Re: Public Suffix List from Adrien de Croy on 2008-06-09 (ietf-http-wg@w3.org from April to June 2008)

From: Adrien de Croy <adrien@qbik.com>
Date: Tue, 10 Jun 2008 11:01:00 +1200
To: Gervase Markham <gerv@mozilla.org>
CC: ietf-http-wg@w3.org, dnsop@lists.uoregon.edu
Message-ID: <484DB62C.6080807@qbik.com>

Gervase Markham wrote:
> Adrien de Croy wrote:
>   
>> I see it creating a large administrative burden on many people, but
>> never catching up with the current state.  I see people relying on it
>> for all manner of things for which it's not designed. 
>>     
>
> That's their problem.
>
>   
it will become their customers problem.

>> Also you're
>> dealing with organisations whose prime focus is not maintaining your
>> list.  You might get some initial enthusiasm to start, but down the
>> track I see that waning.
>>     
>
> Their incentive to keep the list up to date is that sites in their TLD
> will be treated correctly by browsers, which will keep their customers
> happy.
>
>   
>> This is all being proposed to _enable_ cross-site cookies (as opposed to
>> just blocking or warning the user).. 
>>     
>
> No. It's being proposed to *disable* cross-site cookies which we
> currently enable because we have no good way to prevent. Along with
> other UI applications in the areas of:
>
>   

I disagree.  If you were really wanting to disable cross-site cookies, 
you wouldn't need any of this, you'd just block them in the browser.

This is fundamentally enabling in a restricted mode, which is enabling, 
not disabling.

> - History
> - Download Manager
> - UI display of responsible domain for SSL DV certs
>   (this isn't switched on by default in Firefox 3)
>
>   
>> As for privacy, if an issuer of a cookie prescribes the realms within
>> which that cookie may be submitted, then privacy falls under the control
>> of the cookie-issuing site.  A compliant browser won't submit it outside
>> those realms.
>>     
>
> The problem is sites conspiring against a user to damage the user's
> privacy and track them across multiple sites.
>   
this can be done regardless.  Site A gets request from client, submits 
request back to site mentioned in referer tag.  Client not involved 
except for transporting the referer information.

Adrien


> Gerv
>
>   

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com

Received on Monday, 9 June 2008 23:00:05 UTC