public suffix list: when opacity meets security [metaDataInURI-31 siteData-36]

I wonder how the principle of opacity applies in this case...
http://www.w3.org/TR/webarch/#pr-uri-opacity

The proposal is:

[[
The Mozilla Project (http://www.mozilla.org/), responsible for the
Firefox web browser, requests your help.

We are maintaining a list of all "Public Suffixes". A Public Suffix is a
domain label under which internet users can directly register domains.
Examples of Public Suffixes are ".net", ".org.uk" and ".pvt.k12.ca.us".
In other words, the list is an encoding of the "structure" of each
top-level domain, so a TLD may contain many Public Suffixes. This
information is used by web browsers for several purposes - for example,
to make sure they have secure cookie-setting policies. For more details,
see http://publicsuffix.org/learn/.
]]
 -- Gervase Markham (Monday, 9 June)
  http://lists.w3.org/Archives/Public/ietf-http-wg/2008AprJun/0483.html

arguments against include:

[[
By proper design you can easily make cross-site cookies be
verifiable. Set out the goal that a site must indicate that cross-site
cookies is allowed for it to be accepted, and then work from there.
There is many paths how to get there, and the more delegated you make it
close to the owners and operators of the sites the better.

The big question is what that design should look like, but it's
certainly not a central repository with copies hardcoded into software.
]]
 -- Henrik Nordstrom  10 Jun 2008
  http://lists.w3.org/Archives/Public/ietf-http-wg/2008AprJun/0552.html


tracker: ISSUE-31, ISSUE-36

-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
gpg D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E

Received on Thursday, 19 June 2008 16:01:47 UTC