Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Ted Lemon <mellon@fugue.com> Wed, 06 September 2017 14:29 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28098132A8E for <dnsop@ietfa.amsl.com>; Wed, 6 Sep 2017 07:29:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J5Qfi-9qEXPO for <dnsop@ietfa.amsl.com>; Wed, 6 Sep 2017 07:29:04 -0700 (PDT)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FBF3132A85 for <dnsop@ietf.org>; Wed, 6 Sep 2017 07:29:04 -0700 (PDT)
Received: by mail-qk0-x22d.google.com with SMTP id b82so19833420qkc.4 for <dnsop@ietf.org>; Wed, 06 Sep 2017 07:29:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Yz4Ehwd3FPqzJPcZeGDWyzSCRN4V/rucc8s9CIHBdlY=; b=ePvdxhQpvloRPATs1+/RrahrUDhhsnsf0X3HRP1Gn8/8Sx+oEWaWKDNI8PgyH8QeNK b1qa21i61vOAfEyYipOmweEusNXZbmz/1cS7mjHDqkN/DbyBS7pO74iJUA03FJm5rJ7j i0WRwR31PY7grUrRB47mY9cEhlozrbNlvevC1ItxPxdKhIIWW4KHdrkWIHjjvDJRbyti HGn0Y/B2uYRRzd7p0KL8z3mvIsUKPcHylzQ1xQSsbT8hUMXgVwGZED8xgu8v90GJFbFC L6H4LhtDlAE9w0gWPpuIx3g3VsO0A3F+oY239NylbmISTaRZ/AtIph5pUAi4GvnMz/C1 qKhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Yz4Ehwd3FPqzJPcZeGDWyzSCRN4V/rucc8s9CIHBdlY=; b=aaHypECCkAFcACE1SwfLJ//uLkQMULu1IYV7pVl9AM6KesuCrQQWpHAQCE02CEqm2x 80rYw4SlULAp+94Y3BzrvqfoAiS38VgcGS1MDs6dgLWJZxNQ1qNN0Dr/xrsz3M0YhQ27 2pLVAd4b7gx2rfgxvb5YE55wws65Lu3nz6mwEs7Egc4+Zkwa5AEgOgCJq6CsXGrV9aBW kU7O+3beCEGNBO/1oQXs0hQszY3XB+cvHMPHyvWbTl03v24hl+Xm8CVSiSnFwSfJRVZS k8AhjOJhYoXmsKZFYoIN/1zVRENe9H6B5UobKYSSVp/AgCu2MapR4ybvr0xGykOUWpq3 8XyQ==
X-Gm-Message-State: AHPjjUjnyCG5+dzbiGiGPFPz9jyflwExJVYBXmTHKDahPzhqR23EF+OS Wvk4mol8ArR2MIDW
X-Google-Smtp-Source: ADKCNb7LHZfA5HulhEK5bTTvdbYF2xPtQTkA4PqM+oBDMYwjE4rjZkLRwvVoKErIqmjc1cSpnfd/qA==
X-Received: by 10.55.155.6 with SMTP id d6mr3893206qke.55.1504708143597; Wed, 06 Sep 2017 07:29:03 -0700 (PDT)
Received: from cavall.ether.lede.home (c-24-60-163-103.hsd1.ma.comcast.net. [24.60.163.103]) by smtp.gmail.com with ESMTPSA id m93sm2191379qte.72.2017.09.06.07.29.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Sep 2017 07:29:02 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Ted Lemon <mellon@fugue.com>
In-Reply-To: <CADyWQ+EZQY9i5-4Ce-NZykwC+sS6iY868Wg0crW6KAZTGQxFQg@mail.gmail.com>
Date: Wed, 6 Sep 2017 10:29:00 -0400
Cc: dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <24CD1C88-58C5-4D6C-9F00-E3A2CD8C657C@fugue.com>
References: <CADyWQ+EZQY9i5-4Ce-NZykwC+sS6iY868Wg0crW6KAZTGQxFQg@mail.gmail.com>
To: Tim Wicinski <tjw.ietf@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/EAdha6uwolbt7h0Bruzr64Jmou0>
Subject: Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2017 14:29:06 -0000

The document as written still waffles between insecure delegation and secure denial of existence.   I think that if the document were published with the recommendation of an insecure delegation, this would be actively harmful.   If it's published with the secure denial of existence, it would probably improve the state of the art.

Unfortunately I don't think that calls for adoption really give us a basis for stating such preferences.   But that's basically where I land on this.   I would be perfectly happy to support this document if it does the right thing, but I'm dead set against it if it doesn't.   I am of course willing to participate in working on the document if adopted—I've already sent some text, and am grateful to the author for having for the most part accepted my proposed changes.