Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Richard Barnes <rlb@ipv.sx> Wed, 06 September 2017 14:45 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 632CC13243E for <dnsop@ietfa.amsl.com>; Wed, 6 Sep 2017 07:45:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k-CqE8TCvA8d for <dnsop@ietfa.amsl.com>; Wed, 6 Sep 2017 07:45:29 -0700 (PDT)
Received: from mail-wr0-x236.google.com (mail-wr0-x236.google.com [IPv6:2a00:1450:400c:c0c::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59BA0132A65 for <dnsop@ietf.org>; Wed, 6 Sep 2017 07:45:29 -0700 (PDT)
Received: by mail-wr0-x236.google.com with SMTP id k20so5475147wre.4 for <dnsop@ietf.org>; Wed, 06 Sep 2017 07:45:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=MkAL7vSiQnc60jrB1vgncZYbax6HEG8jTr0h4reI5uE=; b=TP8tSUVDgGRp0qi+/sKGTwPLDihfascZ17VWT3F5WUm11I+NYyDjn9jSAn25UM+ALl dwE4mQ13BWF3jiLJrKr3GgwCMB5si8/aGZHOX/yLI13VE/JOlA8fgr1UASKHDpwAKAmh gPva6ayINYdCzygkTuBTd6/g//JyJRFYVTgmBlWiZXX0DUs7WLUuQTV1hW7lpZx/g46J 9sa68v8wp3ItKgyoLDx5BiajPXhSduwiW3tZ3rtDstJyW8VTc+Q4wdb4s7P9yJVaqbIT CBFGeZS+a6/7Id7AKrIS3fJKalrpzRMBtvaFAm7dpHRhW2JQW1NDccvCtWLzWKyR4fHk UKSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MkAL7vSiQnc60jrB1vgncZYbax6HEG8jTr0h4reI5uE=; b=fpKMCthcb0TrkbTXI2kyWgoI/0Ay3J47fq05+xIl1UVkOQ/Ev8vZQ7YwME8Yu2oO2+ Q35hudsZnHo4DVCvi5aiC3Idtk9geTeU0+F5ZO0FndC8D2IImNymUe4B/kcgd9oKH4Gv hf8S52HEkT54e5pMOv+nUoknUO79Evhs7U+FwVYd3rGeXeqRXrfCD/UGzcT93x2QzLiG jwHXLRrJ6df8mbWLiLU+H9WDe0eP1Iml+VhY+sPuhHmTUyXchYIjPSletMzDbXgTboUF +ZsbCVXph8Um0gfJgL6lT+EYV+MYisV3DDd9/4a5ZKgbdMFWd+24UUkAF1H9kgH8oTGl zUzw==
X-Gm-Message-State: AHPjjUgBmc4iqoQrG6ym7UEiPIP+yBkEHl+IFMB4VCVo20j3MxeouOXg DUKrdo1EM6CkPotbrv8NdBl1DRW3DakD
X-Google-Smtp-Source: ADKCNb5XAlLLXLXBYtrQw11M3mginEtG47EN/bpXrrPiruyGQjgxQJB7FSp1F16uXZ9dS/tMqmUk07Fy612iSX7E8yY=
X-Received: by 10.223.175.116 with SMTP id z107mr1694256wrc.210.1504709127634; Wed, 06 Sep 2017 07:45:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.159.200 with HTTP; Wed, 6 Sep 2017 07:45:27 -0700 (PDT)
In-Reply-To: <93C3A47F-07C4-443F-AB87-B5C29F6B6774@fugue.com>
References: <CADyWQ+EZQY9i5-4Ce-NZykwC+sS6iY868Wg0crW6KAZTGQxFQg@mail.gmail.com> <24CD1C88-58C5-4D6C-9F00-E3A2CD8C657C@fugue.com> <CADyWQ+Ex23QVef3AegWB4Jgd-sjG-G4z7XmXL9guN8PeWtsssw@mail.gmail.com> <93C3A47F-07C4-443F-AB87-B5C29F6B6774@fugue.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Wed, 6 Sep 2017 10:45:27 -0400
Message-ID: <CAL02cgT90FirU+jwiu70EhOZKZ16S9nA7wJ6CeudR5ua0wiTtw@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="f403045f53a00b1c0a05588665cc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/0gi8Gm4_Z1s4gv6GL510XZuwgnE>
Subject: Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2017 14:45:32 -0000

I am strongly in support of the WG adopting this draft.  It will allow
applications to deliver a better developer experience and higher security.

As Ted notes, there is a possibility of breakage.  If something on a host
is relying on an external resolver to provide localhost resolution in
accordance with RFC 6761.  However, that behavior is almost certainly not
secure to start with, so this breakage is of the good, "increasing
security" kind.

--Richard

On Wed, Sep 6, 2017 at 10:35 AM, Ted Lemon <mellon@fugue.com> wrote:

> On Sep 6, 2017, at 10:33 AM, tjw ietf <tjw.ietf@gmail.com> wrote:
>
> Thanks.  The document still waffles, but it 'waffles less' than it did
> initially.  But Mike is committed to working that and any other issue which
> may arise.
>
>
> The question I really have is not whether Mike is willing—he's stated that
> he is.   It's whether the working group is willing, since returning
> NXDOMAIN is an actual change in behavior from the original specification in
> RFC 6761, and will likely result in some breakage, since it can safely be
> assumed that some stacks are currently following the RFC6761 advice.
>
>
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
>