W3C home > Mailing lists > Public > public-web-security@w3.org > May 2011

Re: Violation reports

From: Bil Corry <bil@corry.biz>
Date: Sat, 28 May 2011 09:08:38 -0700
Message-ID: <4DE11E06.10300@corry.biz>
To: Adam Barth <w3c@adambarth.com>
CC: public-web-security@w3.org
Adam Barth wrote on 4/20/2011 1:06 PM:
> Currently, the spec says to restrict the report-uri to "public suffix
> +1 DNS label."  Philosophically, I don't think we should be adding
> more things to the web platform that depend on the public suffix list.
>   That list is basically a hack we need to make cookies not be a
> complete security disaster.  Having more things use the that list is
> bad of the web.

 From an ease-of-deployment standpoint, being able to centrally collect violation reports from disparate sites would be ideal.  The other advantage is one could create a service to help small (perhaps mostly static) sites collect/process this information.


- Bil
Received on Saturday, 28 May 2011 16:09:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 28 May 2011 16:09:10 GMT