Re: HTML5 and Public Suffix

On Thu, Jan 29, 2009 at 03:35:05PM +0100, Anne van Kesteren wrote:
> Hi,
>
> I told Yngve that HTML5 now relies on http://publicsuffix.org/ for
> document.domain (ancient DOM attribute used to relieve some security
> restrictions). He told me it would be a good idea to notify you, the
> chairs of dnsop and dnsext, so I thought I would do that.

I don't pretend to begin to understand document.domain or how
important it is; but as I've argued every time the topic has come up,
http://publicsuffix.org is a bad idea.  It covers neither the
necessary nor sufficient cases it is pretending to cover.  The
insistence that it does either reveals a deep misunderstanding of what
a zone is (or, more exactly, is not) in the DNS; or else indicates some
misplaced desire that a hideous hack poorly designed to work around
the poorly-designed cookie specification ought to become a permanent
part of the Web's infrastructure.  In my opinion, either explanation
is lamentable.

Zones do not work according to the implicit premises of
publicsuffix.org, and they're never going to as long as we continue to
use DNS.  What we might be able to do is come up with a trick inside
DNS for zone operators to express their relationship to other zones.
In particular, what I have in mind is a mechanism for parents to
publish some sort of policy about their relationship to their
children.  Probably this would not be in the DNS itself, but a record
(maybe SRV or something like that) could go in the zone so that an
agent could find the policy easily.  So far, however, when I've
floated this idea I've had a chilly reception from the
publicsuffix.org proponents.  I have no idea why, but it has dampened
my enthusiasm to bother working on a complete proposal if part of the
target audience won't be bothered to review it.

A

-- 
Andrew Sullivan
ajs@shinkuro.com
Shinkuro, Inc.

Received on Thursday, 29 January 2009 17:13:33 UTC