Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
Bob Harold <rharolde@umich.edu> Fri, 02 February 2018 18:26 UTC
Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F16A126BF6 for <dnsop@ietfa.amsl.com>; Fri, 2 Feb 2018 10:26:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QvRBNsoktHji for <dnsop@ietfa.amsl.com>; Fri, 2 Feb 2018 10:25:57 -0800 (PST)
Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com [IPv6:2a00:1450:4010:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48B0C1252BA for <dnsop@ietf.org>; Fri, 2 Feb 2018 10:25:57 -0800 (PST)
Received: by mail-lf0-x234.google.com with SMTP id 63so32809937lfv.4 for <dnsop@ietf.org>; Fri, 02 Feb 2018 10:25:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1Inq2wPixHLbMrLa3aZQrm/zUw1oSeJSYsMYYUsu3+I=; b=N7r02Q1RvaqEeyed08Vvl43SlMUjbcJPMNdT4Y3cW4bbYTFVz8oyo5p+tVWZEIlnNJ K6MSUBw8Og9pE8sHAMK79UrlGWPINKLMPFjt7KWXLQ7W12UIhUKchiJ15k8/CBAxfyrA IZqWAyK3Z4hjr5Gpw2mvyjZS8pd6M2FbNreiAMi0NGnaAlImFLOBcu9YeunVlbduxjH/ 0Ysw5gaNb7wnUmu2tHjepEeI/Bt5ibMsp1yR1pbDzlxfFi6VhtnYdiemt/3usF9LjBKR ZezrUZFKC96dvJOmVubbEonQlIfsdX/CX/IDZrr0iaT6aW//we5c5e/+P+Tjg0HVAelF /cqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1Inq2wPixHLbMrLa3aZQrm/zUw1oSeJSYsMYYUsu3+I=; b=aUtNaKycbUZnaoIyXl3XGRmwmQO24pmIuoZnPp4MTekX2AnAknHz4nmYPEyfHQn/bi G3ZBrT0oTV0mMMd6jmg/j9avhde6wvov2t5DYCH5QqInojjVnk64KK856FeI1+us1Plc QGsXbkrcVWekNfDz/hjCs4gb+J/Z33EzuwE+4io3ZIj4ooeEWqfsLkl8yrunts5bSbMB dE9KlfQOSMwtyJVvvI5ZnAI+5e8Sww+J4BEoC2Ut17XjlDmGmY2BPj++dD6zuQjlaTVq 9TuzElM7qIeIsEWnsnDoMbbPiHJ3JVDsyvBxEGH3b3Kv6F+b01JWp43dI9pmEPu34+6b ZI5g==
X-Gm-Message-State: AKwxytfz4yacGbt2LhLDAeWFUzz3h9w8sfF01998pI+xirSfxOzzXEoo rkiXq8dlf0vuMUcrF/DZNBjR30Ts8UpgcxExt/llFQ==
X-Google-Smtp-Source: AH8x226CUHYXR+g8J9iilhuwHs5h0U1MIQfbrHsHUDFX78GF0tl2H5Ct+ulenDkBT8TlD/GqIQR//H/EEU7zVrXh0nI=
X-Received: by 10.25.235.86 with SMTP id j83mr26254776lfh.20.1517595955495; Fri, 02 Feb 2018 10:25:55 -0800 (PST)
MIME-Version: 1.0
Received: by 10.46.84.21 with HTTP; Fri, 2 Feb 2018 10:25:54 -0800 (PST)
In-Reply-To: <777C7B4A-A8D6-4E14-9DBF-360B6BDF4A95@fugue.com>
References: <9DCE2F63-EE37-4865-B9D6-6B79BBE05593@gmail.com> <20180129155112.GC16545@mx4.yitter.info> <5A6F5CF1.4080706@redbarn.org> <CA+nkc8D7tne5SxGOUhvJqstmDa=1=RmvcHQte1byAab5dUd5sQ@mail.gmail.com> <AE634FC4-0EAF-4F54-8860-61E41284F873@fugue.com> <20180130185919.GJ19193@mx4.yitter.info> <3b57a486-df8e-ca57-ab89-c167cea0dcc9@bellis.me.uk> <20180131161507.GP3322@mournblade.imrryr.org> <20180201172644.GD26453@mx4.yitter.info> <1D7693F7-000C-451A-8F7A-45B94366240F@fugue.com> <20180201204833.GA27125@mx4.yitter.info> <777C7B4A-A8D6-4E14-9DBF-360B6BDF4A95@fugue.com>
From: Bob Harold <rharolde@umich.edu>
Date: Fri, 02 Feb 2018 13:25:54 -0500
Message-ID: <CA+nkc8D_JUaWhW8eZ3KuMKJsyVd1ddMtFLhk5Tne1oH2eEHhZg@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Andrew Sullivan <ajs@anvilwalrusden.com>, IETF DNSOP WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="001a113cc4d2d722fd05643ed7b9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2739CV5IKB52dopugHYNervXiVY>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2018 18:26:00 -0000
On Thu, Feb 1, 2018 at 4:26 PM, Ted Lemon <mellon@fugue.com> wrote: > On Feb 1, 2018, at 2:48 PM, Andrew Sullivan <ajs@anvilwalrusden.com> > wrote: > > As a general principle, when what the RFC says to do is not the right > thing to do, the solution is to update the RFC, not to ignore the problem. > > > I strongly agree with this (as I think or anyway hope you know) > > > Yes, I will admit I was a bit surprised that you put it that way, although > as you say, your position is more clear in your formal review of the > document. > > As for why I responded to this and not to the formal review, the answer is > that the formal review was a bit overwhelming. You made a lot of > assertions of fact that didn't sound like fact to me—they sounded like > strongly-held opinion. You are a much more experienced DNS expert than I > am, so for me to argue you away from those opinions is a tall order—I don't > think you've really expressed the underlying belief that is the keystone to > the whole edifice. > > The problem I have is that to me it's dead obvious that the name hierarchy > and the set of names in the DNS are not the same thing. We've had that > discussion before. We even published a document about it, which hasn't > quite made its way out of the RFC editor queue yet. It seems to me that > it is demonstrably the case that these two sets are disjoint. > > But you explain your reasoning on the basis that clearly they are the same > set, and *that* they are the same set is left unexamined. So if we were > to succeed in understanding why we disagree on this point, it would be > necessary to dig down into that. > > Having seen you give keynotes at the plenary, I know that you are deeply > concerned about computer security. The reason that I am in favor of the > behavior I'm propounding is that I think it closes a small security gap > through which a truck might some day be driven, to our woe. So to me, the > need to leave that gap, which I admit is small, open, seems inconsistent > with what I know of you. > > So clearly you value this idea that localhost is a name that exists in the > DNS, even though it doesn't exist in the DNS. It might be fruitful to > explore that further. It might also be a waste of time. I don't > honestly know. But that is, I think, the key to our disagreement. > Could someone explain the security problem? If it really is bigger than the problems that will be caused by changing resolvers to answer with NXDOMAIN, then you might convince me. -- Bob Harold
- [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-b… Suzanne Woolf
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Bob Harold
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Petr Špaček
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Petr Špaček
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Tony Finch
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… 神明達哉
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Darcy Kevin (FCA)
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Petr Špaček
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Lanlan Pan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Jaap Akkerhuis
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… 神明達哉
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Petr Špaček
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Petr Špaček
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… 神明達哉
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… 神明達哉
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Bob Harold
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ray Bellis
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Tony Finch
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ray Bellis
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Tony Finch
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Wes Hardaker
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Joe Abley
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Joe Abley
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Bob Harold
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Lanlan Pan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Matthew Kerwin
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Lanlan Pan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Lanlan Pan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Warren Kumari
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Joe Abley
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Joe Abley
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Warren Kumari
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Åke Nordin
- [DNSOP] Search lists revisited (Was: WGLC for dra… Stephane Bortzmeyer
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Tony Finch
- Re: [DNSOP] Search lists revisited (Was: WGLC for… Paul Vixie
- Re: [DNSOP] Search lists revisited (Was: WGLC for… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Suzanne Woolf
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Stephane Bortzmeyer