W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2008

Re: [DNSOP] Public Suffix List

From: Gervase Markham <gerv@mozilla.org>
Date: Mon, 09 Jun 2008 15:43:29 +0100
Message-ID: <484D4191.104@mozilla.org>
To: Andrew Sullivan <ajs@commandprompt.com>
CC: ietf-http-wg@w3.org, dnsop@ietf.org

Andrew Sullivan wrote:
> Is there any way to turn this off in Firefox 3?  

Not that I know of.

> RFC 3696 explains, I think, most of the reasoning that I would offer
> for why I think this is a bad idea.  I urge you and others who are
> planning to ship this kind of feature to go (re)read that RFC.

Why do you think that the negative consequences explained in that RFC
would apply in this case? Please think carefully about the consequences
of possible failure scenarios.

> I know that you have a security problem, which is that cookies are
> widely used for some purposes in such a way that they can be
> subverted.  That's a problem with the cookies specification, which was
> always broken. 

This isn't just about cookies. For example, we would like to group
together related sites (www.mybank.co.uk, accounts.mybank.co.uk) in
history. Grouping together all sites in ".co.uk" does not provide for an
optimum user experience.

> If you're not going to fix the cookies specification (which is what I
> think you ought to do, but I understand why people are reluctant to
> take that on), then there should at least be some way to publish data
> about the relationship you want to permit.  One way to do this would
> be to figure out a way to publish lists of domains for which a given
> domain publishes cookies, and from which a given domain accepts
> cookies. 

As I noted in an earlier message, this may solve security problems but
does not solve privacy ones.

> I still run into problems with email addresses in .info domains not
> being accepted, because the top level domain label is "too long".

Which is why the list is soft-fail - e.g in the cookie case, if a new
TLD is added which is not on the list, we simply fall back on the
current behaviour.

Gerv
Received on Monday, 9 June 2008 14:44:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:48 GMT