W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2008

Re: Public Suffix List

From: Gervase Markham <gerv@mozilla.org>
Date: Mon, 09 Jun 2008 16:29:03 +0100
Message-ID: <484D4C3F.4060701@mozilla.org>
CC: ietf-http-wg@w3.org, dnsop@lists.uoregon.edu

Adrien de Croy wrote:
> I see it creating a large administrative burden on many people, but
> never catching up with the current state.  I see people relying on it
> for all manner of things for which it's not designed. 

That's their problem.

> Also you're
> dealing with organisations whose prime focus is not maintaining your
> list.  You might get some initial enthusiasm to start, but down the
> track I see that waning.

Their incentive to keep the list up to date is that sites in their TLD
will be treated correctly by browsers, which will keep their customers
happy.

> This is all being proposed to _enable_ cross-site cookies (as opposed to
> just blocking or warning the user).. 

No. It's being proposed to *disable* cross-site cookies which we
currently enable because we have no good way to prevent. Along with
other UI applications in the areas of:

- History
- Download Manager
- UI display of responsible domain for SSL DV certs
  (this isn't switched on by default in Firefox 3)

> As for privacy, if an issuer of a cookie prescribes the realms within
> which that cookie may be submitted, then privacy falls under the control
> of the cookie-issuing site.  A compliant browser won't submit it outside
> those realms.

The problem is sites conspiring against a user to damage the user's
privacy and track them across multiple sites.

Gerv
Received on Monday, 9 June 2008 15:29:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:48 GMT