>>>>> On Mon, 09 Jun 2008 12:48:19 +0100, Gervase Markham <[EMAIL PROTECTED]> >>>>> said:
GM> Fortunately, Firefox has an extremely good and fast update and uptake GM> rate. This is partly because we don't give users a choice about taking GM> non-major-version updates. And how long to do you maintain the older versions? Are you forever going to ship updates to your older branches? I think a better policy would be to fix the HTTP protocol so that it could specify an incoming cookie policy. Rather than having every site under the sun be able to set cookies and block that by some random list of hard coded "within" list, allow each site to specify where they accept cookies from. The browser would need to track the source of each cookie, but that would be helpful for other tracking reasons anyway. EG, if I had "www.example.com" and I received cookies in a request from "example.com", "images.example.com" and "hacker.com" I could determine based on the source which ones I wanted to accept. The current issue with cookie usage is that sites don't have the ability to not accept data from external sources. Fix that problem instead and you'll have a much better and more scalable solution. It'll require work on both the server side and the browser side but in the end is a better solution. (and DNSSEC will be useful for assuring that the cookie creation site isn't spoofing their address) -- "In the bathtub of history the truth is harder to hold than the soap, and much more difficult to find." -- Terry Pratchett _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
