Re: same-origin assertions in the DNS (Fwd: [apps-discuss] draft-sullivan-domain-origin-assert-00)

On Sun, May 06, 2012 at 07:17:43PM -0600, Peter Saint-Andre wrote:
> On 5/5/12 4:17 AM, Thomas Roessler wrote:
> > For your information:
> >
> > 
> > This seems targeted at situations where different domain names want to assert that they're something like same-origin, and for use by security policies implemented in browsers.
> Hi Thomas,
> Having talked with Andrew and other folks quite a bit about this topic
> (most recently at IETF 83), I'd say that ultimately it is directed at
> finding a way to build a scalable approach to solving the same problem
> that is solved right now with the public suffix list.

Well, both, really.

In my opinion, the public suffix list has a number of problems, one of
which is that its categorization isn't quite right: what it's trying
to communicate is whether a given domain is a registration-centric
domain across organizational boundaries.  Such an assertion is the
flip side of the same-origin policy, and therefore I think the two
issues can be addressed in a complementary way using one mechanism.
At least, I hope so.

Thanks to Thomas, in any case, for forwarding the mention.  Any review
is appreciated.



Andrew Sullivan

Received on Wednesday, 9 May 2012 21:25:07 UTC