W3C home > Mailing lists > Public > public-tracking@w3.org > July 2012

ACTION-201 (ISSUE-112)

From: イアンフェッティ <ifette@google.com>
Date: Wed, 25 Jul 2012 08:36:32 -0700
Message-ID: <CAF4kx8foxQhSm-98ESwxeHHsy80r8D=UXyc0nTe7u9dn8KjoEQ@mail.gmail.com>
To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
"How are sub-domains handled for site-specific exceptions?" - from a
browser standpoint, I don't wish to further propagate the notion of
"registry controlled domains" which is an unfortunate reality that we
currently have with cookies, where browsers try to keep a list of what is a
"public suffix" (contains multiple unrelated entities beneath it, such as
.com). We have ~6,800 entries in there so far (
http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1)
- this is only getting worse now that ICANN has, in a rather questionable
move (personal opinion), decided to make the top-level domain namespace a
wild west.

So, I don't want to say "all subdomains" because we have no idea what that
means.

Rather, I would prefer to say "A site can request a site-wide exception for
its own origin and any other origins that it considers to also be in the
same party, e.g. http://www.example.com could request a site-wide exception
for http://www.example.com, https://www.example.com, https://example.com,
https://mail.example.com, https://www.example.de, http://www.example.de"

Sadly, I fear this is going to become nightmarish as sites add and delete
origins over time ("Hey, now we're http://search.google!" or "Hey, we just
launched example.az" or "newproduct.example.com"). That said, I've got
nothing better to offer...

-Ian
Received on Wednesday, 25 July 2012 15:37:04 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:32 UTC