same-origin assertions in the DNS (Fwd: [apps-discuss] draft-sullivan-domain-origin-assert-00)

• From: Thomas Roessler <tlr@w3.org>
• Date: Sat, 5 May 2012 12:18:07 +0200
• To: public-webappsec@w3.org
• Cc: Thomas Roessler <tlr@w3.org>, Andrew Sullivan <ajs@anvilwalrusden.com>
• Message-Id: <71E4E1CE-5ECD-49DC-A841-564653EC6C4E@w3.org>

For your information:
	http://tools.ietf.org/html/draft-sullivan-domain-origin-assert-00

This seems targeted at situations where different domain names want to assert that they're something like same-origin, and for use by security policies implemented in browsers.

I suggest to direct review comments either to the apps-discuss list, or to public-web-security@w3.org.

Thanks,
-- 
Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)







Begin forwarded message:

> From: Andrew Sullivan <ajs@anvilwalrusden.com>
> Subject: [apps-discuss] draft-sullivan-domain-origin-assert-00
> Date: May 4, 2012 23:08:53 +0200
> To: apps-discuss@ietf.org
> List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
> 
> Dear colleagues,
> 
> I posted today draft-sullivan-domain-origin-assert-00.txt.  The point
> of this draft is to outline a way of publishing records in the DNS, so
> that one can figure out what names have some sort of administrative
> link to one another (I've called this the "administrative realm",
> although probably not consistently, and I'm not too happy with the
> term).  The idea is that you'd be able to use the mechanism in order
> either to consider different DNS names as somehow linked together (so
> that, for instance, cookie policies or other such things could be
> adapted accordingly), or (more often) to determine that names are
> _not_ linked together in order to foil illegitimate attempts to assert
> links.  
> 
> I can't think of any other list that is appropriate, but if people
> have an alternative I'm all ears.  I haven't explicitly pointed
> commenters at this list yet, pending permission from the list
> moderators.
> 
> Comments (shredding, &c. &c.) are eagerly solicited.  
> 
> Best regards,
> 
> A
> 
> -- 
> Andrew Sullivan
> ajs@anvilwalrusden.com
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss
> 

Received on Saturday, 5 May 2012 10:18:11 UTC