Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost
Ted Lemon <mellon@fugue.com> Thu, 07 September 2017 04:42 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1714132D7F for <dnsop@ietfa.amsl.com>; Wed, 6 Sep 2017 21:42:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbz74g3_0Efq for <dnsop@ietfa.amsl.com>; Wed, 6 Sep 2017 21:42:10 -0700 (PDT)
Received: from mail-pg0-x232.google.com (mail-pg0-x232.google.com [IPv6:2607:f8b0:400e:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2725132392 for <dnsop@ietf.org>; Wed, 6 Sep 2017 21:42:10 -0700 (PDT)
Received: by mail-pg0-x232.google.com with SMTP id m9so19034737pgd.3 for <dnsop@ietf.org>; Wed, 06 Sep 2017 21:42:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=WO4qGygdHveuWAzGj8j6e6ndZ+XuTCFFOYHrGpKOWcg=; b=GehLhGKyM8e79AFPlBWHVY72nR/mm8r9MrJm/eJBndMq48GM9qSletIWfR3YIooELD w4XriBJrhrVwuIeVLhA5RJkGq/Io5X+9vIWQhu+S4HGnhaCshFR+cFcRFVcPHow3ig3g Y3v0pehPS8Z8IXbKsQuCADL/zOZNOcGfgx9AGYyuWfRIHEoYnRVnEs0uhcf+XVNjbocw 9jTdP4ZlUtbZrhtttVoAz/nYbgvPpsb7r34oiCpjvLhf6rK6/SAhpvB2CBufL4iGyXGk YucaHNqQL/zwQRXsccXnHAxUhDDA01s2QWln/rvX0A/fZLWZtr2Dx/IKWAIXxFkUsPPc lirw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=WO4qGygdHveuWAzGj8j6e6ndZ+XuTCFFOYHrGpKOWcg=; b=RTh/BYNb76JayHsCU0mvUSW+tevI8RFLA6PeqXsAN8bEP2dQBxxueAqo7B5Ya9ztdr yd3nYxQFL0tAMcCQaYd6lhksIGb7VjyJG6jMD324nJ5fQAwa11BKZu8plX3sSi39W/hP Jz9IrNUImoBfsCxxS1PusdpBaEl1FTxrsPaqcbteLfFLDMJJxBRtHWmfI/Ok7m+RSAYM i6/gY1IKRs8kvNaoPJw4iRksvlMOEBrPVmNG1JeT01eI1LX7E6D7ZKCAAmRmkJx7m3Rv jMVGHgCDViUgd5dVrNvNqPOSjrLx+3yuEEC+8Mw7REvSPlNFLVsL4HhrLJ4R8gPUErOx Yslw==
X-Gm-Message-State: AHPjjUiskzduWDfHoJYMO3IhBTWvjYxF7jr6nRPmlVSDaFcQwKNqHzm9 aScyEPSDQn0MTmzkZkFhYnIBxflg5zwK
X-Google-Smtp-Source: ADKCNb793mdQZ8Nl1jP+zoN536NWQDVVvpWNMVbVLRLD9ipL9/qb48dwq4iIJ/uk9ccnsdPEkU6uzqCBfa6kKBEZdfs=
X-Received: by 10.99.190.77 with SMTP id g13mr1447130pgo.433.1504759330432; Wed, 06 Sep 2017 21:42:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.152.98 with HTTP; Wed, 6 Sep 2017 21:42:09 -0700 (PDT)
Received: by 10.100.152.98 with HTTP; Wed, 6 Sep 2017 21:42:09 -0700 (PDT)
In-Reply-To: <20170907041659.ED0BB8482BFF@rock.dv.isc.org>
References: <CADyWQ+EZQY9i5-4Ce-NZykwC+sS6iY868Wg0crW6KAZTGQxFQg@mail.gmail.com> <24CD1C88-58C5-4D6C-9F00-E3A2CD8C657C@fugue.com> <CADyWQ+Ex23QVef3AegWB4Jgd-sjG-G4z7XmXL9guN8PeWtsssw@mail.gmail.com> <93C3A47F-07C4-443F-AB87-B5C29F6B6774@fugue.com> <CAHw9_iKBDY9hNThOY3GDeG7BbCkc8Ncy1T=rjpcQ=h5qdB7=UQ@mail.gmail.com> <20170907041659.ED0BB8482BFF@rock.dv.isc.org>
From: Ted Lemon <mellon@fugue.com>
Date: Thu, 07 Sep 2017 00:42:09 -0400
Message-ID: <CAPt1N1kXeF0zj_VHuv00taZ+39hR6Nw19uZ5rdxJr3aUeS5RvQ@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Cc: Warren Kumari <warren@kumari.net>, dnsop WG <dnsop@ietf.org>, Tim Wicinski <tjw.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="089e0826f99c5cfff90558921502"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Ev6p2SA0o4ziqZmNSyS1ZOYq9-o>
Subject: Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2017 04:42:14 -0000
Mark, I really don't think this is a human rights issue. Is there something that will break for you if the secure denial of existence is left in place? On Sep 7, 2017 12:17 AM, "Mark Andrews" <marka@isc.org> wrote: > > In message <CAHw9_iKBDY9hNThOY3GDeG7BbCkc8Ncy1T=rjpcQ=h5qdB7= > UQ@mail.gmail.com> > , Warren Kumari writes: > > > On Wed, Sep 6, 2017 at 10:35 AM, Ted Lemon <mellon@fugue.com> wrote: > > > On Sep 6, 2017, at 10:33 AM, tjw ietf <tjw.ietf@gmail.com> wrote: > > > > > > Thanks. The document still waffles, but it 'waffles less' than it did > > > initially. But Mike is committed to working that and any other issue > > which > > > may arise. > > > > > > > > > The question I really have is not whether Mike is willinghe's stated > > that > > > he is. It's whether the working group is willing, since returning > > NXDOMAIN > > > is an actual change in behavior from the original specification in RFC > > 6761, > > > and will likely result in some breakage, since it can safely be assumed > > that > > > some stacks are currently following the RFC6761 advice. > > > > > > > Actually, I suspect that the breakage will be fairly minimal -- Google > > Public DNS appears to have been returning NXDOMAIN since launch: > > dig +nocmd +nostats localhost @8.8.8.8 > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55075 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > > > ;; QUESTION SECTION: > > ;localhost. IN A > > > > ;; AUTHORITY SECTION: > > . 14208 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017090502 > > 1800 900 604800 86400 > > Which shows absolutely nothing. > > Is 'localhost.' assigned for use by my local machine? I believe > the answer to that is: Yes. If if is assigned for use then with > DNSSEC there MUST be a delegation in the root or is this working > group going to overstep its mandate and tell me how I can use the > name localhost. ICANN stuffed up by not adding the delegation when > the root zone was signed. It was necessary then and it is still > necessary now. > > If we want to create a alternative name and give it much more > restrictive properties than the current assignment of localhost has > then I'm fine with that. It is actually the correct fix for the > problem statement. Fiddling with the properties of localhost after > it has been in use for decades isn't the way to address this issue. > > Mark > > > and Verisign returns NOERROR (probably also since launch): > > dig +nocmd +nostats localhost @64.6.64.6 > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44657 > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > > > ;; QUESTION SECTION: > > ;localhost. IN A > > > > ;; ANSWER SECTION: > > localhost. 10800 IN A 127.0.0.1 > > > > > > This doesn't seem to have caused any breakage - or, at least, we > > haven't heard of any, and apparently basically no-one had noticed a > > difference :-) > > > > W > > > > > > > > > > > > _______________________________________________ > > > DNSOP mailing list > > > DNSOP@ietf.org > > > https://www.ietf.org/mailman/listinfo/dnsop > > > > > > > > > > > -- > > I don't think the execution is relevant when it was obviously a bad > > idea in the first place. > > This is like putting rabid weasels in your pants, and later expressing > > regret at having chosen those particular rabid weasels and that pair > > of pants. > > ---maf > > > > _______________________________________________ > > DNSOP mailing list > > DNSOP@ietf.org > > https://www.ietf.org/mailman/listinfo/dnsop > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: marka@isc.org >
- [DNSOP] DNSOP Call for Adoption - draft-west-let-… tjw ietf
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Richard Barnes
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… tjw ietf
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Tony Finch
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Warren Kumari
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Jacob Hoffman-Andrews
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Mark Andrews
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Mark Andrews
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Mark Andrews
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Mark Andrews
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… John Levine
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Warren Kumari
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… 神明達哉
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Wes Hardaker
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Tony Finch
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Peter van Dijk
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Paul Vixie
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Tony Finch
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Richard Barnes
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… John R Levine
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… John Levine
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Joe Abley
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… John R Levine
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Mark Andrews
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… John Levine
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Paul Vixie
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Mark Andrews
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Peter van Dijk
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… John Levine
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Matthew Pounsett
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… John Levine
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Wes Hardaker
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Mark Andrews
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Lanlan Pan
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Peter van Dijk
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… =JeffH
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Wendy Seltzer
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Warren Kumari
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Jacob Hoffman-Andrews
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… Petr Špaček
- Re: [DNSOP] DNSOP Call for Adoption - draft-west-… tjw ietf