Re: Violation reports

Adam Barth wrote on 4/20/2011 1:06 PM:
> Currently, the spec says to restrict the report-uri to "public suffix
> +1 DNS label."  Philosophically, I don't think we should be adding
> more things to the web platform that depend on the public suffix list.
>   That list is basically a hack we need to make cookies not be a
> complete security disaster.  Having more things use the that list is
> bad of the web.

 From an ease-of-deployment standpoint, being able to centrally collect violation reports from disparate sites would be ideal.  The other advantage is one could create a service to help small (perhaps mostly static) sites collect/process this information.

- Bil

Received on Saturday, 28 May 2011 16:09:09 UTC