- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 25 Jul 2007 21:40:13 -0700
- To: Anne van Kesteren <annevk@opera.com>
- CC: Phil Archer <parcher@icra.org>, public-appformats@w3.org, Public POWDER <public-powderwg@w3.org>
Jonas Sicking wrote: > > Anne van Kesteren wrote: >> On Mon, 23 Jul 2007 20:29:42 +0200, Jonas Sicking <jonas@sicking.cc> >> wrote: >>>> OK, forget the ? notation. Your examples are very clear and we seem >>>> in full alignment that <foo.com> includes sub domains but >>>> <*.foo.com> wouldn't include foo.com itself. >>> >>> Sounds great. What do other people think of switching to this syntax? >>> The difference from the current spec would be to change >> >> The only slightly confusing thing is that <http://foo.com> also >> matches <http://bar.foo.com> but I suppose that's ok. > > Yeah, I agree, but given all other alternatives I think this is better. > If for example someone does > > CAC: allow <*> exclude <http://evil.com> > > is most likely useless since the owners of very.evil.com are the same > ones as evil.com. So it's not unlikely that the rule can be easily > circumvented. > > It's not ideal, but it's the least bad suggestion yet IMHO. Sorry if the above is confusing. What I meant was that the above bad scenario can happen unless we let http://evil.com match all subdomains as well. / Jonas
Received on Thursday, 26 July 2007 04:41:06 UTC