W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2008

Re: [DNSOP] Public Suffix List

From: Jamie Lokier <jamie@shareable.org>
Date: Tue, 10 Jun 2008 13:32:03 +0100
To: Adrien de Croy <adrien@qbik.com>
Cc: Gervase Markham <gerv@mozilla.org>, dnsop@ietf.org, ietf-http-wg@w3.org
Message-ID: <20080610123203.GA28565@shareable.org>

Adrien de Croy wrote:
Allow some "safe" cross-site 
> cookies?  What happens when it doesn't do that?  Do people even care 
> enough about that to live with this solution?

I must admit, I don't see what's wrong with disabling cross-site
cookies entirely.

If two related domains want to transfer credentials, sessions etc.,
there are other mechanisms to do it.

> In the end what will be the deciding factors?  I see users dumping FF3 
> when it doesn't work with the websites they know and trust.  I see the 
> reviews bemoaning compatibility issues.  Mozilla needs to be careful 
> when introducing something like this that can create many compatibility 
> issues where the previous version didn't have them.  In the end if some 
> large jurisdictions refuse to play along, where does that leave 
> Mozilla's users?  Looking for another browser perhaps..  Unless Mozilla 
> feels it has too many users, I'd urge caution in that area.

Perhaps the list should be used to implement a warning, easily
overridden per site, like the other cookie dialogs which Mozilla pops
up, rather than a hard block.

As a user I might prefer that.  I already like being able to say
"no thanks" to cookies on sites where I don't see any need.

-- Jamie
Received on Tuesday, 10 June 2008 12:32:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:46 UTC