Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Mark Andrews <marka@isc.org> Mon, 05 February 2018 05:18 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1606F126CBF for <dnsop@ietfa.amsl.com>; Sun, 4 Feb 2018 21:18:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZErLEry3cPvs for <dnsop@ietfa.amsl.com>; Sun, 4 Feb 2018 21:18:17 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 776A61205D3 for <dnsop@ietf.org>; Sun, 4 Feb 2018 21:18:17 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 332223AB03B; Mon, 5 Feb 2018 05:18:14 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id F06C516003C; Mon, 5 Feb 2018 05:18:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id DD299160048; Mon, 5 Feb 2018 05:18:13 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 1m5TabHyBTGt; Mon, 5 Feb 2018 05:18:13 +0000 (UTC)
Received: from [172.30.42.91] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 19DC216003C; Mon, 5 Feb 2018 05:18:12 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <29F25C57-31D1-4A07-875D-16E7612DB993@fugue.com>
Date: Mon, 5 Feb 2018 16:18:10 +1100
Cc: Lanlan Pan <abbypan@gmail.com>, dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <E4C5AA7E-E9C1-4E53-ABE0-676A9B7B3269@isc.org>
References: <9DCE2F63-EE37-4865-B9D6-6B79BBE05593@gmail.com> <20180129155112.GC16545@mx4.yitter.info> <5A6F5CF1.4080706@redbarn.org> <CA+nkc8D7tne5SxGOUhvJqstmDa=1=RmvcHQte1byAab5dUd5sQ@mail.gmail.com> <AE634FC4-0EAF-4F54-8860-61E41284F873@fugue.com> <20180130185919.GJ19193@mx4.yitter.info> <3b57a486-df8e-ca57-ab89-c167cea0dcc9@bellis.me.uk> <20180131161507.GP3322@mournblade.imrryr.org> <20180201172644.GD26453@mx4.yitter.info> <1D7693F7-000C-451A-8F7A-45B94366240F@fugue.com> <20180201204833.GA27125@mx4.yitter.info> <777C7B4A-A8D6-4E14-9DBF-360B6BDF4A95@fugue.com> <CA+nkc8D_JUaWhW8eZ3KuMKJsyVd1ddMtFLhk5Tne1oH2eEHhZg@mail.gmail.com> <01C3E853-A14F-4D1B-865D-5B74C9F1F999@isc.org> <CANLjSvUJ17pLEhpboEJfhum6gv-2-Ls5prKYUH0rumqSpkcpqw@mail.gmail.com> <2B1DC084-C6EA-41DA-9029-5E230874FCBE@isc.org> <29F25C57-31D1-4A07-875D-16E7612DB993@fugue.com>
To: Ted Lemon <mellon@fugue.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ERz0Gt9pAo33vNBbW84Wm0io5LY>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2018 05:18:19 -0000

> On 5 Feb 2018, at 3:20 pm, Ted Lemon <mellon@fugue.com> wrote:
> 
> On Feb 4, 2018, at 9:49 PM, Mark Andrews <marka@isc.org> wrote:
>> We may as well ban www.example because that can return 127.0.0.1 as well. :-)
> 
> www.example.com is never presumed to be local.

And localhost.example.com isn’t local either.  The problem is that either of them
can be a non-global scope address.

The original problem is that HTTP doesn’t specify that names learn across the
wire, including from on disk html files, need to be treated as absolute names.
This is HTTP’s mess due to allowing relative names in what is transmitted over
the wire.  This should be sent back to HTTP say FIX YOUR INSECURE PROTOCOL.

The second bugtraq issue is also HTTP’s insecure security model that doesn’t
take into account that addresses have scopes.  Again that is for HTTP to fix.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org