-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gervase Markham wrote: > Florian Weimer wrote: >> * Jamie Lokier: >> Yes. I think Ebay suffers from these issues. > > Indeed. This is one of the reasons that livejournal switched from > www.livejournal.com/name to name.livejournal.com. It prevented rogue > code on user sites stealing the cookies of other users. >
won't they run into the very same problem if only tld's (and their sld's) are marked as don't-set-cookies-here? Or is livejournal.com also supposed to get on the list of public suffixes? And will they care? (well, livejournal might, but i could imagine some others not to care enough to get themselves on it) Jelte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIT4+T4nZCKsdOncURAqZkAKCOxkwMs6By3zxef2AhKU7nP9+0qgCbBJZd sEApH+yga8r+DXQVN76qpMQ= =SP/N -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
