[dns-operations] Monday rant againt the uses of the Public Suffix List

Vernon Schryver vjs at rhyolite.com
Mon Jan 21 22:14:34 UTC 2013

> > > Continuing the sarcasm is too much effort, so I'll simply ask why not
> > > do DNS MX and A requests?  (both because of the fall-back-to-A-if-no-MX
> > Please sir, if I run www.images.example.co.uk, can I set a cookie
> > at images.example.co.uk? How about example.co.uk? Fine Now .co.uk?

It might also be worth noting that co.uk as well as com, org and
the few other TLDs that I tried just now lack A, AAAA, and MX RRs,
so a browser could use a DNS test to reject some supercookies.

There are MX RRs for www.com, so DNS is probably not as good as a
static list for separating "legitimate" privacy violating third party
cookes from other kinds of third party cookies.

However, please pardon me for being too stupid and senile to
understand a difference that matters to me as a user between
legitimate and other kinds of third party cookies such as between
an HTTP server at www.example.com setting a cookie for domain.com
from the same HTTP server setting a cookie at com or co.uk.  It all
smells like the reasons why spam is that which we don't do.  Mozilla
and competitors soil their escutcheons by pandering to "legitimate"
privacy violators or even admitting trying to distinguish "legitimate"
from other kinds of privacy violators.

It might also be worth noting that the original complaint in
was about Google Apps instead of browsers.  Why would Google Apps
care about the PSL list?  Why does anything other than valid A, AAAA,
and perhaps some other DNS records matter to Google Apps?
If Google Apps need to set cookies in browsers, isn't the right way
the standard check of setting and then fetching the cookie?  That checks
the only restrictions that matter, those in the browsers at issue,
which might have nothing to do with PSL.

If the issue is that users in the .cw domain can't use Google Apps
because the software (whether browsers or "apps") of those users don't
like the .cw domain regardless of user configuration settings, then
what does that have to do with DNS operations?  Isn't it purely a
matter of unwise choices of software vendors by those users?

Vernon Schryver    vjs at rhyolite.com

More information about the dns-operations mailing list