Re: [DNSOP] Public Suffix List

Jamie Lokier wrote:
> Oh?  How is this reconciled with earlier comments that
> login.mybank.co.uk and accounts.mybank.co.uk are grouped together - or
> is the Public Suffix List only for history grouping in browsers, not
> for cookie sharing?

I'm not sure that either dnsop or ietf-http-wg are interested in a
discussion about the inner workings of cookies and Firefox's use of the
list. But briefly:

login.mybank.co.uk and accounts.mybank.co.uk can be grouped together
because we group by "public suffix + 1" - in this case, mybank.co.uk,
with the public suffix being .co.uk and so +1 being mybank.co.uk.
(Without the list, all .co.uk sites would be grouped together.)

Cookies are set for a particular domain or domain suffix, and are sent
to all sites with that domain suffix. So (under the current code)
www.mybank.co.uk can set cookies for either www.mybank.co.uk (shared
with foo.www.mybank.co.uk but not login.mybank.co.uk), mybank.co.uk
(shared with login.mybank.co.uk but not adserver.co.uk) or co.uk (shared
with adserver.co.uk but not with myorg.org.uk).

It is this latter use we want to prevent. We can do so by stopping
cookies being set for any domain which is a public suffix.

(Again, I comment that cookies are not the only way we are using this
information.)

Gerv

Received on Wednesday, 11 June 2008 12:14:07 UTC