Gervase Markham wrote:
> Hi Doug,
>
> Doug Barton wrote:
>> Coming as it does late in your development cycle (and especially given
>> the "enthusiastic" reaction you've received here today) the temptation
>> would be for you to dig your heels in and insist on moving forward as
>> planned. I urge y
On Tue, Jun 10, 2008 at 09:39:01PM +0200,
Florian Weimer <[EMAIL PROTECTED]> wrote
a message of 18 lines which said:
> /usr/share/apps/khtml/domain_info
On my system (an up-to-date Ubuntu), it contains:
twoLevelTLD=name,ai,au,bd,bh,ck,eg,et,fk,il,in,kh,kr,mk,mt,na,np,nz,pg,pk,qa,sa,sb,sg,sv,u
On tis, 2008-06-10 at 21:25 +0200, Florian Weimer wrote:
> Isn't this the wrong direction, that is, should you start from the TLD?
Not if done for the receiving site, but yes if done based on the site
setting the cookie..
Regards
Henrik
signature.asc
Description: This is a digitally signed mes
On tis, 2008-06-10 at 21:05 +0200, Florian Weimer wrote:
> stuff). This must work by default, without explicit marking by the web
> site operator, or tons of deployed applications will break.
I seriously question this "will break" part. Sure, they will get
annoyed, but in nearly all possible sol
On tis, 2008-06-10 at 13:45 +0200, Henrik Nordstrom wrote:
> On mån, 2008-06-09 at 17:28 +0100, Gervase Markham wrote:
>
> > It would be an appropriate mechanism; when it does contain this
> > information, let me know.
>
> It won't until someone specifies in how the data should be represented
> i
On tis, 2008-06-10 at 11:13 +0100, Gervase Markham wrote:
> OK. Then we are basically back to Yngve's suggestion. But this does
> require universal take-up for universal support - and that, as someone
> else has pointed out, makes it (in my opinion) doomed.
Not really. By proper design you can ea
* Stephane Bortzmeyer:
> On Mon, Jun 09, 2008 at 10:29:27AM -0400,
> Andrew Sulli5Avan <[EMAIL PROTECTED]> wrote
> a message of 52 lines which said:
>
>> Is there any way to turn this off in Firefox 3?
>
> Switch to a free software browser without this very bad policy?
>
> http://www.konqueror.
Florian Weimer wrote:
> * Gervase Markham:
>
>
>> If www.flirble.co.zz and www.widget.co.zz wished to conspire to track
>> users across the two sites, they would simply both say that they are
>> happy to accept co.zz cookies.
>>
>
> Right now, they're sharing that bit of information through
* Jamie Lokier:
> E.g. When evaluating online.myservice.free.fr, Firefox could look up
> DNS records for online.myservice.free.fr, myservice.free.fr, free.fr
> and .fr (in that order), and if there's a record use that. If not,
> use the hard-coded information you have gathered for that domain.
I
Florian Weimer wrote:
> * Gervase Markham:
>
>
>> If www.flirble.co.zz and www.widget.co.zz wished to conspire to track
>> users across the two sites, they would simply both say that they are
>> happy to accept co.zz cookies.
>>
>
> Right now, they're sharing that bit of information through
* Stephane Bortzmeyer:
> Me, for instance. And, AFAIK, Microsoft did not announce such a scheme
> for Internet Explorer.
Unfortunately, the need for this data doesn't go away if you don't talk
publicly about it. It's a band-aid for extremely widespread protocol
misuse, and there's no way around
* Brian Dickson:
> If you want grouping, there is a simple-to-code, reliable, and
> authoritative way to do so.
>
> Zone cuts (in DNS).
This is an bad idea because introducing a new zone at an existing name
should really, really be transparent to the rest of the world. (Thanks
to configuration o
* Gervase Markham:
> If www.flirble.co.zz and www.widget.co.zz wished to conspire to track
> users across the two sites, they would simply both say that they are
> happy to accept co.zz cookies.
Right now, they're sharing that bit of information through one of
Google's web bug services. Cross-do
At 11:10 AM +0100 6/10/08, Gervase Markham wrote:
>Kim Davies wrote:
>> This thread sounds remarkably like deja vu. Indeed, the TLD community was
>> rather upset a few years ago by Mozilla taking unilateral action to
>> introduce a hard-coded white-list of acceptable IDN TLDs without prior
>> c
> On Tue, 10 Jun 2008 11:10:32 +0100, Gervase Markham <[EMAIL PROTECTED]>
> said:
>> * Mozilla's methods of arm-twisting
GM> We aren't twisting anyone's arm. We are making a request for help.
Here's how you sound (with example quotes from your real text):
* We, mozilla, need to come u
Gervase,
On Jun 10, 2008, at 3:09 AM, Gervase Markham wrote:
> Yes, basically. For best results we'd get the data directly from those
> in the know, but if they don't want to keep us informed, they don't
> have to.
>
> If you think this is unreasonable, what is the alternative position?
The con
On Tue, 10 Jun 2008, Gervase Markham wrote:
> Kim Davies wrote:
> > This thread sounds remarkably like deja vu. Indeed, the TLD community was
> > rather upset a few years ago by Mozilla taking unilateral action to
> > introduce a hard-coded white-list of acceptable IDN TLDs without prior
> > consu
Adrien de Croy wrote:
Allow some "safe" cross-site
> cookies? What happens when it doesn't do that? Do people even care
> enough about that to live with this solution?
I must admit, I don't see what's wrong with disabling cross-site
cookies entirely.
If two related domains want to transfer cr
From what I can tell:
a) the proposed problem is that of cookies being used across differently
administered web sites.
b) the proposed solution involves mapping the boundary between privately
and publicly administered DNS space.
I don't see how (b) addresses (a). Web sites does not equal DN
On mån, 2008-06-09 at 17:28 +0100, Gervase Markham wrote:
> It would be an appropriate mechanism; when it does contain this
> information, let me know.
It won't until someone specifies in how the data should be represented
in DNS. And DNS is where it belongs, in the zone it relates to.
Regards
H
Gervase Markham wrote:
> Jamie Lokier wrote:
> > The information would be published in the ISP's TLD-alike domain, not
> > the customer's subdomains. E.g. 'co.uk', not 'mybank.co.uk', assuming
> > the information is "each domain $WORD.co.uk is independent".
> >
> > The values are the same informa
Gervase Markham wrote:
> - "No, sorry, you can't do any of the things for which you might want
> this data"
>
> - "It's fine to want this data, but you should get it via this
> alternative method:..."
I'm inclined to suggest: Gather and hard-code your list into Firefox,
and also provide a mechani
Jamie Lokier wrote:
> The information would be published in the ISP's TLD-alike domain, not
> the customer's subdomains. E.g. 'co.uk', not 'mybank.co.uk', assuming
> the information is "each domain $WORD.co.uk is independent".
>
> The values are the same information that you are gathering. The
>
Hi Doug,
Doug Barton wrote:
> Coming as it does late in your development cycle (and especially given
> the "enthusiastic" reaction you've received here today) the temptation
> would be for you to dig your heels in and insist on moving forward as
> planned. I urge you to resist that temptation.
Ju
Kim Davies wrote:
> This thread sounds remarkably like deja vu. Indeed, the TLD community was
> rather upset a few years ago by Mozilla taking unilateral action to
> introduce a hard-coded white-list of acceptable IDN TLDs without prior
> consultation.
That's unfortunate; but I must say this upse
Paul Hoffman wrote:
> One possible method is to start Firefox 3.0 with an empty registry, and
> fetch a registry update from Mozilla each time a user does either a
> manual or automatic "check for updates" on Firefox.
That's an interesting idea. We didn't make the data remotely-updatable
on its o
Stephane Bortzmeyer wrote:
> * Difficulty of managing this list (and even worse if every browser
> vendor ask the TLD managers for a slightly different info)
We are making our data available for everyone to use, so we are trying
hard to make sure this doesn't happen.
> * Administrative boundari
David Conrad wrote:
> You're talking about essentially creating a registry of their registry
> policies and distributing it statically via your product. I would
> imagine they might be interested and might even have some useful input
> to provide.
We're about to ask them for their input.
> Just
Gervase Markham wrote:
> Jamie Lokier wrote:
> > Gervase Markham wrote:
> >>> Wouldn't it be more appropriate for MyBank to _itself_ say the history
> >>> for these sites should be grouped? E.g. in an HTTP response header,
> >>> or DNS record for mybank.co.uk?
> >> The total amount of effort requi
On Mon, Jun 09, 2008 at 04:51:02PM -0700,
Paul Hoffman <[EMAIL PROTECTED]> wrote
a message of 28 lines which said:
> you will notice that a few TLDs that allow IDNs have not registered
> with Mozilla for various reasons (*cough* *cough* .com, .ru,
> .many-countries-in-the-arab-speaking-world, .
[three possible solutions below, thus keep on reading ;) ]
Stephane Bortzmeyer wrote:
On Mon, Jun 09, 2008 at 04:53:01PM -0500,
Ted Lemon <[EMAIL PROTECTED]> wrote
a message of 16 lines which said:
Why not just set up a list of TLDs in a mozilla.org subdomain, sign
the subdomain with DNSSE
On Mon, Jun 09, 2008 at 04:53:01PM -0500,
Ted Lemon <[EMAIL PROTECTED]> wrote
a message of 16 lines which said:
> Why not just set up a list of TLDs in a mozilla.org subdomain, sign
> the subdomain with DNSSEC, put the DNSSEC public key into firefox,
> and have firefox consult the TLD list in t
32 matches
Mail list logo
