IETF Logo Mail Archive

Re: [DNSOP] Localhost - more reliable options?

Ted Lemon <mellon@fugue.com> Fri, 18 August 2017 14:46 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 531471323BA for <dnsop@ietfa.amsl.com>; Fri, 18 Aug 2017 07:46:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NvRmmg9hclmq for <dnsop@ietfa.amsl.com>; Fri, 18 Aug 2017 07:45:58 -0700 (PDT)
Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE162120721 for <dnsop@ietf.org>; Fri, 18 Aug 2017 07:45:58 -0700 (PDT)
Received: by mail-qt0-x229.google.com with SMTP id p3so54772206qtg.2 for <dnsop@ietf.org>; Fri, 18 Aug 2017 07:45:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=CIsL8iUls6zjbv0q0DiAUWj7M98Ic5nNZmsRLJ2B/ts=; b=xLR775DMnBtRYWHas/TleT9/3qht1ydtDftf5mLFDeBx10Ge9aU0P8ARe1HGjJTJZ/ XVsvfA4MNT87tuhKwEbywyfccH7HA/c0o8JFbJvaDf7jenz9+8Jj655y6HhuAkvOdZDX q8Qjo0ZUNLEhaGA51mpXB4piJK9Z1X62db60f7WtyuV5pUpc7KyKn0GSF1J1jm6K9atY bBGe/mpQWZJbY8notQphT4gvuI+pWGE39Ac8XHNB/j8FhlGmbSktBIegyaRF/l2eAugt k9Ilkl7Bes4KoJBNh2SduSz8dyM+Vfryok/btHwPz9Vppi19tm0DqyREZW0WBjg+g0zB DCMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=CIsL8iUls6zjbv0q0DiAUWj7M98Ic5nNZmsRLJ2B/ts=; b=FqCXmhKWP16sPHZ6c8A4XOuBNBTCxl3srBd0Sdy1Kzv2dC3BgiDZ5MLa1cFKOZdIUi uVgsU4gWFvSyLuSrz3qmWgJCvWmGzDTrkFfHVXtq46qxjFowiXLIgQZwko53xHqBvfaL SZqCkiXQELdjtP+/Jghfk9RoPP4Crmd8onvumz5GfYh6ri6JMZprhqDNrWg9DEDofMu2 xQsGvMJ9iMl1fl0/REQhomhgN/X91MWZ61zZafQlDhv3Zc+mzSiHKSMO8rp2J4beH/ae DQhU5q6agyiEhm6du4zusT647nVXAbSnRH67iHlKUvCyBf/4Q2zjddtE5LvcTqXRzZ0l XZQA==
X-Gm-Message-State: AHYfb5hZVT5264js9jkRTbOnF+owffzmUMmjCigwxaDzvJWMx/yprivH OEYAjP/0nw3NkVH9
X-Received: by 10.200.1.84 with SMTP id f20mr12064726qtg.6.1503067557819; Fri, 18 Aug 2017 07:45:57 -0700 (PDT)
Received: from cavall.ether.lede.home (c-24-60-163-103.hsd1.ma.comcast.net. [24.60.163.103]) by smtp.gmail.com with ESMTPSA id g37sm4366630qtb.20.2017.08.18.07.45.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Aug 2017 07:45:56 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <3E884458-4BFD-4E88-8A60-482F18F275F3@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_59835BBA-2BA9-4CCF-BB98-15D7EC5AB62D"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Fri, 18 Aug 2017 10:45:55 -0400
In-Reply-To: <C224B53D-8967-4435-A8A5-CB03A891E661@gmail.com>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
To: Brian Dickson <brian.peter.dickson@gmail.com>
References: <CAH1iCiqr_9Om-jwRq6mLABH3cZ1D0qptLHVUQ1YtZn0ViQM=Mw@mail.gmail.com> <597FEBF7-7D11-4E50-9B79-63301914F75B@fugue.com> <CAH1iCip41ohOxKZdqEN-NOyRuv-d1knxuwR3LJNHOC+C6QJC3g@mail.gmail.com> <69725356-F683-4FAF-A130-D08353D9169F@fugue.com> <C224B53D-8967-4435-A8A5-CB03A891E661@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/4apTZNzqP3hlr2LVhjptetYelYQ>
Subject: Re: [DNSOP] Localhost - more reliable options?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Aug 2017 14:46:00 -0000

El 17 ag 2017, a les 23:19, Brian Dickson <brian.peter.dickson@gmail.com> va escriure:
> Use DNSSEC, and use something other than "localhost."
> Does the host know its own name(s)?

Depending on the context, the host likely doesn't have a name.   If it does have a name, PKI works, so there's no need for some sort of ad-hoc trust regime.   You should assume that the only reason someone would use localhost is that it's the best alternative, and propose solutions that work in that situation.   Localhost might get used in other situations, but if you can't solve for that situation, you don't actually have a solution.

v2.23.0 | Report a Bug | By Email