Re: [DNSOP] Public Suffix List

Gervase Markham <gerv@mozilla.org> Wed, 11 June 2008 12:45 UTC

Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@optimus.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4A0913A6838; Wed, 11 Jun 2008 05:45:37 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 50E583A685D for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 05:45:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.075
X-Spam-Level:
X-Spam-Status: No, score=-4.075 tagged_above=-999 required=5 tests=[AWL=-0.476, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CzRodHcApqkJ for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 05:45:20 -0700 (PDT)
Received: from jet.mythic-beasts.com (jet.mythic-beasts.com [193.201.200.50]) by core3.amsl.com (Postfix) with ESMTP id 42AD63A6824 for <dnsop@ietf.org>; Wed, 11 Jun 2008 05:45:18 -0700 (PDT)
Received: from grmarkham.plus.com ([80.229.30.161] helo=[192.168.1.6]) by jet.mythic-beasts.com with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1K6Phm-0003tS-Ur; Wed, 11 Jun 2008 13:45:39 +0100
Message-ID: <484FC8E8.4090501@mozilla.org>
Date: Wed, 11 Jun 2008 13:45:28 +0100
From: Gervase Markham <gerv@mozilla.org>
User-Agent: Thunderbird 3.0a1 (X11/2008050714)
MIME-Version: 1.0
To: Jeroen Massar <jeroen@unfix.org>
References: <484D52EC.1090608@mozilla.org> <C5894EBB-D4AA-40AD-8A38-2F4CD8A07D66@virtualized.org> <484D5B88.3090902@mozilla.org> <9C47AC3F-A0EA-48BB-9B28-DFD2C4855EB3@virtualized.org> <484E52F4.5030402@mozilla.org> <20080610111454.GE25910@shareable.org> <87prqpum6n.fsf@mid.deneb.enyo.de> <484F8DB4.5030500@mozilla.org> <484F8F93.8020808@NLnetLabs.nl> <484F965A.1000709@mozilla.org> <20080611103103.GA25556@shareable.org> <484FC15E.8090804@mozilla.org> <484FC383.3080600@spaghetti.zurich.ibm.com>
In-Reply-To: <484FC383.3080600@spaghetti.zurich.ibm.com>
Received-SPF: none (jet.mythic-beasts.com: domain of gerv@mozilla.org does not designate permitted sender hosts) client-ip=80.229.30.161 envelope-from=gerv@mozilla.org helo=[192.168.1.6]
X-BlackCat-Spam-Score: -17
Cc: dnsop@ietf.org, Jamie Lokier <jamie@shareable.org>, David Conrad <drc@virtualized.org>, ietf-http-wg@w3.org, Jelte Jansen <jelte@NLnetLabs.nl>
Subject: Re: [DNSOP] Public Suffix List
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

Jeroen Massar wrote:
> If adserver.co.uk (as they are 'evil') sets a cookie for co.uk then
> indeed that cookie gets sent to mybank.co.uk too. What harm does/can
> this do? (Except that they might set a cookie identical of type to the
> bank one and maybe auto-login to their bank account!?)

<sigh>

Say adserver.co.uk has contracts with mybank.co.uk, mygrocer.co.uk,
mypetstore.co.uk to supply them with ads. adserver.co.uk can set the
ad-tracking cookie for .co.uk and build up a cross-site profile of a
particular user, perhaps augmented by information passed to them by one
or more of the sites concerned. This is a privacy issue. Therefore, they
should not be permitted to set such cookies. The only way to do that,
while continuing to allow foo.com to set cookies, is for the browser to
know the difference between co.uk and foo.com.

Gerv
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop