Re: [DNSOP] Public Suffix List
Jamie Lokier <jamie@shareable.org> Wed, 11 June 2008 14:28 UTC
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@lists.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D9FF3A69CB; Wed, 11 Jun 2008 07:28:41 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F3E363A6928 for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 07:28:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.963
X-Spam-Level:
X-Spam-Status: No, score=-3.963 tagged_above=-999 required=5 tests=[AWL=-1.364, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dIrMJz9wZJgI for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 07:28:38 -0700 (PDT)
Received: from mail2.shareable.org (mail2.shareable.org [80.68.89.115]) by core3.amsl.com (Postfix) with ESMTP id BE0D83A69C4 for <dnsop@ietf.org>; Wed, 11 Jun 2008 07:28:38 -0700 (PDT)
Received: from jamie by mail2.shareable.org with local (Exim 4.63) (envelope-from <jamie@shareable.org>) id 1K6RJm-00081q-1C; Wed, 11 Jun 2008 15:28:54 +0100
Date: Wed, 11 Jun 2008 15:28:53 +0100
From: Jamie Lokier <jamie@shareable.org>
To: Gervase Markham <gerv@mozilla.org>
Message-ID: <20080611142853.GA30686@shareable.org>
References: <484D5B88.3090902@mozilla.org> <9C47AC3F-A0EA-48BB-9B28-DFD2C4855EB3@virtualized.org> <484E52F4.5030402@mozilla.org> <20080610111454.GE25910@shareable.org> <87prqpum6n.fsf@mid.deneb.enyo.de> <484F8DB4.5030500@mozilla.org> <484F8F93.8020808@NLnetLabs.nl> <484F965A.1000709@mozilla.org> <20080611103103.GA25556@shareable.org> <484FC15E.8090804@mozilla.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <484FC15E.8090804@mozilla.org>
User-Agent: Mutt/1.5.13 (2006-08-11)
Cc: dnsop@ietf.org, David Conrad <drc@virtualized.org>, ietf-http-wg@w3.org, Jelte Jansen <jelte@NLnetLabs.nl>
Subject: Re: [DNSOP] Public Suffix List
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org
Gervase Markham wrote: > > Oh? How is this reconciled with earlier comments that > > login.mybank.co.uk and accounts.mybank.co.uk are grouped together - or > > is the Public Suffix List only for history grouping in browsers, not > > for cookie sharing? > > under the current code ... www.mybank.co.uk can set cookies for > ... co.uk (shared with adserver.co.uk but not with myorg.org.uk). > > It is this latter use we want to prevent. We can do so by stopping > cookies being set for any domain which is a public suffix. I'm not seeing how this is different from mybank.livejournal.com setting cookies on livejournal.com which can be read by adserver.livejournal.com. livejournal.com needs to be on your Public Suffix List to prevent that - if the content from subdomains can set their own cookies. Maybe not on Livejournal, but there are sites where it's possible. Even in mybank.co.uk, it's typical that login.mybank.co.uk and thirdpartyinformation.mybank.co.uk will be somewhat independent. The latter should not be setting arbitrary cookies affecting the former, imho - security, rather than privacy. Regarding the "break the contract with adserver" argument, there are plenty of ways for mybank.co.uk to pass tracking info to adserver.co.uk by contract. Banning cross-domain cookies in this casFrom dnsop-bounces@ietf.org Wed Jun 11 07:28:41 2008 Return-Path: <dnsop-bounces@ietf.org> X-Original-To: dnsop-archive@optimus.ietf.org Delivered-To: ietfarch-dnsop-archive@core3.amsl.com Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D9FF3A69CB; Wed, 11 Jun 2008 07:28:41 -0700 (PDT) X-Original-To: dnsop@core3.amsl.com Delivered-To: dnsop@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F3E363A6928 for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 07:28:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.963 X-Spam-Level: X-Spam-Status: No, score=-3.963 tagged_above=-999 required=5 tests=[AWL=-1.364, BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dIrMJz9wZJgI for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 07:28:38 -0700 (PDT) Received: from mail2.shareable.org (mail2.shareable.org [80.68.89.115]) by core3.amsl.com (Postfix) with ESMTP id BE0D83A69C4 for <dnsop@ietf.org>; Wed, 11 Jun 2008 07:28:38 -0700 (PDT) Received: from jamie by mail2.shareable.org with local (Exim 4.63) (envelope-from <jamie@shareable.org>) id 1K6RJm-00081q-1C; Wed, 11 Jun 2008 15:28:54 +0100 Date: Wed, 11 Jun 2008 15:28:53 +0100 From: Jamie Lokier <jamie@shareable.org> To: Gervase Markham <gerv@mozilla.org> Message-ID: <20080611142853.GA30686@shareable.org> References: <484D5B88.3090902@mozilla.org> <9C47AC3F-A0EA-48BB-9B28-DFD2C4855EB3@virtualized.org> <484E52F4.5030402@mozilla.org> <20080610111454.GE25910@shareable.org> <87prqpum6n.fsf@mid.deneb.enyo.de> <484F8DB4.5030500@mozilla.org> <484F8F93.8020808@NLnetLabs.nl> <484F965A.1000709@mozilla.org> <20080611103103.GA25556@shareable.org> <484FC15E.8090804@mozilla.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <484FC15E.8090804@mozilla.org> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: dnsop@ietf.org, David Conrad <drc@virtualized.org>, ietf-http-wg@w3.org, Jelte Jansen <jelte@NLnetLabs.nl> Subject: Re: [DNSOP] Public Suffix List X-BeenThere: dnsop@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org> List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe> List-Archive: <http://www.ietf.org/pipermail/dnsop> List-Post: <mailto:dnsop@ietf.org> List-Help: <mailto:dnsop-request@ietf.org?subject=help> List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: dnsop-bounces@ietf.org Errors-To: dnsop-bounces@ietf.org Gervase Markham wrote: > > Oh? How is this reconciled with earlier comments that > > login.mybank.co.uk and accounts.mybank.co.uk are grouped together - or > > is the Public Suffix List only for history grouping in browsers, not > > for cookie sharing? > > under the current code ... www.mybank.co.uk can set cookies for > ... co.uk (shared with adserver.co.uk but not with myorg.org.uk). > > It is this latter use we want to prevent. We can do so by stopping > cookies being set for any domain which is a public suffix. I'm not seeing how this is different from mybank.livejournal.com setting cookies on livejournal.com which can be read by adserver.livejournal.com. livejournal.com needs to be on your Public Suffix List to prevent that - if the content from subdomains can set their own cookies. Maybe not on Livejournal, but there are sites where it's possible. Even in mybank.co.uk, it's typical that login.mybank.co.uk and thirdpartyinformation.mybank.co.uk will be somewhat independent. The latter should not be setting arbitrary cookies affecting the former, imho - security, rather than privacy. Regarding the "break the contract with adserver" argument, there are plenty of ways for mybank.co.uk to pass tracking info to adserver.co.uk by contract. Banning cross-domain cookies in this ce just forces them to use another method. > (Again, I comment that cookies are not the only way we are using this > information.) I don't think anybody minds how you use the information to present History dialogs and such. Just whether it breaks applications that come to depend on the structure of the list, and whether it adds another barrier for site publishers who serve public content in a way which resembles NICs. -- Jamie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop ase just forces them to use another method. > (Again, I comment that cookies are not the only way we are using this > information.) I don't think anybody minds how you use the information to present History dialogs and such. Just whether it breaks applications that come to depend on the structure of the list, and whether it adds another barrier for site publishers who serve public content in a way which resembles NICs. -- Jamie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Jeroen Massar
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Antoin Verschuren
- Re: [DNSOP] Public Suffix List bert hubert
- Re: [DNSOP] Public Suffix List Antoin Verschuren
- Re: [DNSOP] Public Suffix List Elmar K. Bins
- Re: [DNSOP] Public Suffix List Edward Lewis
- Re: [DNSOP] Public Suffix List bert hubert
- Re: [DNSOP] Public Suffix List bert hubert
- Re: [DNSOP] Public Suffix List Patrik Fältström
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Patrik Fältström
- Re: [DNSOP] Public Suffix List Yngve Nysaeter Pettersen
- Re: [DNSOP] Public Suffix List Wes Hardaker
- Re: [DNSOP] Public Suffix List Edward Lewis
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Andrew Sullivan
- Re: [DNSOP] Public Suffix List Yngve Nysaeter Pettersen
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Andrew Sullivan
- Re: [DNSOP] Public Suffix List David Conrad
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List David Conrad
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Brian Dickson
- Re: [DNSOP] Public Suffix List Peter Koch
- Re: [DNSOP] Public Suffix List Eric Brunner-Williams
- Re: [DNSOP] Public Suffix List Eric Brunner-Williams
- Re: [DNSOP] Public Suffix List David Conrad
- Re: [DNSOP] Public Suffix List Kim Davies
- Re: [DNSOP] Public Suffix List Paul Hoffman
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Joe Abley
- Re: [DNSOP] Public Suffix List Phil Regnauld
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Andrew Sullivan
- Re: [DNSOP] Public Suffix List Ted Lemon
- Re: [DNSOP] Public Suffix List Doug Barton
- Re: [DNSOP] Public Suffix List Paul Hoffman
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Jeroen Massar
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Henrik Nordstrom
- Re: [DNSOP] Public Suffix List Adrien de Croy
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Wes Hardaker
- Re: [DNSOP] Public Suffix List Dean Anderson
- Re: [DNSOP] Public Suffix List David Conrad
- Re: [DNSOP] Public Suffix List Paul Hoffman
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Doug Barton
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Mark Foster
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Mark Foster
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Henrik Nordstrom
- Re: [DNSOP] Public Suffix List Henrik Nordstrom
- Re: [DNSOP] Public Suffix List Henrik Nordstrom
- Re: [DNSOP] Public Suffix List Henrik Nordstrom
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Jelte Jansen
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List Henrik Nordstrom
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Jeroen Massar
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Jeroen Massar
- Re: [DNSOP] Public Suffix List Joe Baptista
- Re: [DNSOP] Public Suffix List - Please move disc… Mark Nottingham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List - Please move disc… Edward Lewis
- Re: [DNSOP] Public Suffix List Jamie Lokier
- Re: [DNSOP] Public Suffix List - Please move disc… Gervase Markham
- Re: [DNSOP] Public Suffix List - Please move disc… bmanning
- Re: [DNSOP] Public Suffix List - Please move disc… Gervase Markham
- Re: [DNSOP] Public Suffix List - Please move disc… Joe Baptista
- Re: [DNSOP] Public Suffix List Ted Lemon
- Re: [DNSOP] Public Suffix List - Please move disc… Ted Lemon
- Re: [DNSOP] Public Suffix List - Please move disc… Gervase Markham
- Re: [DNSOP] Public Suffix List - Please move disc… Gervase Markham
- Re: [DNSOP] Public Suffix List Brian Dickson
- Re: [DNSOP] Public Suffix List - Please move disc… Joe Baptista
- Re: [DNSOP] Public Suffix List David Conrad
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Ted Lemon
- Re: [DNSOP] Public Suffix List Florian Weimer
- Re: [DNSOP] Public Suffix List Ted Lemon
- Re: [DNSOP] Public Suffix List SM
- Re: [DNSOP] Public Suffix List Dean Anderson
- Re: [DNSOP] Public Suffix List - Please move disc… Antoin Verschuren
- Re: [DNSOP] Public Suffix List - Please move disc… Stephane Bortzmeyer
- Re: [DNSOP] Public Suffix List - Please move disc… Antoin Verschuren
- Re: [DNSOP] Public Suffix List - Please move disc… Gervase Markham
- Re: [DNSOP] Public Suffix List Gervase Markham
- Re: [DNSOP] Public Suffix List Niall O'Reilly
- Re: [DNSOP] Public Suffix List Yngve Nysaeter Pettersen
- Re: [DNSOP] Public Suffix List Ted Lemon
- Re: [DNSOP] Public Suffix List Ted Lemon
- Re: [DNSOP] Public Suffix List Yngve Nysaeter Pettersen
- Re: [DNSOP] Public Suffix List Brian Dickson