Re: [DNSOP] Status of "let localhost be localhost"?

Richard Barnes <rlb@ipv.sx> Sat, 12 August 2017 18:45 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E837C1324A3 for <dnsop@ietfa.amsl.com>; Sat, 12 Aug 2017 11:45:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UJS_hYUDJhmH for <dnsop@ietfa.amsl.com>; Sat, 12 Aug 2017 11:44:59 -0700 (PDT)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D12C6132476 for <dnsop@ietf.org>; Sat, 12 Aug 2017 11:44:58 -0700 (PDT)
Received: by mail-wm0-x22b.google.com with SMTP id f15so14798403wmg.1 for <dnsop@ietf.org>; Sat, 12 Aug 2017 11:44:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xqYMUm3ZIQBn8IDon+RSKUVB2t1+SKKQxhRBb8NnGwo=; b=vQd8F6Mv0XYZADoyd7qkhbUscib51sMIAeAoTOxoKNsWD1pls5QgWk6ExoPt0uvNFw 5vIEmWUXlqn2NmXGJFcXEonWXFCi073HEPd5ip7woxx1o2iyERrmWmNV1eH8EiRkejx6 Eqel3wIDWGkSzPOsiZQcerFbryoOp64+HcBixJjmnBU8DiiWru2fQd3MyKZmQn9ydJSL A6UdoKEkRsBQCtfWQc6Ubm+kJ7gOMKJp30WuVu2pAxeL3P7AKKBTBOyQWgBV7LUOYNfa Izr4n91ER4TqELaboOH34v5q8USVzngJ6JtkSNrQWPqxEmr43p/xF1P9kJ615ZQV9xYo uXUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xqYMUm3ZIQBn8IDon+RSKUVB2t1+SKKQxhRBb8NnGwo=; b=d8oU6Dk0qCM/v9jwGsLaWOyKT3SHobE62XHEzTNl/iq2ugbGyjLuIx8scGCz4Wn7Mp wdXv+llqaQXxbnUjKaKBvSReyXCy11dME3kbPHp33N+f0fHzLuAmSlj8eX0N1tMU5zP/ 77YipVFXvFZcJ3bSkbL/F8uAT+d1KtEl4C+RAqo4atJRpm80/U8FjsVmfAGWv0K8NAqY 2hzkgG1vSllnW5VbAzsfENlMMasZHSk/ymLRnKtZ6flCi8tn8C7lDwpHetb5b44b6ifR El/6R8kvo/swbpoyCQtrNF7OFIR+Icg//gLG0DHw4p+URf5RI503ey+43QOD5Zq8heo7 uVcQ==
X-Gm-Message-State: AHYfb5hVZlBlO1zSXwwb5R3wVRJWetX97OZmWZM38afIDMD7J9LPIDHN 83gInRujyJsbPVFLoyfQ+si33QkhPLmlkwc=
X-Received: by 10.28.70.68 with SMTP id t65mr1574176wma.163.1502563497127; Sat, 12 Aug 2017 11:44:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.225.5 with HTTP; Sat, 12 Aug 2017 11:44:56 -0700 (PDT)
In-Reply-To: <4544C6A8-5591-454F-9E94-F3CADD3CDD2D@vpnc.org>
References: <20170812170958.14197.qmail@ary.lan> <B21C539E-75AF-43F1-B6B0-4BDC25C6D670@fugue.com> <4544C6A8-5591-454F-9E94-F3CADD3CDD2D@vpnc.org>
From: Richard Barnes <rlb@ipv.sx>
Date: Sat, 12 Aug 2017 14:44:56 -0400
Message-ID: <CAL02cgSuPWTQVK5K1L2h-v4+_Jurrv7gkcQ6RY5n_A8U0v1oEg@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0d45fc7fc8e0055692d3db"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/F7cmLRFW03YAu1koz1EaXux31R0>
Subject: Re: [DNSOP] Status of "let localhost be localhost"?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Aug 2017 18:45:01 -0000

On Sat, Aug 12, 2017 at 2:36 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:

> On 12 Aug 2017, at 10:14, Ted Lemon wrote:
>
> El 12 ag 2017, a les 13:09, John Levine <johnl@taugh.com> va escriure:
>>
>>> Right.  That's why it's long past time that we make it clear that
>>> non-broken resolvers at any level will treat localhost as a special
>>> case.  As you may have heard, we are not the Network Police, but we do
>>> publish the occasional document telling people what to do if they want
>>> to interoperate with the rest of the Internet.
>>>
>>
>> With respect, John, the issue I raised here isn't interop.  It's security.
>>
>
> It's security through interop. It's causing systems that want to hope that
> "localhost" has a particular meaning that has security implications to have
> a better chance that their hope is fulfilled.


And giving systems that want to ensure that they never mistake "localhost"
for something other than loopback to have a better chance that they won't
break things.

--Richard