[dns-operations] Monday rant againt the uses of the Public Suffix List
Vernon Schryver
vjs at rhyolite.com
Mon Jan 21 22:48:30 UTC 2013
> From: Warren Kumari <warren at kumari.net>
> I'm assuming you agree this this is acceptable? http://www.foo.com
> should be able to set a cookie for .foo.com?
No, I do not agree. One cannot presume to know that www.example.com
and example.com are run by the same organization so that a cookie set
by one is not a third party cookie for the other. There is nothing
special about the prefix label "www" that lets you infer anything about
the administration of www.example.com and example.com. Without inside
knowledge, you cannot know whether www.example.com and example.com
have any relationship besides the obvious DNS delegation. You surely
know of millions of cases where DNS delegations do not imply common
administration (the gTLDs) and so you know how little DNS delegation
implies.
An honest, other than stupid definition of "third party cookie" can
only involve the simple string comparison between all of the domain
name in the cookie with all of domain name in the URL.
This strict definition does not inconvenience legitimate HTTP server
operators, because they can do things like issuing HTTP redirects from
example.com to www.example.com to ensure a single domain for their
cookies.
Vernon Schryver vjs at rhyolite.com
In general, what is presuming or professing to know that which one
cannot know other than stupid or dishonest?
More information about the dns-operations
mailing list