W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2008

Re: [DNSOP] Public Suffix List

From: Gervase Markham <gerv@mozilla.org>
Date: Wed, 11 Jun 2008 10:10:04 +0100
Message-ID: <484F966C.8050804@mozilla.org>
To: Doug Barton <dougb@dougbarton.us>
CC: dnsop@ietf.org, ietf-http-wg@w3.org

Doug Barton wrote:
> Gervase Markham wrote:
>> The fact that I am working on this question now is not to present a
>> /fait accompli/; I've just been too busy to get to it.
> Is it just me, or do those two statements seem to contradict one another?

I don't think so. Both are statements of truth.

If I had had time, I would have got this update mechanism sorted out
months ago. The fact that I didn't have time is not me saying that "I
don't want other people to have input into this process".

It's true that people saying "Please don't do anything like that" are
unlikely to be heeded. But that was just as true months ago as it is now.

> "We have already done 
> this, so if your data is accurate, fine. If not, you'll want to get 
> our list updated so that we may get it into the next version, whenever 
> that ships." 

Yep. In six to eight weeks, usually.

> The fact that your list seems to be missing some of the recent updates 
> to the IANA list does not fill me with hope.

I've added to my ToDo list an item to check that list against ours.
Although again I stress that just adding ".zz" to the list is the same
as having no entries, because it's just an explicit encoding of the
default behaviour.

> There's two problems with that statement. First, if I ran the JE 
> registry there's a pretty good chance that I'd be offended (not 
> speaking for them, just following your example). I don't know any TLD 
> operators who don't think that their domain has substantial 
> significance, even if it is "only" to their user community.

I didn't say anything about significance. It was merely a factual
statement about the number of websites. I don't have the ability to
determine how many sites there are in .je (I'm sure many people reading
this list do) but I'd wager it's four orders of magnitude less than the
number in .com, and at least two less than in .co.uk. And so ad-serving
companies are unlikely to be optimising their tracking systems to track
visitors across different sites in .com.je (even if that exists; I don't
know that it does). Perhaps I should continue to use ".xx" or ".zz" as
an example?

> The other, more important problem is that you're totally discounting 
> the possibility that the bad guys will simply move their websites to 
> TLDs that you don't have a policy for (or for whom your policy is too 
> permissive). 

I very much doubt that established businesses will change their domain
name just so they can track users more accurately. ("Welcome to
cnn.xx!") I think you overestimate the impact of this change.

>> I've filed https://bugzilla.mozilla.org/show_bug.cgi?id=438304 .
> The audit trail for that is pretty interesting. First, I think it 
> would be useful for you to include a link to this discussion so that 
> your colleagues could read it for themselves. 
> http://www.ietf.org/mail-archive/web/dnsop/current/msg06100.html

Done; thank you.

> Second, the followup from Dave Townsend seems to indicate that at one 
> point in the past this data was being read from a file. Perhaps that 
> code could be resurrected?

To be entirely honest, I was under the impression that this was still
the case. I am looking into the question.

> Heh, if that's your criteria, then the options you have already would 
> be significantly reduced. :) 

There's always more work to do :-)

Received on Wednesday, 11 June 2008 09:10:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:46 UTC