an article with some thoughts about how to modify RFC 2965  
to accomplish the same goal within the protocol.

Essentially, what I think is needed is to remove the possibility of  
setting cookies for a parent domain, and restrict them to a subdomain.  
Such a solution will, of course, require massive reorganizations of many  
websites.

The question is: Are there any better ways to avoid setting cookies for  
registry-like domains?

http://my.opera.com/yngve/blog/show.dml/388840

-- 
Sincerely,
Yngve N. Pettersen

********************************************************************
Senior Developer		             Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************
Received on Friday, 4 August 2006 18:07:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:46 GMT