IETF Logo Mail Archive

Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Lanlan Pan <abbypan@gmail.com> Tue, 06 February 2018 05:39 UTC

Return-Path: <abbypan@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF60C1200C1 for <dnsop@ietfa.amsl.com>; Mon, 5 Feb 2018 21:39:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HgtcbYTu3nUk for <dnsop@ietfa.amsl.com>; Mon, 5 Feb 2018 21:39:32 -0800 (PST)
Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 243C6126CB6 for <dnsop@ietf.org>; Mon, 5 Feb 2018 21:39:29 -0800 (PST)
Received: by mail-wm0-x22e.google.com with SMTP id b21so1325369wme.4 for <dnsop@ietf.org>; Mon, 05 Feb 2018 21:39:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mJ/3LAhpw2n0WLLkjPUTH9+9R0RFE2dwK+jcHXnuZjI=; b=ipDa5ohg7fohH1mMv3NDEFa0gJD09JQEXHl+Ecu6jgaIJBkyc7GUqNaG9hWvf7IeBY LvaDEcbGh0Mq2ySJfCFiNIHBC7uiUnwYvfbkiLiIG0tSByoQKQTNvoY7mHGidPaTr00Q 0vroGYgWsLdzmtiqmCPdx/vCFtWA+ss75ssQpN1ITWCl+ZlrFemo2c9DMpoz0IwZnKp7 xBBQM8gl8DAXeLbJ9u9N7oTyt0N/lbydpkVUjetrZerQzdX8Tx4bGT2PpjyjBGBtfOaK e0eX8i6if1OGGSS/mzg6xr+uUPmIVjXZjkpS9ss3U6oEleYLgSnTdUaEhpeL08WvwtMK Nglg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mJ/3LAhpw2n0WLLkjPUTH9+9R0RFE2dwK+jcHXnuZjI=; b=FBeFvGlF8omIvd2QMPHIXCdaX5K13SvcHB1w831TCzaCZiBg3/BZi3d+n6LkjMQHAd ngJ9HxuefR69n9z26Oc9xFX2NPitAoR6x0m7/BXEYeVHjlEMzcZ1SfMgFRB95GvTX7KC oAMA55LQG3ZTbCaz0C7QW7TeS3chidIw59t8a604f7Qgr7RAHL5iBMo/Mi50lNgCfqKd bHNk/oYT4O4l1AXVTQ6siXq0lG5P3DwIjE8zWFVQPK+8mfFzJFBF5uz8djCBalqXilOU St7YdKPs/vljluyg2bqcpYC2CVa09opWJlsv3gpM8KfOCqjqtzTIwZIfJqaBFKrRU140 fC3Q==
X-Gm-Message-State: APf1xPDSDi2kfKlyaaHR4kCZzevqf56f2Xar9UUmQcOypPkioKOM7yeA nLu0gCXtWDxf9mebjYqn9fe5N5MT5QO+FgcCRM4=
X-Google-Smtp-Source: AH8x226wnH/sYlFcjDxhn7UeSsAByEEAhC4KAnLhsPNWJHvPnO1jzhPphXKIIF9qnhxOmehCrTT/1Cz7cE0D7oNhTvc=
X-Received: by 10.80.217.202 with SMTP id x10mr2222990edj.118.1517895567665; Mon, 05 Feb 2018 21:39:27 -0800 (PST)
MIME-Version: 1.0
References: <9DCE2F63-EE37-4865-B9D6-6B79BBE05593@gmail.com> <20180129155112.GC16545@mx4.yitter.info> <5A6F5CF1.4080706@redbarn.org> <CA+nkc8D7tne5SxGOUhvJqstmDa=1=RmvcHQte1byAab5dUd5sQ@mail.gmail.com> <AE634FC4-0EAF-4F54-8860-61E41284F873@fugue.com> <20180130185919.GJ19193@mx4.yitter.info> <3b57a486-df8e-ca57-ab89-c167cea0dcc9@bellis.me.uk> <20180131161507.GP3322@mournblade.imrryr.org> <20180201172644.GD26453@mx4.yitter.info> <1D7693F7-000C-451A-8F7A-45B94366240F@fugue.com> <20180201204833.GA27125@mx4.yitter.info> <777C7B4A-A8D6-4E14-9DBF-360B6BDF4A95@fugue.com> <CA+nkc8D_JUaWhW8eZ3KuMKJsyVd1ddMtFLhk5Tne1oH2eEHhZg@mail.gmail.com> <01C3E853-A14F-4D1B-865D-5B74C9F1F999@isc.org> <CANLjSvUJ17pLEhpboEJfhum6gv-2-Ls5prKYUH0rumqSpkcpqw@mail.gmail.com> <2B1DC084-C6EA-41DA-9029-5E230874FCBE@isc.org> <29F25C57-31D1-4A07-875D-16E7612DB993@fugue.com> <E4C5AA7E-E9C1-4E53-ABE0-676A9B7B3269@isc.org> <618D31E1-8EC7-4F75-BD97-31D42CB1E681@fugue.com> <40992CF7-5740-43ED-8B78-8D8A9B50A15C@isc.org> <F28D0F1D-416E-4016-8A5A-95173FFFAA4E@fugue.com> <CANLjSvVd+vj8M+vBOokfpOL1fmq2iU9JAhSCd6eY_aoE1p5SMQ@mail.gmail.com> <97783B49-11C9-47F1-8F73-3D909C9B4DC4@fugue.com>
In-Reply-To: <97783B49-11C9-47F1-8F73-3D909C9B4DC4@fugue.com>
From: Lanlan Pan <abbypan@gmail.com>
Date: Tue, 06 Feb 2018 05:39:17 +0000
Message-ID: <CANLjSvUV1RPR8nhLXCEL0WT9=2Lqb+4STh+7gSRPvv_Mmf-NTA@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Mark Andrews <marka@isc.org>, dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="089e08222b4c1dee4e0564849ae8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/7cj-H6eBXMkBv8YyK83jLO4rvCs>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 05:39:35 -0000

Ted Lemon <mellon@fugue.com>于2018年2月6日周二 下午1:17写道:

> On Feb 5, 2018, at 11:58 PM, Lanlan Pan <abbypan@gmail.com> wrote:
>
> If we decide to ban localhost.example,
>
>
> Nobody is proposing that we ban localhost.example.
>

Sorry for my poor english.

I mean that in  *5.2.  'localhost' labels in subdomains*
<https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost-02>,
localhost.example.com. => localhost.  ( equal to ban it at dns ? )





*For example, even with a searchlist of "example.com <http://example.com>"
in place for a given   network, the name "localhost" will not be resolved
as   "localhost.example.com <http://localhost.example.com>." but as
"localhost.", and   "subdomain.localhost" will not be resolved as
"subdomain.localhost.example.com <http://subdomain.localhost.example.com>."
but as "subdomain.localhost.".*


> 1) how many security accidents have caused by this "localhost.example", is
> it a serious security problem with low attack cost ?
>
>
> Every security exposure has zero attacks until it is first successfully
> attacked.   Then the floodgates tend to open! :)
>

 This flood predition was published at 2008, :-)
http://seclists.org/bugtraq/2008/Jan/270
-- 
致礼  Best Regards

潘蓝兰  Pan Lanlan

v2.23.0 | Report a Bug | By Email