Re: Public suffix list Jakub T. Jankiewicz 29 Nov 2020 09:28 UTC
> So browers need to know which domain names operate as TLDs. The domain
> name is going to be acting in the same way as a TLD, so e.g.
> will be able to set and read cookies for
>, unless something is done about this.

I don't think that Web allow to set cookies for different domains, that is
impossible, there is something called Origin in browser, which is domain +
port + protocol. And only if it's the same cookies are sent. Do you have any
article that will show this is not the case?

I think that the public suffix is only needed for browsers that hide the
part of the URL. I read somewhere that Chrome is considering do that for
instance if page is it will only show in
address bar, unless browser is told that is like TLD. This is the
only reason I can know of when this is needed.

There are no any security reason why would need to be like TLD,
unless you have something that will confirm what you're saying.