- From: bert hubert <bert.hubert@netherlabs.nl>
- Date: Mon, 09 Jun 2008 12:34:52 +0000
- To: Antoin Verschuren <Antoin.Verschuren@sidn.nl>
- Cc: dnsop@ietf.org, ietf-http-wg@w3.org
On Mon, Jun 09, 2008 at 02:24:30PM +0200, Antoin Verschuren wrote: > > You can't hijack something that does not exist though, which is what I > > think > > is the problem here. > > Agree, but when this global list of local DNS policy would exist and used, which would be authoritative, the list or the DNS ? The DNS of course. Compare whois for example - that is also 'non-authoritative' for real DNS lookups. If I understand correctly, Mozilla wants to use this for security purposes: The usefulness of this can be seen if we take the example of cookies. Currently, browsers use an algorithm which basically only denies setting wide-ranging cookies for top-level domains with no dots (e.g. com or org). However, this does not work for top-level domains where only third-level registrations are allowed (e.g. .co.uk). In these cases, websites can set a cookie for .co.uk which will be passed onto every website registered under co.uk. Since there is no algorithmic method of finding the highest level at which a domain may be registered for a particular top-level domain (the policies differ with each registry), the only method is to create a list. This is the aim of the Public Suffix List. Software using the Public Suffix List will be able to detemine where cookies may and may not be set, protecting the user's data from theft. So the instaflaming and ""technology"" jokes appear to be out of place. If "we" DNS people think we have a better way of encoding "public delegations", we should move quickly to make that happen. In the meantime, the public suffix list is probably a great idea. Bert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services
Received on Monday, 9 June 2008 16:53:58 UTC