On Tue, 11 Nov 2008 20:48:03 +0100, Dean Anderson <[EMAIL PROTECTED]> wrote:
On Tue, 11 Nov 2008, Yngve Nysaeter Pettersen wrote:
> You didn't read my message. the dot-UK registry only knows the domains
> it registered; dot-uk doesn't know if a group of several domains are
in
> the same admin control. See the wachovia/bankofamerica example.
Dot-uk
I am not interested in cross-domain ownership. I do not care if
opera.com
and operasoftware.com have the same owner and administrator.
Isn't that the same problem?
Not for my current purposes, nor Mozilla or Microsoft's.
For all currently envisioned purposes of this system, it does not matter
whether or not two distinct domains (that are directly below a
registry-like domain/TLD), e.g. example1.com and example2.com, are owned
by the same legal entity, they are separate domains for which we should
not share information, nor group together in any other fashion.
There may be other uses for which such information is of interest, but for
the present specification, that information is out of scope.
For the present purposes, the general rule that all names the example.tld
domain, including example.tld itself is the responsibility of one entity,
and "tld" is a TLD (even if it contains a dot), is sufficient. (That said,
having an owner ID for each level of the hierarchy might help with some
security features, but that is currently unnecessary for most purposes).
In another message On Tue, 11 Nov 2008, Yngve Nysaeter Pettersen wrote:
AFAICT there are two basic ways to handle such a situation:
There is a third way: do something within the cookies like I suggested
so that 'subTLD' and crossTLD access can be controlled by the admin
domains.
As I have said before: Cookies are not the only use for these data.
http://publicsuffix.org/learn/
[T]he list of things for which Public Suffixes are used in Firefox 3 is:
- Restricting cookie-setting (as explained above)
- Restricting the setting of the document.domain property
- Sorting in the download manager
- Sorting in the cookie manager
- Searching in history
- "Responsible domain" display for some SSL certificates (not enabled
by default)
<URL:
http://blogs.msdn.com/ie/archive/2008/03/11/address-bar-improvements-in-internet-explorer-8-beta-1.aspx
Domain Highlighting
At a glance, the most visible change with IE8 is Domain Highlighting.
Internet Explorer 8 will automatically highlight what it considers to
be the owning domain of whatever site you’re currently viewing. This
helps users identify the real site they’re on when a website attempts to
deceive them.
One is to let such domain owners register through their TLD to be
listed in their database as a registry-like domain (or in cases such
as PublicSuffix.org, submit a patch to them)
And what honest, neutral entity will administer this information?
As I said: "register through their TLD", by informing the TLD registry who
will then include the information in the domain structure specification
they distribute via the as yet unspecified information gathering system
(IANA is IMO a good candidate for such a repository).
The other require a form of policy document that can be posted at a
well-known location within the domain. It might use a variant of the
format my subtld draft defines, or something else (although I see no
real reason it should be significantly different). This would be
somewhat similar to the full P3P policy file. This might particularly
be useful for large organizations, like universities, or corporations,
to limit "cross-departemental" impact.
Putting such information in DNS is prone to problems. DNS is not a
Where did I say something that could be interpreted as "put it in the DNS"
about this second option?
I didn't, because the only thing of this as-yet-undefined system that
might go into DNS is the name of the host the list will be stored at, e.g.
domain-policy.example.tld, because this specification would be accessed
over ordinary HTTP or HTTPS as an ordinary automatic document fetch.
However, this second system cannot be deployed *unless* there is an
information system with the kind of data (or better) described in my
subtld draft is in place. The reason is that the subtld system would tell
the discovery mechanism where to look for the information, without that
information the system would be vulnerable to being fed incorrect data
because the client tried to download the spec for co.uk from
domain-policy.co.uk .
--
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer Email: [EMAIL PROTECTED]
Opera Software ASA http://www.opera.com/
Phone: +47 24 16 42 60 Fax: +47 24 16 40 01
********************************************************************
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
