Re: [DNSOP] Public Suffix List

Ted Lemon <Ted.Lemon@nominum.com> Wed, 11 June 2008 20:37 UTC

Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@lists.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9C25C3A695F; Wed, 11 Jun 2008 13:37:17 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 67F9E3A6867 for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 13:37:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.444
X-Spam-Level:
X-Spam-Status: No, score=-6.444 tagged_above=-999 required=5 tests=[AWL=0.155, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QJa2FWIzXvJx for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 13:37:15 -0700 (PDT)
Received: from exprod7og111.obsmtp.com (exprod7og111.obsmtp.com [64.18.2.175]) by core3.amsl.com (Postfix) with ESMTP id 877C13A6800 for <dnsop@ietf.org>; Wed, 11 Jun 2008 13:37:15 -0700 (PDT)
Received: from source ([64.89.228.228]) (using TLSv1) by exprod7ob111.postini.com ([64.18.6.12]) with SMTP; Wed, 11 Jun 2008 13:37:40 PDT
Received: from webmail.nominum.com (webmail.nominum.com [64.89.228.50]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client CN "webmail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-ng.nominum.com (Postfix) with ESMTP id 4339456893; Wed, 11 Jun 2008 13:37:40 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com)
Received: from [10.0.1.103] (67.9.133.211) by webmail.nominum.com (64.89.228.50) with Microsoft SMTP Server (TLS) id 8.1.240.5; Wed, 11 Jun 2008 13:37:39 -0700
Message-ID: <DB9C8595-877A-465E-A4C7-3D29628CCF94@nominum.com>
From: Ted Lemon <Ted.Lemon@nominum.com>
To: Florian Weimer <fw@deneb.enyo.de>
In-Reply-To: <871w33hfz9.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0 (Apple Message framework v924)
Date: Wed, 11 Jun 2008 15:37:38 -0500
References: <484D52EC.1090608@mozilla.org> <C5894EBB-D4AA-40AD-8A38-2F4CD8A07D66@virtualized.org> <484D5B88.3090902@mozilla.org> <9C47AC3F-A0EA-48BB-9B28-DFD2C4855EB3@virtualized.org> <484E52F4.5030402@mozilla.org> <20080610111454.GE25910@shareable.org> <87prqpum6n.fsf@mid.deneb.enyo.de> <484F8DB4.5030500@mozilla.org> <484F8F93.8020808@NLnetLabs.nl> <484F965A.1000709@mozilla.org> <20080611103103.GA25556@shareable.org> <484FC15E.8090804@mozilla.org> <484FC383.3080600@spaghetti.zurich.ibm.com> <484FC8E8.4090501@mozilla.org> <878wxbhgn0.fsf@mid.deneb.enyo.de> <D72025EB-D67D-4F72-AD0C-8CA3890DAD32@nominum.com> <871w33hfz9.fsf@mid.deneb.enyo.de>
X-Mailer: Apple Mail (2.924)
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Public Suffix List
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

On Jun 11, 2008, at 3:30 PM, Florian Weimer wrote:
> Failure to do this
> does not grant read access to arbitrary cookies in itself.  But as I
> wrote, it might expose session fixation problems.

Right, the point is that the mozilla guys can't force web site  
implementors to do the right thing, but they still get dinged for a  
security flaw if the web site implementors do the wrong thing.   The  
only knob they can turn is this one.   So it makes a great deal of  
sense for them to try to turn it.

Also, you discounted the privacy issue in youFrom dnsop-bounces@ietf.org  Wed Jun 11 13:37:17 2008
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@optimus.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 9C25C3A695F;
	Wed, 11 Jun 2008 13:37:17 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 67F9E3A6867
	for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 13:37:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.444
X-Spam-Level: 
X-Spam-Status: No, score=-6.444 tagged_above=-999 required=5 tests=[AWL=0.155, 
	BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id QJa2FWIzXvJx for <dnsop@core3.amsl.com>;
	Wed, 11 Jun 2008 13:37:15 -0700 (PDT)
Received: from exprod7og111.obsmtp.com (exprod7og111.obsmtp.com [64.18.2.175])
	by core3.amsl.com (Postfix) with ESMTP id 877C13A6800
	for <dnsop@ietf.org>; Wed, 11 Jun 2008 13:37:15 -0700 (PDT)
Received: from source ([64.89.228.228]) (using TLSv1) by
	exprod7ob111.postini.com ([64.18.6.12]) with SMTP; 
	Wed, 11 Jun 2008 13:37:40 PDT
Received: from webmail.nominum.com (webmail.nominum.com [64.89.228.50])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(Client CN "webmail.nominum.com",
	Issuer "Go Daddy Secure Certification Authority" (verified OK))
	by shell-ng.nominum.com (Postfix) with ESMTP id 4339456893;
	Wed, 11 Jun 2008 13:37:40 -0700 (PDT)
	(envelope-from Ted.Lemon@nominum.com)
Received: from [10.0.1.103] (67.9.133.211) by webmail.nominum.com
	(64.89.228.50) with Microsoft SMTP Server (TLS) id 8.1.240.5;
	Wed, 11 Jun 2008 13:37:39 -0700
Message-ID: <DB9C8595-877A-465E-A4C7-3D29628CCF94@nominum.com>
From: Ted Lemon <Ted.Lemon@nominum.com>
To: Florian Weimer <fw@deneb.enyo.de>
In-Reply-To: <871w33hfz9.fsf@mid.deneb.enyo.de>
MIME-Version: 1.0 (Apple Message framework v924)
Date: Wed, 11 Jun 2008 15:37:38 -0500
References: <484D52EC.1090608@mozilla.org>
	<C5894EBB-D4AA-40AD-8A38-2F4CD8A07D66@virtualized.org>
	<484D5B88.3090902@mozilla.org>
	<9C47AC3F-A0EA-48BB-9B28-DFD2C4855EB3@virtualized.org>
	<484E52F4.5030402@mozilla.org>
	<20080610111454.GE25910@shareable.org>
	<87prqpum6n.fsf@mid.deneb.enyo.de>
	<484F8DB4.5030500@mozilla.org> <484F8F93.8020808@NLnetLabs.nl>
	<484F965A.1000709@mozilla.org>
	<20080611103103.GA25556@shareable.org>
	<484FC15E.8090804@mozilla.org>
	<484FC383.3080600@spaghetti.zurich.ibm.com>	<484FC8E8.4090501@mozilla.org>
	<878wxbhgn0.fsf@mid.deneb.enyo.de>
	<D72025EB-D67D-4F72-AD0C-8CA3890DAD32@nominum.com>
	<871w33hfz9.fsf@mid.deneb.enyo.de>
X-Mailer: Apple Mail (2.924)
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Public Suffix List
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

On Jun 11, 2008, at 3:30 PM, Florian Weimer wrote:
> Failure to do this
> does not grant read access to arbitrary cookies in itself.  But as I
> wrote, it might expose session fixation problems.

Right, the point is that the mozilla guys can't force web site  
implementors to do the right thing, but they still get dinged for a  
security flaw if the web site implementors do the wrong thing.   The  
only knob they can turn is this one.   So it makes a great deal of  
sense for them to try to turn it.

Also, you discounted the privacy issue in yr previous message, but  
the point is that in some countries privacy is actually a legal  
requirement, one which the Mozilla folks, I think rightly, feel some  
obligation to honor.

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop


our previous message, but  
the point is that in some countries privacy is actually a legal  
requirement, one which the Mozilla folks, I think rightly, feel some  
obligation to honor.

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop