[dns-operations] Monday rant againt the uses of the Public Suffix List

Florian Weimer fw at deneb.enyo.de
Tue Jan 22 07:49:59 UTC 2013

* Vernon Schryver:

> It might also be worth noting that co.uk as well as com, org and
> the few other TLDs that I tried just now lack A, AAAA, and MX RRs,
> so a browser could use a DNS test to reject some supercookies.

Doesn't work.  There aren't address records for enyo.de, but I could
currently set cookies for .enyo.de in browsers.  The address records
rule would break that, and I'm sure some web sites rely on it.

> However, please pardon me for being too stupid and senile to
> understand a difference that matters to me as a user between
> legitimate and other kinds of third party cookies such as between
> an HTTP server at www.example.com setting a cookie for domain.com
> from the same HTTP server setting a cookie at com or co.uk.

It's true that for cookies, the public suffix list doesn't make that
much sense.  Direct cookie-based tracking is too visible and leads to
questions.  Different, domain-specific cookies which vary over time
can still be correlated in the backend and are vastly better in this

The public suffix list is still useful for URL bar highlighting and
browser extensions such as NoScript.  Those are fairly narrow
applications, though.

More information about the dns-operations mailing list