On Mon, Jun 09, 2008 at 11:00:39AM +0100, Gervase Markham wrote: > The following email message will shortly be sent to the technical > contact for all TLDs. Yngve Pettersen at Opera suggested that I also let > you both know about it. > > The technology in question, including a version of the list, is about to > ship in Firefox 3, but we'd like to verify and improve the quality of > the underlying data.
Is there any way to turn this off in Firefox 3? Because it seems to me (as I argued before in response to Yngve's I-D) that this is a spectacularly bad idea. RFC 3696 explains, I think, most of the reasoning that I would offer for why I think this is a bad idea. I urge you and others who are planning to ship this kind of feature to go (re)read that RFC. I know that you have a security problem, which is that cookies are widely used for some purposes in such a way that they can be subverted. That's a problem with the cookies specification, which was always broken. If you're not going to fix the cookies specification (which is what I think you ought to do, but I understand why people are reluctant to take that on), then there should at least be some way to publish data about the relationship you want to permit. One way to do this would be to figure out a way to publish lists of domains for which a given domain publishes cookies, and from which a given domain accepts cookies. In a DNSSEC context, this could be a secure way of communicating such data without resorting to hard-coded lists. Loathe as I am to suggest yet another way of loading up the DNS, I expect it could be done with a DNS RR. I still run into problems with email addresses in .info domains not being accepted, because the top level domain label is "too long". This is years after .info went into the root, and yet we have these old hard-coded rules hanging about the Internet. It was a bad idea when they did it then, and it's a bad idea to do it now. Best regards, A -- Andrew Sullivan [EMAIL PROTECTED] +1 503 667 4564 x104 http://www.commandprompt.com/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
