Re: [DNSOP] Public Suffix List

Henrik Nordstrom <henrik@henriknordstrom.net> Tue, 10 June 2008 20:43 UTC

Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@lists.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9E4883A6ABB; Tue, 10 Jun 2008 13:43:42 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 40D7B3A68A9 for <dnsop@core3.amsl.com>; Tue, 10 Jun 2008 13:43:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.44
X-Spam-Level:
X-Spam-Status: No, score=-4.44 tagged_above=-999 required=5 tests=[AWL=-1.841, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5S9tWlGkscid for <dnsop@core3.amsl.com>; Tue, 10 Jun 2008 13:43:40 -0700 (PDT)
Received: from vps1.henriknordstrom.net (vps1.henriknordstrom.net [195.20.207.177]) by core3.amsl.com (Postfix) with ESMTP id CB1C13A6A8F for <dnsop@ietf.org>; Tue, 10 Jun 2008 13:43:39 -0700 (PDT)
Received: from henriknordstrom.net (183.159.216.81.static.tb.siw.siwnet.net [81.216.159.183]) by vps1.henriknordstrom.net (8.13.8/8.13.8/Debian-3) with ESMTP id m5AKhpkf015650; Tue, 10 Jun 2008 22:43:52 +0200
Received: from henrik ([127.0.0.1]) (authenticated bits=0) by henriknordstrom.net (8.12.11.20060308/8.12.8) with ESMTP id m5AKhoWj027095 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Tue, 10 Jun 2008 22:43:51 +0200
From: Henrik Nordstrom <henrik@henriknordstrom.net>
To: Gervase Markham <gerv@mozilla.org>
In-Reply-To: <484E53B2.6030404@mozilla.org>
References: <484CFF47.1050106@mozilla.org> <20080609142926.GC83012@commandprompt.com> <484D4191.104@mozilla.org> <20080609162426.GA2596@shareable.org> <484D5A44.30603@mozilla.org> <20080609163659.GC2596@shareable.org> <484D5F3B.8040902@mozilla.org> <20080610100917.GA25910@shareable.org> <484E53B2.6030404@mozilla.org>
Date: Tue, 10 Jun 2008 22:43:50 +0200
Message-Id: <1213130630.17978.35.camel@henriknordstrom.net>
Mime-Version: 1.0
X-Mailer: Evolution 2.10.3 (2.10.3-9.fc7)
X-Virus-Scanned: ClamAV version 0.91, clamav-milter version 0.91 on henriknordstrom.net
X-Virus-Status: Clean
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (vps1.henriknordstrom.net [195.20.207.177]); Tue, 10 Jun 2008 22:43:57 +0200 (CEST)
Cc: dnsop@ietf.org, Jamie Lokier <jamie@shareable.org>, ietf-http-wg@w3.org
Subject: Re: [DNSOP] Public Suffix List
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2018210151=="
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

On tis, 2008-06-10 at 11:13 +0100, Gervase Markham wrote:

> OK. Then we are basically back to Yngve's suggestion. But this does
> require universal take-up for universal support - and that, as someone
> else has pointed out, makes it (in my opinion) doomed.

Not really. By proper design you can easily make cross-site cookies be
verifiable. Set out the goal that a site must indicate that cross-site
cookies is allowed for it to be accepted, and then work from there.
There is many paths how to get there, and the more delegated you make it
close to the owners and operators of the sites theFrom dnsop-bounces@ietf.org  Tue Jun 10 13:43:42 2008
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@optimus.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 9E4883A6ABB;
	Tue, 10 Jun 2008 13:43:42 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 40D7B3A68A9
	for <dnsop@core3.amsl.com>om>; Tue, 10 Jun 2008 13:43:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.44
X-Spam-Level: 
X-Spam-Status: No, score=-4.44 tagged_above=-999 required=5 tests=[AWL=-1.841, 
	BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 5S9tWlGkscid for <dnsop@core3.amsl.com>om>;
	Tue, 10 Jun 2008 13:43:40 -0700 (PDT)
Received: from vps1.henriknordstrom.net (vps1.henriknordstrom.net
	[195.20.207.177])
	by core3.amsl.com (Postfix) with ESMTP id CB1C13A6A8F
	for <dnsop@ietf.org>rg>; Tue, 10 Jun 2008 13:43:39 -0700 (PDT)
Received: from henriknordstrom.net (183.159.216.81.static.tb.siw.siwnet.net
	[81.216.159.183])
	by vps1.henriknordstrom.net (8.13.8/8.13.8/Debian-3) with ESMTP id
	m5AKhpkf015650; Tue, 10 Jun 2008 22:43:52 +0200
Received: from henrik ([127.0.0.1]) (authenticated bits=0)
	by henriknordstrom.net (8.12.11.20060308/8.12.8) with ESMTP id
	m5AKhoWj027095
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits8 verify=NOT);
	Tue, 10 Jun 2008 22:43:51 +0200
From: Henrik Nordstrom <henrik@henriknordstrom.net>
To: Gervase Markham <gerv@mozilla.org>
In-Reply-To: <484E53B2.6030404@mozilla.org>
References: <484CFF47.1050106@mozilla.org>
	<20080609142926.GC83012@commandprompt.com>	<484D4191.104@mozilla.org>
	<20080609162426.GA2596@shareable.org>	<484D5A44.30603@mozilla.org>
	<20080609163659.GC2596@shareable.org>	<484D5F3B.8040902@mozilla.org>
	<20080610100917.GA25910@shareable.org> <484E53B2.6030404@mozilla.org>
Date: Tue, 10 Jun 2008 22:43:50 +0200
Message-Id: <1213130630.17978.35.camel@henriknordstrom.net>
Mime-Version: 1.0
X-Mailer: Evolution 2.10.3 (2.10.3-9.fc7) 
X-Virus-Scanned: ClamAV version 0.91,
	clamav-milter version 0.91 on henriknordstrom.net
X-Virus-Status: Clean
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0
	(vps1.henriknordstrom.net [195.20.207.177]);
	Tue, 10 Jun 2008 22:43:57 +0200 (CEST)
Cc: dnsop@ietf.org, Jamie Lokier <jamie@shareable.org>rg>, ietf-http-wg@w3.org
Subject: Re: [DNSOP] Public Suffix List
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="======= 18210151="
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

On tis, 2008-06-10 at 11:13 +0100, Gervase Markham wrote:

> OK. Then we are basically back to Yngve's suggestion. But this does
> require universal take-up for universal support - and that, as someone
> else has pointed out, makes it (in my opinion) doomed.

Not really. By proper design you can easily make cross-site cookies be
verifiable. Set out the goal that a site must indicate that cross-site
cookies is allowed for it to be accepted, and then work from there.
There is many paths how to get there, and the more delegated you make it
close to the owners and operators of the sites the better.

The big question is what that design should look like, but it's
certainly not a central repository with copies hardcoded into software.
It's also not likely DNS as DNS is hop-by-hop in the HTTP world and
cookie management is end-to-end.. (the user agent might not even have
DNS access)

Securing cookies by blacklisting is not the right approach for many
reasons, and should only be seen as a temporary patch along the path to
secure cookie management and at best input for a interim default policy
in the next step on the road to secure cross-site cookie management.
Blacklisting is not a very bad idea, but neither long term viable or
flexible enough to work out well. But on the positive site it's a small
step forward from what we have today and very unlikely to cause
problems. But on the bad side it hides the problem making it more likely
to bite unsuspecting owners of domains in public registries which for
some reason isn't in that list..

Delegated whitelisting is the only approach that has a reasonable chance
of working out well in the long run imho. There is so many public
registration points today, and it will significantly increase over time.
Preferably done at the HTTP level or at least using HTTP as transport,
and not relying on number of components stripped from the requested host
name and similar silly rules. It should be possible to set a cookie for
www.example.com and www.example.net in a single transaction.

Another alternative would be to finally rework the cookie system proper
addressing this and the many other shortcomings of the current cookie
system, Reworking the cookie system would be nice, but I don't see this
likely to happen until HTTP/2.0...

Regards
Henrik
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop