- From: Jamie Lokier <jamie@shareable.org>
- Date: Wed, 11 Jun 2008 15:28:53 +0100
- To: Gervase Markham <gerv@mozilla.org>
- Cc: Jelte Jansen <jelte@NLnetLabs.nl>, Florian Weimer <fw@deneb.enyo.de>, dnsop@ietf.org, David Conrad <drc@virtualized.org>, ietf-http-wg@w3.org
Gervase Markham wrote: > > Oh? How is this reconciled with earlier comments that > > login.mybank.co.uk and accounts.mybank.co.uk are grouped together - or > > is the Public Suffix List only for history grouping in browsers, not > > for cookie sharing? > > under the current code ... www.mybank.co.uk can set cookies for > ... co.uk (shared with adserver.co.uk but not with myorg.org.uk). > > It is this latter use we want to prevent. We can do so by stopping > cookies being set for any domain which is a public suffix. I'm not seeing how this is different from mybank.livejournal.com setting cookies on livejournal.com which can be read by adserver.livejournal.com. livejournal.com needs to be on your Public Suffix List to prevent that - if the content from subdomains can set their own cookies. Maybe not on Livejournal, but there are sites where it's possible. Even in mybank.co.uk, it's typical that login.mybank.co.uk and thirdpartyinformation.mybank.co.uk will be somewhat independent. The latter should not be setting arbitrary cookies affecting the former, imho - security, rather than privacy. Regarding the "break the contract with adserver" argument, there are plenty of ways for mybank.co.uk to pass tracking info to adserver.co.uk by contract. Banning cross-domain cookies in this case just forces them to use another method. > (Again, I comment that cookies are not the only way we are using this > information.) I don't think anybody minds how you use the information to present History dialogs and such. Just whether it breaks applications that come to depend on the structure of the list, and whether it adds another barrier for site publishers who serve public content in a way which resembles NICs. -- Jamie
Received on Wednesday, 11 June 2008 14:29:41 UTC