Re: [DNSOP] Public Suffix List

Jamie Lokier <> Tue, 10 June 2008 12:31 UTC

Return-Path: <>
Received: from [] (localhost []) by (Postfix) with ESMTP id 33C053A6A5D; Tue, 10 Jun 2008 05:31:52 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id DB6B53A6A5D for <>; Tue, 10 Jun 2008 05:31:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.043
X-Spam-Status: No, score=-4.043 tagged_above=-999 required=5 tests=[AWL=-1.444, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id x64C6or1Onqw for <>; Tue, 10 Jun 2008 05:31:50 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id E904B3A6A3B for <>; Tue, 10 Jun 2008 05:31:49 -0700 (PDT)
Received: from jamie by with local (Exim 4.63) (envelope-from <>) id 1K6319-0007e3-MQ; Tue, 10 Jun 2008 13:32:03 +0100
Date: Tue, 10 Jun 2008 13:32:03 +0100
From: Jamie Lokier <>
To: Adrien de Croy <>
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc:, Gervase Markham <>,
Subject: Re: [DNSOP] Public Suffix List
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Adrien de Croy wrote:
Allow some "safe" cross-site 
> cookies?  What happens when it doesn't do that?  Do people even care 
> enough about that to live with this solution?

I must admit, I don't see what's wrong with disabling cross-site
cookies entirely.

If two related domains want to transfer credentials, sessions etc.,
there are other mechanisms to do it.

> In the end what will be the deciding factors?  I see users dumping FF3 
> when it doesn't work with the websites they know and trust.  I see the 
> reviews bemoaning compatibility issues.  Mozilla needs to be careful 
> when introducing something like this that can create many compatibility 
> issues where the previous version didn't have them.  In the end if some 
> large jurisdictions refuse to play along, where does that leave 
> Mozilla's users?  Looking for another browser perhaps..  Unless Mozilla 
> feels it has too many users, I'd urge caution in that area.

Perhaps the list should be used to implement a warning, easily
overridden per site, like the other cookie dialogs which Mozilla pops
up, rather than a hard block.

As a user I might prefer that.  I already like being able to say
"no thanks" to cookies on sites where I don't see any need.

-- Jamie
DNSOP mailing list