- From: Adrien de Croy <adrien@qbik.com>
- Date: Wed, 11 Jun 2008 00:10:40 +1200
- To: Gervase Markham <gerv@mozilla.org>
- CC: Jamie Lokier <jamie@shareable.org>, dnsop@ietf.org, ietf-http-wg@w3.org
From what I can tell: a) the proposed problem is that of cookies being used across differently administered web sites. b) the proposed solution involves mapping the boundary between privately and publicly administered DNS space. I don't see how (b) addresses (a). Web sites does not equal DNS. Private vs public DNS does not equal differently-administered websites. Furthermore keeping an accurate map of the DNS boundary is impossible. So to me it seems like the wrong tool for the job. Given that this model has been chosen, in the knowledge that it's based on an assumption that the problem cases in (a) are addressed by (b), how well has that assumption been tested? The boundary issues should be well known. Several have been raised already on this list. I'd be interested in seeing Mozilla's analysis of them. My feeling is there will be a lot of false positives and negatives near the border, since the "solution" is in a different "space" to the problem. Given the amount of work entailed in attempting to do (b), surely there's a responsibility to do this right? I fear such a crude tool will not only cause problems for users, webmasters and TLD managers, but also leave ample room for people to circumvent its intent, leaving us worse off than we are now - still with cookies broken, still with privacy issues and XS issues, but now a major browser vendor causing DNS administrative havoc, and forcing people to rewrite their websites as well. How to win friends and influence people. And the justification for this is that it will.... Allow some "safe" cross-site cookies? What happens when it doesn't do that? Do people even care enough about that to live with this solution? In a perfect world if this turns to custard, only Mozilla would suffer, but this isn't a perfect world, and actually I'm sure we'd all like Mozilla to live long and prosper. In the end what will be the deciding factors? I see users dumping FF3 when it doesn't work with the websites they know and trust. I see the reviews bemoaning compatibility issues. Mozilla needs to be careful when introducing something like this that can create many compatibility issues where the previous version didn't have them. In the end if some large jurisdictions refuse to play along, where does that leave Mozilla's users? Looking for another browser perhaps.. Unless Mozilla feels it has too many users, I'd urge caution in that area. As an absolute minimum a way to turn it off... even if it is buried deep in about:config (and you can't seriously expect us to believe that a required criterion for a setting being in there is that it can be understood by the majority of users). Regards Adrien Gervase Markham wrote: > Jamie Lokier wrote: > >> The information would be published in the ISP's TLD-alike domain, not >> the customer's subdomains. E.g. 'co.uk', not 'mybank.co.uk', assuming >> the information is "each domain $WORD.co.uk is independent". >> >> The values are the same information that you are gathering. The >> ISP/NIC (Nominet UK for .co.uk) does not need to contact their >> customers for this: it's a .co.uk policy. >> > > OK. Then we are basically back to Yngve's suggestion. But this does > require universal take-up for universal support - and that, as someone > else has pointed out, makes it (in my opinion) doomed. > > Gerv > > -- Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Tuesday, 10 June 2008 12:09:44 UTC