Re: [DNSOP] Public Suffix List
Henrik Nordstrom <henrik@henriknordstrom.net> Wed, 11 June 2008 11:03 UTC
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@lists.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9E0A53A689D; Wed, 11 Jun 2008 04:03:10 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8E7FB3A689D for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 04:03:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.171
X-Spam-Level:
X-Spam-Status: No, score=-4.171 tagged_above=-999 required=5 tests=[AWL=-1.572, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p2Crh4oNijno for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 04:03:04 -0700 (PDT)
Received: from vps1.henriknordstrom.net (vps1.henriknordstrom.net [195.20.207.177]) by core3.amsl.com (Postfix) with ESMTP id E892E28C117 for <dnsop@ietf.org>; Wed, 11 Jun 2008 04:01:49 -0700 (PDT)
Received: from henriknordstrom.net (183.159.216.81.static.tb.siw.siwnet.net [81.216.159.183]) by vps1.henriknordstrom.net (8.13.8/8.13.8/Debian-3) with ESMTP id m5BB25Lh031815; Wed, 11 Jun 2008 13:02:06 +0200
Received: from henrik ([127.0.0.1]) (authenticated bits=0) by henriknordstrom.net (8.12.11.20060308/8.12.8) with ESMTP id m5BB22Hv005523 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Wed, 11 Jun 2008 13:02:03 +0200
From: Henrik Nordstrom <henrik@henriknordstrom.net>
To: Gervase Markham <gerv@mozilla.org>
In-Reply-To: <484F9675.70103@mozilla.org>
References: <484CFF47.1050106@mozilla.org> <484D1533.4060300@spaghetti.zurich.ibm.com> <484D1883.4060002@mozilla.org> <sdej76og6p.fsf@wes.hardakers.net> <484D3C57.7010205@mozilla.org> <87abhtw1nv.fsf@mid.deneb.enyo.de> <1213131162.17978.41.camel@henriknordstrom.net> <484F9675.70103@mozilla.org>
Date: Wed, 11 Jun 2008 13:02:02 +0200
Message-Id: <1213182122.3341.75.camel@henriknordstrom.net>
Mime-Version: 1.0
X-Mailer: Evolution 2.10.3 (2.10.3-9.fc7)
X-Virus-Scanned: ClamAV version 0.91, clamav-milter version 0.91 on henriknordstrom.net
X-Virus-Status: Clean
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (vps1.henriknordstrom.net [195.20.207.177]); Wed, 11 Jun 2008 13:02:08 +0200 (CEST)
Cc: dnsop@ietf.org, ietf-http-wg@w3.org, Wes Hardaker <wjhns1@hardakers.net>
Subject: Re: [DNSOP] Public Suffix List
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0621871920=="
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org
On ons, 2008-06-11 at 10:10 +0100, Gervase Markham wrote: > Other list participants were warning about the possibility of people > abandoning Firefox in droves if there were cookie-related problems > caused by its use of public suffix list. If you do this wronly yes. > You, on the other hand, are > suggesting that we can just make changes to the way cookies work and > expect broken sites to fix themselves. These seem to be two > irreconcilable views of the future. No. Neither users or sites are completely static in nature. > Long history and experience has shown us that we can't just break > people's weFrom dnsop-bounces@ietf.org Wed Jun 11 04:03:10 2008 Return-Path: <dnsop-bounces@ietf.org> X-Original-To: dnsop-archive@optimus.ietf.org Delivered-To: ietfarch-dnsop-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9E0A53A689D; Wed, 11 Jun 2008 04:03:10 -0700 (PDT) X-Original-To: dnsop@core3.amsl.com Delivered-To: dnsop@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8E7FB3A689D for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 04:03:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.171 X-Spam-Level: X-Spam-Status: No, score=-4.171 tagged_above=-999 required=5 tests=[AWL=-1.572, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p2Crh4oNijno for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 04:03:04 -0700 (PDT) Received: from vps1.henriknordstrom.net (vps1.henriknordstrom.net [195.20.207.177]) by core3.amsl.com (Postfix) with ESMTP id E892E28C117 for <dnsop@ietf.org>; Wed, 11 Jun 2008 04:01:49 -0700 (PDT) Received: from henriknordstrom.net (183.159.216.81.static.tb.siw.siwnet.net [81.216.159.183]) by vps1.henriknordstrom.net (8.13.8/8.13.8/Debian-3) with ESMTP id m5BB25Lh031815; Wed, 11 Jun 2008 13:02:06 +0200 Received: from henrik ([127.0.0.1]) (authenticated bits=0) by henriknordstrom.net (8.12.11.20060308/8.12.8) with ESMTP id m5BB22Hv005523 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits8 verify=NOT); Wed, 11 Jun 2008 13:02:03 +0200 From: Henrik Nordstrom <henrik@henriknordstrom.net> To: Gervase Markham <gerv@mozilla.org> In-Reply-To: <484F9675.70103@mozilla.org> References: <484CFF47.1050106@mozilla.org> <484D1533.4060300@spaghetti.zurich.ibm.com> <484D1883.4060002@mozilla.org> <sdej76og6p.fsf@wes.hardakers.net> <484D3C57.7010205@mozilla.org> <87abhtw1nv.fsf@mid.deneb.enyo.de> <1213131162.17978.41.camel@henriknordstrom.net> <484F9675.70103@mozilla.org> Date: Wed, 11 Jun 2008 13:02:02 +0200 Message-Id: <1213182122.3341.75.camel@henriknordstrom.net> Mime-Version: 1.0 X-Mailer: Evolution 2.10.3 (2.10.3-9.fc7) X-Virus-Scanned: ClamAV version 0.91, clamav-milter version 0.91 on henriknordstrom.net X-Virus-Status: Clean X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (vps1.henriknordstrom.net [195.20.207.177]); Wed, 11 Jun 2008 13:02:08 +0200 (CEST) Cc: dnsop@ietf.org, ietf-http-wg@w3.org, Wes Hardaker <wjhns1@hardakers.net> Subject: Re: [DNSOP] Public Suffix List X-BeenThere: dnsop@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org> List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe> List-Archive: <http://www.ietf.org/pipermail/dnsop> List-Post: <mailto:dnsop@ietf.org> List-Help: <mailto:dnsop-request@ietf.org?subject=help> List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe> Content-Type: multipart/mixed; boundary="=======21871920=" Sender: dnsop-bounces@ietf.org Errors-To: dnsop-bounces@ietf.org
On ons, 2008-06-11 at 10:10 +0100, Gervase Markham wrote: > Other list participants were warning about the possibility of people > abandoning Firefox in droves if there were cookie-related problems > caused by its use of public suffix list. If you do this wronly yes. > You, on the other hand, are > suggesting that we can just make changes to the way cookies work and > expect broken sites to fix themselves. These seem to be two > irreconcilable views of the future. No. Neither users or sites are completely static in nature. > Long history and experience has shown us that we can't just break > people's bsites like that. Sites do break in upgrades. Problems arise if you break too many of them and neither the site operators of users have an easy way around, or when they do not understand why things broke. Fortunately the area we are discussing is fundamentally broken by design, and sites do break today differently in different browsers. If you want something positive to come out of discussions like this you have to have a little more open mind in looking where to find solutions. There is at least 10 different solutions to the cookie domain problem, of varying complexity and feasibility. Your proposed list is one, and not a competely bad one, but very incomplete and too static to be feasible as "the" solution to this problem. But it's a reasonable interim step to patch things up while discussing how the actual problem should be addressed. In short the cookie problem is threefold: a) Receivers of a cookie have no way of knowing who issued that cookie. b) Receivers of cookies have no means of indicating who is allowed to set cookies for them. c) Issuers of cookies often want to issue a cookie to multiple domains all of which is under their administrative control, but often have to figth the very blunt domain based filters. As result we have many designs using URL based transfer of the cookie details when moving from one site to another when better operation would be seen if the cookie could be managed as a single cookie valid for multiple sites. These "URL based cookie tunnels" is often installed as a way around broken browser cookie policies, and I would suspect they often create gaping security issues from lacking awareness of why these policies even exists. Regards Henrik
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Jeroen Massar
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Antoin Verschuren
- Re: [DNSOP] Public Suffix List bert hubert
- Re: [DNSOP] Public Suffix List Antoin Verschuren
- Re: [DNSOP] Public Suffix List Elmar K. Bins
- Re: [DNSOP] Public Suffix List Edward Lewis
- Re: [DNSOP] Public Suffix List bert hubert
- Re: [DNSOP] Public Suffix List bert hubert
- Re: [DNSOP] Public Suffix List Patrik Fältström
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Patrik Fältström
- Re: [DNSOP] Public Suffix List Yngve Nysaeter Pettersen
- Re: [DNSOP] Public Suffix List Wes Hardaker
- Re: [DNSOP] Public Suffix List Edward Lewis
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Andrew Sullivan
- Re: [DNSOP] Public Suffix List Yngve Nysaeter Pettersen
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Andrew Sullivan
- Re: [DNSOP] Public Suffix List David Conrad
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List David Conrad
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Brian Dickson
- Re: [DNSOP] Public Suffix List Peter Koch
- Re: [DNSOP] Public Suffix List Eric Brunner-Williams
- Re: [DNSOP] Public Suffix List Eric Brunner-Williams
- Re: [DNSOP] Public Suffix List David Conrad
- Re: [DNSOP] Public Suffix List Kim Davies
- Re: [DNSOP] Public Suffix List Paul Hoffman
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Joe Abley
- Re: [DNSOP] Public Suffix List Phil Regnauld
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Andrew Sullivan
- Re: [DNSOP] Public Suffix List Ted Lemon
- Re: [DNSOP] Public Suffix List Doug Barton
- Re: [DNSOP] Public Suffix List Paul Hoffman
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Jeroen Massar
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Henrik Nordstrom
- Re: [DNSOP] Public Suffix List Adrien de Croy
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Wes Hardaker
- Re: [DNSOP] Public Suffix List Dean Anderson
- Re: [DNSOP] Public Suffix List David Conrad
- Re: [DNSOP] Public Suffix List Paul Hoffman
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Doug Barton
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Mark Foster
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Mark Foster
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Henrik Nordstrom
- Re: [DNSOP] Public Suffix List Henrik Nordstrom
- Re: [DNSOP] Public Suffix List Henrik Nordstrom
- Re: [DNSOP] Public Suffix List Henrik Nordstrom
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Jelte Jansen
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Henrik Nordstrom
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Jeroen Massar
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Jeroen Massar
- Re: [DNSOP] Public Suffix List Joe Baptista
- Re: [DNSOP] Public Suffix List - Please move disc… Mark Nottingham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List - Please move disc… Edward Lewis
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List - Please move disc… Gervase Markham
- Re: [DNSOP] Public Suffix List - Please move disc… bmanning
- Re: [DNSOP] Public Suffix List - Please move disc… Gervase Markham
- Re: [DNSOP] Public Suffix List - Please move disc… Joe Baptista
- Re: [DNSOP] Public Suffix List Ted Lemon
- Re: [DNSOP] Public Suffix List - Please move disc… Ted Lemon
- Re: [DNSOP] Public Suffix List - Please move disc… Gervase Markham
- Re: [DNSOP] Public Suffix List - Please move disc… Gervase Markham
- Re: [DNSOP] Public Suffix List Brian Dickson
- Re: [DNSOP] Public Suffix List - Please move disc… Joe Baptista
- Re: [DNSOP] Public Suffix List David Conrad
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Ted Lemon
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Ted Lemon
- Re: [DNSOP] Public Suffix List SM
- Re: [DNSOP] Public Suffix List Dean Anderson
- Re: [DNSOP] Public Suffix List - Please move disc… Antoin Verschuren
- Re: [DNSOP] Public Suffix List - Please move disc… Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List - Please move disc… Antoin Verschuren
- Re: [DNSOP] Public Suffix List - Please move disc… Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Niall O'Reilly
- Re: [DNSOP] Public Suffix List Yngve Nysaeter Pettersen
- Re: [DNSOP] Public Suffix List Ted Lemon
- Re: [DNSOP] Public Suffix List Ted Lemon
- Re: [DNSOP] Public Suffix List Yngve Nysaeter Pettersen
- Re: [DNSOP] Public Suffix List Brian Dickson