- From: Gervase Markham <gerv@mozilla.org>
- Date: Mon, 09 Jun 2008 16:29:03 +0100
- CC: ietf-http-wg@w3.org, dnsop@lists.uoregon.edu
Adrien de Croy wrote: > I see it creating a large administrative burden on many people, but > never catching up with the current state. I see people relying on it > for all manner of things for which it's not designed. That's their problem. > Also you're > dealing with organisations whose prime focus is not maintaining your > list. You might get some initial enthusiasm to start, but down the > track I see that waning. Their incentive to keep the list up to date is that sites in their TLD will be treated correctly by browsers, which will keep their customers happy. > This is all being proposed to _enable_ cross-site cookies (as opposed to > just blocking or warning the user).. No. It's being proposed to *disable* cross-site cookies which we currently enable because we have no good way to prevent. Along with other UI applications in the areas of: - History - Download Manager - UI display of responsible domain for SSL DV certs (this isn't switched on by default in Firefox 3) > As for privacy, if an issuer of a cookie prescribes the realms within > which that cookie may be submitted, then privacy falls under the control > of the cookie-issuing site. A compliant browser won't submit it outside > those realms. The problem is sites conspiring against a user to damage the user's privacy and track them across multiple sites. Gerv
Received on Monday, 9 June 2008 15:29:51 UTC