W3C home > Mailing lists > Public > public-web-security@w3.org > May 2012

same-origin assertions in the DNS (Fwd: [apps-discuss] draft-sullivan-domain-origin-assert-00)

From: Thomas Roessler <tlr@w3.org>
Date: Sat, 5 May 2012 12:17:20 +0200
Cc: Thomas Roessler <tlr@w3.org>, Andrew Sullivan <ajs@anvilwalrusden.com>
Message-Id: <F5CC5359-B268-4F05-AB3A-2FA866BF285F@w3.org>
To: public-web-security <public-web-security@w3.org>
For your information:
	http://tools.ietf.org/html/draft-sullivan-domain-origin-assert-00

This seems targeted at situations where different domain names want to assert that they're something like same-origin, and for use by security policies implemented in browsers.
-- 
Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)







Begin forwarded message:

> From: Andrew Sullivan <ajs@anvilwalrusden.com>
> Subject: [apps-discuss] draft-sullivan-domain-origin-assert-00
> Date: May 4, 2012 23:08:53 +0200
> To: apps-discuss@ietf.org
> List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
> 
> Dear colleagues,
> 
> I posted today draft-sullivan-domain-origin-assert-00.txt.  The point
> of this draft is to outline a way of publishing records in the DNS, so
> that one can figure out what names have some sort of administrative
> link to one another (I've called this the "administrative realm",
> although probably not consistently, and I'm not too happy with the
> term).  The idea is that you'd be able to use the mechanism in order
> either to consider different DNS names as somehow linked together (so
> that, for instance, cookie policies or other such things could be
> adapted accordingly), or (more often) to determine that names are
> _not_ linked together in order to foil illegitimate attempts to assert
> links.  
> 
> I can't think of any other list that is appropriate, but if people
> have an alternative I'm all ears.  I haven't explicitly pointed
> commenters at this list yet, pending permission from the list
> moderators.
> 
> Comments (shredding, &c. &c.) are eagerly solicited.  
> 
> Best regards,
> 
> A
> 
> -- 
> Andrew Sullivan
> ajs@anvilwalrusden.com
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss
> 
Received on Saturday, 5 May 2012 10:17:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 5 May 2012 10:17:27 GMT