Gervase, On Jun 10, 2008, at 3:09 AM, Gervase Markham wrote: > Yes, basically. For best results we'd get the data directly from those > in the know, but if they don't want to keep us informed, they don't > have to. > > If you think this is unreasonable, what is the alternative position?
The concern I have isn't in collecting the data (others may feel differently), rather it is how you are proposing to distribute it (I have no comment on the use of the data because I don't understand the problem well enough). The data you will be collecting will likely be out of data within a very short time after you cut a release and it requires you to re-release all the data every time there is an update, regardless of how small. Presumably, you'll be batching up the list updates with other code updates, so the frequency of pushing out changes will likely be relatively low and thus, there will be periods when there is known bad data being used by every up-to-date implementation of Firefox. Given the likely increase in the number of TLDs, this problem will only get worse over time. Assuming there is an association of cookie trust policy with domain (which seems a bit of a reach to me, but again, I don't understand the problem well enough), then it would seem to me that a better way of proceeding would be as Jamie Lokier suggested (although I'd skip distributing the hard-coded list). That is, probe for a policy statement for each level in the domain tree from the leaf up to the TLD. As far as I can see, this would not introduce any additional privacy concerns and would resolve (pun intended) any data staleness issues. It would also give zone administrators the ability to have fine grained control of cookie policy for names they administer. Of course, the downside is the additional DNS lookups -- don't know how many lookups since I don't understand the problem well enough (but I have difficulty imagining the load would be that significant, all things considered). FWIW. Regards, -drc _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
