Re: ACTION-201 (ISSUE-112) from David Singer on 2012-07-26 (public-tracking@w3.org from July 2012)

From: David Singer <singer@apple.com>
Date: Thu, 26 Jul 2012 15:39:53 -0700
To: "Dobbs, Brooks" <brooks.dobbs@kbmg.com>
Cc: "ifette@google.com" <ifette@google.com>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-id: <74639028-02BA-41FC-ACF8-1755977870BB@apple.com>

I agree, this is a nightmare area.  I second Ian's personal opinion (personally, but strongly).


On Jul 25, 2012, at 8:57 , "Dobbs, Brooks" <brooks.dobbs@kbmg.com> wrote:

> Ian,
> 
> I completely agree, particularly given the new TLD issues (and I second your personal opinion on their need).  [name].bank is going to be a vastly different question than [name].credit-suisse.  It seems to me that if there is ever to be any concrete distinction here it would have to be the presence of a public market for the second level domain, but I can't imagine defining such a market  would be in scope of this document.
> 
> -Brooks
> 
> -- 
> 
> Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the Wunderman Network
> (Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com 
> brooks.dobbs@kbmg.com
> 
> <image[114].png>
> 
> This email – including attachments – may contain confidential information. If you are not the intended recipient,
>  do not copy, distribute or act on it. Instead, notify the sender immediately and delete the message.
> 
> From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
> Reply-To: "ifette@google.com" <ifette@google.com>
> Date: Wednesday, July 25, 2012 11:36 AM
> To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
> Subject: ACTION-201 (ISSUE-112)
> Resent-From: <public-tracking@w3.org>
> Resent-Date: Wednesday, July 25, 2012 11:37 AM
> 
> "How are sub-domains handled for site-specific exceptions?" - from a browser standpoint, I don't wish to further propagate the notion of "registry controlled domains" which is an unfortunate reality that we currently have with cookies, where browsers try to keep a list of what is a "public suffix" (contains multiple unrelated entities beneath it, such as .com). We have ~6,800 entries in there so far (http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1) - this is only getting worse now that ICANN has, in a rather questionable move (personal opinion), decided to make the top-level domain namespace a wild west. 
> 
> So, I don't want to say "all subdomains" because we have no idea what that means.
> 
> Rather, I would prefer to say "A site can request a site-wide exception for its own origin and any other origins that it considers to also be in the same party, e.g. http://www.example.com could request a site-wide exception for http://www.example.com, https://www.example.com, https://example.com, https://mail.example.com, https://www.example.de, http://www.example.de"
> 
> Sadly, I fear this is going to become nightmarish as sites add and delete origins over time ("Hey, now we're http://search.google!" or "Hey, we just launched example.az" or "newproduct.example.com"). That said, I've got nothing better to offer... 
> 
> -Ian

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Thursday, 26 July 2012 22:40:24 UTC