* Gervase Markham: > Say adserver.co.uk has contracts with mybank.co.uk, mygrocer.co.uk, > mypetstore.co.uk to supply them with ads. adserver.co.uk can set the > ad-tracking cookie for .co.uk and build up a cross-site profile of a > particular user, perhaps augmented by information passed to them by one > or more of the sites concerned. This is a privacy issue.
I'd love to see an official statement from the Mozilla Foundation that cross-domain ad correlation is evil, and should be stopped by technology. Certainly this is not what you're trying to say here. I guess the real issue is that by setting a cookie for co.uk, it's possible to exploit session fixation vulnerabilities in web sites under co.uk. Unfortunately, the Public Suffix List web site is a bit unclear in this regard. It does not list a single protocol spec which requires this sort of data. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
