Hello all, Two years ago I posted two drafts about a problem with restricting distribution of HTTP cookies within TLDs that have one or more layers of registry-like domains, such as the .uk, .no and .us domains.
I also gave a presentation to this WG at the meeting in Montreal. Since Montreal, there have been a couple of developments, primarily that Mozilla has continued work on its "Effective TLD" database[1], and is now using it in Firefox 3, for example to emphasize information in the address bar, and that Internet Explorer 8 (beta) is doing something similar [2] (AFAIK based on the same database [3] as Mozilla). Additionally, I have the impression that a related issue has emerged in DKIM. Some argue that the way cookies and Effective TLD use domain names is incorrect, and/or based on wrong assumptions about DNS names and the DNS hierarchy, but the domains are used this way because there may not currently be any feasible alternatives. The problem area can possibly be defined as "How do we determine that two host names and/or domains within a specific hirearchy are administrated by the same entity?" . Currently, this question is answered by some applications by assuming that every server and subdomain within a domain is administrated by the owner of that domain, but there are problems with this when drawing the line between the registry and the ordinary domain owners within the domain controlled by the registry. I believe this problem area needs to be investigated by the DNSop WG, or another group within the IETF with expertise in the area. The drafts I have published are suggestions for how the problem can be (partially) solved within the framework my application (a Web Browser) works, but there are probably good alternatives or other complementary solutions that should be explored. For more information see: Drafts: http://www.ietf.org/internet-drafts/draft-pettersen-dns-cookie-validate-03.txt http://www.ietf.org/internet-drafts/draft-pettersen-subtld-structure-03.txt (related: http://www.ietf.org/internet-drafts/draft-pettersen-cookie-v2-02.txt ) [1] http://wiki.mozilla.org/Gecko:Effective_TLD_Service [2] <URL: http://blogs.msdn.com/ie/archive/2008/03/11/address-bar-improvements-in-internet-explorer-8-beta-1.aspx > [3] http://www.publicsuffix.org/ Background: http://my.opera.com/yngve/blog/show.dml/267415 (Related: http://my.opera.com/yngve/blog/show.dml/388840 ) -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: [EMAIL PROTECTED] Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ******************************************************************** _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
