Yngve Nysaeter Pettersen wrote:
> On Thu, 12 Jun 2008 14:54:32 +0200, Niall O'Reilly <[EMAIL PROTECTED]>
> wrote:
>
>
>> On 12 Jun 2008, at 12:25, Gervase Markham wrote:
>>
>>
>>> The second question is one of resources and client complexity. I am
>>> meeting resistance to the idea of hav
On Thu, 12 Jun 2008 15:56:13 +0200, Ted Lemon <[EMAIL PROTECTED]>
wrote:
> On Jun 12, 2008, at 6:25 AM, Gervase Markham wrote:
>> Is there a particular reason that DNS is a better mechanism than HTTP,
>> in your view? Or is that an implementation detail?
>
> The DNS occurred to me because it's a
On Jun 12, 2008, at 8:26 AM, Yngve Nysaeter Pettersen wrote:
>
> - Behind (very) closed firewalls, where all access go through a
> HTTP-only
> proxy. No DNS for external addresses is available. For that matter,
> when
> going through a proxy you have no way of knowing if the DNS
> available
On Jun 12, 2008, at 6:25 AM, Gervase Markham wrote:
> Is there a particular reason that DNS is a better mechanism than HTTP,
> in your view? Or is that an implementation detail?
The DNS occurred to me because it's already used for carrying domain
names, and also because I've been doing DNS for a
On Thu, 12 Jun 2008 14:54:32 +0200, Niall O'Reilly <[EMAIL PROTECTED]>
wrote:
>
> On 12 Jun 2008, at 12:25, Gervase Markham wrote:
>
>> The second question is one of resources and client complexity. I am
>> meeting resistance to the idea of having the existing list regularly
>> dynamically downl
On 12 Jun 2008, at 12:25, Gervase Markham wrote:
The second question is one of resources and client complexity. I am
meeting resistance to the idea of having the existing list regularly
dynamically downloaded, which would be the simplest method of
providing
more frequent updates than the six
Ted Lemon wrote:
> On Jun 11, 2008, at 6:26 AM, Gervase Markham wrote:
>> It's not true that we won't work on any other solution. This is what we
>> have now, and there have been no alternative proposals which (to my
>> mind) look like producing anything workable in the short term.
>
> Putting the
Antoin Verschuren wrote:
>> No. I don't need to sell you the idea. The idea doesn't stand or
>> fall on the opinion of this mailing list.
>
> Did you really say this ? Did I read this correctly ?
>
> No, can't be. I don't think Mozilla wants to insult all the IETF
> experts that have voluntarily
> Are you sure that they do not do the same? I tried to promote
> Konqueror but it has apparently the same (or even worse) bug than
> Firefox. And my bug report for Konqueror was closed immediately, which
> seems to indicate that the Mozilla people are not the only one with
> deaf ears.
Yes, but
On Thu, Jun 12, 2008 at 09:47:36AM +0200,
Antoin Verschuren <[EMAIL PROTECTED]> wrote
a message of 33 lines which said:
> Perhaps it's time to move back to promoting Opera again.
Are you sure that they do not do the same? I tried to promote
Konqueror but it has apparently the same (or even wor
> No. I don't need to sell you the idea. The idea doesn't stand or fall on
> the opinion of this mailing list.
Did you really say this ?
Did I read this correctly ?
No, can't be. I don't think Mozilla wants to insult all the IETF experts that
have voluntarily helped them make a living in the fi
On Wed, 11 Jun 2008, Gervase Markham wrote:
> Dean Anderson wrote:
> >> That's unfortunate; but I must say this upset was not communicated to me.
> >
> > Probably that's because you are using SORBS to filter your email. SORBS
> > has an unusually high number of false positives, and for example,
>
Hi Gervase,
At 02:15 11-06-2008, Gervase Markham wrote:
>They don't have to. Why should TLDs think they have an automatic right
>to have Firefox display domains they have issued which allow our users
>to be fooled or defrauded?
Does that mean that the new Firefox will never display domains that
a
On Jun 11, 2008, at 3:30 PM, Florian Weimer wrote:
> Failure to do this
> does not grant read access to arbitrary cookies in itself. But as I
> wrote, it might expose session fixation problems.
Right, the point is that the mozilla guys can't force web site
implementors to do the right thing, bu
* Ted Lemon:
> It's kind of assumed that you would be aware of these issues, I guess.
But hardly anybody seems to be.
> Lots of web sites use cookies to associate a session with a
> particular user. With cross-site cookie theft, a malicious web site
> can gain access to your session cookie eve
On Jun 11, 2008, at 3:16 PM, Florian Weimer wrote:
> I guess the real issue is that by setting a cookie for co.uk, it's
> possible to exploit session fixation vulnerabilities in web sites
> under
> co.uk. Unfortunately, the Public Suffix List web site is a bit
> unclear
> in this regard. It d
* Gervase Markham:
> Say adserver.co.uk has contracts with mybank.co.uk, mygrocer.co.uk,
> mypetstore.co.uk to supply them with ads. adserver.co.uk can set the
> ad-tracking cookie for .co.uk and build up a cross-site profile of a
> particular user, perhaps augmented by information passed to them
Gervase,
On Jun 11, 2008, at 4:26 AM, Gervase Markham wrote:
> It's not true that we won't work on any other solution. This is what
> we
> have now, and there have been no alternative proposals which (to my
> mind) look like producing anything workable in the short term.
I guess it depends on w
On Wed, Jun 11, 2008 at 12:26 PM, Gervase Markham <[EMAIL PROTECTED]> wrote:
> > Incidentally - have you answered by question yet - or put it on the web
> > site? What happens to your web browsers behavior if I try to surf a TLD
> > not on the list?
>
> I've answered it once to you privately and
Gervase Markham wrote:
> The difference is that the public suffix list is an (attempt at an)
> expression of fact, not policy.
I think is where you are encountering resistance, even though you may
not realize it.
What you are doing is *publishing* something, which alleges to be a
factual list.
Joe Baptista wrote:
> Listening would you mind explaining something here. Do we work for
> you? I'm pretty sure your being paid to promote your public suffix idea
> but we are not. There are many here who are too busy to spend time
> reading your stuff, let alone go back to the web site for upda
Joe Baptista wrote:
> Listening would you mind explaining something here. Do we work for
> you? I'm pretty sure your being paid to promote your public suffix idea
> but we are not. There are many here who are too busy to spend time
> reading your stuff, let alone go back to the web site for upda
On Jun 11, 2008, at 11:06 AM, Joe Baptista wrote:
> Listening would you mind explaining something here. Do we work for
> you? I'm pretty sure your being paid to promote your public suffix
> idea but we are not. There are many here who are too busy to spend
> time reading your stuff, let al
On Jun 11, 2008, at 6:26 AM, Gervase Markham wrote:
> It's not true that we won't work on any other solution. This is what
> we
> have now, and there have been no alternative proposals which (to my
> mind) look like producing anything workable in the short term.
Putting the list in the DNS inste
On Wed, Jun 11, 2008 at 11:18 AM, Gervase Markham <[EMAIL PROTECTED]> wrote:
> I must confess it is somewhat frustrating when, having put up a website
> explaining what this is all about, and having had a long discussion on
> this list, people continually misunderstand the point while having shown
[EMAIL PROTECTED] wrote:
> that URL does not resolve in the way you might
> expect.
Sorry :-) Cut and pasted from my browser without checking. That's my
local testing copy, of course.
http://www.publicsuffix.org/learn/
Gerv
___
DNSOP mailin
>
> http://publicsuffix/learn/ has more info (and I've just checked in
> another update, which should be visible in the next day or so. There's a
> human in the update loop).
>
> Gerv
> ___
that URL does not resolve in the way you might
Edward Lewis wrote:
> Is the issue that a cookie needs to state for what domains it is
> valid?
No.
> Are you trying to relate domain names to a registrant?
No.
I must confess it is somewhat frustrating when, having put up a website
explaining what this is all about, and having had a long d
Gervase Markham wrote:
> > Oh? How is this reconciled with earlier comments that
> > login.mybank.co.uk and accounts.mybank.co.uk are grouped together - or
> > is the Public Suffix List only for history grouping in browsers, not
> > for cookie sharing?
>
> under the current code ... www.mybank.co.
At 23:10 +1000 6/11/08, Mark Nottingham wrote:
>While this thread isn't necessarily off-topic for ietf-http-wg list,
>it's more relevant IMO to dnsop, and cross-posted high-volume
>discussions tend to be distracting.
>
>So, please try to move discussion onto the dnsop list (I've set Reply-
>To acco
Joe Baptista wrote:
> I asked you a question earlier in this conversation but have yet to get
> a response. So I will ask it again.
You asked me by private mail, and I replied in private at 10/06/08 10:47
my time.
> What happens if a TLD is not on the Public Suffix list?
The same thing as now.
While this thread isn't necessarily off-topic for ietf-http-wg list,
it's more relevant IMO to dnsop, and cross-posted high-volume
discussions tend to be distracting.
So, please try to move discussion onto the dnsop list (I've set Reply-
To accordingly).
Thanks,
--
Mark Nottingham http
Gerv:
I asked you a question earlier in this conversation but have yet to get a
response. So I will ask it again.
What happens if a TLD is not on the Public Suffix list?
regards
joe baptista
--
Joe Baptista
www.publicroot.org
PublicRoot Consortium
-
Gervase Markham wrote:
Jeroen Massar wrote:
If adserver.co.uk (as they are 'evil') sets a cookie for co.uk then
indeed that cookie gets sent to mybank.co.uk too. What harm does/can
this do? (Except that they might set a cookie identical of type to the
bank one and maybe auto-login to their bank
Jeroen Massar wrote:
> If adserver.co.uk (as they are 'evil') sets a cookie for co.uk then
> indeed that cookie gets sent to mybank.co.uk too. What harm does/can
> this do? (Except that they might set a cookie identical of type to the
> bank one and maybe auto-login to their bank account!?)
Say
Gervase Markham wrote:
[..]
Cookies are set for a particular domain or domain suffix, and are sent
to all sites with that domain suffix. So (under the current code)
www.mybank.co.uk can set cookies for either www.mybank.co.uk (shared
with foo.www.mybank.co.uk but not login.mybank.co.uk), mybank.c
Jamie Lokier wrote:
> Oh? How is this reconciled with earlier comments that
> login.mybank.co.uk and accounts.mybank.co.uk are grouped together - or
> is the Public Suffix List only for history grouping in browsers, not
> for cookie sharing?
I'm not sure that either dnsop or ietf-http-wg are inte
Wes Hardaker wrote:
> * We, mozilla, obviously can't do this ourselves
On the contrary. We have done it for ourselves.
> so you must do it for
> us or else negative things will happen (and you'll be at fault, not
> us, mozilla). Please continue to do this work for us till the end of
> ti
Wes Hardaker wrote:
> * We, mozilla, obviously can't do this ourselves
On the contrary. We have done it for ourselves.
> so you must do it for
> us or else negative things will happen (and you'll be at fault, not
> us, mozilla). Please continue to do this work for us till the end of
> ti
On ons, 2008-06-11 at 10:10 +0100, Gervase Markham wrote:
> Other list participants were warning about the possibility of people
> abandoning Firefox in droves if there were cookie-related problems
> caused by its use of public suffix list.
If you do this wronly yes.
> You, on the other hand, ar
Gervase Markham wrote:
> Jelte Jansen wrote:
> > won't they run into the very same problem if only tld's (and their
> > sld's) are marked as don't-set-cookies-here? Or is livejournal.com also
> > supposed to get on the list of public suffixes?
>
> No. They can set cookies for www.livejournal.com o
On Tue, Jun 10, 2008 at 09:22:27PM +0200,
Florian Weimer <[EMAIL PROTECTED]> wrote
a message of 10 lines which said:
> In other words, Internet Explorer has got it's own list (and the
> operating system, too, for use in DNS devolution).
According to this blog post, IE does it the other directi
On Tue, Jun 10, 2008 at 11:31:00PM +0200,
Stephane Bortzmeyer <[EMAIL PROTECTED]> wrote
a message of 16 lines which said:
> I assume it is a list of TLD which register at the third level. If so,
> it is questionable (.af, .dz, .fr register at the second and the
> third level and I do not know h
On Wed, Jun 11, 2008 at 10:15:19AM +0100,
Gervase Markham <[EMAIL PROTECTED]> wrote
a message of 53 lines which said:
> Why should TLDs think they have an automatic right to have Firefox
> display domains they have issued which allow our users to be fooled
> or defrauded?
Interesting. It remin
Florian Weimer wrote:
> Have a look at this file:
>
> /usr/share/apps/khtml/domain_info
Indeed. It looks like they do the same thing as us, but in a far more
approximate and erroneous fashion.
Persuading them to use the public suffix list would be an improvement.
Gerv
__
Dean Anderson wrote:
>> That's unfortunate; but I must say this upset was not communicated to me.
>
> Probably that's because you are using SORBS to filter your email. SORBS
> has an unusually high number of false positives, and for example,
> falsely claims that that 130.105/16 and 198.3.136/21 a
Paul Hoffman wrote:
> For your IDN display technology, Mozilla decides which TLDs have a
> "responsible attitude". Mozilla enforces these rules as a "powerful
> incentive" for TLDs to do as Mozilla wishes.
As are Microsoft's rules - which, sadly, are both different and IMO much
more likely to ret
Henrik Nordstrom wrote:
> I seriously question this "will break" part. Sure, they will get
> annoyed, but in nearly all possible solutions layering ontop of the
> existing cookie system there will be easy ways for the owners of such
> sites to make them behave well, and a transition period giving t
Doug Barton wrote:
> Gervase Markham wrote:
>> The fact that I am working on this question now is not to present a
>> /fait accompli/; I've just been too busy to get to it.
>
> Is it just me, or do those two statements seem to contradict one another?
I don't think so. Both are statements of truth
Jelte Jansen wrote:
> won't they run into the very same problem if only tld's (and their
> sld's) are marked as don't-set-cookies-here? Or is livejournal.com also
> supposed to get on the list of public suffixes?
No. They can set cookies for www.livejournal.com or
admin.livejournal.com (as opposed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gervase Markham wrote:
> Florian Weimer wrote:
>> * Jamie Lokier:
>> Yes. I think Ebay suffers from these issues.
>
> Indeed. This is one of the reasons that livejournal switched from
> www.livejournal.com/name to name.livejournal.com. It prevented r
Florian Weimer wrote:
> * Jamie Lokier:
>> (By the way, although we're talking about administrative divides in
>> the DNS tree, a little thought might be given to administrative
>> divides in URL trees. There are a fair number of sites containing
>> http://domain.com/user1/* and http://domain.com/
Gervase Markham wrote:
> Hi Doug,
>
> Doug Barton wrote:
>> Coming as it does late in your development cycle (and especially given
>> the "enthusiastic" reaction you've received here today) the temptation
>> would be for you to dig your heels in and insist on moving forward as
>> planned. I urge y
On Tue, Jun 10, 2008 at 09:39:01PM +0200,
Florian Weimer <[EMAIL PROTECTED]> wrote
a message of 18 lines which said:
> /usr/share/apps/khtml/domain_info
On my system (an up-to-date Ubuntu), it contains:
twoLevelTLD=name,ai,au,bd,bh,ck,eg,et,fk,il,in,kh,kr,mk,mt,na,np,nz,pg,pk,qa,sa,sb,sg,sv,u
On tis, 2008-06-10 at 21:25 +0200, Florian Weimer wrote:
> Isn't this the wrong direction, that is, should you start from the TLD?
Not if done for the receiving site, but yes if done based on the site
setting the cookie..
Regards
Henrik
signature.asc
Description: This is a digitally signed mes
On tis, 2008-06-10 at 21:05 +0200, Florian Weimer wrote:
> stuff). This must work by default, without explicit marking by the web
> site operator, or tons of deployed applications will break.
I seriously question this "will break" part. Sure, they will get
annoyed, but in nearly all possible sol
On tis, 2008-06-10 at 13:45 +0200, Henrik Nordstrom wrote:
> On mån, 2008-06-09 at 17:28 +0100, Gervase Markham wrote:
>
> > It would be an appropriate mechanism; when it does contain this
> > information, let me know.
>
> It won't until someone specifies in how the data should be represented
> i
On tis, 2008-06-10 at 11:13 +0100, Gervase Markham wrote:
> OK. Then we are basically back to Yngve's suggestion. But this does
> require universal take-up for universal support - and that, as someone
> else has pointed out, makes it (in my opinion) doomed.
Not really. By proper design you can ea
* Stephane Bortzmeyer:
> On Mon, Jun 09, 2008 at 10:29:27AM -0400,
> Andrew Sulli5Avan <[EMAIL PROTECTED]> wrote
> a message of 52 lines which said:
>
>> Is there any way to turn this off in Firefox 3?
>
> Switch to a free software browser without this very bad policy?
>
> http://www.konqueror.
Florian Weimer wrote:
> * Gervase Markham:
>
>
>> If www.flirble.co.zz and www.widget.co.zz wished to conspire to track
>> users across the two sites, they would simply both say that they are
>> happy to accept co.zz cookies.
>>
>
> Right now, they're sharing that bit of information through
* Jamie Lokier:
> E.g. When evaluating online.myservice.free.fr, Firefox could look up
> DNS records for online.myservice.free.fr, myservice.free.fr, free.fr
> and .fr (in that order), and if there's a record use that. If not,
> use the hard-coded information you have gathered for that domain.
I
Florian Weimer wrote:
> * Gervase Markham:
>
>
>> If www.flirble.co.zz and www.widget.co.zz wished to conspire to track
>> users across the two sites, they would simply both say that they are
>> happy to accept co.zz cookies.
>>
>
> Right now, they're sharing that bit of information through
* Stephane Bortzmeyer:
> Me, for instance. And, AFAIK, Microsoft did not announce such a scheme
> for Internet Explorer.
Unfortunately, the need for this data doesn't go away if you don't talk
publicly about it. It's a band-aid for extremely widespread protocol
misuse, and there's no way around
* Brian Dickson:
> If you want grouping, there is a simple-to-code, reliable, and
> authoritative way to do so.
>
> Zone cuts (in DNS).
This is an bad idea because introducing a new zone at an existing name
should really, really be transparent to the rest of the world. (Thanks
to configuration o
* Gervase Markham:
> If www.flirble.co.zz and www.widget.co.zz wished to conspire to track
> users across the two sites, they would simply both say that they are
> happy to accept co.zz cookies.
Right now, they're sharing that bit of information through one of
Google's web bug services. Cross-do
At 11:10 AM +0100 6/10/08, Gervase Markham wrote:
>Kim Davies wrote:
>> This thread sounds remarkably like deja vu. Indeed, the TLD community was
>> rather upset a few years ago by Mozilla taking unilateral action to
>> introduce a hard-coded white-list of acceptable IDN TLDs without prior
>> c
> On Tue, 10 Jun 2008 11:10:32 +0100, Gervase Markham <[EMAIL PROTECTED]>
> said:
>> * Mozilla's methods of arm-twisting
GM> We aren't twisting anyone's arm. We are making a request for help.
Here's how you sound (with example quotes from your real text):
* We, mozilla, need to come u
Gervase,
On Jun 10, 2008, at 3:09 AM, Gervase Markham wrote:
> Yes, basically. For best results we'd get the data directly from those
> in the know, but if they don't want to keep us informed, they don't
> have to.
>
> If you think this is unreasonable, what is the alternative position?
The con
On Tue, 10 Jun 2008, Gervase Markham wrote:
> Kim Davies wrote:
> > This thread sounds remarkably like deja vu. Indeed, the TLD community was
> > rather upset a few years ago by Mozilla taking unilateral action to
> > introduce a hard-coded white-list of acceptable IDN TLDs without prior
> > consu
Adrien de Croy wrote:
Allow some "safe" cross-site
> cookies? What happens when it doesn't do that? Do people even care
> enough about that to live with this solution?
I must admit, I don't see what's wrong with disabling cross-site
cookies entirely.
If two related domains want to transfer cr
From what I can tell:
a) the proposed problem is that of cookies being used across differently
administered web sites.
b) the proposed solution involves mapping the boundary between privately
and publicly administered DNS space.
I don't see how (b) addresses (a). Web sites does not equal DN
On mån, 2008-06-09 at 17:28 +0100, Gervase Markham wrote:
> It would be an appropriate mechanism; when it does contain this
> information, let me know.
It won't until someone specifies in how the data should be represented
in DNS. And DNS is where it belongs, in the zone it relates to.
Regards
H
Gervase Markham wrote:
> Jamie Lokier wrote:
> > The information would be published in the ISP's TLD-alike domain, not
> > the customer's subdomains. E.g. 'co.uk', not 'mybank.co.uk', assuming
> > the information is "each domain $WORD.co.uk is independent".
> >
> > The values are the same informa
Gervase Markham wrote:
> - "No, sorry, you can't do any of the things for which you might want
> this data"
>
> - "It's fine to want this data, but you should get it via this
> alternative method:..."
I'm inclined to suggest: Gather and hard-code your list into Firefox,
and also provide a mechani
Jamie Lokier wrote:
> The information would be published in the ISP's TLD-alike domain, not
> the customer's subdomains. E.g. 'co.uk', not 'mybank.co.uk', assuming
> the information is "each domain $WORD.co.uk is independent".
>
> The values are the same information that you are gathering. The
>
Hi Doug,
Doug Barton wrote:
> Coming as it does late in your development cycle (and especially given
> the "enthusiastic" reaction you've received here today) the temptation
> would be for you to dig your heels in and insist on moving forward as
> planned. I urge you to resist that temptation.
Ju
Kim Davies wrote:
> This thread sounds remarkably like deja vu. Indeed, the TLD community was
> rather upset a few years ago by Mozilla taking unilateral action to
> introduce a hard-coded white-list of acceptable IDN TLDs without prior
> consultation.
That's unfortunate; but I must say this upse
Paul Hoffman wrote:
> One possible method is to start Firefox 3.0 with an empty registry, and
> fetch a registry update from Mozilla each time a user does either a
> manual or automatic "check for updates" on Firefox.
That's an interesting idea. We didn't make the data remotely-updatable
on its o
Stephane Bortzmeyer wrote:
> * Difficulty of managing this list (and even worse if every browser
> vendor ask the TLD managers for a slightly different info)
We are making our data available for everyone to use, so we are trying
hard to make sure this doesn't happen.
> * Administrative boundari
David Conrad wrote:
> You're talking about essentially creating a registry of their registry
> policies and distributing it statically via your product. I would
> imagine they might be interested and might even have some useful input
> to provide.
We're about to ask them for their input.
> Just
Gervase Markham wrote:
> Jamie Lokier wrote:
> > Gervase Markham wrote:
> >>> Wouldn't it be more appropriate for MyBank to _itself_ say the history
> >>> for these sites should be grouped? E.g. in an HTTP response header,
> >>> or DNS record for mybank.co.uk?
> >> The total amount of effort requi
On Mon, Jun 09, 2008 at 04:51:02PM -0700,
Paul Hoffman <[EMAIL PROTECTED]> wrote
a message of 28 lines which said:
> you will notice that a few TLDs that allow IDNs have not registered
> with Mozilla for various reasons (*cough* *cough* .com, .ru,
> .many-countries-in-the-arab-speaking-world, .
[three possible solutions below, thus keep on reading ;) ]
Stephane Bortzmeyer wrote:
On Mon, Jun 09, 2008 at 04:53:01PM -0500,
Ted Lemon <[EMAIL PROTECTED]> wrote
a message of 16 lines which said:
Why not just set up a list of TLDs in a mozilla.org subdomain, sign
the subdomain with DNSSE
On Mon, Jun 09, 2008 at 04:53:01PM -0500,
Ted Lemon <[EMAIL PROTECTED]> wrote
a message of 16 lines which said:
> Why not just set up a list of TLDs in a mozilla.org subdomain, sign
> the subdomain with DNSSEC, put the DNSSEC public key into firefox,
> and have firefox consult the TLD list in t
At 3:02 PM -0700 6/9/08, Doug Barton wrote:
>I'm also not sure you quite understand the magnitude of the task you're
>undertaking. It's a matter of fact that any sentence including the
>phrase "all TLDs" is doomed from the start. :) You're dealing with a
>wide variety of business models (often wit
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Yngve and Gerv,
As you have no doubt concluded by now, you've touched a nerve. :) It
doesn't seem to me that you have, but I hope that you will not interpret
the strong reaction you've received as an attack. It's simply the case
that what you're
I'm a little puzzled by this discussion. Why not just set up a list
of TLDs in a mozilla.org subdomain, sign the subdomain with DNSSEC,
put the DNSSEC public key into firefox, and have firefox consult the
TLD list in the DNS, verified with DNSSEC, whenever information is
needed?
That way
On Mon, Jun 09, 2008 at 04:53:42PM +0100, Gervase Markham wrote:
> > What you're really
> > trying to do here is extract meaning from the domain name, but you
> > can't do that reliably. Previous efforts in that direction have
> > failed in unexpected ways; and given that you seem to have multipl
On Mon, Jun 09, 2008 at 11:07:23PM +0200,
Phil Regnauld <[EMAIL PROTECTED]> wrote
a message of 21 lines which said:
> about:config in firefox
>
> search for IDN
>
> disable network.IDN.whitelist for all listed TLDs.
Andrew was asking how to disable the "cookie domain policy
On Mon, Jun 09, 2008 at 03:21:11PM +0100,
Gervase Markham <[EMAIL PROTECTED]> wrote
a message of 22 lines which said:
> I am not particularly interested in a long discussion about whether
> we need this data. Please be assured that we need it.
That's a very good summary of Mozilla's method. "T
Stephane Bortzmeyer (bortzmeyer) writes:
> On Mon, Jun 09, 2008 at 10:29:27AM -0400,
> Andrew Sullivan <[EMAIL PROTECTED]> wrote
> a message of 52 lines which said:
>
> > Is there any way to turn this off in Firefox 3?
>
> Switch to a free software browser without this very bad policy?
>
> ht
On 9 Jun 2008, at 12:57, Brian Dickson wrote:
> Gervase Markham wrote:
>> We've had this basic problem in the domain of cookies for years. I
>> don't
>> expect another solution to pop out of the woodwork now. But I'm
>> open to
>> being surprised :-)
>>
> Surprise!
>
> If you want grouping, t
On Mon, Jun 09, 2008 at 10:29:27AM -0400,
Andrew Sullivan <[EMAIL PROTECTED]> wrote
a message of 52 lines which said:
> Is there any way to turn this off in Firefox 3?
Switch to a free software browser without this very bad policy?
http://www.konqueror.org/
___
On Mon, Jun 09, 2008 at 11:56:05AM -0700,
David Conrad <[EMAIL PROTECTED]> wrote
a message of 46 lines which said:
> Some might even think it rude (even Microsoftian :-)) not to ask.
Me, for instance. And, AFAIK, Microsoft did not announce such a scheme
for Internet Explorer. This is a sad day
On Mon, Jun 09, 2008 at 12:57:00PM -0400,
Brian Dickson <[EMAIL PROTECTED]> wrote
a message of 48 lines which said:
> If you want grouping, there is a simple-to-code, reliable, and
> authoritative way to do so.
>
> Zone cuts (in DNS).
I find the arm-twisting by Mozilla very questionable but
At 3:21 PM +0100 6/9/08, Gervase Markham wrote:
>I am not particularly interested in a long discussion about whether we
>need this data. Please be assured that we need it. I am, on the other
>hand, open to suggestions about better ways to obtain it.
One possible method is to start Firefox 3.0 with
On 9/06/08 11:56 AM, "David Conrad" <[EMAIL PROTECTED]> wrote:
>
> On Jun 9, 2008, at 9:34 AM, Gervase Markham wrote:
>>> I'm curious: have you consulted with the various TLD-related
>>> organizations (e.g., ccNSO, gNSO, CENTR, APTLD, AfTLD, LACTLD,
>>> etc.) on
>>> how to solve this problem?
>>
>>
Gervase,
On Jun 9, 2008, at 9:34 AM, Gervase Markham wrote:
>> I'm curious: have you consulted with the various TLD-related
>> organizations (e.g., ccNSO, gNSO, CENTR, APTLD, AfTLD, LACTLD,
>> etc.) on
>> how to solve this problem?
>
> No. What do you think they'd say that hasn't been said in th
Gervase,
I'm going to piggy-back this on something Edward Lewis wrote:
> ...
> I doubt that you'll find any repository that can
> be used to register "registry-like" zones. The
> DNS lacks anything like a RADB, RPSL, etc.,
> mechanism employed by the routing infrastructure.
> Partly because,
Gervase,
The Dan Jay (and later) cookie policy drafts had a dsig in the payload
so that the data collection policy (DCP) asserted in a cookie could be
verified. The xml dsig draft wasn't ready, so we took off that part of
the payload, leaving only the DCP. At the W3C P3P Spec WG meeting in San
1 - 100 of 133 matches
Mail list logo
