A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Enhanced validation of domains for HTTP State Management Cookies using DNS
Author(s) : Y. Pettersen
Filename : draft-pettersen-dns-cookie-validate-04.txt
Pages : 14
Date : 2008-11-03
HTTP State Management Cookies are used for a wide variety of tasks on
the Internet, from preference handling to user identification. An
important privacy and security feature of cookies is that their
information can only be sent to a servers in a limited namespace, the
domain.
The variation of domain structures that are in use by domain name
registries, especially the country code Top Level Domains (ccTLD)
namespaces, makes it difficult to determine what is a valid domain,
e.g. example.co.uk and example.no, which cookies should be permitted
for, and a registry-like domain (subTLDs) like co.uk where cookies
should not be permitted.
This document specifies an imperfect method using DNS name lookups
for cookie domains to determine if cookies can be permitted for that
domain, based on the assumption that most subTLD domains will not
have an IP address assigned to them, while most legitimate services
that share cookies among multiple servers will have an IP address for
their domain name to make the user's navigation easier by omitting
the customary "www" prefix.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-pettersen-dns-cookie-validate-04.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-pettersen-dns-cookie-validate-04.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt