Advisory: SLDs #894
Comments
|
@eskimo ran tests and Brave (maybe all Chromium based) blocks TLDs from viewing cookies on the subdomain. This of course could be its own issue given that would handicap TLDs from organizing with subdomains. Either way we need to address! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello to all the Shakers and Movers,
I just wanted to quickly write a message warning everyone to be careful with SLDs and the use of them on websites that have scripting capabilities in conjunction with continued use of the TLD.
The PSL attempts to 'secure' situations like this, where cookies can be perhaps modified and read if both the TLD and SLD are in play in this regard, but the reality is it's not likely we'll be able to get inclusion for Handshake TLDs.
While there are some minute and fractured use cases for SLDs at this time, please remember that a secure ecosystem does not yet exist [1].
Just a friendly heads up.
[1] This aside from the fact that it makes no sense for Handshakers to use someone else's SLD given there's enormous amounts of TLDs and SLDs will make you subject to a TLD.
Being a subject of anything means you're owned, not the other way around. 🤡
The text was updated successfully, but these errors were encountered: