> > > Continuing the sarcasm is too much effort, so I'll simply ask why not > > > do DNS MX and A requests? (both because of the fall-back-to-A-if-no-MX > > > Please sir, if I run www.images.example.co.uk, can I set a cookie > > at images.example.co.uk? How about example.co.uk? Fine Now .co.uk?
It might also be worth noting that co.uk as well as com, org and the few other TLDs that I tried just now lack A, AAAA, and MX RRs, so a browser could use a DNS test to reject some supercookies. There are MX RRs for www.com, so DNS is probably not as good as a static list for separating "legitimate" privacy violating third party cookes from other kinds of third party cookies. However, please pardon me for being too stupid and senile to understand a difference that matters to me as a user between legitimate and other kinds of third party cookies such as between an HTTP server at www.example.com setting a cookie for domain.com from the same HTTP server setting a cookie at com or co.uk. It all smells like the reasons why spam is that which we don't do. Mozilla and competitors soil their escutcheons by pandering to "legitimate" privacy violators or even admitting trying to distinguish "legitimate" from other kinds of privacy violators. It might also be worth noting that the original complaint in https://lists.dns-oarc.net/pipermail/dns-operations/2013-January/009634.html was about Google Apps instead of browsers. Why would Google Apps care about the PSL list? Why does anything other than valid A, AAAA, and perhaps some other DNS records matter to Google Apps? If Google Apps need to set cookies in browsers, isn't the right way the standard check of setting and then fetching the cookie? That checks the only restrictions that matter, those in the browsers at issue, which might have nothing to do with PSL. If the issue is that users in the .cw domain can't use Google Apps because the software (whether browsers or "apps") of those users don't like the .cw domain regardless of user configuration settings, then what does that have to do with DNS operations? Isn't it purely a matter of unwise choices of software vendors by those users? Vernon Schryver [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
