Re: [DNSOP] Public Suffix List

[Jelte Jansen <jelte@NLnetLabs.nl>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gervase Markham wrote:
> Florian Weimer wrote:
>> * Jamie Lokier:
>> Yes.  I think Ebay suffers from these issues.
> 
> Indeed. This is one of the reasons that livejournal switched from
> www.livejournal.com/name to name.livejournal.com. It prevented rogue
> code on user sites stealing the cookies of other users.
> 

won't they run into the very same problem if only tld's (and their
sld's) are marked as don't-set-cookies-here? Or is livejournal.com also
supposed to get on the list of public suffixes?

And will they care? (well, livejournal might, but i could imagine some
others not to care enough to get themselves on it)

Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIT4+T4nZCKsdOncURAqZkAKCOxkwMs6By3zxef2AhKU7nP9+0qgCbBJZd
sEApH+yga8r+DXQVN76qpMQ=
=SP/N
-----END PGP SIGNATURE-----
_______________________________________________
DNSOP mailing list
DNSOP@ieFrom dnsop-bounces@ietf.org  Wed Jun 11 01:40:56 2008
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@lists.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id 0A1913A69CE;
	Wed, 11 Jun 2008 01:40:56 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by core3.amsl.com (Postfix) with ESMTP id DDB1F3A6A07
	for <dnsop@core3.amsl.com>; Wed, 11 Jun 2008 01:40:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.444
X-Spam-Level: 
X-Spam-Status: No, score=-2.444 tagged_above=-999 required=5
	tests=[AWL=-0.156, BAYES_00=-2.599, HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([64.170.98.32])
	by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id NkVO-0loDZaE for <dnsop@core3.amsl.com>;
	Wed, 11 Jun 2008 01:40:35 -0700 (PDT)
Received: from sol.nlnetlabs.nl (sol.nlnetlabs.nl
	[IPv6:2001:7b8:206:1:7200:ff:fe00:28e3])
	by core3.amsl.com (Postfix) with ESMTP id A32623A67AD
	for <dnsop@ietf.org>; Wed, 11 Jun 2008 01:40:27 -0700 (PDT)
Received: from jelte (vhe-520087.sshn.net [195.169.221.157])
	by sol.nlnetlabs.nl (Postfix) with ESMTP id 34FCF131421;
	Wed, 11 Jun 2008 10:40:51 +0200 (CEST)
Received: from [192.168.8.11] (dragon [192.168.8.11])
	by jelte (Postfix) with ESMTP id A695E16B633;
	Wed, 11 Jun 2008 10:40:50 +0200 (CEST)
Message-ID: <484F8F93.8020808@NLnetLabs.nl>
Date: Wed, 11 Jun 2008 10:40:51 +0200
From: Jelte Jansen <jelte@NLnetLabs.nl>
User-Agent: Thunderbird 2.0.0.14 (X11/20080505)
MIME-Version: 1.0
To: Gervase Markham <gerv@mozilla.org>
References: <484CFF47.1050106@mozilla.org>	<484D1533.4060300@spaghetti.zurich.ibm.com>	<484D1883.4060002@mozilla.org>	<666CCACE-71F0-485D-9C9F-0C3E0C965ADA@virtualized.org>	<484D52EC.1090608@mozilla.org>	<C5894EBB-D4AA-40AD-8A38-2F4CD8A07D66@virtualized.org>	<484D5B88.3090902@mozilla.org>	<9C47AC3F-A0EA-48BB-9B28-DFD2C4855EB3@virtualized.org>	<484E52F4.5030402@mozilla.org>	<20080610111454.GE25910@shareable.org>	<87prqpum6n.fsf@mid.deneb.enyo.de>
	<484F8DB4.5030500@mozilla.org>
In-Reply-To: <484F8DB4.5030500@mozilla.org>
X-Enigmail-Version: 0.95.0
Cc: dnsop@ietf.org, Jamie Lokier <jamie@shareable.org>,
	David Conrad <drc@virtualized.org>, ietf-http-wg@w3.org
Subject: Re: [DNSOP] Public Suffix List
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
	<mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gervase Markham wrote:
> Florian Weimer wrote:
>> * Jamie Lokier:
>> Yes.  I think Ebay suffers from these issues.
> 
> Indeed. This is one of the reasons that livejournal switched from
> www.livejournal.com/name to name.livejournal.com. It prevented rogue
> code on user sites stealing the cookies of other users.
> 

won't they run into the very same problem if only tld's (and their
sld's) are marked as don't-set-cookies-here? Or is livejournal.com also
supposed to get on the list of public suffixes?

And will they care? (well, livejournal might, but i could imagine some
others not to care enough to get themselves on it)

Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIT4+T4nZCKsdOncURAqZkAKCOxkwMs6By3zxef2AhKU7nP9+0qgCbBJZd
sEApH+yga8r+DXQVN76qpMQ=
=SP/N
-----END PGP SIGNATURE-----
_______________________________________________
DNSOP mailing list
DNSOP@ietftf.org
https://www.ietf.org/mailman/listinfo/dnsop


.org
https://www.ietf.org/mailman/listinfo/dnsop