- From: Bil Corry <bil@corry.biz>
- Date: Sat, 28 May 2011 09:08:38 -0700
- To: Adam Barth <w3c@adambarth.com>
- CC: public-web-security@w3.org
Adam Barth wrote on 4/20/2011 1:06 PM: > Currently, the spec says to restrict the report-uri to "public suffix > +1 DNS label." Philosophically, I don't think we should be adding > more things to the web platform that depend on the public suffix list. > That list is basically a hack we need to make cookies not be a > complete security disaster. Having more things use the that list is > bad of the web. From an ease-of-deployment standpoint, being able to centrally collect violation reports from disparate sites would be ideal. The other advantage is one could create a service to help small (perhaps mostly static) sites collect/process this information. - Bil
Received on Saturday, 28 May 2011 16:09:09 UTC