A while back I submitted two Internet Drafts that try to fix a problem with limiting which domains a cookie can be set for (known as the "Cookie Monster Bug"), one using DNS to validate the domain (the method Opera is currently using), and one using a new protocol to retrieve information that can be used to validate the domain.
Reception to the drafts was mixed, as mentioned earlier some in the DNS/Registry community do not like the methods proposed because of the assumptions made about the DNS hierarchy. On the other hand the Mozilla developers have already started implementing a modified version of the -00 SubTLD draft.
I have now submitted updated drafts to the IETF.
The DNS validate draft is almost unchanged, there's just been some minor tuning.
The SubTLD draft has been updated with a new XML based file-format that makes the format more expandable and more readable. Thanks to Anne van Kesteren for the helping me with that.
These drafts, and the Cookie v2 draft I submitted last week are the alternatives we at Opera have been able to see for how to solve the cookie domain limitation problem. We would like suggestions not just for how to improve our proposals, but also alternative proposals (please consider submitting them as IETF Internet Drafts) that will fix the problem more efficiently that ours do.
While suggestions can be submitted directly to me, I would recommend that discussions be held in the IETF HTTP WG mailing list.
Links to the IETF Internet Drafts repository:
Archive copies:
DNS Validate: draft-pettersen-dns-cookie-validate-01.txt
SubTLD: draft-pettersen-subtld-structure-01.txt