Jonas Sicking wrote:
Anne van Kesteren wrote:
On Mon, 23 Jul 2007 20:29:42 +0200, Jonas Sicking <[EMAIL PROTECTED]>
wrote:
OK, forget the ? notation. Your examples are very clear and we seem
in full alignment that <foo.com> includes sub domains but
<*.foo.com> wouldn't include foo.com itself.
Sounds great. What do other people think of switching to this syntax?
The difference from the current spec would be to change
The only slightly confusing thing is that <http://foo.com> also
matches <http://bar.foo.com> but I suppose that's ok.
Yeah, I agree, but given all other alternatives I think this is better.
If for example someone does
CAC: allow <*> exclude <http://evil.com>
is most likely useless since the owners of very.evil.com are the same
ones as evil.com. So it's not unlikely that the rule can be easily
circumvented.
It's not ideal, but it's the least bad suggestion yet IMHO.
Sorry if the above is confusing. What I meant was that the above bad
scenario can happen unless we let http://evil.com match all subdomains
as well.
/ Jonas
